Doxxing, or dropping dox, increasing as tool of malicious destruction
Posted November 2020
By Narden Ishak
Staff Reporter
“Doxxing,” short for “dropping dox” is on the rise—a targeted cyber attack in which the attacker/s search for and publish private or identifying information about a particular individual/s or organization on the internet, typically with the malicious intent of harassing, inflicting harm, online shaming, extortion, coercion, aiding law enforcement, or vigilante versions of justice, as a form of punishment or revenge.
The term “Dox” first surfaced in the 1990s when hackers would dox a rival out of spite. “Doxxing” could be confused with “swatting,” which is to falsely report a dangerous situation that provokes a police response. It could also be confused with cyberbullying, which is to electronically bully a person, typically by sending messages of an intimidating or threatening nature.
The important pieces of information hackers want to find out are a person's social security number, their address, telephone number, email address, social media profile names, place of work, details of relatives, and partners and children. An IP address, a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication, is essential for sending and receiving information online. Hackers use it as a starting point for their search by seizing valuable information, including location and online identity. From there they can potentially hack devices, steal identities, and more.
It’s possible to prevent doxxing by protecting IP addresses using a Virtual Private Network/VPN, or a proxy server. VPN allows a secure connection to another network over the internet to be created and acts as a filter for internet traffic. The traffic from the device goes into the VPN and acquires its identifying properties, like IP address, location, and similar data and encrypts the original data. A proxy server works on the same principles as a VPN. It acts as a firewall, web filter, provides shared network connections and protects its user and internal networks, but doesn’t encrypt the original data.
“Here are some best practices for keeping your personal data secure. Be selective about what information you store on the cloud or share on social media. When posting, consider who can see your post and what they can learn about you from it. Review your privacy settings on social media every so often as these settings can change without warning. Practice good account security habits - use unpredictable passwords and change them every so often; don't reuse the same password for multiple accounts; use two-step verification (particularly on a Google or Facebook account that can be used to sign into multiple services). Keep your software updated - every little 'security update' you see is a developer fixing yet another vulnerability that lets hackers in.”
Doxxing is unethical and illegal under state criminal laws. It's an illegal act in the U.S, if used to harass or intimidate someone to any extent, according to law firm Brickfield & Donahue. If the doxxer used illegal methods of obtaining private information, it also becomes illegal.
If the doxxer uses private information to damage reputation, the victim/s may be able to sue for defamation. If able to identify the attacker, victim/s may have the right to sue for personal injury damages. Much of the conduct that is considered “doxing” may fall under multiple state laws relating to cyber stalking, stalking, harassment, threats, or extortion (such as threatening to make information public if money is not paid). A doxer can also be charged if they illegally obtained the data about their victim, such as from protected government databases. Perpetrators of “doxxing” could face a fine of up to $5,000 or a jail term of up to six months if the intention was to cause harassment. The jail term can go up to 12 months if they intended to cause fear or provoke violence.
Consequences of doxxing can range from public shame or being fired from a job to suffering a physical attack from an angry member of the public. One Twitter user went on a mission to dox those who attended the “Unite the Right” rally in Charlottesville. One of his targets was fired from his job. Another was disowned by his family. In the early days of the Internet in the 1990s, anti-abortion activists published abortion providers’ home addresses, phone numbers, and photographs, and posted them as a hit list. The website included blood-dripping graphics, celebrated providers’ deaths and incite others to kill or injure the remaining providers on the list. Between 1993 and 2016, eight abortion providers were killed by anti-abortion terrorists.
Fox News host Tucker Carlson claimed on air that a reporter from the New York Times was planning to expose his address, which caused the reporter to get doxed by Carlson fans.
“While we do not confirm what may or may not publish in future editions, the Times has not and does not plan to expose any residence of Tucker Carlson’s, which Carlson was aware of before tonight’s broadcast,” stated a spokesperson from the NYT to The Washington Post.
The spokesperson declined to comment further when asked about the reporter’s doxing. Carlson made the accusation on July 20, instead of addressing the lawsuit filed earlier in the day accusing him, Sean Hannity, and other prominent Fox News personalities of sexual misconduct, or the recent resignation of his chief writer, who was linked to anonymous blog posts containing racist, homophobic, and misogynistic language.
In 2017, the New York Times Information Security team began exploring how personal information spreads through the internet to understand how the information surfaces and how to clean up an online footprint. The NYT developed a formal program that consists of a series of repeatable steps that can be taken to clean up an online footprint. The NYT released the content of their program to the public.
“Our goal with this program is to empower people to control the information they share, and to provide them with tools and resources to have a better awareness around the information they intentionally and unintentionally share online,” said the NYT Open Team in one of their articles . “Of course, we can’t completely erase ourselves from the internet, but we can make it harder for people with ill intent to find our personal information.”
