7/05/2022

What is Doxxing? – An how to protect against it

Doxxing is an old 90s term, the more commonly used term these days is CyberBullying or CyberStalking

Recently, doxing has become a tool in the culture wars, with rival hackers doxing those who hold opposing views the opposite side. Doxers aim to escalate their conflict with targets from online to the real world, by revealing information which includes:

• Home addresses
• Workplace details
• Personal phone numbers
• Social security numbers
• Bank account or credit card information
• Private correspondence
• Criminal history
• Personal photos
• Embarrassing personal details

Doxing attacks can range from the relatively trivial, such as fake email sign-ups or pizza deliveries, to the far more dangerous ones, like harassing a person’s family or employer, identity theft, threats, or other forms of cyberbullying, or even in-person harassment.

It is when an internet user, with malicious intent, discovers information about you and uses it in a negative way, often adding their own opinion or taking things out of context. They use this to potentially stalk or drive their victim offline.

AckerWorx volunteers are very adept with the internet and its environment, we utilise an alias or online ID that other people can identify us online and make working relationships, however, they cannot trace our volunteers back to their home address.

Aliases are not the only way to keep yourself safe. You can create public profiles or fake posts with misleading information, that would confuse an online attacker, and result in them posting false truths about you. Fake News can be used in Social Engineering, to combat an online troll in a safe manner. Posting false information about you in this way is not criminal. Although be careful what you post, as you don’t want to be misinterpreted as a bad person.

You can also choose to ignore it, if you live in the US contact the FBI, who are more than equipped to handle such cybercrime investigations. If you are in the UK, unplug your computer and walk outside. As they have only recently started (CyberSecurity), compared with international statistics, they are very far behind.

The motivations behind doxing vary. People feel they have been attacked or insulted by their target and could be seeking revenge as a result. If someone becomes known for their controversial opinions, they could target someone with opposing viewpoints. However, this tends to be the case when the topic is especially polarized, rather than everyday political disagreements.

Intentionally revealing personal information online usually comes with the intention to punish, intimidate, or humiliate the victim in question. That said, doxers can also see their actions as a way to right perceived wrongs, bring someone to justice in the public eye, or reveal an agenda that has previously not been publicly disclosed. 

Regardless of the motivation, the core purpose of doxing is to violate privacy, and it can put people in an uncomfortable situation — sometimes with dire consequences.

Swatting

Another practice related to doxxing is Swatting. Swatting means prank-calling the police or SWAT units to another person’s address. In the online area, a victim getting doxxed can also lead to swatting. Malicious hackers find someone’s address and make fake bomb threats or other serious incidents, then the police show up to the unsuspecting victims’ home.

In December 2017, such an incident lead to the death of Andrew Finch from Kansas. Finch was fatally shot by an officer responding to a false domestic violence dispute.

28-year-old Finch had previously played a Call of Duty game online and started fighting with 25-year-old Tyler Barris. Another player, going under the username “Miruhcle”, escalated the conflict to dramatic proportions. He provided Barris with Finch’s home address and dared him to do a swatting.

Barris had two prior swatting incidents, making calls to the police about fake bomb threats. This time, the doxxing and swatting took a turn for tragedy. Barris sent police at Finch’s house by falsely reporting a murder and hostage situation. Police arrived at Finch’s house and, when he opened the door, shot him dead.

2012 Sussex Police was called out to a YouTubers house after, a online troll, reported he posted a video of him killing himself… How do you post a video… after that?!??!

Doxing methods

Cybercriminals and trolls can be very resourceful in how they doxx you. They can use a single clue, and then follow it up until they slowly unravel your online persona and reveal your identity. Nowadays it is all about SEO, Site Ranking and hits, due to the money you can make from website advertising, doxxers will often look to add their only opinion to an article aka click-baiting.

Here’s what you should look out for if you want to stay anonymous on the web.

1. Revealing your identity through the information you post

The more you write on forums and message boards, the higher your chances become of accidentally revealing personal information about you. If you use social media, it’s even more dangerous.

You don’t even have to outright say where you live. Instead, it’s possible to roughly pinpoint your location by way of elimination.

