Doxing means to analyse information posted online by someone in order to identify and later harass that person. It is typically used to shame or punish people who would rather stay anonymous, because of their controversial beliefs or because they are making trouble in some way.
Doxing can be called a cyber attack involving uncovering the real-world identity of an Internet user. The attacker then reveals that person’s details online. This can then lead to other people attacking the ‘victim’ online and this can be malicious.
However much we may wish to hide out r identity online, we all leave a trail of breadcrumbs that the determined investigator can use to try to find out our real identity.
Typical methods used to determine someone’s identity may include:–
searching publicly available databases
searching social media websites
The key point of doxing is to find and publish personal information about the victim but it can be done for a wide range of reasons, including: harassment, online shaming, extortion or vigilantism.
Newsweek writer Leah McGrath Goodman revealed the identity of the anonymous creator of Bitcoin, Satoshi Nakamoto although she was heavily criticized by some for her actions.
Some believe a journalist using doxing is crossing the legal line into harassment, by publishing information about an individual’s private life against their wishes.
The Des Moines Register published racist tweets made by a 24-year-old Iowa man whose beer sign on ESPN College GameDay resulted in over $1 million in contributions to a children’s hospital, readers retaliated by sharing social media comments previously made by the reporter, Aaron Calvin, which contained racial slurs and condemnation of law enforcement.
The newspaper later announced that Calvin was no longer an employee.
3. In July 2016, WikiLeaks released 300,000 e-mails called the Erdoğan emails (named after the Turkish leader). However, Included in the leak was a lot of personal information about Turkish citizens. The files were removed due to privacy concerns, as they included spreadsheets of private, sensitive information of voters.
If you have any experiences with these scams do let me know, by email
Manchester United football club experienced a ransomware attack in late 2020. They were held to ransom for millions of pounds by cyberhackers who targeted the club’s computer systems and demanded payment to stop them from releasing sensitive data.
It is a difficult decision for any business – pay up or risk seeing highly sensitive information being wiped out or leaked into the public domain.
The club were clear from the start that the attack was very serious but it did not impact on their schedule of matches.
United brought in a team of technical experts to contain the attack and they informed the Police and the National Cyber Security Centre (NCSC).
The NCSC revealed that in 2019 an English Football league club was hit with a £5m ransomware demand. They were unable to access their CCTV or use entry turnstiles, but its’s not believed that they paid anything.
It took weeks of effort to get things back to normal following the attack and United could face fines of up to £18 million or two per cent of their total annual worldwide turnover from the Information Commissioner’s Office if the attack is found to have breached their fans’ data protection.
The NCSC has previously warned that there is a growing threat to sports clubs.
It took roughly 2 weeks for United IT staff and outside experts to regain control of the situation. It is believed they did not pay the attackers.
The episode was embarrassing for United and they are still under investigation by the Information Commissioner’s Office.
If you have any experiences with these scams do let me know, by email.
Generally on web pages, you have to click a link or a button or do something to enable the page to download malware to your device.
But, if your software is sufficiently out of date or missing security updates, then it may be possible for a web page to initiate a download of malware without you taking any action and it may not warn you of the download.
This can be very dangerous.
Anti-malware services can generally spot such danger and block the download but the key is to always keep your software fully up to date.
Common drive-by exploits
Hackers looking to create drive-by malware, generally look at the following:-
Old operating systems
Browsers such as FireFox, Chrome, Opera, and others, especially out of date versions
Out of date browser plug-ins
Early versions of Microsoft Office
Adobe/Shockwave Flash (ActiveX)
The types of drive-by malware commonly found include:-
Trojan horses – these take remote control of the user’s device
Ransomware—allows the attacker to encrypt or threaten to destroy data on the device unless a ransom is paid
Botnet toolkits—attackers may install a botnet application that on many devices which can then be controlled as one to carry out actions such as sending spam email or participating in DDoS attacks
Man in the Middle tools—enables attackers to eavesdrop on the user’s communications
Keyloggers—capture keystrokes and feed them back to the hacker.
If you have any experiences with scammers, spammers or time-wasters do let me know, by email.
IT Governance is a leading global provider of cyber risk and privacy management solutions, with a special focus on cyber resilience, data protection, PCI DSS, ISO 27001 and cyber security.
Staff awareness training
Human error is the leading cause of data breaches, so you need to equip staff with the knowledge to deal with the threats they face.
Staff awareness training will show staff how security threats affect them and help them apply best-practice advice to real-world situations.
Web application vulnerabilities are a common point of intrusion for cyber criminals.
As applications play an increasingly critical role in business, it is vital to focus on web application security.
Network security is the process of protecting the usability and integrity of your network and data. This is achieved by conducting a network penetration test, which scans your network for vulnerabilities and security issues.
Leadership commitment is the key to cyber resilience. Without it, it is very difficult to establish or enforce effective processes. Top management must be prepared to invest in appropriate cyber security resources, such as awareness training.
You should implement a password management policy that provides guidance to ensure staff create strong passwords and keep them secure.
Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.
Cyber Security, (also known as Information Technology Security) is the protection of computer systems and networks from interruption of their service, theft or damage to their software, hardware or data.
Cyber attacks can cost organisations huge sums of money (including fines) but also cause damage to their business and loss of confidence by their customers and partners. There can also be loss of sensitive data relating to their business or customers and that can spread damage very widely.