Doxing, according to the Cambridge Dictionary, is ‘the action of finding or publishing private information about someone on the internet without their permission’, information which all too often then ends up for sale on the darknet.
Many areas of our daily lives have been digitalised in recent years, and with this comes an increasing awareness of online security and data protection issues. However, the specialists of Kaspersky, the cyber security specialists have now revealed that 37% of millennials think that their lives are too boring and not interesting enough to see themselves as potential victims of cyber crimes. Have you ever used a public PC to logon to your online banking account? Or to pay for something with your credit card? And did you forget to clear the computer’s cache afterwards?
And although it should be, your data is not always better protected by big corporates: LinkedIn, The social network for business professionals now owned by Microsoft got hacked in 2012 and 2016 with some 165 million user accounts being compromised. Equifax, one of the largest credit bureaus in the United States, got hacked in 2017, putting personal information of almost 148,000,000 consumers at risk, over 200,000 of which had also their credit card information stolen.
Many countries have taken steps to protect its citizens privacy online: the EU’s General Data Protection Regulation (GDPR) is certainly an excellent example of such directives as they ‘have forced organizations to improve their security and take the data leakage threat more seriously’ to quote the Kaspersky paper. Just as well, since many of us, including myself, just can’t be bothered with complex passwords nobody ever could even remotely remember. I for one use the same password with a few variations to protect most of my data online. And you can imagine my surprise when I woke up one morning a few months ago in Switzerland to find an email from Netflix in my inbox advising me that earlier during the night I had logged into my account from Brazil.
According to the Center for Victim Research, 7-10% of the U.S. population are victims of identity fraud each year, and 21% of those experience multiple incidents of identity fraud. The Federal Trade Commission (FTC) estimates that as many as 9 million Americans have their identities stolen each year, and I imagine that the figures are not that dissimilar in other developed economies.
But thanks to the Kaspersky report we finally know how much our information is actually worth to a potential buyer: ID-cards apparently go for anything between 50 cents and $10, Depending on how complete the information offered is. Already more expensive are scans of passports, these can be purchased for anything between $6 and $15. Not surprisingly one of the determining factors for the price of passport scans is the country of origin. According to a search done in 2018 by Comparitech, a British website helping consumers to research and compare tech services, British and Australian passports seem to be the most popular on the darknet (well, after Brexit the British passport is likely to lose some of its appeal). Forged passports, according to Comparitech, in 2018 would cost upwards of $1000, whereas the real deal would set you back some $12,000.
Other documents available for sale which might relate to you are medical records (cost from $1 to $30), driver’s licenses ($15 to $25) and selfies with documents ($40 to $60). Add that there is the credit card information: Full credit card information including the name, the 16-digit number and CVV code can be used to withdraw funds or purchase goods online and costs from $6 to $20 per unit. More expensive is the access to online bank accounts, This being priced anywhere between 1% and 10% of the funds in the account. 2-factor-authentication (2FA) may be cumbersome but in comparison certainly a minor nuisance to protect your hard earned dough.
But the most widespread data leaks involve passwords, and this information, although often outdated, is usually free and can even be found in some shady forums on the regular Internet. many people use the same or a same a few passwords and link them to the same email address (and before you ask, yes, me too!). I got notified only recently that apparently my password had appeared in a list of compromised online access credentials.
Already before the pandemic we would bank online, book holidays on the Internet one order goods from webshops, and now that we are spending even more time cooped up indoors and working from home, the risk of every single one of us being affected by cyber crime is only going to increase.
Also be careful what you post on social media, forums and message boards. Doxers are known to have published the true identities, addresses and phone number of people who had been using aliases online to publicly express opinions which they would not necessarily feel comfortable being associated with in real life.
With ever more of our lives taking place online, we better make sure that our personal information stays private. So, having been doxed myself, I better get cracking with changing my dozens of passwords. And if you happen to come across the person who logged into my Netflix account from Brazil please do drop me a line…..
The grumpy older man 
So good to see you back again. Great read. Personally feel that while we have primary responsibility ourselves, it is time that our criminally feckless governments step in to prohibit all but information essential to a particular business’s trade, completely ban sale of personal information, enact insanely stiff criminal and monetary sentences for data theft, and establish technical “walls” restricting data flow across national boundaries. Enacting such regulation should keep politicians busy for one-hundred years. Lawyers of course should not be allowed to participate. Yeah, I know, what upheavals there would be. So many millions with little to do now that their facepages time is slashed. Thanks for the post. Look to see you again, soon.
LikeLiked by 1 person
I agree with you in principle, although restricting the flow of Information would be a setback not least economically which is going to affect us all. But penalties for data theft definitely need to be drastically increased in order to be at least some sort of a deterrent and companies need to be held criminally liable for the loss of data from their systems.
LikeLiked by 1 person