SlideShare a Scribd company logo

On Defending Against Doxxing by Benjamin Brown

EC-Council
EC-Council

Doxxing is the Internet-based practice of researching and broadcasting personally identifiable information about an individual. It is also a scourge on our internet lives that can quickly boil over into the physical realm. Often wielded as a weapon of hate or manipulation and a tactic for intimidation doxxing easily leads to real-world threats of violence, financial harm, sexual assault, career damage, or even murder. Examples of these impacts can be seen surrounding the recent events of 'GamerGate' through the targeting of Anita Sarkeesian, Felicia Day, Tara Long, and Brianna Wu. Doxxing also often leads to another tragic outcome; that of targets for hate being misidentified leading to unaffiliated individuals becoming the subjects of attack. Occurrences of this can be found in such online sagas as Anonymous vs. Scientology, the Amanda Todd case, and the incorrect fingering of Sunil Tripathi as the Boston Bomber. Given the real world impacts of being doxxed what can we do to protect ourselves, our friends, and our loved ones? In this talk I will highlight common methods employed by doxxers as well as methods to safeguard the information they seek. I will move from the easy wins and low-hanging fruit, with an eye for practicality, to the more complex and long-term defenses employed by professionals.

Technology
1 of 54
Download to read offline
On  Defending  Against  Doxxing   Benjamin  Brown  
Who Am I? Benjamin  Brown   Akamai  Technologies       -  Incident  Response   -  Threat  Research   -  Actor  Profiling   -  System  Architecture  Reviews   -  Security  Training  and  Workshops  
Overview of Terms -  Doxxing:  “Publicly  releasing  a  person’s   idenCfying  informaCon  including  [but   not  limited  to]  full  name,  date  of  birth,   address,  phone  number,  and  pictures”     -  SWATing:  “To  cause  a  SWAT  team  to  be   deployed  on  (an  unsuspecCng  vicCm)  by   falsifying  a  threat”  
Why Should We Care? Pranking,  MarkeCng   SensiCve  InformaCon  Leaks   Harassment,  Bullying,  Stalking   Iden:ty  The=   SWATing     Targe:ng  For  Physical  ABack  
Why Should We Care?
Why Should We Care?
Why Should We Care?
Why Should We Care?
Why Should We Care?
From:  Tim  Oblivious   Sent:  Wednesday,  October  31,  3:55PM   To:  Paul  Bossman   Subject:  Family  Emergency     Paul,   I  just  wanted  to  let  you  know  that  I  will  not  be  able  to   come  into  work  tomorrow.  Something  came  up  at  home   and  I  had  to  go  to  New  York  this  morning  for  the  next   couple  of  days.  I  apologize  for  the  delayed  noCce.     Kind  Regards,   Tim   Real Cases
From:  Paul  Bossman   Sent:  Thursday,  November  1,  4:54PM   To:  Tim  Oblivious   CC:  Jill  Director   Subject:  RE:  Family  Emergency     Tim,   Thanks  for  le_ng  us  know  –  hope  everything  is  ok  in  New   York.  (cool  wand)     Cheers,   PB   Real Cases
Real Cases
Sunil  Tripathi    -­‐  Missing  Since  March  16th  2013    -­‐  MisidenCfied  as  Boston  Bomber    -­‐  Doxxed  on  Reddit  &  4chan    -­‐  Family  Death  Threats,  Harrasment    -­‐  Body  Found  in  Providence  River   Real Cases
