Penetration Testing as a service (PTaaS)
Tests security measures and simulates attacks to identify weaknesses.
DOXING is a term that refers to the act of publicly revealing or publishing private or personal information about an individual or an organization without their consent. This information can include details such as full name, address, phone number, email address, workplace, social media accounts, and more. The purpose of DOXING is often to expose or shame the targeted person or entity, harass them, or facilitate further invasions of privacy.
The origins of the term “DOXING” can be traced back to the hacker and online communities of the 1990s. It is believed to have derived from the word “docs” or “documents,” which refers to the gathering and disclosure of personal documents or information about an individual. Initially, DOXING was commonly associated with the hacking culture as a way to identify and publicly expose individuals involved in illegal activities or who posed a threat to the community.
DOXING has spread outside the hacker community and is now common in a variety of online locations, including social media platforms and internet forums. It is often used as a means of retaliation, online harassment, or as a form of vigilantism.
The widespread availability of personal information on the internet, combined with the ease of gathering information through social engineering techniques and online databases, has made DOXING more accessible and prevalent. It has raised significant concerns about privacy, security, and the potential for abuse or harm to individuals who become targets.
A brief description of the main idea and goals of DOXING
Retribution and Vigilantism
DOXING is sometimes employed as a form of retribution or vigilante justice. Individuals or groups may target someone they perceive as having committed a wrongdoing, such as harassment, fraud, or other illicit activities, and seek to publicly expose their personal information as a means of punishment or social shaming.
Harassment and Intimidation
DOXING can be used as a tool for harassment and intimidation. By revealing someone’s private information, the aim may be to subject them to unwanted attention, threats, or other forms of harm both online and offline.
Activism and Accountability
In some cases, DOXING may be driven by activists or individuals seeking to hold others accountable for their actions or beliefs. By revealing personal information, they hope to expose what they perceive as wrongdoing or problematic behavior and prompt consequences or public scrutiny.
Paradoxically, DOXING has also been used as a means of raising awareness about privacy issues. By publicly exposing personal information, some individuals or groups aim to highlight the vulnerability of personal data and the need for stronger privacy protections.
While DOXING remains a concerning online threat, it is essential to delve into the specific tools that facilitate such intrusive activities. By shedding light on these tools and their installation process, we hope to empower individuals with knowledge, enabling them to protect themselves from potential DOXING attempts.
Tools and software for automating the DOXING process
Online searches and information gathering:
Popular search engines such as Google, Bing и Yahoo can be used to find public information about a target person, such as email addresses, usernames, social networks, etc.
Specialised search tools:
• Maltego is a powerful open-source intelligence (OSINT) tool used for gathering and analyzing information about individuals, organizations, and networks.
Step-by-step install Maltego on Kali Linux:
Install the required dependencies for Maltego by executing the following command:
sudo apt install openjdk-11-jre-headless libxslt1-dev libxml2-dev
Next, you will need to download the Maltego Community Edition package. Visit the official Maltego website at https://www.maltego.com/ and navigate to the “Products” section.
Look for the Maltego Community Edition and click on the “Download” button.
Once the download is complete, navigate to the directory where the Maltego package is saved. For example, if it is in the Downloads directory, use the following command to change to that directory:
Extract the downloaded package using the following command (replace “package_name” with the actual name of the downloaded file):
tar -xvf package_name.tar.gz
Change into the extracted directory:
Run the Maltego executable with the following command:
The Maltego GUI will now appear and you can start using Maltego on your Kali Linux system.
Tool output example:
• Sherlock a tool that allows you to search profiles on various social networks by username, which can help in determining the identity and online presence of a target.
Clone the Sherlock repository from GitHub:
git clone https://github.com/sherlock-project/sherlock.git
Navigate to the directory containing Sherlock:
Install the required Python dependencies using pip:
python3 -m pip install -r requirements.txt
After installation is complete, you can run the Sherlock manual by running the following command:
python3 sherlock.py -h
Here is the output of the tool. This command is built so that Sherlock will search all profiles on the sites by the nickname “test”:
• Shodan is a search engine that collects information about devices on the Internet, such as servers, routers, and surveillance cameras, and allows you to search for vulnerabilities and collect information.
Social engineering and phishing:
• The Social Engineering Toolkit (SET) is a versatile and powerful framework that automates various social engineering attacks. It was developed by TrustedSec and is included in Kali Linux, a popular penetration testing and security auditing distribution.
