Pin It

What Is Doxing? - Doxing And It's Uses


First, let me explain what Doxing is. Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.


You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information online. The most popular and most common method is to use a website called Pipl (http://www.pipl.com/). Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers. Another source hackers can use is Facebook (http://www.facebook.com). Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.


The main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.


Now, you’re probably thinking, “How’s he going to hack me with just my email?” well, that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.
Any hacker reading this, that didn't previously know about reverting, would probably look at this and say

This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy. Doxers tend to spend a while searching around the web for information that they can use.


Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed? Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).


So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?

About The Author

This was a guest post by David from www.MrCracker.com, where david writes related to hacking and security stuff, David also hosts a hacker podcast called Crackercast.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags: ,


Kindly Bookmark it and Share it with Friends:

9 comments :

Gazblotz on May 21, 2011 at 7:17 AM said...

mm Nice Article


thank you
Regards
J.M.Gazzaly
(http://hack-erz.blogspot.com)

Anonymous said...

Awesome article....

www.hackarde.blogspot.com on June 14, 2011 at 12:46 AM said...

Again thanks for introduse the new way of hacking,it is a g8t article.

Anonymous said...

any one can help me..to get password of my friend in Facebook..trough hacking

Anonymous said...

hello there, there is a data base of my use in perticular site which i want to get it and its in .xls format but i dont know how to get that please help, i will pay any price for that.

rogernet 2 said...

hey Anonymous!!!!!!!!
just try this link http://r.789695.n4.nabble.com/Download-xls-file-from-internet-td2315629.html

Anonymous said...

my xbl account was hacked how can i retrive it if I know the email

Anonymous said...

Very interesting article!

Anonymous said...

Very cool! Thanks for sharing!

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.