For instance, you make a post saying you don’t live in the Americas. In another you said you wanted to visit a different continent, so you chose Asia.

With only two posts, the cybercriminal made an educated guess you most likely lived in Europe.

In another post, you said Walmart isn’t present in your country, but that Carrefour is the dominant retail chain.

By now, your possible location has been narrowed down to 3-4 countries.

As the doxxer keeps sifting through your information, he slowly figures out what country you live in, and even your current city.

2. Packet sniffing

Our TazRyder.Ai uses a form of packet sniffing when applied to online trolls, it is part of the investigative process. Usually, an online troll has more than one victim. Packet sniffing will expose their online activities.

However, be careful, if the troll is posting on a WordPress site, you might accidentally reveal your IP addresses to them.

Packet sniffing is a Network Security method but can be used maliciously, it is where the doxxer intercepts your Internet data, looking for valuable information about you, such as emails, passwords, credit card data and so on.

Basically, the doxxer connects to a network, such as a Wi-Fi, breaks its security measures and after that, he intercepts all of the data coming in and out of the network.

What’s more, the malicious hacker has access to this data in real-time, so everything you type in a form will simultaneously show up on his screen.

3. Matching information between an online persona and social media profile

Ross Ulbricht was the founder of the infamous darknet website Silk Road, which traded drugs, guns and so on.

To hide his identity, he used the nickname “Dread Pirate Roberts”.

The police were able to connect Ross Ulbricht and Dread Pirate Roberts partly because both of these “personas” said they were a) libertarians b) followers of the Mises Institute c) both of them wanted to create “an economic simulation of what it would be like to live in a world without the systemic use of force”.

During the trial, Ross Ulbricht built his defence claiming he gave away the Dread Pirate Roberts account, and someone else made Silk Road the Internet’s hot spot for illicit trade.

As far as coincidences go, this was a bit too much to believe. The judge threw out the defence and sentenced Ross Ulbricht to a long time in jail.

AckerWorx designs OSINT tools used in digital forensic situations, let us know if you would like someone to take a look at your online front, using our experience we can quickly determine where an attack might easily be able to obtain identifiable information.

When looking for online jobs, it’s common for those to use an online CV, this can usually contain juicy information to an online troll, like address or email information, creating a clear boundary between work and life can mitigate such events.

OSINT professionals when gathering information may use online personas, unless otherwise necessary it is a common practice to disregard compromised identities or all use a singular name.

4. Doxxers analyze file metadata

Microsoft Office files such as Word or Excel documents have something called “metadata”.

This is information about the document, which you can find by right-clicking a Microsoft Office file -> Properties -> Details

This section contains data about who made the file, when, from what computer, the company who made it and even total editing time.

Simply by glancing over this metadata, a doxxer can learn a great deal about you. Here’s a guide by Microsoft on how to limit the amount of metadata you share with a document.

But it’s not just Microsoft Office files that remember metadata, even photos have something similar called EXIF data. This contains data regarding the camera or smartphone model, resolution, location (if you enabled GPS) and time when it was taken.

AckerWorx we either remove or amend the EXIF data when making posts.

5. Doxxing through IP logging

IP loggers are tools used on the Internet to sniff out a person’s IP address. In a nutshell, these loggers attach an invisible code to a message or email, and once the receiver opens the message, the code tracks his IP address and secretly sends it back to the IP logger.

At AckerWorx we utilise systems that prevent or augment such addresses, however, be warned. These additional security measures can make you a target for law enforcement, as they sometimes show prejudice when being overly protective, as it looks as if you hiding. It’s a slippery slope, tackling online privacy whilst having an online life.

Doxxing prevention

1. Protect your IP address with a VPN/Proxy

VPN is short for Virtual Private Network, and acts as a filter for Internet traffic. Basically, the traffic from your PC or other device goes into the VPN and acquires its identifying properties, meaning its IP address, location, and any other similar data. It even encrypts your data and makes it so that even your ISP isn’t able to figure out your IP address.

An IP logger, for instance, wouldn’t reveal your real personal IP, but the IP of the VPN.

