Hello fellow Paranoids. Let us look at arguably the most well documented and most effective means of revenge and Social Engineering, Doxing.
What is it?
Doxing is a technique of tracing someone or gathering information about an individual using sources online and offline. The term is coined from several overlapping terms such as Docs, DocX, Info Dump, and Dropping Docs. Mashed together creates the term known today as Doxx or Doxing. Though more vocally common in the current decade with the rise of Hacktivist ideologies and the political unrest we see today, placed in the echo-champers of the Internet and Social Media, this is an old-school revenge tactic that emerged from hacker culture in 1990s. Used to pit the victims own habits and anonymity against themselves. Though other uses can be an engine for transparency for an injustice that can lead to legal repercussions. Consequently, doxing often comes with a negative connotation, because it can be used for revenge and is seen, for obvious reasons, as an invasion of privacy. Though this information is providing information to execute, it can be used also by readers to protect themselves from being victims. I highly recommend anyone to keep personal information secure and be aware of what data is available online and offline. I would also like to advise readers that peoples lives have been ruined by doxing. Both as victims and as attackers. The usage of doxing for revenge can lead to jail time or lead to a mass campaign of public shaming and embarrassment. Now since the disclaimer is all out of the way, let us move onward to find out more about doxing and potentially how to avoid it.
Techniques and Strategy
For this portion of the post I shall be using the terminology typical for a Red Team/Blue Team game. Where Red Team is the attacker and Blue Team is the defender to make this portion easier to follow.
With the advent of social media and the greater movement of convenience over security, anyone can harvest information from the Internet about individuals. There is no particular structure or proper procedure in place for doxing, meaning someone may seek out any kind of information related to the target and relay that information haphazardly. I also hope to alleviate that in this post. To start with the basics, a basic Web search can grant results. Social media platforms like Facebook, Twitter, Instagram, and Linkedin offer a wealth of private information, because many users have perceive these as a platform of self disclosure making social media as a One-Stop-Shop for their photos, place of employment, phone number, and email address. As Red Team you want to utilize this information generously. As Blue Team, You would want to ensure your privacy by locking accounts to private or using a web-sites maximum security settings to make positive your data is not public. Be sure both Teams keep a well detailed audit of these types of sites to keep a list of current and future changes to personal details.
Often Red Team does not collect information in one single place but from many sources. As a Red or Blue you need to ask the following as either Red Team or as Blue Team. I will be using (X) as an insert for either personal or target nouns.
This creates a profile. With the profile you start to see a more well rounded individual and this becomes a more well developed weapon.
Now we must ask ourselves...
Take a moment to think about the ways all of these overlap in our profile. Feel free to also take a note of individual nuances of each site as of they were their own unique person. How does Blue Team act in each particular instance. This further fleshes out the profile and allows for easier following for later Red Team activities and also allow Blue Team to see how unique each profile is and what information can be highly compromising if their activities were to bleed into other sites.
The Little Details
Either Team can also take note in section of the following...
These will overlap in ways making them redundant which is their purpose. There also are some these categories you do not have to take into account. However, given that many people are present online in different ventures, it can be useful to think about how you are represented in each.
People tracking sites
Numerous sites exists for tracking information of people and publish personal details without their consent via a purchase from public file or other means. Ironically Vices Motherboard has an Opt Out list which can be a nice list for Red Team or Blue Team found here
And further reading can be done
Using these can have a cost but for the information of a valued target can be worth it.
From the Blue Team perspective, a little work will get you removed. But also can be a huge pain; Finding all of these sites and working their policies can be the biggest tedious. Hopefully too if done correctly Red Team wont have a starting point.
Hacks and More
Though this post has mainly focused on the legal means Red/Blue Teams with time and energy can use to find information, but there are other ways of obtaining data. Any account could be hacked with those whom have the skills. Though its not likely someone will crack an email password, data breaches are fairly common on large platforms. Even if someone is not a hacker, they can buy or find hacked data.
HaveIBeenPwned can be very helpful for Blue Team. Red Team however only needs to look at a pirate-bay mirror or Google doc during a big leak to easily gain personal information. I would also like to make reference to Drizzy and his Doxing Tool, which is a sniffer that compiles information of a Target in an organized fashion and is completely automated. Drizzy's contact link and download link is listed below.
