Fifteen minutes of unwanted fame

Detecting and characterizing doxing

Peter Snyder, Chris Kanich, Periwinkle Doerfler, Damon McCoy

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Doxing is online abuse where a malicious party harms another by releasing identifying or sensitive information. Motivations for doxing include personal, competitive, and political reasons, and web users of all ages, genders and internet experience have been targeted. Existing research on doxing is primarily qualitative. This work improves our understanding of doxing by being the first to take a quantitative approach. We do so by designing and deploying a tool which can detect dox files and measure the frequency, content, targets, and effects of doxing on popular dox-posting sites. This work analyzes over 1.7 million text files posted to pastebin.com, 4chan.org and 8ch.net, sites frequently used to share doxes online, over a combined period of approximately thirteen weeks. Notable findings in this work include that approximately 0.3% of shared files are doxes, that online social networking accounts mentioned in these dox files are more likely to close than typical accounts, that justice and revenge are the most often cited motivations for doxing, and that dox files target males more frequently than females. We also find that recent anti-abuse efforts by social networks have reduced how frequently these doxing victims closed or restricted their accounts after being attacked. We also propose mitigation steps, such a service that can inform people when their accounts have been shared in a dox file, or law enforcement notification tools to inform authorities when individuals are at heightened risk of abuse.

    Original languageEnglish (US)
    Title of host publicationIMC 2017 - Proceedings of the 2017 Internet Measurement Conference
    PublisherAssociation for Computing Machinery
    Pages432-444
    Number of pages13
    VolumePart F131937
    ISBN (Electronic)9781450351188
    DOIs
    StatePublished - Nov 1 2017
    Event2017 ACM Internet Measurement Conference, IMC 2017 - London, United Kingdom
    Duration: Nov 1 2017Nov 3 2017

    Other

    Other2017 ACM Internet Measurement Conference, IMC 2017
    CountryUnited Kingdom
    CityLondon
    Period11/1/1711/3/17

    Fingerprint

    Law enforcement
    Internet

    Keywords

    • Doxing
    • Identity theft
    • Online abuse

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Snyder, P., Kanich, C., Doerfler, P., & McCoy, D. (2017). Fifteen minutes of unwanted fame: Detecting and characterizing doxing. In IMC 2017 - Proceedings of the 2017 Internet Measurement Conference (Vol. Part F131937, pp. 432-444). Association for Computing Machinery. https://doi.org/10.1145/3131365.3131385

    Fifteen minutes of unwanted fame : Detecting and characterizing doxing. / Snyder, Peter; Kanich, Chris; Doerfler, Periwinkle; McCoy, Damon.

    IMC 2017 - Proceedings of the 2017 Internet Measurement Conference. Vol. Part F131937 Association for Computing Machinery, 2017. p. 432-444.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Snyder, P, Kanich, C, Doerfler, P & McCoy, D 2017, Fifteen minutes of unwanted fame: Detecting and characterizing doxing. in IMC 2017 - Proceedings of the 2017 Internet Measurement Conference. vol. Part F131937, Association for Computing Machinery, pp. 432-444, 2017 ACM Internet Measurement Conference, IMC 2017, London, United Kingdom, 11/1/17. https://doi.org/10.1145/3131365.3131385
    Snyder P, Kanich C, Doerfler P, McCoy D. Fifteen minutes of unwanted fame: Detecting and characterizing doxing. In IMC 2017 - Proceedings of the 2017 Internet Measurement Conference. Vol. Part F131937. Association for Computing Machinery. 2017. p. 432-444 https://doi.org/10.1145/3131365.3131385
    Snyder, Peter ; Kanich, Chris ; Doerfler, Periwinkle ; McCoy, Damon. / Fifteen minutes of unwanted fame : Detecting and characterizing doxing. IMC 2017 - Proceedings of the 2017 Internet Measurement Conference. Vol. Part F131937 Association for Computing Machinery, 2017. pp. 432-444
    @inproceedings{24c84fa9aee046fa8d2f76acc53efec7,
    title = "Fifteen minutes of unwanted fame: Detecting and characterizing doxing",
    abstract = "Doxing is online abuse where a malicious party harms another by releasing identifying or sensitive information. Motivations for doxing include personal, competitive, and political reasons, and web users of all ages, genders and internet experience have been targeted. Existing research on doxing is primarily qualitative. This work improves our understanding of doxing by being the first to take a quantitative approach. We do so by designing and deploying a tool which can detect dox files and measure the frequency, content, targets, and effects of doxing on popular dox-posting sites. This work analyzes over 1.7 million text files posted to pastebin.com, 4chan.org and 8ch.net, sites frequently used to share doxes online, over a combined period of approximately thirteen weeks. Notable findings in this work include that approximately 0.3{\%} of shared files are doxes, that online social networking accounts mentioned in these dox files are more likely to close than typical accounts, that justice and revenge are the most often cited motivations for doxing, and that dox files target males more frequently than females. We also find that recent anti-abuse efforts by social networks have reduced how frequently these doxing victims closed or restricted their accounts after being attacked. We also propose mitigation steps, such a service that can inform people when their accounts have been shared in a dox file, or law enforcement notification tools to inform authorities when individuals are at heightened risk of abuse.",
    keywords = "Doxing, Identity theft, Online abuse",
    author = "Peter Snyder and Chris Kanich and Periwinkle Doerfler and Damon McCoy",
    year = "2017",
    month = "11",
    day = "1",
    doi = "10.1145/3131365.3131385",
    language = "English (US)",
    volume = "Part F131937",
    pages = "432--444",
    booktitle = "IMC 2017 - Proceedings of the 2017 Internet Measurement Conference",
    publisher = "Association for Computing Machinery",

    }

    TY - GEN

    T1 - Fifteen minutes of unwanted fame

    T2 - Detecting and characterizing doxing

    AU - Snyder, Peter

    AU - Kanich, Chris

    AU - Doerfler, Periwinkle

    AU - McCoy, Damon

    PY - 2017/11/1

    Y1 - 2017/11/1

    N2 - Doxing is online abuse where a malicious party harms another by releasing identifying or sensitive information. Motivations for doxing include personal, competitive, and political reasons, and web users of all ages, genders and internet experience have been targeted. Existing research on doxing is primarily qualitative. This work improves our understanding of doxing by being the first to take a quantitative approach. We do so by designing and deploying a tool which can detect dox files and measure the frequency, content, targets, and effects of doxing on popular dox-posting sites. This work analyzes over 1.7 million text files posted to pastebin.com, 4chan.org and 8ch.net, sites frequently used to share doxes online, over a combined period of approximately thirteen weeks. Notable findings in this work include that approximately 0.3% of shared files are doxes, that online social networking accounts mentioned in these dox files are more likely to close than typical accounts, that justice and revenge are the most often cited motivations for doxing, and that dox files target males more frequently than females. We also find that recent anti-abuse efforts by social networks have reduced how frequently these doxing victims closed or restricted their accounts after being attacked. We also propose mitigation steps, such a service that can inform people when their accounts have been shared in a dox file, or law enforcement notification tools to inform authorities when individuals are at heightened risk of abuse.

    AB - Doxing is online abuse where a malicious party harms another by releasing identifying or sensitive information. Motivations for doxing include personal, competitive, and political reasons, and web users of all ages, genders and internet experience have been targeted. Existing research on doxing is primarily qualitative. This work improves our understanding of doxing by being the first to take a quantitative approach. We do so by designing and deploying a tool which can detect dox files and measure the frequency, content, targets, and effects of doxing on popular dox-posting sites. This work analyzes over 1.7 million text files posted to pastebin.com, 4chan.org and 8ch.net, sites frequently used to share doxes online, over a combined period of approximately thirteen weeks. Notable findings in this work include that approximately 0.3% of shared files are doxes, that online social networking accounts mentioned in these dox files are more likely to close than typical accounts, that justice and revenge are the most often cited motivations for doxing, and that dox files target males more frequently than females. We also find that recent anti-abuse efforts by social networks have reduced how frequently these doxing victims closed or restricted their accounts after being attacked. We also propose mitigation steps, such a service that can inform people when their accounts have been shared in a dox file, or law enforcement notification tools to inform authorities when individuals are at heightened risk of abuse.

    KW - Doxing

    KW - Identity theft

    KW - Online abuse

    UR - http://www.scopus.com/inward/record.url?scp=85038616131&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85038616131&partnerID=8YFLogxK

    U2 - 10.1145/3131365.3131385

    DO - 10.1145/3131365.3131385

    M3 - Conference contribution

    VL - Part F131937

    SP - 432

    EP - 444

    BT - IMC 2017 - Proceedings of the 2017 Internet Measurement Conference

    PB - Association for Computing Machinery

    ER -