A proxy server is a bit different than a VPN, even though it works on roughly the same principles. For one, a proxy server doesn’t encrypt your data as a VPN does, so an ISP knows your real IP address at all times. Since your Internet traffic isn’t encrypted, it’s also more vulnerable to hacking and other interception methods.

VPNs will protect you from online trolls, it will not protect you if you planning on committing an offence. Things were different 10 years ago, computer science is a forever changing discipline, things can be improved upon, and no tech company will put up with bad behaviour for long on their platform. Most VPN providers will cooperate with law enforcement if they suspect one of their IP addresses is being used in psychological online attacks.

2. Don’t use the Login with Facebook/Google buttons

Most apps and websites that require you to register now use the “Login with Facebook” or “Login with Google” buttons.

These login methods register you on the website by using the email you used to create your Facebook or Google account.

But on top of that, you will automatically give the website information attached to your Facebook/Google account, such as your current city, job, phone number, your native language, family info and more.

Sure, it’s not as convenient, but by introducing your data manually, you can control the type of information the website has about you.

It’s especially critical to follow Facebook security best practices, to secure all of your social media accounts, including Instagram, and to be aware of how cybercriminals hack Facebook, Instagram, and Snapchat passwords.

3. Don’t use your personal email to register on forums or other similar websites.

Chances are your main email goes something like this: [firstname][lastname]@gmail.com/yahoo.com/outlook.com.

It’s a simple, professional-looking combination. However, it immediately gives away your identity if someone learns it.

In most cases, forums have weak security measures so malicious hackers can break into them and then leak the emails used to register the accounts.

But if the website publicly displays user emails, then all an attacker needs to do is to simply check out your user profile.

So as takeaway advice, use a different email than your main one when registering on forums or message boards.

4. Hide your personal data from a website’s WHOIS.

Owning a blog or website requires that you register the Internet domain with some personal information. This information is then stored in a database called WHOIS.

The problem is that this database is public, meaning everyone can see the information used to register a website, including addresses, phone numbers and so on.

However, by paying a small fee, you can hide some of your personal information from the public search.

To edit your information, simply go to your domain registrar and see what options they provide for you to make your WHOIS information private.

5. Remove yourself from data broker websites

Some websites function as a sort of Yellow Pages. They mine the Internet for data and gather it all in one place. This can include an address, social media profile, photos, phone number, email.

If you find this hard to believe, then simply check out http://www.peoplefinder.com or www.whitepages.com. We warn you though, the amount of information stored in this sort of database can be downright creepy.

Fortunately, most of these companies offer a way for you to opt-out and remove any information they have about you. Unfortunately, this is bad for business, so they make it as difficult and time-consuming as possible.

The service we previously recommended, DeleteMe, cleans up all this information for you, so you don’t have to. As soon as the European General Data Protection Regulation kicks in, companies will be forced to make it easier for you to delete your information. Until that happens, you have to rely on this guide to avoid getting doxxed.

6. Make sure Google doesn’t have any personal information about you

This can be a pretty tough undertaking since you would have to go up against one of the world’s biggest corporations.

Simply google your name, and see if you’ve revealed who you are on internet forums, Reddit, niche social networks, messaging boards or any other similar websites.

Delete any information you find, including the accounts if they aren’t valuable to you anymore. If you don’t have access, ask the web administrator to do it for you.

Just how much info does Google have on you? Check out your Google History by typing https://myactivity.google.com/myactivity in your browser when logged in to a Google account. Google knows your location as well – you can find your personal Google map with all the places you visited at the https://www.google.com/maps/timeline URL.

Moreover, secure any account you have with Google by following the rules outlined in the ultimate cybersecurity guide. Make sure you follow the password security best practices. Lastly, don’t reveal too much about yourself when using your smartphone. You need to check your app permissions and follow close the smartphone security guide.

You can also check out DeleteMe, a service that removes your personal data from the Internet.

7. Knowing your rights

If you live within the EU or Argentina, then you benefit from a so-called “right to be forgotten”. This allows you to petition a search engine to remove search results concerning you.

The legal options available in the United States are more limited, but Google for one does offer an option for you to remove content about you.

UK since March 2022, have a new Online Safety bill