Our information on the deep web: Docs – Dox – Drop dox – Doxxing!

Our information on the deep web: Docs – Dox – Drop dox – Doxxing!

The term Doxxing like many neologisms is a word that has evolved over time, thanks also to the widespread diffusion of the internet and social media. Essentially it means compiling and releasing a dossier of personal information about someone. Doxxing can be considered a type of online harassment (as already mentioned it is thanks to the world wild web that this phenomenon spreads) that involves the discovery of someone’s personal information, such as their real name, address, job or other identifying data. An element that characterizes this phenomenon negatively is that it occurs without the consent of the victim, with the intention of exposing information that was destined to remain private.

The phenomenon of doxxing, which will be analyzed in the following article, derives from the term “abandonment of documents”. Hackers use doxxing to harass, threaten, or take revenge on others. The hacker culture of the 1990s shortened the term to “docs” and then “dox”, with “drop dox”, referring to the collection of documents or personal information (such as someone’s physical address) and posting them online. It was the hacker collective Anonymous who helped popularize the term. Nowadays, the term doxxing means publishing someone’s information online without their permission but it can also apply specifically to discovering the real person behind an anonymous username and exposing that person’s true identity online.

Some examples of this phenomenon will be listed in the following article. But before listing them it is necessary to make some premises. The so-called “attacks” of doxxing can be of different natures: they range from relatively “benign” ones (such as false registrations to online sites or deliveries of pizza, flowers, etc …); to much more “dangerous” ones with retaliation, including criminal ones, if discovered and demonstrated (such as harassing a person’s family or employer, swatting, identity theft, threats and other forms of cyber-bullying). Since each “hacker” has a different modus operandi, it is difficult to list in a sort guide what are the steps of the “doxer” activity.

For sure, it is possible to say that they collect small pieces of information about someone scattered in the infinite world of the Internet. Then the work of a doxer consists precisely in reassembling the pieces of information to reveal the real person behind a nickname and all relevant information related to the person (as already said such information may include the name, physical address, e-mail address, telephone number, etc). The examples that will be considered in the article are relatively recent and share the political nature of their intent.

Doxxing, from the 1990s onward, has become a popular tool in so-called “culture wars”, with activists trying to oppose rivals through online campaigns with illicit tools to counter those with opposing ideologies. Here are some cases that will help us to better understand the dynamics of using this technique in cultural/political contexts.

The first case analyzed is from 1997 and is a case of doxxing on the subject of abortion. Recognized by many as one of the earliest campaigns, it began due to anti-abortion activists in the United States who decided to target abortion advocates and consequently those who had experienced abortions or doctors who advocated for the freedom of that decision. This example involved a website called Nuremberg Files, which posted the personal information of a list of people believed to be in favour of the “abortion liberalization movement”. The case was closed in 2002 with a legal ruling found that the site posed a threat to incite violence and it was closed.

In 2013, there was a case of “spontaneous” Doxxing (in the sense that there was not an organization behind it). The fact dates back to and is closely linked to the attack on the Boston marathon. After the tragic event in Boston, thousands of people driven by the desire for justice gathered on the Reddit online community and tried to identify the author. Unfortunately, the patrons of the platform ended up identifying and delivering to the “media machine” several suspects, none of whom turned out to be involved in any way in the attack.

Finally, a case of “post-event” Doxxing. In 2017, several people (not only neo-Nazis) lost their jobs after that some doxers revealed their participation in the White Supremacist March in Charlottesville, Virginia. This too, like the first two cases, shows us how the web does not forgive and doxxing reveals itself as a powerful machine towards the people targeted: some “innocent” people (in this case understood as completely unrelated to participation in the event) were mistakenly suspected of having participated in the march, and consequently were showered with insults and hatred.

Before concluding the following article, it is useful to provide some advice if you believe that you have been or you are still a victim of doxxing. Surely the best way to respond to a “doxxing” attack is to act quickly to stop the disclosure of personal information. The main advice is to document the evidence of the attack. Take screenshots and collect as much material as possible in case you have to file a police report. Subsequently, it is more than appropriate to report any anomalous activities on the platforms that collect the information (in the case of social networks it is possible to report the anomalous activities). Once reported, it would be ideal to block accounts or to create/change passwords. If there is not a timely response from the social networks where the alleged cases are reported and if it is deemed appropriate, you can go to the competent authorities of the area in which you are (being a cybercrime the police or the government are the authorities that can respond to our help reports).

In conclusion, we often feel safe from these cyber attacks as we believe that having nothing to hide we are not a sensitive target. The amount of personal information on the web is truly enormous. Beyond committing illegal activities or not that can be found, many aspects of our lives on the web should remain private: links, comments, preferences, etc … Therefore, the best way for concluding the article is inviting you to a carefully consume of the social media and to be aware that anything that is written or our behaviour on the web is traceable and can be used by someone else as a weapon against us.

Ermes Amato

Rerences:

Wired, What is Doxxing?, available at: https://www.wired.com/2014/03/doxing/

Pcpd, Doxxing Offences, available at: https://www.pcpd.org.hk/english/doxxing/index.html

Avast Academy, What Is Doxing and How Can You Prevent It?, available at: https://www.avast.com/c-what-is-doxxing#gref

Heimdal security, What is Doxxing and How to Avoid It (UPDATED 2021), available at:

 https://heimdalsecurity.com/blog/doxxing/

UC Berkeley Office of Ethics, Protect yourself from “Doxxing”, available at:

https://ethics.berkeley.edu/privacy/protect-yourself-doxxing

Leave a Reply

Your email address will not be published.