Doxxing: The Danger of Being Too Open

How dangerous can it be to publish personal data on the Internet? More and more often, politi­cians and celebrit­ies must learn the answer to this firsthand. Criminals, online bullies and other in­di­vidu­als with de­fam­at­ory in­ten­tions collect and publish partly private in­form­a­tion, and in doing so cause con­sid­er­able harm. When attackers do this to their victims, it is referred to as “doxxing” or “doxing”. What does this mean and why do criminals do it?

Hackers play a special role in many cy­ber­at­tacks, where they program viruses, exploit technical security holes and carry out software-based attacks. In these cases, the criminals are spe­cial­ists with the highest level of IT and pro­gram­ming knowledge. Attackers who dox, however, in most cases don’t need this type of expertise at all. What counts in this case is per­sist­ence, mo­tiv­a­tion and a large amount of en­thu­si­asm for criminal activity.

Doxxing attacks always occurs in two stages: Col­lec­tion and pub­lic­a­tion. During the first stage, the attackers gather all of the victim’s available in­form­a­tion. This includes private addresses as well as email addresses, telephone numbers, names of family members, social media accounts, private photos, and to some extent, bank data. The more diverse the data, the more com­pre­hens­ive the sources.

• Social Media: People publish large numbers of photos as well as the most personal in­form­a­tion on readily ac­cess­ible social media.
• Websites: In a website or blog’s legal notice there are specific addresses of in­di­vidu­als and busi­nesses.
• Address and telephone dir­ect­or­ies: Databases with addresses and telephone numbers are also search­able online.
• Hacked databases: Attackers hack cloud storage or even secured databases and extract sensitive in­form­a­tion from them. Data that is captured in this way can also be acquired by doxxing attackers on the Darknet.
• Social en­gin­eer­ing: Attackers appear as trust­worthy in­di­vidu­als on the Internet and ma­nip­u­late victims and family members in such as a way that they willingly surrender in­form­a­tion.

Many doxxing attacks occur ex­clus­ively with freely available in­form­a­tion. Harm to the victim is the result of all the data being available in one place and the context in which it is published.

In the second stage, the collected in­form­a­tion, once it is published, is dispersed as widely as possible. For this purpose, attackers create fake social media accounts and save the documents on anonymous platforms. The objective is to make it so that many other people discover the in­form­a­tion and share it so that the damage done to the victim reaches the largest possible scope. Often, the pub­lic­a­tion is as­so­ci­ated with threats that are likewise taken up by other users, and as a result can also leave the sphere of the Internet.

It is seldom the case that doxxing occurs in order to blackmail people, as the attackers are often not looking for money. The collected in­form­a­tion is often not explosive enough for this purpose. In most cases the attackers cause the victims non-material harm. For this reason, the main motive in most cases is revenge, vi­gil­ant­ism or harming political opponents. Ac­cord­ingly, the victims are often politi­cians, journals or prominent per­son­al­it­ies that have made political comments. Private feuds are also fought out with doxxing. In these cases, it is mostly a matter of elim­in­at­ing the opponent’s anonymity.

Therefore, hate is the main driver. Per­pet­rat­ors don’t want to get rich – they simply want to cause harm to the victim. Even with just the pub­lic­a­tion of their data, the victim starts to feel pressure. It is made clear to the in­di­vidu­als that they are in their opponent’s crosshairs, who are ready to employ illegal means. Per­pet­rat­ors also hope that like-minded in­di­vidu­als are ready to take further measures – from threat­en­ing letters, to swatting (causing the police to be deployed to the victim’s residence) to actual acts of violence. At the very least, they would like to in­tim­id­ate the victim to the point where they stop appearing in public.

Often, doxxing per­pet­rat­ors also try to receive re­cog­ni­tion in the cor­res­pond­ing scene. It is not unusual for attackers – behind a pseudonym of course – to boast of their deeds.

Anonymous makes frequent use of doxxing and probably made the public aware of the phe­nomen­on by at­tract­ing media attention. The group of hackt­iv­ists and prank­sters exposed in­form­a­tion on 7,000 members of law en­force­ment in December 2011. Then in November 2014, they started to release the iden­tit­ies of Ku Klux Klan members after the group threatened to shoot anyone who got in the way of their protest­ing.

Other examples include several live streaming gamers have been victims of doxxing attacks where viewers accused them of having bombs, holding people hostage, or going on shooting rampages, for example. This resulted in the police raiding their home (or their presumed home).

In principal, any Internet user can become the victim of a doxxing attack. Es­pe­cially sus­cept­ible to the hatred of per­pet­rat­ors are those in­di­vidu­als who get involved in political dis­cus­sions on the Internet or make political comments in highly-visible blogs, videos or social media posts. Over the course of a bullying campaign, attackers can then also resort to doxxing.

Because victims are in part selected at random, every Internet user should display only the most necessary in­form­a­tion about them­selves on the Internet and pay attention to data economy. If attackers cannot find any sensitive data, they’ll only have limited means for attacking you.

Should you become a victim and receive threats and insults as a result of the doxxing, you should contact the police and file a complaint. In addition, victims can pro­act­ively reach out to the platforms on which the in­form­a­tion was published in order to request that the data be deleted. If you intend to file a complaint, it is re­com­men­ded that you take screen­shots be­fore­hand.