Keeping our data secure can be an uphill battle. Sometimes, one small thing or interaction with the wrong person online can have a knock-on effect that can cause your private information to be posted online. Doxing, or doxxing uses the information without the consent of individuals or companies that store their data in any corner of the Internet.
No one is exempt from falling prey to doxing; even Hollywood celebrities have suffered a doxing attack. Being informed and educated is one of the main tasks we must undertake to prevent this dangerous type of cyberattack.
What Is Doxing
The term "doxing" comes from the term ‘Dropping Dox’, dox being the shortened version of documents. Its origin traces back to hacker and internet culture, where exposing individuals' personal information became more prominent in the 1990s.
Originally used in online communities, doxing referred to the malicious search and publication of private data to harm the affected person.
But if we talk about doxing as a basic concept, it's a practice in which private information about a person is collected and disclosed without their consent. This information may include physical addresses, phone numbers, email addresses, employment history, and other personal details.
Doxing may happen for various reasons, such as accidentally posting your details on social media posts, such as your address, data leaks, or even someone who planted a tracking device on you to monitor your movements to find out where you live.
Doxing can have various motivations, from simple invasion of privacy to online harassment or stalking. Doxing is a serious privacy violation and can have significant legal consequences. Today, prevention and awareness of this practice are essential to protect yourself or your family online.
What Are the Risks of Doxing?
Doxing represents a direct invasion of privacy by exposing intimate and personal information about an individual without their consent. This act can include data such as addresses, phone numbers, and other confidential details.
One of the most concerning purposes of doxing is online harassment. By revealing personal information, perpetrators seek to harass and intimidate the victim, creating a hostile digital environment that can have significant emotional and psychological impacts. Neglecting our privacy can have consequences in the future, such as identity theft or worse.
Cyberbullying and Threats
Information obtained through doxing can be used to perpetrate cyberbullying and threats, especially in the online gaming community. Attackers may leverage this information to extort the victim, demanding specific actions or facing more severe consequences.
Loss of Physical Security
Although it's a cyber attack, the disclosure of physical addresses can jeopardize the physical security of the affected person. Doxing has led to situations where harassers show up at the victim's residence, creating tangible risk scenarios.
The information disclosed through doxing can be distorted or used to steal your online identity, potentially damaging the victim's reputation. This can impact personal and professional relationships, leading to long-term adverse consequences.
Possible Legal Consequences
Depending on jurisdictions, doxing may be illegal and carries potential legal consequences for the perpetrator. Privacy and cybersecurity laws aim to protect individuals against the unauthorized disclosure of personal information.
Methods of Information Collection Through Doxing
The following methods allow doxers to build detailed profiles of individuals, exposing information from superficial to the most confidential.
Collecting information through social media is one of the most common doxing methods. People often share significant personal details on platforms like Facebook, Twitter, and Instagram.
Doxers use these sources to gather data such as full names, places of residence, personal relationships, current or past employment, and other aspects of daily life.
Public records, available online or in government archives, are also used to gather information. This includes property records, civil records, legal histories, and other documents accessible to the public. Although this information is theoretically open, its consolidation and misuse for doxing purposes pose significant risks.
Social engineering involves manipulating people to obtain confidential information. In the context of doxing, this could include persuasive techniques to make the victim reveal personal details, such as passwords to their accounts or answers to security questions. Doxers often use social engineering in combination with online information gathering to create a complete profile of the victim.
Hacking refers to unauthorized infiltration of computer systems to obtain information. Doxers with technical skills may use hacking techniques to access private accounts, emails, or other electronic systems containing sensitive data. This significantly amplifies the scope of doxing by allowing access to more confidential information.
How to Avoid Doxing
Avoiding being hacked can be costly and time-consuming, requiring procedures such as creating stronger passwords, entering as little information as possible in our social networks, or using authentication applications or security keys.
Create Powerful Passwords
- Create passwords that are hard to guess by combining uppercase and lowercase letters, numbers, and special characters.
- Avoid using the same password for multiple accounts. Use password managers to generate and securely store unique passwords.
- Change your passwords regularly to reduce the risk of exposure in case of a security breach.
Configure Privacy on Social Media
- Individualized Configuration: Review and adjust the privacy settings of each social network according to your preferences. Not all platforms have the same options, so make sure to be familiar with the specific features of each.
- Limited Information: Reduce the visibility of your personal information to avoid leaks. Limit who can see your friend list, past posts, and contact information.
- Content Segmentation: Use features like friend lists or groups to segment your contacts and control which groups can access certain types of content.
- Widespread Activation: Enable two-factor authentication on all accounts that allow it. This method provides an additional layer of security by requiring additional security verification steps.
- Secure Methods: Prefer more secure 2FA methods, such as authentication apps or security keys, to avoid possible interception of text messages.
To avoid falling victim to this type of cyber attack, awareness of the danger and its potential consequences is crucial, along with following education protocols.
For that reason, you'll need to keep four very important things in mind:
- Stay informed about the latest threats and tactics used in the realm of doxing.
- Educate your friends and family about the risks associated with doxing and share good practices for online security.
- Learn to identify possible manipulation attempts, such as deceptive messages or requests for personal information.
