Doxing is rightfully regarded as a dangerous threat, potentially exposing personal information where it shouldn’t be. But, defenses derived from doxing may strengthen corporate cybersecurity at scale. 

Doxing is the dark side to widespread data dispersal and discovery. Data is leveraged to harm individuals or organizations, often as retaliation for real or perceived slights. As a result, both the Department of Homeland Security (DHS) and the Center for Internet Security (CIS) have issued recommendations around reduced data sharing to limit overall risk.

Here’s how companies can think outside the dox — and may be able to repurpose this aggressive attack avenue as an IT security double agent. Much like the hacker uptake of attacker efforts around zero-day vulnerabilities and advanced email compromise, IT teams can benefit from self-doxing programs designed to discover defensive gaps before attackers can exploit them.

What is Doxing?

Doxing (also spelled doxxing) started in the 1990s long before digital social sharing was commonplace. While online identities were created and cultivated by users, their personal privacy remained sacrosanct. Anonymity was highly valued and generally respected until tensions between skilled users reached a boiling point.

These digital disagreements culminated in the search for documentation that revealed the legal name of key rivals, at which point attackers would “drop docs” into online forums that exposed protected data. Over time, the “drop” disappeared, the “docs” was shortened to “dox” and the term expanded to cover the release of names and addresses to financial data or corporate correspondence  — any data that could potentially embarrass enemies or make the victim look bad.

Potential Doxing Damage

While privacy was paramount in the early days of widespread online activity, social media sharing of personal data is now common.

According to recent data from the New York Times Customer Insight Group, 73% of survey respondents who share a significant amount of information online said they do so “because it helps them connect with others who share their interests.”

Companies are similarly engaged with social media, cites the Digital Marketing Institute. Successful media strategies now rely on businesses sharing relevant information and regularly engaging with their customer base across social media channels.

This creates the ideal opening for doxxers. By combining publicly-available data with basic attack techniques, such as phishing campaigns or credential compromise, malicious actors can uncover massive amounts of supposedly secure data. For consumers, exposed information could lead to identity theft or public shame. Meanwhile, companies face the prospect of large-scale reputation damage or lost revenue if proprietary project briefs or intellectual properties are leaked to the public.

Becoming IT Security’s Double Agent

The intent behind doxing is a threat by nature. Collecting massive amounts of data about a person or group gives threat actors in-depth knowledge of their strengths and weaknesses, making it easier to cause damage.

But the framework is ingenious — in effect, doxing takes the form of aggressive, open-source intelligence gathering that provides an actionable map of potential weak points. By decoupling action from intention, it’s possible to repurpose doxing as a form of infosec attacker reconnaissance, reverse engineering the same tactics as the foundation for improved cybersecurity best practices.

The Self-Doxing Solution

In practice, this self-doxing solution offers four key benefits. First, it encourages attack surface mapping. As enterprises embrace mobile and cloud solutions at scale, attack surfaces rapidly expand. The self-serve nature of many IT services and applications further complicates this situation. Despite best efforts, IT teams often lack the attack surface transparency required to effectively defend emerging endpoints. Dox-driven intelligence gathering can help fill in the blanks by revealing the scale and source of potential data leaks, in turn creating a complete risk roadmap.

Second, it is a blueprint for distributed resource defense. Cloud computing offers groups the ability to scale resources on-demand by removing the need for physical, on-premises hardware. But, this introduces a potential security problem.

Cloud services may not appear as potential weak points when security teams conduct in-house assessments. By taking an information-first approach that prioritizes data output regardless of its location or origin, companies are better able to identify where they’re most at risk.

Third, it adds to improved threat modeling. Attackers aren’t picky — they’ll throw anything they have at corporate networks and use whatever sticks. This creates a challenge for many IT teams using automatic detection frameworks. As alerts pour in, it’s hard to separate the wheat from the chaff. Self-doxing offers the ability to discover available data (both public and supposedly protected) and use this data to capture and correct for the most likely threat vectors used by malicious actors.

Lastly, it creates actionable staff insight. Humans remain the weakest link in the security chain. In most cases, malice isn’t the problem or the intent when someone lets a threat actor in. Instead, employees overshare personal data on corporate platforms by accident or use insecure third-party applications that expose critical company data. In both cases, however, tracking the long tail of these potential compromises is difficult when IT teams start from the side of defenders. By flipping the script — looking for the end results of exposed information rather than trying to follow its path throughout the organization — companies can spot key areas of concern and develop staff training programs against them.

Playing Both Sides

Doxing represents a major risk to individuals and organizations alike. But, the discovery-driven structure of these attacks means enterprises can play both sides. By using dox-like approaches to intelligence gathering across the IT stack, teams can create accurate attack surface maps, improve the defense of distributed resources, enhance threat modeling and deliver actionable staff insight to reduce overall risk.

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read