Light Dark
October 6, 2020 By Douglas Bonderud 4 min read
Data Protection
Threat Intelligence

Doxing is rightfully regarded as a dangerous threat, potentially exposing personal information where it shouldn’t be. But, defenses derived from doxing may strengthen corporate cybersecurity at scale. 

Doxing is the dark side to widespread data dispersal and discovery. Data is leveraged to harm individuals or organizations, often as retaliation for real or perceived slights. As a result, both the Department of Homeland Security (DHS) and the Center for Internet Security (CIS) have issued recommendations around reduced data sharing to limit overall risk.

Here’s how companies can think outside the dox — and may be able to repurpose this aggressive attack avenue as an IT security double agent. Much like the hacker uptake of attacker efforts around zero-day vulnerabilities and advanced email compromise, IT teams can benefit from self-doxing programs designed to discover defensive gaps before attackers can exploit them.

What is Doxing?

Doxing (also spelled doxxing) started in the 1990s long before digital social sharing was commonplace. While online identities were created and cultivated by users, their personal privacy remained sacrosanct. Anonymity was highly valued and generally respected until tensions between skilled users reached a boiling point.

These digital disagreements culminated in the search for documentation that revealed the legal name of key rivals, at which point attackers would “drop docs” into online forums that exposed protected data. Over time, the “drop” disappeared, the “docs” was shortened to “dox” and the term expanded to cover the release of names and addresses to financial data or corporate correspondence  — any data that could potentially embarrass enemies or make the victim look bad.

Potential Doxing Damage

While privacy was paramount in the early days of widespread online activity, social media sharing of personal data is now common.

According to recent data from the New York Times Customer Insight Group, 73% of survey respondents who share a significant amount of information online said they do so “because it helps them connect with others who share their interests.”

Companies are similarly engaged with social media, cites the Digital Marketing Institute. Successful media strategies now rely on businesses sharing relevant information and regularly engaging with their customer base across social media channels.

This creates the ideal opening for doxxers. By combining publicly-available data with basic attack techniques, such as phishing campaigns or credential compromise, malicious actors can uncover massive amounts of supposedly secure data. For consumers, exposed information could lead to identity theft or public shame. Meanwhile, companies face the prospect of large-scale reputation damage or lost revenue if proprietary project briefs or intellectual properties are leaked to the public.

Becoming IT Security’s Double Agent

The intent behind doxing is a threat by nature. Collecting massive amounts of data about a person or group gives threat actors in-depth knowledge of their strengths and weaknesses, making it easier to cause damage.

But the framework is ingenious — in effect, doxing takes the form of aggressive, open-source intelligence gathering that provides an actionable map of potential weak points. By decoupling action from intention, it’s possible to repurpose doxing as a form of infosec attacker reconnaissance, reverse engineering the same tactics as the foundation for improved cybersecurity best practices.

The Self-Doxing Solution

In practice, this self-doxing solution offers four key benefits. First, it encourages attack surface mapping. As enterprises embrace mobile and cloud solutions at scale, attack surfaces rapidly expand. The self-serve nature of many IT services and applications further complicates this situation. Despite best efforts, IT teams often lack the attack surface transparency required to effectively defend emerging endpoints. Dox-driven intelligence gathering can help fill in the blanks by revealing the scale and source of potential data leaks, in turn creating a complete risk roadmap.

Second, it is a blueprint for distributed resource defense. Cloud computing offers groups the ability to scale resources on-demand by removing the need for physical, on-premises hardware. But, this introduces a potential security problem.

Cloud services may not appear as potential weak points when security teams conduct in-house assessments. By taking an information-first approach that prioritizes data output regardless of its location or origin, companies are better able to identify where they’re most at risk.

Third, it adds to improved threat modeling. Attackers aren’t picky — they’ll throw anything they have at corporate networks and use whatever sticks. This creates a challenge for many IT teams using automatic detection frameworks. As alerts pour in, it’s hard to separate the wheat from the chaff. Self-doxing offers the ability to discover available data (both public and supposedly protected) and use this data to capture and correct for the most likely threat vectors used by malicious actors.

Lastly, it creates actionable staff insight. Humans remain the weakest link in the security chain. In most cases, malice isn’t the problem or the intent when someone lets a threat actor in. Instead, employees overshare personal data on corporate platforms by accident or use insecure third-party applications that expose critical company data. In both cases, however, tracking the long tail of these potential compromises is difficult when IT teams start from the side of defenders. By flipping the script — looking for the end results of exposed information rather than trying to follow its path throughout the organization — companies can spot key areas of concern and develop staff training programs against them.

Playing Both Sides

Doxing represents a major risk to individuals and organizations alike. But, the discovery-driven structure of these attacks means enterprises can play both sides. By using dox-like approaches to intelligence gathering across the IT stack, teams can create accurate attack surface maps, improve the defense of distributed resources, enhance threat modeling and deliver actionable staff insight to reduce overall risk.

 |  | 
Douglas Bonderud
Freelance Writer

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature