Introduction:
Doxing is a
coin with two sides. Doxing can be used for security, research and collecting
proof for investigation in one hand but in other hand, it can be used for cyber
harassment and other serious cyber issues. But here, after lots of research, I
learned that Doxing is a part of Reconnaissance, which generally focuses on its
dark side. So before entering into the dark side, let’s first understand the
bright side i.e. Reconnaissance.'
Define: Reconnaissance
Reconnaissance
is also known as foot printing or information gathering. It is the first step
to any penetration testing. The main objective is to gather as much as
information possible about the target.
Define: Doxing
According to
urban dictionary, “Doxing is a technique of tracing someone or gathering
information about individual using sources on the internet. Its name is derived
from ‘Documents’ or ‘Docx.’ The Doxing method is based purely on the ability of
the hacker to recognize valuable information about his target and use this
information to his benefit.”
It’s also
based around the idea that, “The more you know about your target, the easier it
will be to find his/her flaws.”
Though I
understood the concept, still it’s a little confusing. If Doxing is all about
gathering a valuable piece of information and using it to the attackers benefit
then how does it differ from Reconnaissance? Why it is called Doxing?
After lots
of research I found that Doxing is a two-step process.
Step1:
Collecting information about an individual from publicly available sources such
as social networks, chat forums, blogs, articles etc. from a limited initial
source of information such as name, email id or screen name in any site. This
is Reconnaissance.
Step2:
Intentionally disclosing it in any group, forum, site, or anywhere in public
for some kind of personal benefit that may be rage, revenge or enmity for
harassing or humiliating the target.
What I
concluded is that Doxing consist of two stages. If a Hacker collects all the
information about a target and does nothing than, that’s not Doxing but simply
Information Gathering. When this Information is posted publicly, that’s exactly
what we call Doxing.
What information is needed when Doxing?
There is no
such format or any particular structure for Doxing. It may be any information
related to the target. The information must be private and important. If you
think from an attacker point of view we can say Doxing might contain real
names, real pictures, ages, genders, primary email id, and if different email
ids are used for different social sites than those ids with respect of sites.
Social network profile links (Facebook, Twitter, LinkedIn), websites, owned blogs,
address, phone number, education details, Bank account details and such similar
or more important information.
Where to Start?
As we know
the first step of Doxing is gathering information. And to gather information
about someone we need some or any small piece of information to start with.
That information may be name, email, screen name or some/all of these.
Let’s think
about real time scenario.
In a social
network site, a user is disturbing another user. In this case our victim wants
to Dox the attacker. But the problem is the attackers profile looks fake, not
one bit of information looks genuine. So where to start? The answer is, start
with the username.
How to start?
Let’s say
the name is John. We know that John is a very common name and if you search in
Google as “John” you will get thousands of results. So what to do?
You have to
find some other information about John in that social network site. But as we
know that it’s a fake profile we don’t know whether to rely on any of the
information or not. In this case, search for some other info like signature.
For example if he/she put signature as “h4xor”. You can continue searching
using “John h4xor”. This will reduce the Results.
Sometimes
your target person registered in multiple forums, websites or social networks.
So while searching, you will get results of registered websites for him/her
using that username or other info. Let’s say you found some other accounts
which looks fake with the same signature, then compare those accounts and see
what information and which users are mutual, Read each post of target persons,
he might have left some more information about him in any of the forums or
websites.
This is just
an example of how to collect information from nothing and end up with Doxing.
Search Methods:
It’s a
powerful search engine which comes with different advance search options. Use
its special notations, operators or a combination of both to find an effective
result.
There are
several special notations like
·
+ include
·
Exclude
·
| OR
·
.. range
·
~ synonym
·
“” string
·
*Wild card
Bing is also
a powerful search engine. Having its own specialties, it’s social search
feature helps users to search for and retrieve real-time information from
social networks.
Looking for profile of a person
Is an
interesting site to gather information. It asks about the first name or last
name. After entering first name and last name it provides interesting
information such as social account details, possible location, possible
relatives, email addresses (Partial shown in result) and also arrest records if
any.
Nothing to
worry if you don’t know the first name and last name of the target. You can
even search just using the username and also using email addresses of the
target.
Lullar - http://com.lullar.com/
This is also
quite similar to peek you. You can search using first name, last name, user
name and also with an email id. It gives results of all the websites that may
have the entered user.