Amanda  Todd’s  Bully    -­‐  Commifed  Suicide  Following   Cyberstalking  and  Blackmail    -­‐  Anonymous  Doxxed  Wrong  Man    -­‐  Had  to  Quit  Job,  Move  Across   Country,  Legally  Change  Name   Real Cases
Michael  Brown  Shooter    -­‐  Anonymous  Doxxed  Wrong  Man   and  His  Mother    -­‐  Never  Part  of  Ferguson  Police    -­‐  Death  Threats,  Thrown  Items    -­‐  Both  Financial  VicCms  of  ID  Thei     Real Cases
SWATTing
• Live  Recordings  of  Various   Online  Gamers   • MulCple  Gamergate  Targets   • Ashton  Kutcher   • Brian  Krebs   SWATTing
Chinese  "Human  Flesh  Search  Engine"     (人肉搜索,  Rénròu  sōusuǒ)    -­‐  CollaboraCve,  Distributed  Human   Research  on  a  Mass  Scale     Russian  Celeb  Doxxing    -­‐  Eastern  Bloc,  Europe,  Americas    -­‐  Kim  Kardashian,  Mel  Gibson,  Ashton  Kutcher,   Jay  Z,  Beyonce,  Paris  Hilton,  Britney  Spears   Global
The  Googles   -  Search  Operators  (“Google-­‐Fu”)   -  Usernames  <-­‐>  Email  Addresses   -  Cached  Websites     -  (Way  Back  Machine)   -  VariaCons  of  Usernames  and   Email  Addresses   Resources and Methods
Tools    -­‐  theHarvester    -­‐  Maltego    -­‐  Cree.py    -­‐  Recon-­‐NG   Resources and Methods
Social  Media   -  FB,  Twifer,  LinkedIn,  etc.   -  Contact  Info,  Family  Members,   Friends,  Acquaintances     -  Interests,  Haunts,  Paferns   -  Skillsets,  Jobs,  Colleagues   -  Answers  to  Security  Ques:ons     Resources and Methods
Resources and Methods
Social  Media   -  Forums,  Groups,  Mailinglists   -  Birthdate,  Age,  LocaCon   -  Hobbies,  FeCshes   -  Trusted  Usernames   -  Breaches     Resources and Methods
Resources and Methods
Resources and Methods Yahoo  Groups  -­‐  Freecycle  
- Whois     -  Full  Name   -  Phone  Number   -  Fax  Number   -  Email  Address(es)   -  Physical  Address     Resources and Methods
Resources and Methods
Data  Brokers   -  Spokeo,  Intelius,  pipl,  peekyou,  etc.   -  Free   -  Full  Name  (Incl.  Maiden  Name),  Age   -  Current  and  Former  Addresses   -  Family  Members  /  Ages  /  Addresses   -  Paid   -  Criminal  Records   -  Schools   -  Retail  AcCvity  InformaCon   Resources and Methods
Resources and Methods
Resources and Methods
Public  Records   -  Business  IncorporaCon,  Deeds,  etc.   -  Business  Partners   -  Addresses   -  Histories   -  Mappings  to  Other  Business   Resources and Methods
Resources and Methods
Resources and Methods
Resources and Methods
Resources and Methods
Public  Records   -  PoliCcal  ContribuCons   -  Name,  Address,  PoliCcal   AffiliaCon,  DonaCon  Amounts   -  PeCCons   -  Name,  Geographic  LocaCon,  Fuel   For  Social  Engineering     Resources and Methods
EXIF  Data   -  Photos,  Videos,  Audio   -  Device  /  Computer  InformaCon   -  Soiware  InformaCon   -  Times  and  Dates   -  GPS  Coordinates     Resources and Methods
Resources and Methods
Social  Engineering     -  ISP  /  Phone  Company  as   Spouse  or  Delegate   -  Current/Former  Place  of  Work   -  Family  as  Friends   -  Friends  as  Family     Resources and Methods
Social  Media  Mindfulness   -  Tighten  Security  and  Privacy  Se_ngs   -  Facebook,  Google+,  LinkedIn,  etc.   -  Restrict  Personal  InformaCon   -  Vet  ConnecCon  Requests   -  Untag  Judiciously   -  Block,  Uninstall  3rd  Party  Apps   Defense Methods
