Harman Patil (Editor)

Doxing

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Doxing (from dox, abbreviation of documents), or doxxing, is the Internet-based practice of researching and broadcasting private or identifiable information (especially personally identifiable information) about an individual or organization.

Contents

The methods employed to acquire this information include searching publicly available databases and social media websites (like Facebook), hacking, and social engineering. It is closely related to internet vigilantism and hacktivism.

Doxing may be carried out for various reasons, including to aid law enforcement, business analysis, extortion, coercion, harassment, online shaming, and vigilante justice.

History

Doxware is a cryptovirology attack invented by Adam Young and further developed with Moti Yung that carries out doxing extortion via malware. It was first presented at West Point in 2003. The attack is rooted in game theory and was originally dubbed "non-zero sum games and survivable malware". The attack is summarized in the book Malicious Cryptography as follows, "The attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay to get it back, where in the attack that is presented here the victim retains access to the information but its disclosure is at the discretion of the computer virus". Doxware is the converse of ransomware. In a ransomware attack (originally called cryptoviral extortion) the malware encrypts the victim's data and demands payment to provide the needed decryption key. In the doxware cryptovirology attack, the attacker or malware steals the victim's data and threatens to publish it unless a fee is paid.

Etymology

"Doxing" is a neologism that has evolved over its brief history. It comes from a spelling alteration of the abbreviation "docs" (for "documents") and refers to "compiling and releasing a dossier of personal information on someone". Essentially, doxing is openly revealing and publicizing records of an individual, which were previously private or difficult to obtain.

The term dox derives from the slang "dropping dox", which, according to Wired writer Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose opponents to harassment or legal repercussions.

As such, doxing often comes with a negative connotation, because it can be a vehicle for revenge via the violation of privacy.

Common techniques

Hackers, police officers and amateur detectives alike can harvest the information from the internet about individuals. There is no particular structure in place for doxing, meaning a hacker may seek out any kind of information related to the target.

A basic Web search can yield results. Social media platforms like Facebook, Twitter, Tumblr, and Linkedin offer a wealth of private information, because many users have high levels of self-disclosure (i.e. sharing their photos, place of employment, phone number, email address), but low levels of security. It is also possible to extrapolate a person's name and home address from a cell-phone number, through such services as reverse phone lookup. Social engineering has been used to extract information from government sources or phone companies.

In addition to these, a hacker may use other methods to harvest information. These include information search by domain name and location searching based on an individual's IP address.

Once people have been exposed through doxing, they may be targeted for harassment through methods such as harassment in person, fake signups for mail and pizza deliveries, or through swatting (dispatching armed police to their house through spoofed tips).

It is important to note that a hacker may obtain an individual's dox without making the information public. A hacker may harvest a victim's information in order to break into their internet accounts, or to take over their social media accounts.

The victim may also be shown their details as proof that they have been doxed in order to intimidate them. Doxing is therefore a standard tactic of online harassment, and has been used by people associated with 4chan, the Gamergate controversy and anti-vaccine activists.

The ethics of doxing by journalists, on matters that they assert are issues of public interest, is an area of much controversy. Many authors have argued that doxing in journalism blurs the line between revealing information in the interest of the public and releasing information about an individual's private life against their wishes.

Boston Marathon

Following the 2013 Boston Marathon bombing, vigilantes on Reddit wrongly identified a number of people as suspects. Notable among misidentified bombing suspects was Sunil Tripathi, a student reported missing before the bombings took place. A body reported to be Tripathi's was found in Rhode Island's Providence River on April 25, 2013, as reported by the Rhode Island Health Department. The cause of death was not immediately known, but authorities said they did not suspect foul play. The family later confirmed Tripathi's death was a result of suicide. Reddit general manager Martin later issued an apology for this behavior, criticizing the "online witch hunts and dangerous speculation" that took place on the website.

