Doxxing
What is Doxxing?
Doxxing is the act of compiling and publicly releasing Personal Identifying Information (PII) about an individual, group, or organization via the Internet. PII can include information like:
- Name or online alias
- Home address
- Employment details
- Social security number
- Bank account information
- Credit card numbers
- Financial information
- Personal health information
- Criminal history
- Private communications
- Personal photos
Doxxing is employed by all kinds of digital threat actors, including state actors, cybercriminals, and hacktivists. A successful doxxing attack exposes the target to elevated levels of harassment from the public, and can also result in reputational damage and other consequences.
Doxxing includes actions like:
- Releasing private information about an individual, such as their address, phone number, names of family members, place of employment, or private photos.
- Releasing information that connects an individual’s real-life identity to their online alias.
- Stealing and publishing an organization’s member list.
- Stealing and publishing an enterprise’s customer database.
How Does Doxxing Work?
1. Target Selection
Doxxing attacks target specific individuals or organizations. The targeting for any doxxing attack depends on the nature of the digital threat actor and their motivation. A cybercriminal syndicate might attempt to disrupt a rival organization by doxxing its members, or to damage a business by stealing and leaking its customer list. Hacktivist groups may doxx their ideological opponents in hopes of inciting harassment or violence against them.
2. Gaining Access to PII
Once the target has been defined, the next step for digital threat actors is to gain access to the target’s PII. Digital threat actors can sometimes uncover the target’s PII via open source intelligence. They may also use hacking or social engineering techniques to gain unauthorized access to the target’s secure networks or databases and steal their PII.
Methods used by digital threat actors to uncover their target’s PII include:
- Open Source Intelligence - Digital adversaries can often use publicly available data - known as Open Source Intelligence (OSINT) - to uncover a target’s PII. Adversaries can stalk their target’s social media profiles to uncover their personal data, or use tools like WHOIS look-up to identify the owner of a web domain.
- Phishing - Digital adversaries can use phishing attacks to manipulate the target, or the target’s friends and business associates, into disclosing the target’s PII.
- Impersonation - Digital adversaries sometimes impersonate the target, then contact their business associates to try and steal PII.
- Packet Sniffing - Digital adversaries may attempt to intercept packets of network traffic from the target’s machine in hopes of stealing their PII.
- Data Brokers - In some cases, digital adversaries will buy information about their targets from data brokers before leaking it to the public.
3. Publishing or Releasing PII
The final step in a successful doxxing attack is the leak - the publication or release of the target’s sensitive personal data. PII may be released on social media, on the dark web, or on the public Internet.
Is Doxxing Illegal?
In the United States, the legality of a doxxing attack depends on how the information was obtained and whether the information was public before it was released. It may also depend on the specific circumstances and wider patterns of behavior surrounding the attack.
If a digital threat actor gains access to the target’s PII through legal means (e.g. using open source intelligence) then it may be legal to publish that information. However, if the threat actor unlawfully gains access to the target’s information, they could be charged under federal anti-hacking laws.
Doxxing frequently accompanies other crimes, such as harassment, intimidation, stalking, identity theft, and inciting violence.
What are the Consequences of Doxxing?
Exposure to Harassment
Targets of doxxing often have their contact information and address posted to the public, which exposes them to both online and in-person harassment.
Exposure to Identity Theft
When your sensitive data is stolen and published online, malicious threat actors may use the data to try and impersonate you or steal your identity. This can allow the attacker to secure loans or open a credit card in your name.
Embarrassment and Reputational Damage
For individuals misbehaving anonymously on the Internet, doxxing can result in embarrassment as the real-life individual becomes accountable for their online persona. Doxxing attacks where customer data is stolen from a business can cause significant reputational damage and degrade trust between the business and its customers.
Five Doxxing Examples You Should Know
- Activist Doxxing - Twitter activist Logan Smith used publicly available information to identify and doxx participants in the 2017 Unite the Right rally in Charlottesville, Virginia.
- Celebrity Doxxing - In 2013, a group of Russian hackers posted detailed financial information pertaining to 12 high-profile celebrities, a list that included Kim Kardashian, Paris Hilton, Hillary Clinton, Ashton Kutcher, Beyonce, and Jay-Z.
- Hacktivist Doxxing - In 2015, a group of hackers called “The Impact Team” stole and leaked the entire user database from Ashley Madison, a dating website for married people seeking adulterous affairs. The data was published on the Internet and made searchable to the public.
- State Doxxing - In 2014, hackers stole and leaked sensitive data from Sony, including the personal information of thousands of employees, executives, and celebrities. The hack has been attributed to state-sponsored digital adversaries from North Korea.
- Executive Doxxing - CEOs of high-profile companies are among the most common targets for doxxing attacks. Executive leaders at major companies like Roblox, Discord, Reddit, and Cloudflare have all been victims of doxxing.
Detect and Disrupt Doxxing Attacks with ZeroFox
ZeroFox provides enterprises with digital risk protection, cyber threat intelligence, and adversary disruption capabilities to identify and counteract doxxing attacks against their executives, employees, and customers.
The ZeroFox platform uses advanced AI-driven analysis to identify and remediate complex digital threats across the public attack surface, including data exfiltration attacks, leaked PII, and targeted phishing and credential compromise attacks from digital adversaries attempting to steal sensitive data from enterprise targets.
Our PII Removal Service monitors data broker sites and automates the removal of personal information to shield your organization and executives from doxxing attacks.
Ready to learn more?
Read our report on Executive Protection: Changing Threat Landscape to discover how digital adversaries are using publicly-accessible data to doxx executives and how you can fight back.