What is Doxing and How it is Done?

In the modern world, Internet has become a wonderful place to gain knowledge, exchange ideas, share information, make new friends and whatnot. Even though, you can do all of this by remaining anonymous behind your monitor, your real life identity and personal details can still be at the risk of falling into the hands of strangers. This is where the term “doxing” comes into play!

What is Doxing?

Doxing simply refers to the process of gathering or deducing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet. In other words, doxing is the act of using the Internet to search for personal details about a person.

Doxing is done by initially taking a piece of information (such as “name” or “email address”) and keeping it as a base to find out other possible details about the person. The term “doxing” is derived from the word “document tracing” which means to retrieve documents about a particular person or company in order to learn more about them.

Doxing Techniques:

Today, Internet has grown to such a size that it contains almost any information that you’ve ever imagined! All you’ve to do is use the right techniques to search for what you want. Here is a list of doxing techniques that are most commonly used by Internet geeks and ethical hackers:

Using Google:

Google is undoubtedly a powerful tool that plays a key role in doxing. Since Google indexes almost anything on the Internet (sometimes even the private information), it is possible to dox for details such as email ID, address, phone numbers and photographs of a person or company. Once you obtain the search results for your query, carefully examine the description part which in most cases contain the piece of information that you are looking for.

Social Networking Websites:

As most Internet users are found to be active on social media, social networking sites such as Facebook and LinkedIn provide a virtual goldmine of information necessary to perform doxing. As most users are unaware of online security issues, they have weak privacy settings on their profile. This makes it easy for the attackers to gain access to personal information such as photographs, real names, location, job, partner’s name etc.

Reverse Cell Phone LookUp:

A “Reverse Cell Phone Lookup” is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number and vice versa. There are many online services out there such as cell phone registry that provide access to the personal details about a given person based on his/her phone, name and email ID.

Whois Searches:

If a person or company has a website (or domain name) associated with them, you can easily perform a “whois search” for their website to obtain personal details such as full name, address, email and phone number. Just visit whois.domaintools.com and enter the domain name for which you want to perform a whois search. It will show up all the details associated with the domain name.

Why Would Anyone Want To Perform Doxing?

Most people perform doxing out of general curiosity about a person or company. However, there are some wicked minds out there who do this for the purpose of blackmailing or taking revenge by exposing the information that they have gathered about the person.

What are the Consequences of Doxing?

It can be slightly irritating and embarrassing when private data fall in the hands of people who are not intended to have access to such information. However, things can go even worse if the doxed information such as a person’s social activities, medical history, sexual preference and other vital bits of information is made public. This can have a serious threat to health, livelihood or relationship of the victim.

Steps to protect Yourself from Doxing:

The following are some of the most commonly targeted pieces of information that can be easily obtained through doxing:

• Full name
• Age, gender and date of birth
• Location and place of birth
• Email addresses and username
• Phone number
• Social networking profiles, websites and blogs

So, it is always a good practice to keep the above bits of information hidden. Even though it is not possible to do this in all cases, you can still take care to protect as much information as you can from going public. You can consider the following additional tips for further protection:

1. Do not upload personal photographs on web albums such as “Picasa”. Even if you do, make sure that your album is hidden from public and search engines.
2. If you do not intend to show up your profile on search engines, it is a wise choice to make all the Internet profiles private.
3. Maximize the privacy settings of your social network profiles. Make sure that your individual albums and photographs have their privacy settings configured.
4. Do not use the same email address for all you accounts. Instead, create separate email IDs for individual activities such as gaming, forum participation, banking accounts etc.

Is Doxing a Crime?

Doxing is definitely not a crime when used within the ethical standards and no harm is being caused to anyone. However, if doxing is done to cause intentional damage such as harassment, blackmailing or taking revenge it might well be considered an offence.

Beware of Password Hacking Scams and Fake Tutorials

In the era of Internet, emails and social networking have taken a prominent role in almost everyone’s life, especially when it comes to the exchange of information and personal messages. So, hacking the password of an email or social networking account alone can reveal a lot of personal details about the person. Even though hacking is considered illegal, some people are left with no other option. This can be a parent wanting to gain access to the child’s email or someone who need the password of their partner’s social media account.

Well, this post is not about teaching you how to hack! But, it is about making you aware of some of the password hacking scams and fake hacking tutorials that are waiting to exploit those people who are in desperate need of hacking someone’s online password. Here is a list of some of the online scams that you should be aware of and always stay away from:

1. Password Hacking Services:

Many of the scam websites have managed to rank on top of Google for some of the most popular keywords about hacking. As a result, these websites attract a lot of people (who are in need of someone’s password) and promise them to give what they want! As most people do not have any knowledge about hacking, they often believe what is mentioned on these websites is true. Taking this factor as an added advantage, these websites (the so called hacking services) rip off money from the people and never keep up their promise.