Hit lists of abortion providers

In the 1990s anti-abortion terrorists secured abortion providers' personal information, such as their home addresses, phone numbers, and photographs, and posted them as a hit list, ruled by the courts to be in immediate incitement to violence. The site's legend explained: "Black font (working); Greyed-out Name (wounded); Strikethrough (fatality)." The website included blood-dripping graphics, celebrated providers' deaths and incited others to kill or injure the remaining providers on the list. Between 1993 and 2016, eight abortion providers were killed by anti-abortion terrorists.

Anonymous

The term "dox" entered mainstream public awareness through media attention attracted by Anonymous, the Internet-based group of hacktivists and pranksters who make frequent use of doxing, as well as related groups like AntiSec and LulzSec. The Washington Post has described the consequences for innocent people incorrectly accused of wrongdoing and doxed as "nightmarish".

In December 2011, Anonymous exposed detailed information of 7,000 members of law enforcement in response to investigations into hacking activities.

In November 2014, Anonymous began releasing the identities of members of the Ku Klux Klan. This was in relation to local Klan members in Ferguson, Missouri, making threats to shoot anyone who provoked them while protesting the shooting of Michael Brown. Anonymous also hijacked the group's Twitter page, and this resulted in veiled threats of violence against members of Anonymous. In November 2015, a major release of information about the KKK was planned. Discredited information was released prematurely and Anonymous denied involvement. On November 5, 2015 (Guy Fawkes Night) Anonymous released an official list of supposed but currently unverified KKK members and sympathizers.

Human flesh search engine

The Chinese Internet phenomenon of the "Human flesh search engine" shares much in common with doxing. Specifically, it refers to distributed, sometimes deliberately crowdsourced searches for similar kinds of information through use of digital media.

Journalists

Journalists with The Journal News of Westchester County, New York, were accused of doxing gun owners in the region in a story the paper published in December 2012.

Newsweek came under fire when writer Leah McGrath Goodman claimed to have revealed the identity of the anonymous creator of Bitcoin, Satoshi Nakamoto. Though the source of her sleuthing was primarily the public record, she was heavily criticized for her doxing by users on Reddit.

The Satoshi Nakamoto case brought doxing to greater attention, particularly on platforms such as Twitter, where users questioned the ethics of doxing in journalism. Many Twitter users condemned doxing in journalism, wherein they argued that the practice was seemingly acceptable for professional journalists but wrong for anyone else. Other users discussed the effect the popularization that the concept of doxing could have on journalism in public interest, raising questions over journalism concerning public and private figures. Many users have argued that doxing in journalism blurs the line between revealing information in the interest of the public and releasing information about an individual's private life against their wishes.

Curt Schilling

In March 2015, former Major League Baseball (MLB) pitcher Curt Schilling used doxing to identify several people responsible for "Twitter troll" posts with obscene, sexually explicit comments about his teenaged daughter. One person was suspended from his community college, and another lost a part-time job with the New York Yankees.

Donald Trump

In July 2015, US presidential candidate Donald Trump read out the cell phone number of fellow candidate South Carolina Senator Lindsey Graham at a campaign rally and encouraged attendees to call it. Media outlets and Graham reported that the number belonged to the senator.

Alondra Cano

In December 2015, Minneapolis city councilwoman Alondra Cano used her Twitter account to publish private cellphone numbers and e-mail addresses of critics who wrote about her involvement in a Black Lives Matter rally.

Lou Dobbs

In 2016, Fox Business news anchor Lou Dobbs revealed the address and phone number of Jessica Leeds, one of the women who accused American presidential candidate Donald Trump of inappropriate sexual advances; Dobbs later apologized.

Erdogan emails

In July 2016, Wikileaks released 300,000 e-mails called the Erdogan emails, initially thought to be damaging to Turkish President Recep Tayyip Erdogan. Included in the leak was Michael Best, who uploaded Turkish citizens' personal information databases that WikiLeaks promoted, who came forward to say that doing so was a mistake after the site where he uploaded the information took it down. The files were removed due to privacy concerns, as they included spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers.

Michael Hirsh

In November 2016, Politico editor Michael Hirsh resigned after publishing the home address of white nationalist Richard B. Spencer on Facebook.

References

Doxing Wikipedia