The term “doxxing” comes from the expression “dropping dox” as in “document dropping”, which was a revenge tactic used by internet users that maliciously release someone’s private information. What does doxing entail? Why it is bad and why has it slowly turned into a powerful online weapon?
Doxxing has been around a long time on the internet, as long as it has been existing. It refers to the search for and publication of private personal information of people. It can be any kind of personal info; names, telephone numbers, addresses, or bank account numbers of virtually anyone, from anonymous internet users to public figures of sports, media, or politics.
People who are the target of doxxing are usually being “punished” by the doxxer for something they might have said or done that made them guilty, and therefore punishable by doxxing. It can escalate from minor and innocuous pranks to more serious attempts to sabotage one person’s career, harassment of family and friends, and physical threats. Once someone’s personal info has been exposed they may be the target of real-life harassment. The hacker may want to use this info privately, by using it to try to coerce or extort the victim in order to gain power over them. Doxing has been a “standard” tactic of online harassment for years and has been used by people associated with 4chan and other similar websites.
However politicians and the mainstream media itself has been guilty of this, journalists have used this technique before, on matters that they assert are issues of public interest. Let us take a look at some examples of the most famous doxings of the last years. Practice related to doxxing, especially in the US, is “swatting”. Swatting consists of prank calls to the police or SWAT units – named for the US police Special Weapons and Tactics (SWAT) teams – which aim to send police squads at a person’s private address. Hackers may find someone’s address and fake bomb threats or other serious incidents, to then have the police showing up at the victim’s house. In December 2017 a swatting prank ended up in the blood. 28-year-old Andrew Finch, from Kansas, was fatally shot after the police was directed to his apartment in the city of Wichita.
Finch, while playing online Call of Duty, had started arguing with another player going under the username “Miruhcle” who escalated the conflict to dramatic proportions by providing Finch’s home address to one of the other players partaking the fight. This other player was 25-year-old Tyler Barris, was no novice in prank calls and bomb threats, and already had two prior swatting incidents under his belt. Barris proceeded to call the Wichita police to report a fake murder and hostage situation, and as a result, Finch was shot dead by the agents upon their arrival to his property. Unfortunately, the technical barrier to swatting or doxxing an individual is very low. The private information released can oftentimes be retrieved on public platforms and other legitimate sources. Swatting often just requires a name, a phone number, or a house address. We all give way too much personal information on social media websites. On social media websites such as Facebook and Instagram, we need to start allowing only close friends to have access to our personal information. Avoid posting details about your personal life or the personal life of the people around you.
Photos of kids, friends, people’s houses, or belonging could lead to unwanted attention. It is important to vary your usernames and passwords, many people use the same usernames and similar passwords for almost all the platforms they use, from Facebook to Job portals. It is not impossible for hackers to access the whole website’s user’s personal information. In 2018 the MyFitnessPal app disclosed a data breach that might have affected as many as 150 million users. The user’s email, passwords, and other sensitive information were “stolen” in 2017 and are now popping up for sale on the dark web. MyFitnessPal parent corporation, Under Armor, has stated that none of the financial information of the users had been released or was going to be affected. I was one of the users affected by the breach, as I have used MyFitnessPal application as a step counter and to monitor my health.
Users were notified and required to change their passwords after the breach, and so far it doesn’t seem like any of my online accounts on other websites had suffered any inconvenience due to the breach, but this goes to show how sudden and relatively easy is it to get a hold of a huge load of e-mails and private information.
You have been doxxed, now what? As we’ve seen doxxing not always has a malicious purpose. In MyFitnessPal data breach case, I seriously doubt someone was actively trying to hurt any of the sports enthusiasts who used their website. But what if someone has actively tried to expose you, using your information against you in some kind of online rage-fueled vendetta? At this point, if you have been using online forums such as Reddit, deleting your information will not do much if the information is already there. Let us say you have expressed some very inflammatory opinions on Facebook or Reddit, after having been exposed and if your name has been leaked, deleting the posts or your profile will not stop anyone from being able to connect you with them.
But anyhow deleting everything you can get your hands on is the only way to go, trying to scrub the internet clean will at least help to control the damage. It depends on how deep it goes, some people may be satisfied enough after having scared you while some may not. Ask yourself what might have led to the doxxing, walk yourself backward, and try to figure out what action may have ignited this behavior from an internet stranger. You might find the answer or you might not, maybe that person was only extremely bored and waiting to show off his “internet skills”. The website https://haveibeenpwned.com can help you figure out if your email or personal information has been released during a breach, by entering my e-mail I was able to find out that it had indeed been released, more than once.