Why password hacking services do not work?

The big reason behind why these services never work is that, most of them are owned by those scammers and noob hackers who do not have sound knowledge of how the hacking process actually works. Also, with the level of security adopted by the services like Gmail, Yahoo or Facebook, it is near impossible to to hack their database to obtain the password. Unlike, what is mentioned on most of these websites, it is not possible to use the brute force approach as well. Here is a list of some of the false claims made by most hacking services (in their own words):

• We are a group of elite hackers working behind this site capable of cracking any password.
• We have found out a certain vulnerability in the Facebook or Gmail servers using which we crack the password.
• We use brute force approach to crack the password.
• After a long time of research and hard work, we have managed to develop a program that can crack any password with just a click of a button.

If you come across a site making claims as mentioned above, it is a clear sign of a scam service. To identify them more clearly, here is a list of additional signs that you can look for:

• Even though some websites claim that their service is free, they demand users to take up an online survey in order to avail the service. In reality, these websites are created to earn money by forcing people to participate in a survey program.
• These websites accept payment only through services like Western Union and Money Gram but not via credit card. This is a clear sign of fraud as the money sent through these services cannot be tracked and refund cannot be claimed later.

So, the bottom line is that, if you come across a website that seems too good to be true or show some signs as mentioned above, it is always a better choice to stay away from them.

2. Fake Hacking Tutorials:

This is another type of scam that most teenagers fall victim for. This is because, most teenagers do not have enough money to afford the hacking services and hence go in search of free options and hacking tutorials that can easily get them the password they want. This is where the fake hacking tutorials come into play.

This tutorial is designed cleverly to trick users and make them believe it is true. But, in reality, when someone follows the method prescribed in the tutorial, they lose their own password in attempt to hack someone else’s password. Here is a small example of how this fake tutorial goes:

---

Here is an easy way to hack any Gmail password. This method was revealed by a professional hacker to me which when tried was successful.

1. Log in to your Gmail account and compose a new email.
2. In the subject, type exactly as follows: “password retrieval”.
3. In the body of the email, type your username followed by your password in the first line.
4. Leave exactly 3 lines of gap and type in the target username that you want to hack. Then send this email to: passretrieve2013@gmail.com.

When you do this, the Gmail server gets confused and will send the target password to your inbox within the next few hours.

---

Now, let us carefully look at how the above trick works. This trick is designed intelligently by a noob hacker and is often posted on many forums and low quality websites. Here, the creator of this tutorial tells a lie to the people that there exists a bug in the Gmail system that can be exploited by using the tutorial. However, by following this trick, innocent victims are sending their own password to the hacker’s email address (passretrieve2013@gmail.com) and thus get trapped.

This is another type of scam that seems too good to be true. Unfortunately, most people would follow this trick and end up handing over their login details to an unknown person. If you’ve ever tried this method, it is a wise option to change your password immediately in order to prevent any further damage.

DNS Hijacking: What it is and How it Works

DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer to alter its DNS settings, so that it now points to a rogue DNS server, the process is referred to as DNS hijacking.

As we all know, the “Domain Name System (DNS)” is mainly responsible for translating a user friendly domain name such as “google.com” to its corresponding IP address “74.125.235.46″. Having a clear idea of DNS and its working can help you better understand what DNS hijacking is all about. If you are fairly new to the concept of DNS, I would recommend reading my previous post on How Domain Name System Works.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary and depend on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it is considered as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking include the following attacks:

Pharming: This is a kind of attack where a website’s traffic is redirected to another website that is a fake one. For example, when a user tries to visit a social networking website such as Facebook.com he may be redirected to another website that is filled with pop-ups and advertisements. This is often done by hackers in order to generate advertising revenue.

Phishing: This is a kind of attack where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log in to his bank account, he may be redirected to a malicious website that steals his login details.

How to Prevent DNS Hijacking?

In most cases, attackers make use of malware programs such as a trojan horse to carry out DNS hijacking. These DNS hijacking trojans are often distributed as video and audio codecs, video downloaders, YoTube downloaders or as other free utilities. So, in order to stay protected, it is recommended to stay away from untrusted websites that offer free downloads. The DNSChanger trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.

Also, it is necessary to change the default password of your router, so that it would not be possible for the attacker to modify your router settings using the default password that came with the factory setting. For more details on this topic you can read my other post on How to Hack an Ethernet ADSL Router.

