Doxing is referred to as the dark side of OSINT or Open Source intelligence. OSINT is an overt method of data collection and involves the practice of gathering information from publically available resources such as public media, internet, public government data, professional or academic publications, corporate databases, financial assessments and grey data (unpublished papers, business documents & patent reports).
The term Doxing is an abbreviation for ‘dropping documents’ which means compilation and release of a dossier of personal information on someone. The information included in the dossier is gathered via public resources and thus, the act falls under the category of OSINT.
Sources Of Information
The perpetrator gathers information from public and open sources. Some common sources of information are:
- Social media
- Personal websites
- Online forums & web discussions
- Online gaming profiles
Typically a dossier contains following information about an individual.
- Contact information
- Social Security Number
- Personal photographs
- Social media profiles
- Credit card details
- Credit report
- Banking information
Why Is Doxing Called Dark Side Of OSINT?
Although the information is gathered using overt methods; the online publication of personal information usually results in illegal implications. The tactic is rarely in public interest and is often targeted at breaching the victim’s personal information and publishing it to attract unwanted harassment. It can pose following threats:
- Threat To Personal Safety: Public release of contact information, personal photos, address, etc. can be used by cyberbullies for harassing the victim. Also, it may lead to some hacking acts such as fake memberships or serious crimes such as stalking, swatting, etc.
- Threats To Cybersecurity: The information collected by Doxing may be used by hackers or cyber criminals to pressurize either an individual or an organization for financial gains.
Ways To Protect Yourself
Here are some simple tricks to protect yourself from Doxing attacks:
- It is important to understand the basics of social engineering. Social engineers scan the online profiles and data for useful information that can be used to victimize the target. Thus, it is important to scrutinize the information you share on your social media profiles and avoid oversharing your personal information.
- Check the privacy settings of your social media profile and edit them to ensure that your personal information is shared with your friends only. Also, be critical of people you add to your list of social media friends.
- Hide your IP address by using a trusted proxy or VPN service for anonymity while using internet.
- When purchasing a domain, invest in WHOIS protection to prevent unwanted access to the information you share on your website.
- Avoid using a single email address for all online accounts. It is advisable to use different emails, passwords & usernames for different profiles, gaming and bills. Also, deploy multi-factor authentication for your accounts.
For more information on Doxing and its outcomes, call Centex Technologies at (254) 213-4740.