By: Arryan Mohanty

Published on: March 25, 2022 at 20:32 IST

Introduction

Doxing, which is short form for ‘Dropping Documents’, occurs when a malicious actor collects Personally identifiable information and Publicly Reveals it for no justifiable reason in order to Annoy, Harass, Intimidate, or Stalk the Victim.

Also read: What is Cyber Stalking? What are its perspectives in India?

These types of operations are carried out by harmful actors in order to Publicly embarrass or target their victims. They may, for example, purposefully identify law enforcement personnel or demonstrate their hacking abilities.

Data brokers are used by Malevolent Actors to collect and organize data from multiple sources.The brokers have access to specific public or private data that can be sold for a profit.

Experts advise that one should minimize the amount of information you share on the internet, such as images and videos.

Private or sensitive information that can be used to enter into an individual’s online accounts should not be posted or shared. If a person put his/her pet’s name or date of birth on the internet, for example, site security questions can be guessed.

Also read: Social Media and Freedom of Speech

Experts advise that all websites and Social Media platforms have privacy options enabled. It is possible to get your information removed from a data broker’s database, but this is a time-consuming process.

Doxing has recently become a weapon in the culture wars, with rival hackers doxing those who hold opposing views.

Doxers seek to take their fight with targets off the internet and into the real world by revealing information. Doxing entails:

Name.
Date of birth.
Home addresses.
Workplace details.
Personal phone numbers.
Email address.
National registration identity card number.
Family background.
Place of employment or education.
Passport number.
Signature.
Password.
Photos or videos of the person.
Social security numbers.
Bank account or credit card information.
Private correspondence.
Criminal history.
Embarrassing personal information

Anything else that might be utilised to identify the individual or someone connected to them in order to harm their reputation as well as the reputations of their personal and professional associates.

The doxing victim may have to deal with the unintentional publication of personal information (e.g., name, address, employment information, financial records, and criminal history) on the internet.

These behaviours are prohibited and may result in violations of state or federal laws. Most, if not all, jurisdictions have now enacted anti-doxing legislation to prevent such violations.

The biggest example is: Neo-Nazi white supremacists marched on the University of Virginia campus in 2017. One of the participants was confused as Kyle Quinn, an Arkansas professor who leads an engineering lab, by someone on social media.

Throughout the night, thousands of people shared his photo and even his address on social media. They also sent him abusive texts and demanded that he leave his academic position.

Quinn was later shown to have had no involvement with the Virginia demonstration and was simply a victim of poor doxing.

Also read: What is Cyber Stalking? What are its perspectives in India?

Because of the vast diversity of search tools and information easily available online, almost anyone can become a doxing victim.

If you’ve ever left a comment on an internet forum, joined a social networking site, signed an online petition, or purchased real estate, your information is publicly available.

Furthermore, anyone searching for information in public databases, County and State Records, search engines, and other repositories will uncover a wealth of data.

Types of Doxing

Celebrity Doxing

Journalists frequently gather information about a celebrity’s personal life and publish it on their social media platforms.

Doxing, on the other hand, isn’t exactly commonplace in the world of entertainment.

The hacker reveals personal information about the celebrity, such as credit card numbers, email addresses, social security numbers, and phone numbers.

Paris Hilton, Kim Kardashian, Joe Biden, Hillary Clinton, and President Donald Trump are just a few of the celebrities that have been doxed.

According to TMZ (Thirty-Mile Zone), a group of Russian hackers doxed 12 high-profile celebrities and politicians in 2013 by disclosing their SSNs, mortgage amounts, credit card information, vehicle loans, banking, and other information on a website.

Also read: Indian Agency sent notice to twitter over recent global high profile hacking

Faulty Doxing

Doxing is occasionally carried out by online vigilantes who are too indolent to conduct full research or examinations on their targets to ensure they are dealing with the right person.

Instead, they make erroneous associations between people and unrelated activities or events. As a result of such ‘faulty’ doxing, innocent people face the following consequences: loss of reputation, loss of employment, harassment, physical violence, or death.

In 2013, vigilantes on Reddit falsely labelled Sunil Tripathi, an innocent student, as a suspect in the Boston Marathon bombing.

According to his family’s social media page, Tripathi went missing, and his body was discovered in the sea near a park in Rhode Island. His death was deemed a suicide, with public shame as the cause of death due to erroneous doxing.

Revenge Doxing

Doxing can be used as a method of retaliation. They disclose publicly identifiable details about their rivals on the internet to humiliate them.

Curt Schilling, a former Major League Baseball pitcher, retaliated on Twitter in March 2015 against those who made sexually abusive comments about his daughter.

Schilling hunted identified the real persons behind the troll Twitter accounts and doxed them on the internet by revealing their true identities.

As a result of the incident, one bully was fired from his job and another was suspended from his community college.

Other bullies were frightened by the doxing and apologized on social media. In this case, Schilling employed doxing as a form of online vigilante justice.