Secure  Your  Accounts    -­‐  Use  Strong  Passphrases    -­‐  Use  Two-­‐Factor  Auth    -­‐  Do  Not  Reuse  Passwords    -­‐  Shutdown  and  Clean-­‐out  Old,   Disused  Accounts    -­‐  Don’t  Let  Retail  Sites  Save  Data   Defense Methods
Defense Methods
Data  Clearinghouse  Opt-­‐Outs   -  Spokeo:   -  hfp://www.spokeo.com/opt_out/new   -  VerificaCon  needed:  Email  address   -  Pipl   -  hfps://pipl.com/directory/remove/   -  VerificaCon  needed:  Email  address   -  ZoomInfo   -  hfp://www.zoominfo.com/lookupEmail   -  VerificaCon  needed:  Email  address     Defense Methods More:  hfp://www.computerworld.com/arCcle/2849263/doxxing-­‐defense-­‐remove-­‐your-­‐personal-­‐info-­‐from-­‐data-­‐brokers.html  
Data  Clearinghouse  Opt-­‐Outs   -  Whitepages:   -  hfps://support.whitepages.com/hc/en-­‐us/ arCcles/203263794-­‐How-­‐do-­‐I-­‐remove-­‐my-­‐ people-­‐search-­‐profile-­‐   -  VerificaCon  needed:  Email  address  and  Phone   Number   -  Intellius  (and  subsidiaries)   -  hfps://www.intelius.com/optout.php   -  VerificaCon  needed:  Government  ID     Defense Methods More:  hfp://www.computerworld.com/arCcle/2849263/doxxing-­‐defense-­‐remove-­‐your-­‐personal-­‐info-­‐from-­‐data-­‐brokers.html  
Registering  a  Fic::ous     or  “Doing  Business  As”  (DBA)  name        -­‐  Protect  Your  Name,  Your   Partners,  Your  LLC  or  CorporaCon    -­‐  County  Clerk’s  Office  or  State   Government  Website  or  Office       Defense Methods
Land  Trusts  /  Holding  Corpora:ons        -­‐  Protect  Your  Name,  Address,  Etc.    -­‐  Keep  Sales  Price  Private      -­‐  Consult  a  Real  Estate  Lawyer       Defense Methods
Wiping  EXIF  Data  From  Media     -­‐  ExifTool  by  Phil  Harvey  (Win/Mac/Nix)   hfp://www.sno.phy.queensu.ca/~phil/exiiool/     -­‐  Windows:  Property  Details       Turn  off  Loca:on  Tagging  on  Devices   Defense Methods
Маскировка (Maskirovka)
-­‐  Use  different  and  ‘Meaningless’   Email  Accounts,  Usernames,  and   Passwords   -­‐  Employ  Pseudonyms   -­‐  Be  Wary  of  Cloud  Services   -­‐  Rotate  Phone  Numbers  and   Passwords  Oien   -­‐  Shred  All  IdenCfying  Paper  /  Mail   Маскировка (Maskirovka)
-­‐  DifferenCated  InformaCon  Release   -­‐  False  InformaCon   -­‐  Pics  of  Places  You  Haven’t  Been   -­‐  “Evidence”  of  Hobbies  You  Don’t  Have   -­‐  Early  InformaCon   -­‐  Late  InformaCon   -­‐  Don’t  Post  Photos  Right  Away   -­‐  Family  /  Friends  Corroborate   Маскировка (Maskirovka)
-­‐ Always  Use  (No-­‐Split)  VPN   -­‐ Watch  for  DNS  /  IP  Leaks   -­‐ Consider  TOR   -­‐ Don’t  Use  Skype   -­‐ Start  Building  Other  IdenCCes   -­‐ Encrypt  All  The  Things   -­‐ OTR,  PGP,  Etc.   Маскировка (Maskirovka)
-  MiCgate  Immediate  Danger   -  Call  911,  File  a  Police  Report   - Fully  Document   -  Shreenshots,  Printouts,  etc.   - Clean-­‐up   -  Close  Down  Accounts   I’ve Been Doxxed!
- Credit  Watch  Services   - ID  Thei  Watch  Services   - ID  Thei  or  Blackmail   Afempts  =  Contact  FBI   - Inform  Local  Police  About   any  SWATing  Concerns   I’ve Been Doxxed!
Questions?     bbrowntalks@gmail.com  