- Establish the habit of regularly reviewing and updating privacy settings on all your online accounts, adapting them to your needs and changing circumstances.
The combination of personalized privacy settings, secure password practices, two-factor authentication, and robust cybersecurity education forms a comprehensive approach to avoiding doxing and protecting your online presence. Awareness and proactive action are crucial in defense against potential threats.
Media Cases of Doxing
On numerous occasions, both celebrities and recognized entities have fallen victim to doxing, exposing intimate details such as addresses, phone numbers, and family data. These events, often amplified by media attention, underscore how even public figures are not exempt from the vulnerability of their personal information.
Doxers typically pursue different objectives. On one hand, they may attempt to extort or scam the victim out of their money in exchange for not disclosing the obtained information. On the other hand, they aim to gain popularity by attributing credit to their actions, boasting about their ability to achieve it, and ridiculing the victim in the process.
In 2014, a scandal known as the "Fappening" or "Celeb Gate" unfolded, involving the massive leakage of intimate images of celebrities, such as renowned actors and singers. This incident occurred through a vulnerability in Apple's iCloud cloud storage service.
The attacker employed a tool called iBRUTE, developed in Python, to carry out a type of attack known as 'Brute Force.' This method involves repetitive attempts to decipher an account's password by testing different combinations until the correct one is found. Essentially, the hacker tried over and over to access the accounts of the affected celebrities.
It is important to note that the massive attack was largely possible due to the weakness of the passwords used by the victims. These passwords were short, had few characters, and often included common words, making it relatively easy for the attacker to decipher them.
This incident highlighted the importance of using secure and unique passwords and the need for stronger security measures in cloud services to protect user privacy.
The attack took advantage of a vulnerability in the "Find my iPhone" application linked to the user's ID. Additionally, iCloud did not implement preventive measures to block accounts subjected to repetitive login attempts, further facilitating the execution of the attack.
The compromising images were anonymously published on platforms such as 4chan and Reddit. Although the security flaw lasted only a few days, it affected approximately 300 million iCloud users. Among the victims were celebrities like Jennifer Lawrence, Kirsten Dunst, Lea Michele, Kate Upton, Victoria Justice, Arianna Grande, and Kaley Cuoco, among others.
Apple responded by patching the vulnerability at 3:20 in the morning. The company's CEO, Tim Cook, was forced to publicly apologize and commit to improving the service's security.
These measures were implemented after a significant drop in Apple's stock value, just days before the launch of the iPhone 6. This episode emphasizes the critical need for strong security measures on cloud platforms and the importance of promptly addressing security breaches.
Mark Zuckerberg's Case
Mark Zuckerberg experienced identity theft on his social media platforms. Hackers, identified as the cybercriminal group OurMine, managed to access the Twitter and Pinterest accounts of the Facebook CEO. Fortunately, his account on the social network Facebook remained unharmed.
The group OurMine openly claimed responsibility for the attack. This collective had already gained notoriety in 2012 by compromising 117 million passwords on the professional network LinkedIn, including Zuckerberg's own. It seems that the Facebook founder used the same password for several of his online accounts.
Defiantly, the hackers used Zuckerberg's Twitter account to send a direct message: "Hello Mark Zuckerberg, you were in the LinkedIn database. Send a private message to confirm it." They even revealed the password they used to access the account.
Although the tweets were deleted shortly after the incident, the hackers also changed the name of Zuckerberg's Pinterest account to "Hacked By OurMine Team." This incident underscores the importance of password security and the need for robust measures to protect online accounts, even for prominent figures like Mark Zuckerberg.
Other Hacked Celebrities
Security on Instagram was compromised in 2017 when a hacking group, known as Doxagram, claimed to have obtained data from six million accounts due to an error in the platform's API. Initially thought to affect only significant accounts, the situation was more serious than expected.
The Doxagram hackers leaked a list of allegedly famous people at risk. They offered a database accessible for $10, but the platform disconnected after publication. Additionally, they attempted to promote themselves in forums, offering the possibility of obtaining a celebrity's contact for the same price as two cups of coffee.
As pages linked to the hackers emerged and disappeared, Facebook intensified its efforts by acquiring and deactivating domains used by Doxagram. This incident followed earlier events, such as the hacking of Selena Gomez's account, likely prompting many celebrities to enhance the security of their accounts on the platform.
The cybersecurity company RepKnight also revealed a list of famous names that could be at risk, including prominent figures like Donald Trump, Emma Watson, or Leonardo DiCaprio. This incident underscores the critical importance of online security, especially for public figures with prominent profiles on social media.
Staying Safe Against the Threat of Doxing Attacks
Identity theft, extortion, data theft... When reflecting on the ethics of doxing, we find that the line between freedom of information and invasion of privacy becomes blurry. For this reason, the collective responsibility to protect online privacy and promote an ethical digital environment begins to play a significant role, where security and integrity take precedence.
Avoiding doxing requires regular monitoring of your accounts. If you see anything suspicious in your accounts, immediately report it to the business. Using a strong VPN connected to a secure Wi-Fi connection is the best method to hide your location from doxers, and if your details do end up being leaked online, be sure to involve the authorities immediately.