Swatting Doxing

Swatting is a doxing technique. When someone falsely accuses someone of committing a Crime, Police (or a SWAT squad, as the case may be) are dispatched to the victim’s home to harass them. The victim of doxing, on the other hand, is frequently killed.

In December 2017, Tyler Barriss was involved in a fight with two other gamers, Casey Viner and Shane Gaskill, while playing an online video game.

Viner challenged Barriss to swat Gaskill, and Gaskill accepted the offer, revealing his prior residence, which was now held by the family of a guy called Andrew Finch, according to NBC News.

Barriss doxed Gaskill by making a hoax call to the cops. Barriss claimed to be him and told the cops that he had killed his father and was holding the rest of his family hostage.

Finch was killed by one of the responding police officers after being called outside. Barriss was sentenced to 20 years in prison for the phone call.

Crime Doxing

While most swatting is done for fun, some people use doxing to commit serious crimes like murder. They inspire others to harm their opponents by posting personal information about them on the internet.

The purpose could be personal vengeance or expressing disagreement or hate toward a specific cause, religion, activity, or race.

Neal Horsley, an Anti-abortion activist, collated the names, photographs, and addresses of abortion providers and publicised them on the Nuremberg Files website in the late 1990s and early 2000s.

He referred to the list as a ‘kill list.’ So far, eight doctors from the Nuremberg list have been slain. The website celebrated assassination victims and urged Pro-life activists to keep doctors on the target list.

Must read:

Abortion Rights in United States of America

Surrogacy in India & related Laws

Methods of Doxing

Packet Sniffing

Doxers use this technique to intercept your internet connection and search for passwords and other sensitive information.

They join to an online network, decipher its security measures, and steal data from it.

IP Logging

In this situation, the doxer, also known as IP loggers, attaches a code that may or may not be visible to the victim and sends it via email message.

When the victims open the message, the malware captures their IP address and sends it back to the IP logger, resulting in the transmission of rapid information on them.

Reverse Cell Phone Lookup

Doxers can learn more about you once they get your cell phone number.

Reverse phone lookup services like Whitepages, for example, allow you to key in a mobile phone number or any telephone number to learn about the owner’s identity.

Fees are charged by sites like Whitepages for information other than the city and state linked with a mobile phone number.

Those willing to pay can, however, use your mobile phone number to find out more personal information about you.

Social Media Stalking

The perpetrators track information about your personal life that you may not want to be shared with everyone by using social media updates.

They may discover your whereabouts and exploit it in an inappropriate manner, troll you on social media, or release it to the public without your permission.

Also read: What is Cyber Stalking? What are its perspectives in India?

Is Doxing Legal?

Doxing is usually not deemed illegal if the content exposed is in the public domain and was obtained legitimately.

However, regulations intended to prevent stalking, harassment, and threats may make doxing unlawful in your jurisdiction.

It also relies on the specific information disclosed. Giving someone’s true name, for example, is less risky than giving out their home address or phone number.

Doxing is both immoral and unlawful, and you could face serious legal consequences, including imprisonment, if you are caught harassing people and releasing their personal information.

It is often difficult for law authorities to detect and prosecute these types of offences.

On the other hand, using publicly available personal information ethically is not a crime. Those who dox for a more sinister goal are committing a serious crime if their goals are proved to be immoral.

There is no law in India that specifically prohibits or punishes doxing, but there are laws that prohibit voyeurism (Section 354C IPC and Information Technology Act, 2000), disclosing sexually explicit or filthy content (Section 292 IPC), defamation (Section 499 IPC), and online stalking (Section 499 IPC) (Section 354D IPC). Doxing infringes on our Right to Privacy (a Fundamental Right) and undermines our Right to Dignity (Article 21 of the Indian Constitution), as well as harassing us and placing us in risk.

Anti-Doxing Laws in India

Because doxing is a type of cybercrime, cyber harassment laws will apply to doxing in India.

India is one of the few countries in the world that has passed cyber harassment legislation that punishes cybercriminals.

Hacking, data tampering, and the release of obscene content are all Criminal Offences in the cyber world, but they aren’t limited to women.

The Information and Technology Act of 2000 (IT Act, 2000) and the Indian Penal Code encompass the following cybercrime offences (IPC).

Must read:

The World of Hacking and Pegasus

IDENTITY THEFT & INDIAN LAWS

Information Technology Act, 2000

Section 66 B

Section 66B makes it illegal to fraudulently and willfully accept or retain a stolen communication device or computer resource. A fine of up to one lakh rupees or three years in prison are possible penalties.

Section 66 C

This section deals with attempting to steal someone else’s identity by using their password, digital signature, or any other unique identifier.

Also read: Right to Privacy in the light of New IT Rules 2021

Section 66 D

Section 66D covers impersonating someone while using a computer resource or communication device.

Section 66 E

Penalties for privacy violations are dealt with under Section 66E. Unauthorized publication or sharing of images from a person’s private regions is dealt with in this section.

Also read: What is Cyber Stalking? What are its perspectives in India?

