In the new era, Internet has become worldwide where one can gain knowledge, exchange thoughts, share information, make new friends and moreover you can do all of this by hiding your identity while surfing through the internet, your real life identity and your valuable data can still be at risk of falling into the hands of strangers. This is where the term “doxing” comes into play!
What is Doxing?
According to the hacking dictionary Doxing is defined as a technique of tracing someone or gather information about an individual using sources on the internet. Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws”
Doxing is done by initiating a piece of information (such as “name” or “email address”) and keeping it as a root to find out other possible details about the person. The term “doxing” is derived from “Documents” or “Docx” and is spelled as “document tracing” which means to retrieve personal information about a particular person or company in order to learn more about them.
Today, Internet has grown to such a size that it contains almost any information that you’ve ever imagined.All you’ve to do is use the right techniques to search for what you want:
The three common ways of finding information for your dox are:
-Social media (finding their profile with just a name, email, or picture usign social networking sites such as facebook,linkedin)
-Government records online (people searching records like whitepages)
-Domains (if they own a website, a WHOIS-type lookup gets you some of their information)
Learn what you can trace about a person, and write it down in your file about that person (on your Docx file or notepad file). Little slips of information about that person may not seem important at the time, but added together may make a big difference in the long run. The fact that a person went to India for a holiday may not seem important, but years later when that person is accused of having an affair with a person in India, and that person says he/she has never even been to India, is going to be valuable information for you.
Here down is a list of Doxing techniques that are most commonly used by Internet geeks and ethical hackers:
Google is undoubtedly a powerful tool that plays a major role in doxing. Since Google indexes almost anything on the Internet with the help of Crawlers and Spiders (sometimes even the private information), it is possible to dox for details such as email ID, address, phone numbers and photographs of a person or company. Once you obtain the search results for your query, carefully examine the description part which in most cases contain the piece of information that you are looking for.
Via Social Networking Websites:
As more and more people are connecting through the Internet users are found to be active on social media, social networking sites such as Facebook and LinkedIn provide a virtual goldmine of information necessary to perform doxing. This should go without saying, as you can find out almost anything about a person from social media networks. People set secret questions such as “my first pet” or “Mother’s maiden name” on important accounts, and yet they have that information readily available on their Facebook page. Set up fake accounts and “friend” your target however you can. You are then given access to all the information you would ever need to Docx a person and/or steal their identity. If you wish you can hide your identity while surfing through the internet
Via Reverse Cell Phone LookUp:
A “Reverse Cell Phone Lookup” is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number and vice versa. There are many online services out there such as cell phone registry that provide access to the personal details about a given person based on his/her phone, name and email ID.
Via Whois Searches:
If a person or company has a website (or domain name) associated with them, you can easily perform a “whois search” for their website to obtain personal details such as full name, address, email and phone number. Just visit whois.domaintools.com and enter the domain name for which you want to perform a whois search. It will show up all the details associated with the domain name.
Searching images is a good technique to find out where pictures are been uploaded. So lets say you have a picture of your target, just go here http://www.tineye.com/ and enter the picture you have. It will search for you and if you have a luck you will get a link to his/her Facebook or Myspace.
Via Social Engineering:
Social Engineering is a greatly used technique for obtaining information. Social engineering is basically manipulating or tricking your target into giving you his/her information. One way of doing this for example is by email. I once doxed a person by making a believable email address and pretending that I worked for a website and wrote articles. I asked my target if I could interview him and he said “sure”. I said, “Would you mind starting off this interview with telling me your first and last name?” He gave it to me simple as that! Then I used the other methods for the rest of his dox.
Via Domain Names they Own :
Domain names (website URL’s) are also very useful in doxing because you can obtain a full name and address from them. However, this is only if your target is stupid enough to enter his/her real info for his/her site. Go on over to http://whois.domaintools.com/ and enter a website.(http://i51.tinypic.com/30rmolk.jpg) Then click “look up” and you will get something like this. (http://i54.tinypic.com/iylqfp.jpg) As you can see though that is a example of false information or just not the dox we are looking for
Steps to Protect Yourself from Doxing:
The following are some of the most commonly targeted pieces of information that can be easily obtained through doxing:
-Age, gender and date of birth
-Location and place of birth
-Email addresses and username
-Social networking profiles, websites and blogs
So, it is always a good practice to keep the above bits of information hidden. Even though it is not possible to do this in all cases, you can still take care to protect as much information as you can from going public. You can consider the following additional tips for further protection:
- Do not upload personal photographs on web albums such as “Picasa”. Even if you do, make sure that your album is hidden from public and search engines.
- Be aware of security and privacy settings on your accounts. Be selective about who you share information with and limit how often you post about your location (especially if it’s your home).
- Pay close attention to links and attachments in email messages. Do not open anything that looks even remotely suspicious. If it’s legitimate, the person can always send it again.
- Add protection to your email, social media, and online bank accounts using two-factor authentication techniques.
- Remember that anything you post on social media might be used against you. Once it’s online, you cannot take it back
- If you do not intend to show up your profile on search engines, it is a wise choice to make all the Internet profiles private.
- Always use updated anti-virus software.
- Maximize the privacy settings of your social network profiles. Make sure that your individual albums and photographs have their privacy settings configured.
- Choose unique, strong passwords for each of your accounts and change your passwords regularly.
- Routinely update computers, devices, and software with the latest security fixes
- Do not use the same email address for all you accounts. Instead, create separate email IDs for individual activities such as gaming, forum participation, banking accounts etc.
Tracing someone down on the internet is not a hard thing to do, it takes a little bit of clever searching and maybe a few hours of cross-checking of information, it wouldnt take an experienced “doxer” more than a few hours to have a complete profile of an individual. Doxing is done to cause intentional damage such as harassment, blackmailing or taking revenge it might well be considered an offence. Please note that doxing isn’t illegal as all the information you have obtained is public. But, posting of the dox might get you in a little trouble.