Doxing

DEFINITION of 'Doxing'

The means by which a person’s true identity is intentionally exposed online. Doxing is a method by which hackers obtain quasi-identifiers or personally identifiable information of individuals or businesses. The data obtained is then broadcast over the internet without the victim’s permission. Although doxing is normally attributed to cyber-hacking, journalists led by a cause or trying to make a broader point might also partake of this activity.

Doxing is also spelt ‘Doxxing’ and is short for document (docs) dropping.

BREAKING DOWN 'Doxing'

As the popularity of social media forums gain traction and big data obtained from the forums by companies are shared across sectors and industries, cyber hackers can steal important information about an entity and sell it in underground marketplaces or distribute it online. The latter process is known as Doxing.

Doxing involves the purposeful act of seeking out a person’s identity and revealing it to the public without the individual’s consent. The practice is usually carried out for malicious intent, for fun, or in a vigilante effort to reveal the identity of an infamous person. Ashley Madison, an online dating site for people interested in extramarital affairs, was the target of a doxing act in 2015. The anonymous group responsible for hacking the users’ data questioned the morals of the online company and requested that the website be shut down. When this request was not honored by Ashley Madison, the hacking group made public over 30 million Ashley Madison users’ data including their email addresses, names, credit card details, mailing addresses, phone numbers and sexual preferences. Malicious spectators who got hold of the publicly available information went on a blackmailing spree to extort the victims of money in return for not sharing the information any further.

Michael Brutsch had his identity doxed in 2012 when a Gawker writer exposed him online. Brutsch was a popular Reddit user known for making inappropriate posts and comments on issues of child pornography and incest. The public revelation of his identity lost him his job but the public perception to his exposure was two-fold. While some applauded the bravery of the Gawker writer, others scrutinized the vigilante doxing act and found it meddling on anonymity.

A doxxer can acquire information about people from multiple sources. One source is through underground marketplaces. As data becomes an increasingly valuable commodity on digital platforms, cyber hackers and identity thieves are inventing new ways to access the data. The data stolen can then be sold through underground websites that operate with private and anonymized networks like Tor Network. A doxxer who buys the data from such marketplaces can then publicize the information on the internet. Data can also be obtained through legitimate sources online. If a doxxer can get quasi-identifiers such as postal code, race, sex, date of birth, etc. and effectively piece these identifiers together, she or he will be able to personally identify the individual bearing the identifiers. This could also be seen as a de-anonymizing technique whereby pieces of information from separate anonymized data sets are matched together to identify an entity.

Internet users have to be mindful of what sites they visit and ensure the sites have rigorous security checks in place before providing important data. Although online businesses strive to anonymize the profiles of their users using stringent security techniques, the ability of hackers and doxxers to de-anonymize data is proof that all online activities leave a trail.