Table of contentsClick link to navigate to the desired location
This content has been automatically translated from Ukrainian.
Doxing (sometimes found as "doxing") (from English "doxing" or "doxxing") — is the practice of collecting, publishing and distributing private information about a person without his consent, with the aim of causing harm, intimidation or creating inconvenience. The word "doxing" comes from the term "documents" ("documents"), which indicates the disclosure of personal data. Doxing has gained popularity on the Internet, where confidential information can be quickly distributed and used against victims.
How does doxing work?
Doxing may include collecting various information: real (full) name, address, phone number, email, place of work, financial data, photos or other personal data. In some cases, doxers may even find or publish details about the victim's family. Using this information, attackers can threaten, blackmail, discredit or even physically endanger their targets.
A popular example of doxing (in the west): In 2014, during a conflict in the gamer community called "Gamergate", several women who spoke out against sexism in the video game industry were victims of doxing. Their personal data, including addresses and telephone numbers, were publicly released, leading to threats and attacks.
Doxing tools and techniques
- Social networks: Doxer can find information on Facebook, Twitter, LinkedIn and other platforms. By viewing publications, photos or geolocation tags, an attacker can collect a lot of private data.
- Search engines: A simple search on Google or other search engines can reveal a lot of information if it has been previously released online. For example, old posts on forums or comments on news sites.
- Account hacking: Using phishing or other hacking techniques, the doxer can access the victim's personal mail or social networks, where a lot of sensitive information is often stored.
- Databases and search sites: There are special sites that collect and sell personal data. Some of them even specialize in searching for people by last name, phone number or other characteristics.
- Metadata analysis: Sometimes the metadata of images or documents may contain information that the user did not intend to release, such as the coordinates of the location of the shooting.
How to protect yourself from doxing?
- Privacy in social networks: Restrict access to your profiles only to friends or a select circle of people. Avoid publishing information that may be used against you, such as your address, phone number or place of work.
- Password security: Use complex passwords and two-factor authentication to protect your accounts. This reduces the risk of hacking and unauthorized access to your data.
- Limitation of publication of personal data: Try to avoid sharing your personal data online. It is important to be aware that any information posted in the public domain can be used against you.
- Monitoring your data: Regularly check what information about you is available online and take steps to remove or protect it. You can use special services that report data leaks or the appearance of new information about you on the Internet.
- Encryption: Use encryption to protect sensitive data such as emails or files containing important information. This will help prevent unauthorized access to your data in the event of its theft.
If simplified, do not publicly post what may be used against you. Even information from private correspondence can be obtained by attackers (any of the parties to the correspondence process can be hacked or compromised).
Doxing in the cryptosphere
The cryptosphere is one of the most sensitive and secure areas, as anonymity is key for many participants. However, even here, cases of doxing are not uncommon.
For example, in 2014, a well-known developer behind a popular cryptocurrency project became a victim of doxing. The anonymous hacker was able to find out the real name of the developer, his place of residence and other personal data. After that, the hacker published this information on the network, which led to threats against the developer. It is important to note that in the cryptosphere, such cases can not only harm the reputation, but also endanger the security of the entire platform developed by the person who became a victim of doxing.
Doxing in the cryptosphere can also have serious consequences for users, as hackers can try to access crypto wallets using information obtained during attacks. In cryptocurrency transactions where transactions are irreversible, this can lead to significant financial losses.
But it can work the other way around. For example, when an anonymous project decides to run away with money (make a rug pull), investigators can doxit these same fraudsters and try to return the investors' money.
Doxing of owners of erotic content
Cryators (creators) of erotic content who work on platforms such as OnlyFans or similar often face the risk of doxing. Disclosure of their personal data can have catastrophic consequences, including public condemnation, loss of employment, or even physical danger.
For example, in 2020, there was a massive attack on the OnlyFans platform, during which personal data and photos of thousands of users were leaked. This data fell into the hands of the perpetrators, who then began blackmailing the victims by threatening to release the information to their relatives or at work. Many models have experienced severe emotional distress, and some have even ceased their activities for fear of further attacks.
This kind of doxing is usually intended to discredit or even ruin the victim's life by exploiting moral and social prejudices against the erotic industry.
Useful doxing (perhaps even ethical)
Sometimes doxing can have a positive effect. Bot farms — are automated account networks used to spread misinformation, spam or manipulate public opinion on social networks. Owners and operators of such farms usually try to remain anonymous because their activities are illegal or morally condemnable.
In Ukraine, OSINT (open source intelligence) and doxing are sometimes used as a powerful tool to combat enemy propaganda. A vivid example is the video of the Toronto Television project about "General Pekingeseek" (be careful, Pekingeseek is a euphemism).
Doxing can be part of investigative journalism to expose corruption or criminal activity. Good examples are the bihus.info and Our Money projects.
An example of using doxing software
Let's imagine a situation where an attacker tries to find confidential information about a certain person who actively blogs in the crypto community. Its purpose — is to reveal the identity of a blogger who was previously anonymous for the purpose of blackmail or discrediting.
Using OSINT tools (Open Source Intelligence):
An attacker starts by gathering information from open sources using tools such as Maltego or Recon-ng. These applications allow data to be extracted from social networks, forums and other open sources to compile a complete profile of the victim. The collected information may include aliases, email addresses, and even geolocation from photos.
Search by email:
If an attacker finds the victim's email address, he can use services such as Have I Been Pwned or Dehashed, to check whether this data has been compromised in previous leaks. This may provide additional information such as passwords or other related accounts. After checking on Dehashed the attacker discovers that the victim's email has been compromised in several data breaches. Using this information, it accesses old accounts that the victim no longer uses, but which may contain important data.
Use of social engineering:
By gathering enough information, an attacker can use social engineering to force the victim to reveal more details. This can be, for example, a phone call or an email that looks like an official request from a bank or other institution.
For example, under the guise of a crypto platform support staff member, an attacker calls the victim using the information collected and forces them to reveal more personal data, such as their date of birth or full address.
Access to private accounts through password leaks:
After collecting a large amount of information, the attacker uses tools to automatically select passwords (for example, Hydra or John the Ripper) to the victim's accounts. Using a combination of cracked passwords and matching, the attacker gains access to the victim's accounts on various platforms where sensitive information is stored.
Analysis of cryptocurrency transactions:
If the victim actively uses cryptocurrency, the attacker can use blockchain analyzers such as Chainalysis or CipherTrace, to track transactions and identify a real person by anonymous wallets. An attacker can use Chainalysis to analyze the victim's transactions to find connections between anonymous addresses and real identifiers, such as exchanges or other services where the victim's real data is specified.
This post doesn't have any additions from the author yet.
