Doxing is exposing someone's identity or private information online without their consent with the intent to harm. Unfortunately, it is widespread: Approximately 21% of Americans – over 43 million – have personally experienced some form of doxing, sometimes with devastating ends.
Why Dox Someone?
Doxing can affect its victims in several ways. At its core, it is an invasion of privacy, publicly sharing the personal details of someone against their will. Doxing is also a form of harassment by surveillance and is an implicit threat of violence.
Various motives can trigger doxing, but most cases appear to result from a personal rivalry. According to SafeHome.org, 25% of doxes are for personal revenge (for example, against a former friend or partner), 52% of doxing incidents are sparked by online feuds with strangers, and another 20% arise from disputes between gamers. Only 4% fall into the "other" category."
Doxing often takes place on social media, where there is the highest likelihood of exposure. Furthermore, while underground forums generally ban doxing, a few sites are dedicated to them. An analysis of doxes on the largest one backs SafeHome.org's claims: the vast majority are personally motivated.
Figure 1: A dox with a stated motivation of personal antipathy
Figure 2: A dox of Roblox's CEO
Beyond doxes motivated by personal rivalry, this underground site features many doxes of political and business figures and celebrities. While these figures are often in the public spotlight and receive positive and negative attention, their personal lives are generally considered off-limits. Thus, sharing, for example, a politician's or CEO's details, including their address, contact information, and names of family members, is an implicit call for harassment and even violence against them. (figures 3-5).
Unsurprisingly, attackers dox politicians out of opposition to their policies and ideology. Meanwhile, it seems that attackers mainly target business figures as personal revenge, whether because they are dissatisfied with the company's product or service or upset that the company caused them to lose money.
For example, one user doxed the CEO of the Discord messaging platform because their server was banned. Other users doxed Sam Bankman-Fried, the disgraced former CEO of the FTX cryptocurrency exchange, in retaliation for losing their money.
Figure 3: A dox of Discord's CEO
Figure 4: A dox of FTX founder Sam Bankman-Fried posted right after FTX's collapse
Attackers also dox business leaders for ideological reasons. For example, several users doxed the CEO of Cloudflare after he chose to block a site called KiwiFarms, which was known for incitement to hate and violence.
Figure 5: A dox of Cloudflare's CEO in revenge for removing KiwiFarm's protection
Interestingly, in some cases, some actors may dox business figures for no stated reason or even "just for fun." The higher the profile of a business leader, the more likely they are targets. For example, Twitter suspended the accounts of several journalists on account of doxing Twitter CEO Elon Musk.
Business figures, celebrities, and politicians undoubtedly understand that there are risks involved in fame and publicity. Consequently, their decisions and actions have always engendered opposition, which might be inflammatory or even violent. However, contemporary technology enables these threats to rise to a new level: doxing tools and services facilitate the discovery of private information, and underground channels and social media allow doxing to proliferate.
The second part of this article will review some of the tools and services offered on the dark web for doxing purposes.
Threat actors can use OSINT tools to find information from various sources, including social media, news articles, public records, and government reports.
These tools include different search features (Figures 7 & 8), such as phone lookup, email lookup, network scans, general search, home address listings, photographs, personal data leaks, etc.
Threat actors are offering various tools for free. Those tools are usually shared with a Github repository link (figure 6) or via file-sharing sites (figure 7).
On the other hand, for tools offered for sale, threat actors have developed unique sites for their products, where they can be purchased (figure 9).
Tools offered for sale (figure 8) are usually more reliable, yielding better results than free shared source codes on the underground.
Figure 6: Doxing tool shared for free on a Github repository
Figure 7: A Python-based doxing tool shared for free
Figure 8: A doxing tool offered for sale
Figure 9: The website of a doxing tool
Users looking for a quick and more professional dox can find doxing services on underground forums (figure 11). Instead of purchasing tools and learning how to use them properly, “private detectives” on the underground will do this work for you for a reasonable price (figure 10).
Sometimes, doxing someone’s identity can take a lot of time. Threat actors gather a decent amount of information from social media and other daily-use platforms. However, not all targets use them or keep them up to date. As a result, they will look for other places on the web that the user won’t find on his own, such as public databases.
Those services could help find more information on the target, such as their relatives (parents, friends, co-workers), by giving minor pieces of information to the service provider.
Like tools, threat actors offer their doxing services for free (figure 12), most of the time due to lack of experience.
Figure 10: Doxing services offered on an underground forum
Figure 11: Threat actor looks for doxing services
Figure 12: Free doxing services
Doxing is a severe issue fueled by easy access to personal information online. In addition, the attacker can use this information to answer security questions to reset account passwords, resulting in further account compromises and additional doxing attacks.
Staying safe online can be challenging, but following cybersecurity best practices can help you protect yourself. The key to preventing doxing is to minimize the information available about you online. For example, keep your social media privacy in check, be mindful of providing app permissions, change your privacy settings from time to time, use strong passwords, and stay away from phishing emails.
Also, you can perform self-doxing and see how much information is there about you. In doing so, you'll get a better perspective on the different types and depths of personal information on the open web.