Leave a trail of digital breadcrumbs, and you could be doxxed
Doxxing (or doxing) comes from ‘dropping dox’, a revenge hacking tactic to discover and publicise personal identities and information. Doxxing can compromise the safety and security of an individual or organisation, often with serious consequences.
Doxxing techniques include packet sniffing, whereby doxxers infiltrate a WiFi network to gather data such as emails, passwords, credit card details and more. Doxxers can also analyse metadata in digital documents and photos, finding out when, where and how files were created and, as a result, by whom.
Another method used in doxxing attacks is IP logging. An invisible code is attached to messages and emails that, once opened, tracks a user’s IP address. Doxxing attempts can be rebuffed by using a Virtual Private Network (VPN) or a Proxy server, and by carefully considering the content of online posts.
Doxxing is one of many threats businesses face however, it isn’t always carried out with malicious intent. Doxxers can aid the police and emergency services by uncovering the identity of criminals, reveal the true personas behind abusive or harmful content, and discourage people from engaging in illegal or socially taboo online forums. In one well known example, a Reddit user called ‘violentacrez’ fell foul of doxxing carried out by an American journalist. Worried that their true identity would be revealed, violentacrez deleted their account. It was too late. Violentacrez, the online identity used by Michael Brutsch, has been at the centre of a controversial debate over misogyny and unsavoury internet use for over 10 years. Organisations may even use doxxing for business research and analysis but this is not generally seen as an advisable or legitimate use.
Doxxing does have serious implications for business as part of an ever growing cyber threat. Organisations should make it a priority to educate stakeholders and safeguard against such attacks.
Stay ahead of the game… Join us at Disruption Summit Europe