Doxing

The term, “doxing,” derives from the word “Documents” (“Docs”). Doxing (also doxxing) refers to the targeted collection of information about people using the Internet. In doing so, personal, often confidential, data is researched with the aim of publishing it and thereby exposing the person or harming them for other purposes.

From openly naming anonymous activists to credit card details, celebrity addresses or sexual preferences, a wide variety of data is of interest to doxing.

What does the term “doxing” mean in detail?

The perpetrators use legal and illegal methods to acquire information, such as research on social media, but also the hacking of online accounts or databases.

The motives for doxing can be very different:

1. Blackmail

In some cases, a doxing attack is preceded by a blackmail attempt. The victim is told to pay a certain sum or take certain actions so that embarrassing details from his private life or secret company data are not published. If the person does not respond to the demands of the blackmailers, the data will be published as a consequence.

2. Political and social influence

Sometimes an individual or a group of activists gather information to denounce, intimidate or unmask a common enemy if he or she is known by a pseudonym. For those persecuted in their country for their political, religious or sexual convictions, revealing their true identity or address can be life-threatening. But doxing is also extremely unpleasant for public figures.

3. Bullying

Another motivation for doxing is the pleasure of exposing others. This can result from a supposed need for revenge or other personal reasons. It is reported that doxing is even partly carried out as a kind of competition: the more famous the compromised person, the more
respected the offender.

Where might I encounter the topic of doxing in everyday work?

In your daily work, doxing will rarely (hopefully) confront you. It is theoretically possible, however:

• Where an unethical competitor uses doxing to harm your business.
• Where a former employee feels unfairly treated by you as an ex-employer and tries to take revenge by doxing.
• When your company is exposed to doxing in connection with a prominent customer

What can I do to protect myself from doxing?

As a general rule: Protect yourself as far as possible against the data collection strategies of doxing operators. Among other things, the following measures are recommended:

• Be aware of all the information you share on the Internet. This also applies to forums and other social media.
• Use the most restrictive privacy settings in social media
• Sensitize your environment to the importance that seemingly unimportant personal information can be when it‘s purposefully collected. Spouses, friends and acquaintances are considered potential data sources in doxing.
• Make sure that you’re aware that unfamiliar online conversation partners may be fictional personalities with whom Social Engineering is being carried out. Think very carefully about what information you reveal.
• Protect your private data and your company‘s data against unauthorized access, such as by hacking, phishing or Trojans.

Interesting background information

Further explanations and instructions for action by the Police of Lower Saxony on the doxing topic www.polizei-praevention.de/themen-und-tipps/weitere-hacking-gefahren.html