What is Doxing? Doxing (or doxxing) is a verb derived from the word ‘documents'. It is the Internet-based practice of researching and broadcasting private or personally identifiable information about an individual or organization. The methods employed to acquire this information include searching publicly available databases. social media websites, hacking, and social engineering. It is closely related to internet vigilantism and hacktivism. Doxing may be carried out for various reasons, including to aid law enforcement, business analysis, extortion, coercion, harassment, online shaming, and vigilante justice. Doxing began in the 1990s as a common online revenge tactic. Now, doxing is used in so many ways it is hard to predict how information will be uncovered and used against you or your organization. This is why you should understand the tactic and have a plan in place to mitigate its effects.
Why Do People Dox Others? Over our fifteen years in business, we have seen a large number of our clients doxed for the purpose of revenge, public shaming and, even worse, to promote personal threats. Examples are varied depending on the person or organization. Here are three examples that we see most often:
- Competitive Advantage: Although unethical, there have been cases where competitors employ hackers to broadcast derogatory information about a business foe in order to develop negative sentiment among consumers. In political circles this is known as opposition research. As you would expect, the motivation here is most often financial or political.
- Vigilante Justice: Believe it or not, whether or not you believe you are working for the forces of good, there is likely a contingent of the population that believes otherwise. Examples can be enforcement of Intellectual Property Rights, reputation management and many others. There is a massive sect of the online population that believes these actions are a violation of their rights. This is typically motivated by individuals who believe they are working to improve the greater good of society.
- Harassment/Online Shaming: This is currently the most prevalent purpose for doxing. Unlike the two above, this is much more personal. Someone who doxes for these prescribed results usually believes they have been ‘wronged' in some way by their target. Believe it or not, these individuals are the hardest to stop because they normally have very little to lose and believe they are fighting for their dignity and/or life.
Who is Targeted? I've been targeted. Many attorneys are targeted. Police officers, judges, jurors. Anyone who runs for office is targeted. Most corporate officers of Fortune 500 companies are targeted. Powerful Hollywood figures are targeted. Today, it was announced that members of the Electoral College are now being targeted. Most folks that fit the categories I mentioned are good people, but work in a position that cause stress or opposition to a small group of deviants.
What Do They Publish? Everything is fair game. Of course, you first think of basic Personally Identifiable Information (PII) such as full name, private phone numbers, Social Security Number, date of birth, and home address. In some circumstances, we have seen these deviants publish the childrens' names and schools of their targets. It is most common for the actual doxer's intent not to take action themselves, but to encourage or inspire others to use the information to harass, shame or threaten the target. Please understand the purpose of this message is not to cause you to fear having information published about yourself or your family. As an example, I pride myself in being an expert in counter-intelligence and I post on social media almost daily. The only effective strategy is to control the narrative before someone else does that for you.
What Can Be Done? When Personally Identifiable Information (PII) is posted to a legitimate public forum such as Reddit, Tumblr and the like, there are protocols in place to have the data removed with little hassle. However, the most motivated individuals use private blogs to post their information. This is more difficult to get rid of. This is where profiling the individual and appealing to their common sense can work wonders. Never, ever, ever, threaten the deviant with lawsuit or arrest. This is interpreted as a challenge and often empowers them to turn up the heat. Once this happens, the likelihood of mitigation has decreased. Our best advice is to first find out what is out there to be found. Hire a private investigator schooled in this tactic to dox you or your client so that you can have a battle plan. Sometimes information can be removed. In situations where it can't, you can develop a plan of defense if ever doxed. This is where prevention by self-doxing comes in.
What Next? Call us at (833) IPCYBER or email us at firstname.lastname@example.org. Our two principals, Rob Holmes and Jason Holmes, have a combined 48 years experience and over 20,000 cases under their belts. Many dozens of our cases have involved doxing. The sooner we are contacted, the more likely the positive outcome. Hit us up. Even if it is just to clarify points in this message.