How dangerous can it be to publish personal data on the Internet? More and more often, politicians and celebrities must learn the answer to this firsthand. Criminals, online bullies and other individuals with defamatory intentions collect and publish partly private information, and in doing so cause considerable harm. When attackers do this to their victims, it is referred to as “doxxing” or “doxing”. What does this mean and why do criminals do it?
If cyber criminals want to dox their victims, they collect personal information from various Internet sources and publish it in one location on the Internet. As a result, victims can suffer considerable harm. The hostilities can even escalate into physical acts of violence.
Hackers play a special role in many cyberattacks, where they program viruses, exploit technical security holes and carry out software-based attacks. In these cases, the criminals are specialists with the highest level of IT and programming knowledge. Attackers who dox, however, in most cases don’t need this type of expertise at all. What counts in this case is persistence, motivation and a large amount of enthusiasm for criminal activity.
Doxxing attacks always occurs in two stages: Collection and publication. During the first stage, the attackers gather all of the victim’s available information. This includes private addresses as well as email addresses, telephone numbers, names of family members, social media accounts, private photos, and to some extent, bank data. The more diverse the data, the more comprehensive the sources.
Many doxxing attacks occur exclusively withfreely available information. Harm to the victim is the result of all the data being available in one place and the context in which it is published.
In the second stage, the collected information, once it is published, is dispersed as widely as possible. For this purpose, attackers create fake social media accounts and save the documents on anonymous platforms. The objective is to make it so that many other people discover the information and share it so that the damage done to the victim reaches the largest possible scope. Often, the publication is associated with threats that are likewise taken up by other users, and as a result can also leave the sphere of the Internet.
The term “doxxing” is derived from the word documents, or docs for short.
It is seldom the case that doxxing occurs in order to blackmail people, as the attackers are often not looking for money. The collected information is often not explosive enough for this purpose. In most cases the attackers cause the victims non-material harm. For this reason, the main motive in most cases is revenge, vigilantism or harming political opponents. Accordingly, the victims are often politicians, journals or prominent personalities that have made political comments. Private feuds are also fought out with doxxing. In these cases, it is mostly a matter of eliminating the opponent’s anonymity.
Therefore, hate is the main driver. Perpetrators don’t want to get rich – they simply want to cause harm to the victim. Even with just the publication of their data, the victim starts to feel pressure. It is made clear to the individuals that they are in their opponent’s crosshairs, who are ready to employ illegal means. Perpetrators also hope that like-minded individuals are ready to take further measures – from threatening letters, to swatting (causing the police to be deployed to the victim’s residence) to actual acts of violence. At the very least, they would like to intimidate the victim to the point where they stop appearing in public.
Often, doxxing perpetrators also try to receive recognition in the corresponding scene. It is not unusual for attackers – behind a pseudonym of course – to boast of their deeds.
Anonymous makes frequent use of doxxing and probably made the public aware of the phenomenon by attracting media attention. The group of hacktivists and pranksters exposed information on 7,000 members of law enforcement in December 2011. Then in November 2014, they started to release the identities of Ku Klux Klan members after the group threatened to shoot anyone who got in the way of their protesting.
Other examples include several live streaming gamers have been victims of doxxing attacks where viewers accused them of having bombs, holding people hostage, or going on shooting rampages, for example. This resulted in the police raiding their home (or their presumed home).
In principal, any Internet user can become the victim of a doxxing attack. Especially susceptible to the hatred of perpetrators are those individuals who get involved in political discussions on the Internet or make political comments in highly-visible blogs, videos or social media posts. Over the course of a bullying campaign, attackers can then also resort to doxxing.
Because victims are in part selected at random, every Internet user should display only the most necessary information about themselves on the Internet and pay attention to data economy. If attackers cannot find any sensitive data, they’ll only have limited means for attacking you.
Should you become a victim and receive threats and insults as a result of the doxxing, you should contact the police and file a complaint. In addition, victims can proactively reach out to the platforms on which the information was published in order to request that the data be deleted. If you intend to file a complaint, it is recommended that you take screenshots beforehand.
Large-scale hacker attacks constantly make their way into the news, which then causes panic among users. Hackers exploit Email addresses and passwords by using them for criminal purposes. Victims often don’t even realize that their data has been stolen. We introduce four tools to help you check whether your Email has been hacked.
Could you be prone to FOMO like many other people? When scrolling through Instagram, suddenly your own life can seem dull in comparison. At a family lunch, you might have an irresistible urge to check your phone. And after turning down a barbecue with friends because of a prior commitment, you nervously check Facebook feed for updates. We’ll tell you how to deal with FOMO.
By complying with the ISO 27001 standard, companies can prove they carefully handle information and plan for exceptional circumstances. Public certificates and standards according to the ISO certification create trust among consumers and attest to the company’s secure and tested treatment of data. The certification is performed by an independent institute.
Malicious hackers gain unauthorized access to sensitive data by identifying weaknesses in security mechanisms and exploiting them. However, technical skills are not always required to be able to steal data. This is the case for shoulder surfing which exploits the greatest weakness of every computer system and security measure – the human being.
There are billions of stolen logins circulating on the dark web today. Hackers use these combinations of logins and passwords to break into user accounts and steal sensitive data using a technique known as “credential stuffing”. To protect your data, you need to know how credential stuffing works and what countermeasures you can take to protect yourself.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages
