September 15, 2022, Kitchener, Ontario
Posted by: Robert Deutschmann, Personal Injury Lawyer
Doxxing is a form of cyber-attack and is defined as “compromising someone’s privacy or leaking information that they did not intend to make public”. It is not an issue for many people for others doxxing can become deadly serious.
It can lead to life and death situations for dissidents or activists who can be targeted by opponents. Individuals who commit doxxing gather information legally and illegally about their targets online and can quickly spread the information within their networks in order to act quickly and with force.
The Record published an article detailing Doxxing and why you should be aware of it.
‘Doxxing can be a life-and-death concern’: University of Waterloo professor warns of cyberattack that can turn deadly
People unknowingly put themselves at risk to this type of cyberattack all the time says professor
By Loraine CentenoTue., Aug. 23, 2022
In early August, an Ontario judge ordered Waterloo-based TextNow Inc. to name customers who made “racist and serious physical threats” against employees of a gaming company.
The customers reportedly got a hold of the employees’ personal information and leaked it online. The attack led to threats sent to the employees home in a sinister act called doxxing.
WHAT IS DOXXING?
“Doxxing is compromising someone’s privacy or leaking information that they did not intend to make public,” said University of Waterloo professor N. Asokan who also serves as the executive director of the Waterloo Cybersecurity and Privacy Institute.
While doxxing may not be a concern for some, this cyberattack can quickly become dangerous for others, he explained. “It can be a life-and-death concern for people in vulnerable situations like dissidents or activists who may be targeted by political opponents, for example.”
And many people unknowingly put themselves at risk to this type of cyberattack all the time.
“People leave a trail of crumbs all over the place, on social media profiles, on websites, on email and signatures,” Asokan pointed out. Anyone with enough time can follow these crumbs to get people’s addresses, phone numbers and locations, he said. Cybercriminals can follow location tags on posts and photos on social media.
“There are companies that make a business out of such data. So cybercriminals can also buy such information in marketplaces” he explained.
Cybercriminals can spread private information on public sites, launch a hate campaign against a person and then encourage others to join the attacks. Victims can get prank calls and threats sent to their homes. Other cybercriminals take it a step further by committing what is called swatting.
Swatting is an offshoot of doxxing that happens when someone makes a fake report (like a hostage situation for example) to law enforcement agencies and then sends special forces to the victim’s house. In the U.S., attackers have sent SWAT (special weapons and tactics) teams to victims’ homes, which spawned the word swatting. There have been reports of hackers hijacking doorbell cameras so they can livestream a swatting attack from the victim’s house. And there have also been reports of injuries and even deaths as a result of this type of attack.
HOW TO KEEP YOURSELF SAFE
“The bottom line is to limit the unintentional release of their information” Asokan said.
It may be fun to post a photo on your social network with a geolocation tag, but since information is attached to this photo “anyone who copies and shares your photo to a broader audience may trigger an unintentional release of your personal information,” he warned.
Practising good cyber hygiene habits is done by removing sensitive information like location tags before posting things online.
Asokan also advises minimizing the sensitive information people give away to service providers or making sure the visibility of information is limited. “For example, social networks may ask for your phone number or email address for account recovery purposes, but you can configure your profile so that they are not visible to anyone else but yourself,” he said.
Cyber hygiene can also mean “asking service providers to wipe personal data from their databases once you are done using their service.”
Also, be wary of applications you download and install. Some of these are malware designed to spy on your online activities, but disguised as a legitimate application. Make it a habit to read reviews and information about an app before downloading and be careful with applications from sources you can’t trust like those sold outside official app stores.
“Be stingy about granting permissions to apps, follow the ‘principle of least privilege’ and grant only the minimum set of permissions apps need to do the job you want them to do,” he adds.
“Ultimately, strong regulation that limits service providers in their collection, storage and use of personal data is necessary. Other jurisdictions are already doing it like the European GDPR. Canada has the Consumer Privacy Protection Act in the works”