This is
actually made to find out if a user wants to use a particular username in a
social networking site than whether it is available or not. But we can use the
same to check if our target is using other social networking sites or not. It’s
quite simple you just have to add the target’s username and search. The site
will search through 160 different social sites and give you the result. Check
for the sites are not available, that means the particular username is already
registered in the site and may be another account of your victim as shown in
image1.
Image1:
Check Usernames Result
You can search
using name, email, username or phone number (location is optional). It provides
links of the social networking sites along with the profile picture used to
verify the target easily.
It is also
similar to Pipl but it only allows you to search using first name last name and
location (You can use world if you don’t know about the targets country).The
results provide social networking site links with profile picture and
interestingly it provides related people details also.
Webmii - http://webmii.com/
You need to
search using first name and last name. If you don’t know the region of the
target, use international to search. In the result you will find pictures of
the target and also blog posts. If the target posts any articles in public you
can find it in the results.
Socialmention - http://socialmention.com/
You need to
search using name, email id, username or any related keywords. Social mention
searches the entered keyword and provides you results if the keyword is
mentioned in any social networking site such as Facebook, YouTube and Wiki. It
also provides you the usernames which mentions that particular keyword you
entered.
You need to
search using name, email id, username or any related keyword. Whostalking
searches the entered keyword in many different web sources and provides you the
link where the particular keyword is mentioned.
This is the
one I like most. This can be used for different purposes such as Cyber
intelligence, Corporate Security, Competitive intelligence, Financial Services
etc. but you can use this for Reconnaissance also.
The best
thing regarding this application is that you can set the timeline in which you
want to search.
You can
search for people, places, time and events. In our case we are interested in
collecting information about a person.
You need to
register first to use this application but I must say you will find worth of
it. After registration login to your account and click on ANALYZE. You will
find a search bar in top right. Enter the name you want to search. Adjust the
timeline in bottom. And click on search. It will show the links and details of
the name mentioned anywhere in the internet. It also shows the summary on the
right hand side of the page. As shown in Image2.
Image2: Recorded Future Timeline (Courtesy: RecordedFuture.com)
You can see
the results in different forms such as timeline, map (As shown in Image3),
network, table, feed, and tree map format.
Image3:
Recorded Future Event Map (Courtesy: RecordedFuture.com)
The result
contains dates, link where the name is mentioned and some part of the post. It
also minutely differentiates the results such as organization, person, product
and many other. The Network view (As shown in Image4) shows how different
results are connected to each other.
Image4:
Recorded Future Event Network (Courtesy: RecordedFuture.com)
This
application will provide information related to
1. Who is
the first to report about the person you search for?
2. Which
sources are reporting about the person you search for?
3. Quotes
about the person you search for.
4. Who is
mentioned together with the person you search for?
5. What else
is associated with the person you search for?
6. Where is
the person you searching for is travelling?
…and many
more.
It’s so
interesting to get all this information in an organized manner. And it provides
you the feature to customize your view according to group by event type,
person, Location, First source and many more.
There are
loads of features present in this application. You just need to explore.
Search information using image
If you want
to search someone using image, what will be the best solution other than a
powerful search engine. Just go to Google than click on images. In the right
corner of the search bar you will find a camera icon. Click on that and it will
ask you to paste image URL or upload image. Do any of these two and you will
get not only similar image but also best match images in result.
Search for
someone using image. You need to either provide the link of an image or simply
download the profile picture of the target and upload to search. This site
provides the links where same picture is used and also the links of the best
match pictures.
Search information using address or telephone number
White pages
If you know
the exact address of the target than use it to find the neighborhood. If you
know the partial address than use it to find more details of that area. You can
also search for information using telephone number.
Search information using a post or discussion
Sometimes
people discuss about a particular topic in different forums or social
networking sites. If you want to find information related to any of the posts
of your target, you can use this site. It allows you either enter the detailed
post or at least the keywords of the post to search weather any other forum or
site has similar discussion.
Search information using IP address
IP address
does not provide much information but still it will help to collect some
information. I am not going to cover how to collect IP address (You can collect
it using email). If you are having the IP address of the target then you can
use any IP look up tool to collect the information such as
http://whatismyipaddress.com/ip-lookup. It will provide you details such as ISP
name, country, state, city, longitude and latitude.
Search information using Domain names
Sometimes
domain names help us to find out important information such as address, email
id and phone number. Just enter the domain name in http://whois.domaintools.com
and click on lookup.
Tools
We came
across different cases and how to collect information in that particular
scenario manually but there are certain tools which will automate the process
for you and provide information using web resources.
