Why They Dox: First Large-Scale Study Reveals Top Motivations and Targets For this Form of Cyber Bullying
Researchers at the New York University Tandon School of Engineering and the University of Illinois at Chicago (UIC) have published the first large-scale study of a low-tech, high-harm form of online harassment known as doxing.
Coined as an abbreviation of the word “documents,” doxing involves collecting and publishing sensitive personal information online to exact revenge, seek justice, or intimidate victims.
“This study adds significantly to our understanding of this deeply damaging form of online abuse,” said Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon. “The ability to detect doxing and identify the primary motivations for these attacks is key to helping Internet service providers, law enforcement, and social media networks better protect users from harassment.”
The research team also includes Peter Snyder, a doctoral student in computer science and an Electronic Security and Privacy IGERT fellow, and Chris Kanich, an assistant professor of computer science, both from UIC,;and Periwinkle Doerfler, a doctoral candidate at NYU Tandon. The paper, “Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing,” was presented at the Internet Measurement Conference in London last week.
The team focused on several websites well known for hosting doxed files and captured more than 1.7 million text files shared on those sites over two 6- to 7-week periods. Using their custom text classifier, the researchers identified and analyzed more than 5,500 files associated with doxing.
According to the study, 32 percent of doxing victims closed or changed the privacy settings on their Instagram account, and 25 percent adjusted the settings on a Facebook account after an attack. But Facebook and Instagram serendipitously debuted new abuse filters to curb online harassment during the study’s data collection period, and they were apparently effective. Just 10 percent of doxing victims altered their Instagram account once anti-abuse measures were in place, and 3 percent changed their settings on Facebook.
“This is an indicator that these filters can help mitigate some of the harmful impacts of doxing,” Snyder said. However, he noted that much of the doxing occurs on field-specific sites that cater to the hacker or gaming communities, where reputations can be damaged among valued peers.
More than 90 percent of the doxed files included the victim’s address, 61 percent included a phone number, and 53 percent included an email address. Forty percent of victims’ online user names were made public, and the same percentage revealed a victim’s IP address. While less common, sensitive information such as credit card numbers (4.3 percent), Social Security numbers (2.6 percent), or other financial information (8.8 percent) was also revealed.
“Most of what we know about doxing thus far has been anecdotal and based on a small number of high-profile cases,” said Snyder. “It’s our hope that by bringing a quantitative approach to this phenomenon, we can provide a fuller understanding of doxing and inform efforts to reduce the damage.”
This research was supported by grants from the National Science Foundation, AWS Cloud Credits for Research, and Google.