Read this article to find out why your employees should play a role during every step of your cloud journey, how to support them, and how to avoid potential pitfalls within your team. After all, you don’t want to get this wrong and pay a hefty price for delays or even lose key people.
What is ‘Doxxing’?
In this article, we look at what doxxing is, the legality of it, some examples of doxxing, and we consider what we can do to protect ourselves and our businesses from attack.
What Is doxxing?
doxxing is a term meaning for dropping (personal) dox where ‘dox’ is a slang term for documents. doxxing is a malicious act where a person/persons use a variety of methods to find previously private personal information about an individual or organisation, and then publicly reveal/expose that information to all, usually over the Internet. The type of information released could be anything from simple personal details (real name, home address, workplace), to much more personal embarrassing and damaging information. doxxing is actually an old term that pre-dates the modern Web, and dates back to the online hackers in the 1990s.
Is doxxing Illegal?
Although doxxing is malicious and can be very harmful, it is generally not illegal because much of the information is gathered from what is considered as the public domain. However, the legality also depends upon whether details were obtained using legal methods, and doxxing treads a fine line between what is legal and not, sometimes entering into the illegal worlds of stalking, harassment, and more. If the threat of doxxing is used to extort money then this is, of course, blackmail. In many cases, at the very least, doxxing often violates many websites’ terms of service.
Proposed Anti-doxxing Law in Hong Kong
Hong Kong has proposed a new anti-doxxing law, mainly to prevent details of members of the authorities from being posted online and, perhaps, to crack down on criticism. Unfortunately, the power that this law would hand to Hong Kong’s privacy watchdog has led to complaints from an industry group that represents big tech companies like Amazon, Apple, Google, and Facebook.
How doxxing Works – Information Gathering
Ways that information is gathered about a person by ‘doxers’ for use in doxxing includes:
- Tracking usernames to build up a picture of a target’s interest.
- Using WHOIS searches of domain names.
- Using social engineering on a target’s ISP to discover the target’s IP address, which is linked to their physical location.
- Reverse mobile phone lookup.
- Piecing together bits of information that has been sold across the Web by data brokers.
- Packet sniffing (intercepting a target’s Internet data) – passwords, credit card numbers, bank account information, email messages and more.
High Profile Examples of doxxing
Just some of the many examples of doxxing that have made the news include:
- December 2011 – the hacking group Anonymous exposed detailed information online about 7,000 law enforcement agents as revenge for investigations into hacking activities.
- In 2013, hackers posted Kim Kardashian’s Social Security number, credit report, address (+ six previous addresses) online.
- In 2016, while Donald Trump was campaigning for the US presidency, Anonymous posted his Social Security number and phone number, as well as the contact information for his agent and lawyer online.
- In 2017, the Russian (Moscow) hacker group Turla hacked the Instagram account of Britney Spears, and used it to post secret, cryptic comments.
How To Protect Yourself From doxxing
Some of the measures you can take to help protect yourself/your business from falling victim to doxxing include:
- Using a VPN to protect your IP address.
- Using strong passwords, avoiding password sharing, and using 2FA or multi factor authentication where possible.
- Setting up different email addresses for different uses e.g., professional, personal, and spam.
- Maximising your social media privacy settings.
- Hiding domain registration information from WHOIS.
- Asking Google to remove any personal information that you are concerned about.
- Keeping up with good general online security practices and be careful what information you share via social media.
What Does This Mean For Your Business?
The main motives for doxxing appear to be revenge, control, or even as a way to blackmail someone. Following good online security practices and policies anyway is the best way to avoid giving e.g., disgruntled former employees/customers, hackers, and others the fuel and the openings they need to build their campaigns. Sadly, much of our data ends up being shared around the Web, perhaps to places we wouldn’t expect to go and determined doxers may be able to find some things despite our best efforts to maintain our privacy.
For Northamptonshire IT support or Cyber Security advice, please call your local MSP, Paradise Computing, on 01604 655900 or send us a message using our online contact form.
Help to Grow Digital is a new initiative that helps SMEs identify their digital technology needs, assess technology purchasing options and then implement new technologies in their operations.
As of the 1 April 2022, all VAT-registered businesses will be required to use MTD for their VAT accounting. This includes around 700,000 businesses that are registered for VAT but are below the VAT threshold, so may not have considered MTD for VAT before now.