When doxing or self doxing I would highly recommend using the following formats to make a profile.
These are my two recommended formats to make the whole process concise and easy to read.
Doxing is the method of searching for and publishing private or identifying information about an individual on the Internet. This guide section of the guide will start with how to find a basic piece of information, how to use it to find more information and what to do from there. I will be publishing a Blue Team Defense Guide shortly after this goes public to allow a diverse range of information.
You first have to ensure that you are not using any personal information. If you are social engineering (Which I will cover later) you will want to take measure to keep your information safe such as, fake email accounts and fake social media accounts. You must always take into consideration what information you are leaving behind.
Any form of Social Media. Read through all of their posts. Look at their personal information. Be sure to look at their friends, this will help because if the person is cautious, their friends walls/pages might be of more value.
IP Address Searching
Having someones IP address is one of the most useful information you can have. You are going to need information on them, an email address is the most helpful.
Phone Number Lookup
Metadata from images, can be useful for location and camera/cellphone type.
MAC Address Search
If you managed to get their MAC, then this will just tell you the brand of NIC or laptop.
A Blue Team Defense Guide
So let us jump right in to defending yourself from doxing. The most effective defense is a good sense of self. Though you may not think that you are ever likely ever be doxed; start by controlling the amount of your personal information that ends up online. Keeping a personal audit of available information on you via the methods I go over in the Red Team Guide. This means that you should always be aware of the private information you are sharing.
To also be put simply, stop trusting online services with your data. Google, Facebook, and other such services have your data and out of convenience you give it. Though many of us know that we should not trust these platforms, we do. This is an easy way for you to get more data and in turn they can also get more data. But this opens up exploits into your personal being because others can also retrieve such data by also using those same services. Data cannot be forgotten.
Due to human nature patterns are used by us to create stability and control in our lives. Perhaps a schedule or set of foods you like. This is also common online via user-names and passwords. We often use similar if not the exact same series of user-names. This allows an attacker to run those user-names through a search engine such as Google and compile all the results. This creates a fairly discernible pattern of websites that are shared from a target. From there it is just connecting dots and going further down the rabbit hole. Change up all user-names, this makes it difficult to correlate. Same can also be said about passwords. But I assume most are aware of their own password patterns. Change your passwords often using a password manager or similar such application or programs on a secure piece of hardware that IS NOT your personal smartphone. Usually I recommend an encrypted hard-drive to store sensitive information.
And now to the more technical...
Your NetworkPrevent using public hot-spots or open WiFi without proper security precautions. You can be a victim of Network Sniffing. Though Public hot-spots this type of attack is more common, do not feel safe using your own network as this attack flow can also be used at home as well.A network based attack flow is as follows...
War-Driving: This involves a hacker driving around various locations, looking for vulnerable WiFi networks to attack at a later time. Password Attack: These can be used by hackers to bypass a public WiFi password either by mass testing a huge amount of passwords or by using software and tools. WiFi Sniffing: This involves intercepting network traffic and data using tools or software, This attacks the data sent between a router and a device. It is very easy to set up a WiFi sniffer since all you need is a laptop and some widely available software, Leading you to fall victim to an attack.
To secure yourself from such an attack you can do as follows...
I have made mention of using a GNU/Linux system before and I will make it a point now. Get away from Windows and MacOS. These system take a large portion of active users and thus are valuable targets for hackers, why use a sniper in a crowd when you can use a shotgun. Using GNU/Linux can create a smaller attack vector and make it far more difficult to become victim to malware and spyware attacks. Due to the GNU/Linux user-base, everyone can see and edit code. This creates a highly dense web of watchdogs keeping vulnerabilities out of yours and everyone's system. https://www.gnu.org/distros/free-distros.html
Your Browsing HabitsWe talked about exploitation of your network and your system so let us now move onto your personal browsing ethic. Not to jump to conclusions but I can assure you, you are browsing incorrectly. Now this is not a personal attack on your character as there are many, many people that do the same.
