First large-scale doxing study reveals motivations and targets for cyber bullying
Researchers at the New York University Tandon School of Engineering and the University of Illinois at Chicago (UIC) have published the first large-scale study of a low-tech, high-harm form of online harassment known as doxing.
Coined as an abbreviation of the word “documents,” doxing involves collecting and publishing sensitive personal information online to exact revenge, seek justice, or intimidate victims.
The researchers created a custom text classifier that allowed them to identify and analyze dox files, which often include highly identifying personal information, including links to social media accounts. The study revealed that doxing exacts a significant toll on victims, who are far likelier than others to close or increase the privacy settings of social media accounts following an attack. However, new abuse filters deployed on Facebook and Instagram appear to be effective in making victims feel safer. The primary motivations for doxing are revenge and justice, with competition and politics far behind, at just over 1 percent each of the reasons discerned by the study.
“This study adds significantly to our understanding of this deeply damaging form of online abuse,” said Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon. “The ability to detect doxing and identify the primary motivations for these attacks is key to helping Internet service providers, law enforcement, and social media networks better protect users from harassment.”
The research team also includes Peter Snyder, a doctoral student in computer science and an Electronic Security and Privacy IGERT fellow, and Chris Kanich, an assistant professor of computer science, both from UIC,;and Periwinkle Doerfler, a doctoral candidate at NYU Tandon. The paper, “Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing,” was presented at the Internet Measurement Conference in London last week.
The team focused on several websites well known for hosting doxed files and captured more than 1.7 million text files shared on those sites over two 6- to 7-week periods. Using their custom text classifier, the researchers identified and analyzed more than 5,500 files associated with doxing.
According to the study, 32 percent of doxing victims closed or changed the privacy settings on their Instagram account, and 25 percent adjusted the settings on a Facebook account after an attack. But Facebook and Instagram serendipitously debuted new abuse filters to curb online harassment during the study’s data collection period, and they were apparently effective. Just 10 percent of doxing victims altered their Instagram account once anti-abuse measures were in place, and 3 percent changed their settings on Facebook.
“This is an indicator that these filters can help mitigate some of the harmful impacts of doxing,” Snyder said. However, he noted that much of the doxing occurs on field-specific sites that cater to the hacker or gaming communities, where reputations can be damaged among valued peers.
More than 90 percent of the doxed files included the victim’s address, 61 percent included a phone number, and 53 percent included an email address. Forty percent of victims’ online user names were made public, and the same percentage revealed a victim’s IP address. While less common, sensitive information such as credit card numbers (4.3 percent), Social Security numbers (2.6 percent), or other financial information (8.8 percent) was also revealed.
“Most of what we know about doxing thus far has been anecdotal and based on a small number of high-profile cases,” said Snyder. “It’s our hope that by bringing a quantitative approach to this phenomenon, we can provide a fuller understanding of doxing and inform efforts to reduce the damage.”
This research was supported by grants from the National Science Foundation, AWS Cloud Credits for Research, and Google.