Leave a trail of digital breadcrumbs, and you could be doxxed
Doxxing (or doxing) comes from ‘dropping dox’, a revenge hacking tactic to discover and publicize personal identities and information. Doxxing can compromise the safety and security of an individual or organization, often with serious consequences.
Doxxing techniques include packet sniffing, whereby doxxers infiltrate a WiFi network to gather data such as emails, passwords, credit card details, and more. Doxxers can also analyze metadata in digital documents and photos, finding out when, where and how files were created and, as a result, by whom.
Another method used in doxxing attacks is IP logging. An invisible code is attached to messages and emails that, once opened, tracks a user’s IP address. Doxxing attempts can be rebuffed by using a Virtual Private Network (VPN) or a Proxy server, and by carefully considering the content of online posts.
Doxxing is one of many threats businesses face however, it isn’t always carried out with malicious intent. Doxxers can aid the police and emergency services by uncovering the identity of criminals, revealing the true personas behind abusive or harmful content, and discouraging people from engaging in illegal or socially taboo online forums.
In one well-known example, a Reddit user called ‘violentacrez’ fell foul of doxxing carried out by an American journalist. Worried that their true identity would be revealed, violentacrez deleted their account. It was too late.
Violentacrez, the online identity used by Michael Brutsch, has been at the center of a controversial debate over misogyny and unsavory internet use for over 10 years. Organizations may even use doxxing for business research and analysis but this is not generally seen as an advisable or legitimate use.
Doxxing does have serious implications for business as part of an ever-growing cyber threat. Organizations should make it a priority to educate stakeholders and safeguard against such attacks.