Doxing, which comes from the word “document,” is the act of publicly releasing a rival’s identity and personal details, and it is often used as a form of harassment and intimidation. While not all dark websites permit doxing, there are certain ones that exist for this purpose.
While doxing originated in the niche of gaming rivalries, it has spilled over into the mainstream political arena: Following the US Supreme Court’s decision in Dobbs v. Jackson Women's Health Organization to overturn Roe v. Wade, there have been several doxes of five conservative Supreme Court justices. (Despite voting with the majority, Chief Justice Roberts has been spared from being targeted).
Learn more: Follow threat actors, discover controversial forum threads, and get notified about dark chatter
The most notable dox was uploaded on June 30. It alleges to contain physical addresses, IP addresses, and credit card information, including CVV and expiration date. It was uploaded to an underground site intended for doxing.
The post’s author claims to have shared this information because they “focus[ed] on something unnecessary rather than focusing on bigger issues in [A]merica.” Presumably, he is referring to and protesting the court’s recent reversal of Roe v. Wade.
In a different post, an actor shared information including spouse address, contact information (phone number and email address), social media accounts, and even vehicle make and model.
In addition, Cybersixgill has identified several other doxes of these same five justices following the court’s decision. Generally, these posts included information such as addresses, family members, email addresses, and phone numbers. For example:
While most of the doxes were posted anonymously, three were written by named actors. One of the actors only wrote the dox and nothing more. The second has been active since May 23 and did not previously dox anyone of note. The third actor has been active since April 18 and has published doxes of notable political and business figures, including Lauren Boebert, Peter Arrendondo, Susan Wabbajack, and Jamie Dimon.
Learn more: Cybercrime is big business – and it thrives in the underground
Much of the data shared in the posts may be part of the public record. However, the authors of these doxes may have gone to great lengths to locate and aggregate this data. In doing so, they distributed information that others may not have been able to find.
However, credit cards and IP addresses are certainly not public. We cannot verify their authenticity, but it would be alarming if attackers could discover and reveal this type of data.
On its own, outing an individual's personal details and their families constitutes an intimidating invasion of privacy. At its worst, it invites others to act on the basis of the shared data and harass the doxed individuals in all sorts of cyber and physical forms. Indeed, as the US political climate becomes even more heated, we anticipate a rise in hacktivist attacks by actors across the whole political spectrum.