Installing a good antivirus program and keeping it up-to-date can offer a great deal of protection to your computer against any such attacks.

What if you are already a victim of DNS hijacking?

If you suspect that your computer is infected with a malware program such as DNSChanger, you need not panic. It is fairly simple and easy to recover from the damage caused by such programs. All you have to do is, just verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise re-configure your DNS settings as per the guidelines of your ISP.

How Domain Name System (DNS) Works

In the world of Internet and the area of computer networks, you will often come across the term Domain Name System or Domain Name Service which is simply referred to as DNS. The working of DNS forms one of the basic concepts of computer networks whose understanding is very much essential especially if you are planning to get into the field of ethical hacking or network security.

In this post, I will try to explain how Domain Name System works in a very simple and easy to follow manner so that even the readers who do not have any prior knowledge of computer networks should be able to understand the concept.

What is a Domain Name System?

A “Domain Name System” or “Domain Name Service” is a computer network protocol whose job is to map a user friendly domain name such as “Gohacking.com” to its corresponding IP address like “173.245.61.120″.

Every computer on the Internet, be it a web server, home computer or any other network device has a unique IP address allotted to it. This IP address is used to establish connections between the server and the client in order to initiate the transfer of data. Whether you are trying to access a website or sending an email, the DNS plays a very important role here.

For example, when you type “www.google.com” on your browser’s address bar, your computer will make use of the DNS server to fetch the IP address of Google’s server that is “74.125.236.37″. After obtaining the IP address, your computer will then establish a connection with the server only after which you see the Google’s home page loading on your browser. The whole process is called DNS Resolution.

With millions of websites on the Internet, it is impossible for people to remember the IP address of every website in order to access it. Therefore, the concept of domain name was introduced so that every website can be identified by its unique name which makes it easy for people to remember. However, the IP address is still used as the base for internal communication by network devices. This is where the DNS comes in to action that works by resolving the user friendly domain name to its corresponding machine friendly IP address.

In simple words, domain names are for humans while IP addresses are for network devices. The “Domain Name System” is a protocol to establish a link between the two. Hence, it is not a surprise that you can even load a website by directly typing its IP address instead of the domain name in the browser’s address bar (give it a try)!

Types of DNS Servers and their Role:

The Domain Name System (DNS) is a distributed database that resides on multiple computers on the Internet in a hierarchical manner. They include the following types:

Root Name Servers:

The root servers represent the top level of the DNS hierarchy. These are the DNS servers that contain the complete database of domain names and their corresponding IP addresses. Currently, there are 13 root servers distributed globally which are named using the letters A,B,C and so on up to M.

Local Name Servers:

Local servers represent the most lower level DNS servers that are owned and maintained by many business organizations and Internet Service providers (ISPs). These local servers are able to resolve frequently used domain names into their corresponding IP addresses by caching the recent information. This cache is updated and refreshed on a regular basis.

How DNS Server Works?

Whenever you type a URL such as “http://www.gohacking.com” on your browser’s address bar, your computer will send a request to the local name server to resolve the domain name into its corresponding IP address. This request is often referred to as a DNS query. The local name server will receive the query to find out whether it contains the matching name and IP address in its database. If found, the corresponding IP address (response) is returned. If not, the query is automatically passed on to another server that is in the next higher level of DNS hierarchy. This process continues until the query reaches the server that contains the matching name and IP address. The IP address (response) then flows back the chain in the reverse order to your computer.

In rare cases where none of the lower level DNS servers contain the record for a given domain name, the DNS query eventually reaches one of the root name server to obtain the response.

FAQs about Domain Name System:

Here is a list of some of the FAQs about DNS:

How does a “root name server” obtain the information about new domains?

Whenever a new domain name is created or an existing one is updated, it is the responsibility of the domain registrar to publish the details and register it with the root name server. Only after this, the information can move down the DNS hierarchy and get updated on the lower level DNS servers.

What is DNS propagation?

Whenever a new domain name is registered or an existing one is updated, the information about the domain must get updated on all the major DNS servers so that the domain can be reached from all parts of the globe. This is called DNS propagation and the whole process can take anywhere from 24 to 72 hours to get completed.

How often the DNS servers are updated to refresh the cache?

There is no specific rule that defines the rate at which DNS servers should be updated. It usually depends on the organization such as the ISP that maintains the server. Most DNS servers are updated on an hourly basis while some may update their databases on a daily basis.

I hope you have now understood the working of DNS in a very convincing manner. Pass your comments and share your opinion.