Use the Tor Browser
Tor is the currently the leading anti-surveillance browser at the moment because it is built on an entire infrastructure of relay servers. It bounces your connection through a number of nodes, and should obscure the public IP address you are connecting to the internet with. This can be installed on a Windows, Mac, though once again I would use it on your GNU/Linux system. For added security and leaving your system clean, it can be used via USB stick. To add though I would recommend reading the manual for tor. The Tor Project offers a list of dos and do nots for using it securely, including being very careful about downloading and opening documents which require applications. https://www.torproject.org/
We Will Do It Live
To take the last 2 mentioned points and being them together in beautiful harmony, use a incognito Live USB System such as Tails or more preferable, Heads. I did a full breakdown of Heads in an earlier post. This is a Live system that pipes all network through Tor and keep all sensitive data on the USB Drive it is running on. Thus after your system shuts down, it takes all data along with it, without a trace. https://heads.dyne.org/ https://tails.boum.org/
Not So Smart-Phone
A Stalin dream, a device in your pocket that is not only connected at all times but also comes with a camera. Your smart device is a huge security leak waiting to be tapped. Having your name connected to something like a phone number and having a device that screams at all connections HERE I AM can obviously create issues. Though I offer a simple solution. Use a Basic Prepaid phone or none at all. Smart devices have become many main source of communication and connectivity though these devices run into the same issues as the network attacks listed above as well as an introduction to a few others. Blue-Tooth attacks and Social-Engineering exploits using your personal cell number to name a couple. So best option to remain anonymous and secure is to dumb down or ditch it all together.
Additional OSINT Tools
This is a quick reference list of common OSINT tools. I will be making a more in depth catalog that specializes in Kali Tools.
Maltego https://www.maltego.com/ Maltego is a fantastic mapping tool and easy to pick up. Maltego is a widely used tool for open source intelligence and graphical link analyses.
Shodan https://www.shodan.io/ Shodan is a large and in depth Internet of Things discovery tool. Discover which devices are connected to the Internet where they are located and who is using them.
Google Dorks Learning how to use this collections of shortcuts and keyword tool can make you a master of Google-Fu.
The Harvester https://github.com/laramies/theHarvester theHarvester is a very simple, yet effective tool designed to be used in the early stages of a penetration test, it gathers emails, names, subdomains, IPs, and URLs using multiple public data aggregates.
Metagoofil http://www.edge-security.com/metagoofil.php Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target.
Regon-ng https://recon-ng.com/ Recon-ng is a full-featured Web Reconnaissance framework. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion.
CheckUserNames www.checkusernames.com or https://knowem.com/ To check the availability of a username on over 500 social networks. Easy to create a catalog of sites on a target.
TinEye https://tineye.com/ Basic reverse image search, great for finding alternate profiles or accounts.
Searchcode https://searchcode.com/ Search code from public projects using Github, Bitbucket, Google Code, Codeplex, Sourceforge, Fedora Project, GitLab and more.
OSINT Framework https://osintframework.com/ Framework is focused on gathering information from free tools or resources.
FOCA https://www.elevenpaths.com/labstools/foca/index.html FOCA is a tool used mainly to find meta-data and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.
ExifData https://exifdata.com/ EXIF is short for Exchangeable Image File, a format that is a standard for storing interchange information in digital photography image files using JPEG compression. Some images may even store GPS information so you can easily see where the images were taken!
https://archive.org/web/web.php A running archive of over 390 billion sites.
https://www.sec.gov/edgar.shtml All companies, foreign and domestic, are required to file registration statements, periodic reports, and other forms electronically through EDGAR. Anyone can access and download this information for free.
YouGetSignal https://www.yougetsignal.com/ A collection of network tools ranging from Geo-location to ID open ports on a network.
HaveIBeenPwned https://haveibeenpwned.com/ Check if you have an account that has been compromised in a data breach, this can be used in conjunction with password attacks and social engineering attacks.
Creepy https://www.geocreepy.com/ A Geo-location OSINT Tool. Offers Geo-location information gathering through social networking platforms.
OSINT Links https://osint.link/ Provides a list of Keyword research tools, Search Engines, Meta Engines, FTP, Image Search, Video Search, IOT, Exploits, and other such directories or search tools.