Doxxing is a type of cyberattack in which an internet user’s identity is revealed. Then, the attacker publicizes personal details so other people can attack the user. Doxxing involves analyzing data the victim has posted on the internet to identify and harass them. It’s used to publish or shame someone who wants to remain anonymous.
There are different motivations behind doxxing. Usually, the victim carries out some type of unusual activity or holds controversial beliefs. Doxxing becomes possible because most people share too much information about themselves online. This makes it easy for malicious entities to reveal their identity.
The Beginning of Doxxing
The term emerged back in the 90s and comes from “documents,” which became “docs” and finally “dox.” To dox someone means to reveal their personal data. This includes their address, social security number, email address, phone number, workplace, profile name after a social media data leak, and even details about family members.
In the 90s, hackers doxxed rivals to get back at them for one transgression or another. The hacker was identified, then turned over to the police. Today, doxxers get information by pulling data from a leaky database, hacking operating systems, performing spoofing or phishing to trick someone to share their data, stalking their social media profiles, and even stalking someone physically.
In some cases, the doxxer doesn’t have to look for data online. They might be an ex, a neighbor, or a coworker who already has your information – your home address, your number, your email, and more. It’s up to them to decide what data they want to share as well as how and where they want to share it.
Most Common Leaks
The type of data most commonly leaked is physical address, social security number, card information, pictures, phone numbers, credit reports, and mortgage details. Doxxing can lead to permanent loss of face or result in job loss. The victim becomes humiliated in front of relatives, friends, or a partner. Once financial data becomes public, they can face further cyberattacks, even after their information has been removed from the platform used for doxxing.
As with most other things in life, doxxing can also be used to do good. For example, doxxing in the cryptocurrency space is where a thief is made to return stolen funds under the threat of being unmasked. However, it is usually a form of malicious attack.
One of the most famous doxxing cases in history involved the online persona violentacrez, which a man named Michael Brutsch was behind. This person trolled people on Reddit for many years until reporter Adrian Chen doxxed him and revealed his identity publicly. This was possible because Brutsch was careless with his information, like many people. He met Reddit users at parties and meetups face to face. He took photoshoots, although he asked photographers to hide his face. He was also the host of a podcast, which Chen used to prove voices matched.
Ultimately, Brutsch lost his job and faced public humiliation, exacerbated by the fact that he decided to do a high-profile interview. Eventually, his persona left the spotlight, much to everyone’s (and his own) delight.
Variations on Doxxing
Swatting is a common variation on doxxing. It comes from SWAT. It’s where someone prank-calls a unit to someone else’s home. Doxxing can lead to swatting in the internet realm. A malicious entity will discover a home address and call the police, saying the person is selling drugs, making bombs, or committing another serious crime. The police then show up to their home.
Swatting led to the death of 28-year-old Andrew Finch in 2017. Finch had gotten in a fight with another Call of Duty player. A third player escalated the argument, giving Finch’s adversary the former’s home address. He called the police and told them Finch had committed domestic violence. When the police arrived, conflict ensued, and Finch was fatally shot by a policeman.