The
Harvester is an open source intelligence tool (OSINT) for obtaining email
addresses, sub domains, hosts, employee name, open ports and banners from
public sources such as search engines. It’s a simple python tool which is easy
to use and contains different information gathering functions.
Generally we
need a domain name or company name to collect information but we can use
keyword also to collect related information. We can specify our search, such as
to search from Google or Google-profiles or linked or all the web resources
used by the harvester.
Collecting
information using Google as a source (As shown in Image6).
Image6: The
Harvester Command
-d=
Generally, domain name or company name but for our case it is for keyword
-l= Number
of result limits to work with
-b=
Specifying the data source
Collecting
information using LinkedIn as source
#./theHarvester.py –d yourkeyword –l 100 –b linkedin
Collecting
information using all the web resource
#./theHarvester.py –d yourkeyword –l 100 –b all
This tool
provides you email addresses, hosts, virtual hosts etc. (As shown in Image7).
This tool is useful when you know the company of your target or the domain
owned by the target, then you can collect related information.
Image7: The
Harvester Result
Maltego is
also an open source intelligence tool (OSINT). It’s a little complex yet very
effective tool. It collects information from different web sources and provides
you with a relationship graph for link analysis and data mining. It helps you
in analyzing real-world relationships between people, groups, websites,
domains, networks, internet infrastructure etc. I like this tool, because it
provides an overview of the entity relationship in a mind map manner.
To use
Maltego you need to register yourself first. It provides you a wide range of
options to start with such as IP address, domain name, URL, location, name,
email id etc. Start with any of these but in our case we will start with name.
Drag the
Person entity to the center and in the property view edits its first name and
last name. Right click and run different transformations. According to the
information fetch from web resources Maltego will co relate among that
information and will provide you with a relational network diagram (As shown in
Image8). If you don’t know which transformation to choose then run all
transformations. It will provide all the result.
Image8:
Maltego Result Main View
You can
switch in to different types of views to see your result. You can insert, edit
and delete the entities and its relationships. It’s a tool with lots of
features. Play with it more to find new possibilities.
Keeping track of all the information collected
Sometime
it’s better to keep track of all the information collected manually. But isn’t
it better to have a tool which will simplifies the process. And there comes
CaseFile, a data visualization tool.
CaseFile is
another fine product of Paterva also known as Maltego CaseFile. It helps you
build information map with tons of new features included such as attaching
photos, documents, graph merging etc (As shown in Image9). It provides you
simple interface to add, link and analyze data quickly and effectively.
Image9:
CaseFile Result
Why Dox Someone?
The
intention behind Doxing someone is never good because the target has to face
serious consequences. It can be done for many different reasons as I stated
some of the motives earlier in the definition of Doxing. It is generally used
for accepting challenge, taking revenge on someone, or simply harassing the
enemy in public.
What are the consequences?
As Doxing
discloses all the private information in public, it’s a serious privacy
concern. Apart from that it affects the virtual identity (Online Reputation),
it can break the target mentally, it can be a threat to health and life, and it
will affect the employment, business and social life. It might lead to identity
theft. And in the worst scenario may be a reason for suicide. These are some of
the serious consequences but it can be worse in real life.
You can be a victim
As internet
became an essential part of our life. We started living dual life. One is the
online life, where we have different usernames, different aliases, and
different profile pictures in different places and other the offline life our
physical life. As the definition of being social changed from meeting people
outside to doing Google hang out and being online in different social
networking sites. We started sharing information intentionally or
unintentionally in internet. If you ask me personally how many sites you’re
registered in. I can’t answer exactly. Because internet changed so rapidly and
we also changed ourselves, in the mean while we forgot about those sites or
thing we used to do earlier in internet. I think this is the case for most
internet user. And taking benefit of this ignorance any attacker can collect
our information from different sources of internet which makes each one of us
vulnerable to be a victim of Doxing.
Help yourself not to be a victim
1. Don’t
provide all the personal information in any site if it is not mandatory.
2. If you
provide personal information anywhere than make that profile private.
3. Use
different user credentials for different sites.
4. Use
different aliases in different sites.
5. Don’t
share your image in any profiles.
6. Don’t
show off too much in social sites.
7. Don’t
challenge any one.
Conclusion:
This can be
utilized for good. As social media plays a huge role in everyone’s life now
days, it is one of the fastest media and covers all age group audience. We can
use this technique to protest against social evils and disclose them totally in
public media for greater good.
Reference:
(Source)
0 comments:
Post a Comment