Hackers play a special role in many cyberattacks, where they program viruses, exploit technical security holes and carry out software-based attacks. In these cases, the criminals are specialists with the highest level of IT and programming knowledge. Attackers who dox, however, in most cases don’t need this type of expertise at all. What counts in this case is persistence, motivation and a large amount of enthusiasm for criminal activity.
Doxxing attacks always occurs in two stages: Collection and publication. During the first stage, the attackers gather all of the victim’s available information. This includes private addresses as well as email addresses, telephone numbers, names of family members, social media accounts, private photos, and to some extent, bank data. The more diverse the data, the more comprehensive the sources.
- Social Media: People publish large numbers of photos as well as the most personal information on readily accessible social media.
- Websites: In a website or blog’s legal notice there are specific addresses of individuals and businesses.
- Address and telephone directories: Databases with addresses and telephone numbers are also searchable online.
- Hacked databases: Attackers hack cloud storage or even secured databases and extract sensitive information from them. Data that is captured in this way can also be acquired by doxxing attackers on the Darknet.
- Social engineering: Attackers appear as trustworthy individuals on the Internet and manipulate victims and family members in such as a way that they willingly surrender information.
Many doxxing attacks occur exclusively withfreely available information. Harm to the victim is the result of all the data being available in one place and the context in which it is published.
In the second stage, the collected information, once it is published, is dispersed as widely as possible. For this purpose, attackers create fake social media accounts and save the documents on anonymous platforms. The objective is to make it so that many other people discover the information and share it so that the damage done to the victim reaches the largest possible scope. Often, the publication is associated with threats that are likewise taken up by other users, and as a result can also leave the sphere of the Internet.