Doxxing: The Danger of Being Too Open

How dangerous can it be to publish personal data on the Internet? More and more often, politicians and celebrities must learn the answer to this firsthand. Criminals, online bullies and other individuals with defamatory intentions collect and publish partly private information, and in doing so cause considerable harm. When attackers do this to their victims, it is referred to as “doxxing” or “doxing”. What does this mean and why do criminals do it?

Hackers play a special role in many cyberattacks, where they program viruses, exploit technical security holes and carry out software-based attacks. In these cases, the criminals are specialists with the highest level of IT and programming knowledge. Attackers who dox, however, in most cases don’t need this type of expertise at all. What counts in this case is persistence, motivation and a large amount of enthusiasm for criminal activity.

Doxxing attacks always occurs in two stages: Collection and publication. During the first stage, the attackers gather all of the victim’s available information. This includes private addresses as well as email addresses, telephone numbers, names of family members, social media accounts, private photos, and to some extent, bank data. The more diverse the data, the more comprehensive the sources.

• Social Media: People publish large numbers of photos as well as the most personal information on readily accessible social media.
• Websites: In a website or blog’s legal notice there are specific addresses of individuals and businesses.
• Address and telephone directories: Databases with addresses and telephone numbers are also searchable online.
• Hacked databases: Attackers hack cloud storage or even secured databases and extract sensitive information from them. Data that is captured in this way can also be acquired by doxxing attackers on the Darknet.
• Social engineering: Attackers appear as trustworthy individuals on the Internet and manipulate victims and family members in such as a way that they willingly surrender information.

Many doxxing attacks occur exclusively with freely available information. Harm to the victim is the result of all the data being available in one place and the context in which it is published.

In the second stage, the collected information, once it is published, is dispersed as widely as possible. For this purpose, attackers create fake social media accounts and save the documents on anonymous platforms. The objective is to make it so that many other people discover the information and share it so that the damage done to the victim reaches the largest possible scope. Often, the publication is associated with threats that are likewise taken up by other users, and as a result can also leave the sphere of the Internet.

It is seldom the case that doxxing occurs in order to blackmail people, as the attackers are often not looking for money. The collected information is often not explosive enough for this purpose. In most cases the attackers cause the victims non-material harm. For this reason, the main motive in most cases is revenge, vigilantism or harming political opponents. Accordingly, the victims are often politicians, journals or prominent personalities that have made political comments. Private feuds are also fought out with doxxing. In these cases, it is mostly a matter of eliminating the opponent’s anonymity.

Therefore, hate is the main driver. Perpetrators don’t want to get rich – they simply want to cause harm to the victim. Even with just the publication of their data, the victim starts to feel pressure. It is made clear to the individuals that they are in their opponent’s crosshairs, who are ready to employ illegal means. Perpetrators also hope that like-minded individuals are ready to take further measures – from threatening letters, to swatting (causing the police to be deployed to the victim’s residence) to actual acts of violence. At the very least, they would like to intimidate the victim to the point where they stop appearing in public.

Often, doxxing perpetrators also try to receive recognition in the corresponding scene. It is not unusual for attackers – behind a pseudonym of course – to boast of their deeds.

Anonymous makes frequent use of doxxing and probably made the public aware of the phenomenon by attracting media attention. The group of hacktivists and pranksters exposed information on 7,000 members of law enforcement in December 2011. Then in November 2014, they started to release the identities of Ku Klux Klan members after the group threatened to shoot anyone who got in the way of their protesting.

Other examples include several live streaming gamers have been victims of doxxing attacks where viewers accused them of having bombs, holding people hostage, or going on shooting rampages, for example. This resulted in the police raiding their home (or their presumed home).

In principal, any Internet user can become the victim of a doxxing attack. Especially susceptible to the hatred of perpetrators are those individuals who get involved in political discussions on the Internet or make political comments in highly-visible blogs, videos or social media posts. Over the course of a bullying campaign, attackers can then also resort to doxxing.

Because victims are in part selected at random, every Internet user should display only the most necessary information about themselves on the Internet and pay attention to data economy. If attackers cannot find any sensitive data, they’ll only have limited means for attacking you.

Should you become a victim and receive threats and insults as a result of the doxxing, you should contact the police and file a complaint. In addition, victims can proactively reach out to the platforms on which the information was published in order to request that the data be deleted. If you intend to file a complaint, it is recommended that you take screenshots beforehand.