Recommended

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013
Brent Muir
 
Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013
Brent Muir
 
Going Social: The Basics for HR Pros
Going Social: The Basics for HR ProsGoing Social: The Basics for HR Pros
Going Social: The Basics for HR Pros
Robin Schooling
 
Privacy Law
Privacy LawPrivacy Law
Privacy Law
psheehan276
 
Walworth academy e-safety (staff)
Walworth academy e-safety (staff)Walworth academy e-safety (staff)
Walworth academy e-safety (staff)
esolate
 
Class 1 - Welcome
Class 1 - WelcomeClass 1 - Welcome
Class 1 - Welcome
LSC-CyFair Academy for Lifelong Learning
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founder
Khalid Shaikh
 
Little Black Book of Gay Hookup Apps and Sites
Little Black Book of Gay Hookup Apps and SitesLittle Black Book of Gay Hookup Apps and Sites
Little Black Book of Gay Hookup Apps and Sites
Travis Barnhart
 

Recommended

Malware SPAM - January 2013
Malware SPAM - January 2013Malware SPAM - January 2013
Malware SPAM - January 2013
Brent Muir
 
Malware SPAM - March 2013
Malware SPAM - March 2013Malware SPAM - March 2013
Malware SPAM - March 2013
Brent Muir
 
Going Social: The Basics for HR Pros
Going Social: The Basics for HR ProsGoing Social: The Basics for HR Pros
Going Social: The Basics for HR Pros
Robin Schooling
 
Privacy Law
Privacy LawPrivacy Law
Privacy Law
psheehan276
 
Walworth academy e-safety (staff)
Walworth academy e-safety (staff)Walworth academy e-safety (staff)
Walworth academy e-safety (staff)
esolate
 
Class 1 - Welcome
Class 1 - WelcomeClass 1 - Welcome
Class 1 - Welcome
LSC-CyFair Academy for Lifelong Learning
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founder
Khalid Shaikh
 
Little Black Book of Gay Hookup Apps and Sites
Little Black Book of Gay Hookup Apps and SitesLittle Black Book of Gay Hookup Apps and Sites
Little Black Book of Gay Hookup Apps and Sites
Travis Barnhart
 
Online Gaming and the Growing Impact of China DDoS - David Liebenberg
Online Gaming and the Growing Impact of China DDoS - David LiebenbergOnline Gaming and the Growing Impact of China DDoS - David Liebenberg
Online Gaming and the Growing Impact of China DDoS - David Liebenberg
EC-Council
 
The relationship Between Institutional and Service Operations and a DNS Compr...
The relationship Between Institutional and Service Operations and a DNS Compr...The relationship Between Institutional and Service Operations and a DNS Compr...
The relationship Between Institutional and Service Operations and a DNS Compr...
EC-Council
 
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris RobertsA "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
EC-Council
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
EC-Council
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
EC-Council
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
EC-Council
 
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria GarnaevaWhen the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
EC-Council
 
The Less Hacked Path
The Less Hacked PathThe Less Hacked Path
The Less Hacked Path
EC-Council
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
EC-Council
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
EC-Council
 
It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
EC-Council
 
Security Concerns of Future Technology Arriving Today - Gregory Carpenter
Security Concerns of Future Technology Arriving Today - Gregory CarpenterSecurity Concerns of Future Technology Arriving Today - Gregory Carpenter
Security Concerns of Future Technology Arriving Today - Gregory Carpenter
EC-Council
 
Seric Security Meetup Aug slides19
Seric Security Meetup Aug slides19Seric Security Meetup Aug slides19
Seric Security Meetup Aug slides19
craigdevlinseric
 
Hum t19 hum-t19
Hum t19 hum-t19Hum t19 hum-t19
Hum t19 hum-t19
SelectedPresentations
 
How i stole someone's identity scientific american
How i stole someone's identity scientific americanHow i stole someone's identity scientific american
How i stole someone's identity scientific american
Check People
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
Adam Compton
 
Internet Safety for Parents presentation 2017
Internet Safety for Parents presentation 2017Internet Safety for Parents presentation 2017
Internet Safety for Parents presentation 2017
KanelandSvihlik
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapitolTechU
 

More Related Content

Viewers also liked

Online Gaming and the Growing Impact of China DDoS - David Liebenberg
Online Gaming and the Growing Impact of China DDoS - David LiebenbergOnline Gaming and the Growing Impact of China DDoS - David Liebenberg
Online Gaming and the Growing Impact of China DDoS - David Liebenberg
EC-Council
 
The relationship Between Institutional and Service Operations and a DNS Compr...
The relationship Between Institutional and Service Operations and a DNS Compr...The relationship Between Institutional and Service Operations and a DNS Compr...
The relationship Between Institutional and Service Operations and a DNS Compr...
EC-Council
 
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris RobertsA "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
EC-Council
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
EC-Council
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
EC-Council
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
EC-Council
 
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria GarnaevaWhen the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
EC-Council
 
The Less Hacked Path
The Less Hacked PathThe Less Hacked Path
The Less Hacked Path
EC-Council
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
EC-Council
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
EC-Council
 
It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
EC-Council
 
Security Concerns of Future Technology Arriving Today - Gregory Carpenter
Security Concerns of Future Technology Arriving Today - Gregory CarpenterSecurity Concerns of Future Technology Arriving Today - Gregory Carpenter
Security Concerns of Future Technology Arriving Today - Gregory Carpenter
EC-Council
 

Viewers also liked (16)

Online Gaming and the Growing Impact of China DDoS - David Liebenberg
Online Gaming and the Growing Impact of China DDoS - David LiebenbergOnline Gaming and the Growing Impact of China DDoS - David Liebenberg
Online Gaming and the Growing Impact of China DDoS - David Liebenberg
 
The relationship Between Institutional and Service Operations and a DNS Compr...
The relationship Between Institutional and Service Operations and a DNS Compr...The relationship Between Institutional and Service Operations and a DNS Compr...
The relationship Between Institutional and Service Operations and a DNS Compr...
 