Section 67

Section 67 of the Information Technology Act of 2000 covers the majority of cyber-crimes committed against women.

This clause applies to the publication or transmission of vulgar material via Electronic means. In 2008, the IT Act was updated to include provisions for child pornography and intermediate record possession.

Also read: Children Protection Laws In India

Section 72

This section charges someone who gains unauthorized access to an electronic record, book, register, or document and violates the confidentiality or privacy of another person.

Must read: Right to Privacy in the light of New IT Rules 2021

Indian Penal Code

Section 354 C

Both the IPC and the IT Act make voyeurism an offense.

If a person takes a photograph of a woman engaged in a private act without her agreement, he will face a minimum of one year in prison and a maximum of three years in prison, as well as a fine, under Section 354C of the Indian Penal Code.

Also read: Assault under Indian Penal Code, 1860

The law can be applied in instances where a woman would not expect the criminal to see her.

The section of the IPC also defines “private act” as an act of gazing over a lady engaged in a private activity.

Section 354 D

The Indian Penal Code has a section that deals with stalking in all of its manifestations. Physically stalking a woman or her contacts, as well as monitoring her internet activities without her knowledge or consent, are all possibilities.

Section 500

This section covers printing or engraving anything disparaging or defamatory about someone who is aware of it (cyber defamation).

Section 500 of the Criminal Code makes the offence punishable by up to two years in prison and/or a fine.

Also read:

Indian Penal Code & Code of Criminal Procedure: Recent Landmark Judgements

Recent Landmark Judgements of Indian Penal Code, 1860

The Indian Penal Code Amendment Bill, 2020

Ways to Prevent Doxing

Examining Government Documents

While most personal records are not available on the internet, government websites do allow access to a large amount of data.

Databases containing personal information include business licensing databases, County Records, marriage licence, DMV records, and voter registration logs, to name a few.

Tracking IP addresses

Doxers can use a variety of methods to find your IP address, which is linked to your physical location. Once they have that information, they can use social engineering techniques on your Internet Service Provider (ISP) to learn more about you.

They could, for instance, file a complaint against the owner of the IP address or attempt to breach into the network.

Reverse Mobile Phone lookup

After obtaining your cell phone number, hackers may be able to discover more about you. You can use reverse phone lookup services to find out who owns a mobile phone number — or any other phone number.

Sites charge fees for information that isn’t related to a mobile phone number, such as the city and state. Those who are prepared to pay can, however, use your mobile phone number to learn more about you.

Packet sniffing

Packet sniffing is a term that is occasionally used in the context of doxing.

Doxers hunt for passwords, credit card numbers, bank account information, and old email messages among other things when they capture your internet data.

Doxers do this by connecting to an internet network, breaching its security procedures, and then capturing data flowing in and out of it. One way to protect yourself against packet sniffing is to use a VPN.

Using data brokers

Companies that collect and sell personal information about people for a profit are known as data brokers.

Public records, loyalty cards (which track your online and offline spending patterns), Internet search histories (everything you search, read, or download), and other data brokers are all sources of information for data brokers.

Many data brokers sell their data to advertisers, but for a little cost, some people-search services offer substantial details about individuals.

All a doxer needs to do is pay this modest charge to get enough information to dox someone.

By Following Breadcrumbs

Doxers can piece together a picture of someone from scattered information on the internet, resulting in the identification of the genuine person behind an alias, including the person’s name, physical address, email address, phone number, and other details.

Doxers can also buy and sell personal information on the dark web.

What to do if you become Doxing Victim?

Report the incident

Inform the sites where your personal information has been exposed of the attack.

Look up the relevant platform’s terms of service or community standards to discover what their reporting method for this type of assault is, and then follow it.

Save a form for future use when filling it out for the first time (so you do not have to repeat yourself). This is the first step toward preventing the sharing of your personal information.

Enforcement of law

If a doxer makes personal threats against you, contact your local Police department.

Any information pointing to your home address or financial details should be treated with utmost caution, particularly if there are serious threats.

Make a record of it

Take screenshots or save the pages that contain your information. Make a concerted effort to make the date and URL visible.

This Evidence is crucial for your records and could be valuable to law enforcement or other parties involved.

Safeguard your Bank Accounts

If doxers have publicised your bank account or credit card data, contact your financial institutions straight once.

Your present credit card will most likely be cancelled and replaced with a new one. Your passwords for your online bank and credit card accounts will also need to be updated.

Secure your accounts

Change your passwords, use a password manager, use multi-factor authentication whenever possible, and make sure your privacy settings on all of your accounts are strong.

Enlist the help of a friend or family member

Doxing can be emotionally exhausting. So that you don’t have to deal with the problem alone, get the help of someone you can trust.

Conclusion

Doxing is a severe problem made possible by ease online access to personal data. It’s not always simple to be safe online, but following cybersecurity best practices can help.

Edited by: Advocate Komal Sharma, Publishing Editor at Law Insider

Also read:

Offences under the Information Technology Act, 2000