What is doxing?

How dangerous can it be to divulge personal information on the Internet? Politicians and celebrities are increasingly faced with this inconvenience. Criminals, online bullies, and people with defamatory intentions collect and publish private information, causing substantial personal harm. It is said that attackers “doxx” their victims. What does this mean and why do they do it? What is doxing?

Definition and explanation of doxxing attacks

When cybercriminals want to dox their victims, they collect their personal data from a variety of online sources and spread it across the web, causing severe moral damage. The resulting hostilities can extend to acts of physical violence. Hackers play an important role in many cyber attacks: they program viruses, exploit security gaps and carry out software-based attacks. In these cases, they are specialists with top-level computer and programming knowledge. In the case of doxing, however, attackers do not need specialist knowledge. All that counts is perseverance, motivation and a strong criminal spirit.

How does doxing work? Phases and features

Doxing attacks always take place in two phases: collection and publication. In the first phase the attackers collect all available information of the victim: private addresses, including email addresses, telephone numbers, names of family members, social media accounts, private photos and sometimes even bank details. As diverse as the data is, so are the sources.

  • Social media: people post photos and often personal information on freely accessible social media.
  • Websites: The editorial code of a website or blog contains concrete address data on people and companies.
  • Addresses and telephone directories: Databases with addresses and telephone numbers can also be searched online.
  • Cracked databases: Attackers crack cloud storage or factually protected databases and obtain sensitive information from them. The data thus hijacked can also be acquired by doxing attackers on the dark web.
  • Social Engineering: Attackers pose as trustworthy people on the Internet and manipulate victims and their families into voluntarily handing over information.

Many doxing attacks rely solely on freely accessible information. By combining the data and the context in which it is published, the victim is harmed. In the second phase, the collected information is published wherever possible. For this purpose, attackers create fake social media accounts and deposit the information on anonymous platforms. The goal is for as many people as possible to collect and disseminate the information so that the damage is as widespread as possible. Often the same publication is associated with threats that are also collected by other users, even going beyond the boundaries of the network.