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris RobertsA "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria GarnaevaWhen the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
 
The Less Hacked Path
The Less Hacked PathThe Less Hacked Path
The Less Hacked Path
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
 
It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
 
Security Concerns of Future Technology Arriving Today - Gregory Carpenter
Security Concerns of Future Technology Arriving Today - Gregory CarpenterSecurity Concerns of Future Technology Arriving Today - Gregory Carpenter
Security Concerns of Future Technology Arriving Today - Gregory Carpenter
 

Similar to On Defending Against Doxxing by Benjamin Brown

Seric Security Meetup Aug slides19
Seric Security Meetup Aug slides19Seric Security Meetup Aug slides19
Seric Security Meetup Aug slides19
craigdevlinseric
 
Hum t19 hum-t19
Hum t19 hum-t19Hum t19 hum-t19
Hum t19 hum-t19
SelectedPresentations
 
How i stole someone's identity scientific american
How i stole someone's identity scientific americanHow i stole someone's identity scientific american
How i stole someone's identity scientific american
Check People
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
Adam Compton
 
Internet Safety for Parents presentation 2017
Internet Safety for Parents presentation 2017Internet Safety for Parents presentation 2017
Internet Safety for Parents presentation 2017
KanelandSvihlik
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapitolTechU
 
Confessions (and Lessons) of a "Recovering" Data Broker
Confessions (and Lessons) of a "Recovering" Data BrokerConfessions (and Lessons) of a "Recovering" Data Broker
Confessions (and Lessons) of a "Recovering" Data Broker
metanautix
 
Internet safety presentation 2012
Internet safety presentation 2012Internet safety presentation 2012
Internet safety presentation 2012
KanelandSvihlik
 
Internet Safety for Parents
Internet Safety for ParentsInternet Safety for Parents
Internet Safety for Parents
wstagnaro
 
Users guide
Users guideUsers guide
Users guide
Darren Thomas
 
Allan Watt
Allan WattAllan Watt
Allan Watt
Ark Group Australia Pty Ltd
 
Spam as social engineering presentation.
Spam as social engineering presentation.Spam as social engineering presentation.
Spam as social engineering presentation.
fificoco
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
Stephen Cobb
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
Naval OPSEC
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
Hamza Cheema
 
finance and accounting
finance and accountingfinance and accounting
finance and accounting
Hamza Cheema
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...
n|u - The Open Security Community
 
2.InternetSafety.ppt
2.InternetSafety.ppt2.InternetSafety.ppt
2.InternetSafety.ppt
Sanil Shrivastava
 
internet safety 2013
internet safety 2013internet safety 2013
internet safety 2013
Brian Downey
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Neelu Tripathy
 

Similar to On Defending Against Doxxing by Benjamin Brown (20)

Seric Security Meetup Aug slides19
Seric Security Meetup Aug slides19Seric Security Meetup Aug slides19
Seric Security Meetup Aug slides19
 
Hum t19 hum-t19
Hum t19 hum-t19Hum t19 hum-t19
Hum t19 hum-t19
 
How i stole someone's identity scientific american
How i stole someone's identity scientific americanHow i stole someone's identity scientific american
How i stole someone's identity scientific american
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
Internet Safety for Parents presentation 2017
Internet Safety for Parents presentation 2017Internet Safety for Parents presentation 2017
Internet Safety for Parents presentation 2017
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
 
Confessions (and Lessons) of a "Recovering" Data Broker
Confessions (and Lessons) of a "Recovering" Data BrokerConfessions (and Lessons) of a "Recovering" Data Broker
Confessions (and Lessons) of a "Recovering" Data Broker
 
Internet safety presentation 2012
Internet safety presentation 2012Internet safety presentation 2012
Internet safety presentation 2012
 
Internet Safety for Parents
Internet Safety for ParentsInternet Safety for Parents
Internet Safety for Parents
 
Users guide
Users guideUsers guide
Users guide
 
Allan Watt
Allan WattAllan Watt
Allan Watt
 
Spam as social engineering presentation.
Spam as social engineering presentation.Spam as social engineering presentation.
Spam as social engineering presentation.
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
Opt out-3 jul2014
Opt out-3 jul2014Opt out-3 jul2014
Opt out-3 jul2014
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
 
finance and accounting
finance and accountingfinance and accounting
finance and accounting
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...
 
