The Doxing is a term from the English worddocuments.It consists of the abbreviation of doc (dox) and the suffix -ing.
Today, in the 21st century, the era of the Internet, there is no longer a person who does not have a Facebook account, or a company with a website, or a person buying online … Technology and technology IT made our life a lot easier. However, these new possibilities have also generated new problems, dangers or threats. In addition,despite the good use we can make of it, unfortunately there will always be a setback to the medal.An obscure side, which some people will enjoy.
How does thedoxing ?
Thedoxing consists mainly of creating a complete profile of a person or company through the collection of personal information. We can think :this information is already public in our social network profiles. Where is the problem ?
This profile created bydoxing contains a lot more personal information. Information that is not public on the web, but that, nevertheless, has been obtained by linking different data that are freely available. Indeed,some of our references, which we believe are "hidden", are in fact easily accessible.
The Doxing simply use the Internet to search for details about a particular person.The danger of this method is that it starts with a simple name, a "username" , age, phone number, email, photos, etc. Basic personal information is the beginning of this type of investigation. In other words, the doxing does not rely solely on the collection of already public information. The latter also make it possible to obtain other personal data.
This practice is not a crime in itself.Ultimately, we only collect information on a subject.What constitutes a crime, however, is the purpose for which we use this information or the way we obtain it.
- The first case will be defined by theclear intention to harm the victim. Use this information to cheat, impersonate, harass, threaten, etc.
- In the second case, we will refer to theuse of computer tricks(which imply a deeper knowledge)to obtain information. For example, by asking the person to download a document containing a malware hidden (malicious document) to obtain bank account numbers, medical information, etc.
Some instruments ofdoxing
- Google and other search engines like Yahoo, Bing, etc.. These are tools accessible to all. They allow you to quickly and easily obtain photos posted from the person, the social sites where it appears, phone numbers, the email account identifier, etc.
- Social networks. Facebook is the most used, with LinkedIn. Indeed, we publish a lot of information about our life. The professional use we make of it sometimes forces us to put truthful information that exposes us to this type of attack.
- "Whois search". Used to obtain information about the owner of a domain or an IP address.
What are these possible effects?
The damage inherent in thedoxing can be material and personal. It will depend primarily on the purpose of the doxing, although the effects still overlap.
On a personal level, the most important harm is the feeling of insecurity that the doxing induced. Obtaining the home address is a clear demonstration that "we are not safe even at home". All this can also generate anxiety and moral damage. Indeed, this information is sometimes used to humiliate, harass and persecute the victim. Fear, of course, is another effect.
On the physical side, doxing can cause the loss of bank accounts or passwords that give access to sensitive personal information, for example.All of this is linked to a possible loss of money, the need to create a new company, change of residence, etc.
Similarly, the consequences ofdoxing not only affect the victim herself. His family and close friends can also be affected. When so much data about a person is exposed, the environment close to the person is also exposed. A kind of snowball effect very difficult to stop is thus generated.
The doxing can it be avoided?
Once on the Internet, it is very difficult, almost impossible, to leave this world and become "anonymous" again.The only thing we can do is follow a series of guidelines that make it difficult to obtain this information.
The key is to try to reduce and minimize the amount of information we publish in our social profiles. This is sometimes unavoidable. In this case, we must strengthen security.
- Privatize certain information, such as photos, e-mail, phone number in social networks. Do not allow free access to this type of data. And, if the publication of said data is not really necessary, do not put them.
- Use strong passwords. Mix numbers, capital letters, small letters, etc. may not be an obstacle for hackers. Today, there are programs that force these safety barriers. We will, however, make things more difficult for them. In addition, do not use the same password for multiple domains and pages.
- Avoid to the maximum to indicate in our messages the exact place where we are in real time.
- Use different email accounts for each case : work, social networks, personal mail, bank accounts, etc.
A tent was set up in Brussels (Belgium), in which it was proposed to read the thoughts of the volunteers. Some accepted and the fortune teller impressed them completely. He knew all kinds of information about them. Information that they did not even give to those around them. How did he know?
You are stuck as soon as you get on the Internet. Even if we do not have any type of social profile, administrations operate via the network, storing customer data (medical records, account movements, addresses, purchases made, etc.). It's inevitable. Butif we take the warnings into account and take care of everything we publish on our own, we can at least minimize the risk of becoming a potential victim of this type of malicious practice at some point in time.
Schreibman, E. (2015). Doxing Methodologies and Defenses: The Inevitable (or Avoidable?) Plastering of Sensitive Information.
Andress, J. (2013).Doxing and anti-doxing information recognition for the stalker and the stalked. Security in knowledge. Conference held at the congress of RSA CONFERENCE.