Step-by-step install SET on Kali Linux:
Clone the SET repository from GitHub using the following command:
git clone https://github.com/trustedsec/social-engineer-toolkit.git
Change into the SET directory:
Install the necessary Python packages by running the following command:
sudo pip3 install -r requirements.txt
Run the installer script with root privileges:
sudo python3 setup.py
Starting the tool:
sudo python3 setoolkit
On successful launch, you will see the following message in the console:
The following is an example of a phishing Google page generated using the Social Engineering Toolkit.
• BlackEye is a phishing tool that creates fake pages for a variety of platforms, including prominent websites and services.
Step-by-step install BlackEye on Kali Linux:
Clone BLACKEYE repository from GitHub by entering the following command:
git clone https://github.com/An0nUD4Y/blackeye
Navigate to the BLACKEYE directory by entering the command:
Run the phishing attack interface with the command:
On successful start-up, you will see the tool menu on the screen:
Screenshot illustrating a phishing attempt made through the BLACKEYE, imitating the design of the Instagram website:
Potential consequences of DOXING
DOXING gives hackers access to a person’s sensitive information, which should typically be kept private. This contains the home location, phone number, details about the family, and other personal information. The chance that this information might be exploited for fraud, identity theft, or physical harm is only one of the negative effects of a privacy breach.
When personal information is made public, there is a chance that the victim may be recognized and subjected to targeted online harassment. Abusers may trace the victim in person or online and use that information for intimidation, extortion, or the launch of hate campaigns. The victim may experience severe stress, worry, and even bodily risk as a result.
Should personal information is made public, it can have a detrimental impact on the victim’s personal and professional reputation. Abusers might use this information to harm the individual by spreading defamation, inciting online hatred, or insulting them. This can result in a loss of trust, difficulties in personal and professional relationships, and a restriction of opportunities in numerous aspects of life.
How to protect your personal data
One of the primary ways perpetrators gain access to personal information is through social media. Ensure that your profiles on social platforms are set to maximum privacy. Limit access to your personal data, adjust privacy settings, and exercise caution when accepting friend requests or subscription requests.
Create unique and complex passwords for each of your online accounts. Utilize a combination of letters, numbers, and special characters to make your password strong. Avoid obvious passwords such as birth dates or names that can be easily guessed. Regularly update passwords and refrain from using the same password for multiple accounts.
Be mindful of who you grant access to your personal information. Exercise caution when filling out online forms or registering on websites. Ensure that you understand how your information will be used and if it will be disclosed to third parties.
Email is a vulnerable channel for obtaining personal information. Exercise caution when opening attachments or clicking on links in emails from unfamiliar or suspicious senders. Avoid disclosing personal data or passwords in emails or responses to electronic inquiries.
There are various tools and programs available to protect your online privacy. Virtual Private Network (VPN) services, for instance, secure your internet connection and encrypt your traffic, making it impenetrable to malicious actors. They also mask your real IP address, making it harder to track your online activities. Using a VPN service helps maintain anonymity and protect personal data when using public Wi-Fi networks or interacting with websites.
Browser extensions such as AdBlock Plus, Privacy Badger, and Disconnect block trackers and hidden tracking codes on websites. This helps safeguard your privacy and prevents the collection and usage of your personal data by third parties.
Disabling geolocation on your device or applications prevents the disclosure of your current location. This reduces the risk of being tracked based on your whereabouts and lowers the chances of exposing personal information.
Be cautious when engaging in online communication. Avoid disclosing excessive personal information about yourself or your private affairs. Exercise particular vigilance when communicating with strangers or in untrusted communities.
Regularly update your operating system, browsers, and other software on your device. Updates include vulnerability fixes and security patches, helping prevent potential attacks on your system.
Learn the basics of online security and share this knowledge with your close ones. Stay informed about new threats and attack methods, and take measures to protect your personal information.
A learning story about DOXING
Sarah was an active social media user and left a lot of personal information on her profiles. One day she became a victim of DOXING. The perpetrator posted her personal information, including her full name, photos, residential address, and place of employment, on a public forum. Shortly thereafter, she began receiving threatening and abusive messages, as well as unsolicited visits to her home and workplace.
The consequences for Sarah were devastating. She lost her sense of security and privacy. Her personal and professional reputations were severely damaged as this information became public. She faced targeted cyber harassment that caused her stress, anxiety, and even physical danger.
Sarah was forced to take immediate steps to protect herself. She went to the police and provided them with evidence of abusive messages and unwanted visits. She also reached out to cybersecurity experts, who helped her clear her online trail and take steps to ensure her safety.
This story by Sarah demonstrates how DOXING can have serious consequences for people’s lives. Breaches of privacy and personal data security can lead to long-term emotional and physical consequences, as well as loss of trust and reputation. She emphasizes the importance of taking steps to protect personal information and maintain online privacy.