Within the last few years, the public has woken up to the value of their personal data. The growth of social media, the continual stream of data breaches, as well as the recent Facebook Cambridge Analytica scandal, has highlighted just how much of our personal data is available online and how it can be misused.
Data has become a valuable commodity, not only for monetary gain but also for its use in harassment and intimidation campaigns. This has become increasingly apparent with the growth of doxxing.
Doxxing is the practice of researching and publishing someone’s personal information, either to embarrass them, expose them to legal prosecution or harass them. It has become a serious online threat to privacy and has destroyed many people’s lives in the process.
The term ‘dox’ first surfaced over a decade ago and referred to the practice of hackers exacting revenge on a rival by collecting their personal and private information. They would then alert authorities to their illegal activities and attempt to have them arrested.
Since then, the practice has gone mainstream and anyone can be doxxed because of the vast quantities of personal information that exist online. It’s easy for hackers to extract information from social media accounts, find out where people live, source their telephone number, email address and pretty much any other information that’s been submitted online.
Although ethically questionable, doxxing is not illegal as it falls within a person’s legal rights to find someone’s publicly available information and repost it online. However, it crosses the boundary into illegality if the information is obtained through hacking. The laws on this could quickly change as the method gains traction as a means to discredit individuals, governments and institutions.
A worrying development has been the weaponisation of data in politically motivated attacks. We’ve seen this as far back as the early 2000’s when the hacktivist group ‘Anonymous’ exposed the detailed information of over 7000 law enforcement officials in retaliation for investigations into hacking attacks.
This marked the start of other high-profile attacks including the 2014 hack of Sony Pictures. Using a phishing malware attack, North Korean hackers broke into the company’s networks and stole a large amount of corporate data which they then published. This included employee salaries, company plans, and unreleased movies. The reputational damage was huge and cost the company $41 million.
This trend has continued, and in recent months, Hong Kong has seen an unprecedented wave of doxxing. Supporters of the Hong Kong government have identified masked protesters at demonstrations, whilst the protesters have in turn shared private information about the police officers and their families online.
There’s no doubt the implications of doxing can be severe. As more nations realise how effective it can be in discrediting their opponents, we can expect to see a lot more of these attacks in the future.
Doxxing is by no means just restricted to nation-states, politicians and high-profile celebrities. Many individuals are stalked online and have their personal details published out of revenge, jealousy or simply to embarrass them. To avoid being doxxed online, there are a number of preventative measures you can take:
MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Get in touch for further information on our extensive range of Cyber Security awareness courses.