Unveiling the act of doxing: Leveraging personal data for malicious purposes

In the digital age, a practice known as doxing, or doxxing, has become a concerning issue. This is the act of revealing personal information about someone online without their consent. Doxers may buy personal information from data brokers or databases passed around on the dark web derived from data breaches.

Doxing attacks are often aimed at individuals who hold controversial or publicly visible positions, such as political figures, activists, journalists, and persons in the public eye. In the United States, these groups attract doxing due to their public engagement and influence.

One notable example is the case of Michael Hirsch, a national editor at Politico, who doxed white nationalist Richard Spencer by posting his Washington, D.C., address in public Facebook and Twitter posts. Another instance occurred in 2013 when a Temple University journalism professor was doxed by the sites where she commented, revealing her derogatory comments on other sites, including right-wing sites.

To prevent doxing, individuals can keep their data private by avoiding posting identifying information, keeping social media settings at the most private level, using a burner email address, setting whois records on domains to private, and asking Google to remove personally available information about them.

Modern-day doxers aim to reveal information that can move their conflict with their targets from the internet to the real world. This can include home addresses, employers, social security numbers, private correspondence, and criminal history or embarrassing personal details. Doxers can exploit operational security (OPSEC) failures to piece together bits of information that their targets have posted in public view or hinted at on social media.

A particularly malicious form of doxing is swatting, which involves discovering a victim's location and calling it into local police as the scene of a hostage situation, leading to a heavily armed SWAT team bursting down the door.

To deal with a doxing attack, Eva Galperin, a cybersecurity expert, suggests locking accounts and appointing someone else to watch the situation for mental support. If subject to a coordinated attack, it can be difficult to keep up with the harassment.

It's important to note that federal law restricts the publication of personal information about certain restricted categories of people, such as state or federal employees or officers as well as jurors, witnesses, or informants in trials or criminal investigations.

The legality of doxing can vary from case to case, and depends on exactly what information is revealed and how that information is obtained. The term doxing originated in the world of online hackers in the 1990s and has since evolved to encompass the exposure of personal information beyond mere identity.

There are paid doxing as a service outfits available, making it easier for anyone to engage in this harmful practice. It's crucial for individuals to be aware of the risks associated with doxing and take steps to protect their personal information online.