2.InternetSafety.ppt
2.InternetSafety.ppt2.InternetSafety.ppt
2.InternetSafety.ppt
 
internet safety 2013
internet safety 2013internet safety 2013
internet safety 2013
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
EC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
EC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
EC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
EC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
EC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
EC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
EC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
EC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
EC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 

Recently uploaded

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
jpupo2018
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 

Recently uploaded (20)

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 

On Defending Against Doxxing by Benjamin Brown

  • 1. On  Defending  Against  Doxxing   Benjamin  Brown  
  • 2. Who Am I? Benjamin  Brown   Akamai  Technologies       -  Incident  Response   -  Threat  Research   -  Actor  Profiling   -  System  Architecture  Reviews   -  Security  Training  and  Workshops  
  • 3. Overview of Terms -  Doxxing:  “Publicly  releasing  a  person’s   idenCfying  informaCon  including  [but   not  limited  to]  full  name,  date  of  birth,   address,  phone  number,  and  pictures”     -  SWATing:  “To  cause  a  SWAT  team  to  be   deployed  on  (an  unsuspecCng  vicCm)  by   falsifying  a  threat”  
  • 4. Why Should We Care? Pranking,  MarkeCng   SensiCve  InformaCon  Leaks   Harassment,  Bullying,  Stalking   Iden:ty  The=   SWATing     Targe:ng  For  Physical  ABack  
  • 10. From:  Tim  Oblivious   Sent:  Wednesday,  October  31,  3:55PM   To:  Paul  Bossman   Subject:  Family  Emergency     Paul,   I  just  wanted  to  let  you  know  that  I  will  not  be  able  to   come  into  work  tomorrow.  Something  came  up  at  home   and  I  had  to  go  to  New  York  this  morning  for  the  next   couple  of  days.  I  apologize  for  the  delayed  noCce.     Kind  Regards,   Tim   Real Cases
  • 11. From:  Paul  Bossman   Sent:  Thursday,  November  1,  4:54PM   To:  Tim  Oblivious   CC:  Jill  Director   Subject:  RE:  Family  Emergency     Tim,   Thanks  for  le_ng  us  know  –  hope  everything  is  ok  in  New   York.  (cool  wand)     Cheers,   PB   Real Cases
  • 13. Sunil  Tripathi    -­‐  Missing  Since  March  16th  2013    -­‐  MisidenCfied  as  Boston  Bomber    -­‐  Doxxed  on  Reddit  &  4chan    -­‐  Family  Death  Threats,  Harrasment    -­‐  Body  Found  in  Providence  River   Real Cases
  • 14. Amanda  Todd’s  Bully    -­‐  Commifed  Suicide  Following   Cyberstalking  and  Blackmail    -­‐  Anonymous  Doxxed  Wrong  Man    -­‐  Had  to  Quit  Job,  Move  Across   Country,  Legally  Change  Name   Real Cases
  • 15. Michael  Brown  Shooter    -­‐  Anonymous  Doxxed  Wrong  Man   and  His  Mother    -­‐  Never  Part  of  Ferguson  Police    -­‐  Death  Threats,  Thrown  Items    -­‐  Both  Financial  VicCms  of  ID  Thei     Real Cases
  • 17. • Live  Recordings  of  Various   Online  Gamers   • MulCple  Gamergate  Targets   • Ashton  Kutcher   • Brian  Krebs   SWATTing
  • 18. Chinese  "Human  Flesh  Search  Engine"     (人肉搜索,  Rénròu  sōusuǒ)    -­‐  CollaboraCve,  Distributed  Human   Research  on  a  Mass  Scale     Russian  Celeb  Doxxing    -­‐  Eastern  Bloc,  Europe,  Americas    -­‐  Kim  Kardashian,  Mel  Gibson,  Ashton  Kutcher,   Jay  Z,  Beyonce,  Paris  Hilton,  Britney  Spears   Global
  • 19. The  Googles   -  Search  Operators  (“Google-­‐Fu”)   -  Usernames  <-­‐>  Email  Addresses   -  Cached  Websites     -  (Way  Back  Machine)   -  VariaCons  of  Usernames  and   Email  Addresses   Resources and Methods
  • 20. Tools    -­‐  theHarvester    -­‐  Maltego    -­‐  Cree.py    -­‐  Recon-­‐NG   Resources and Methods
  • 21. Social  Media   -  FB,  Twifer,  LinkedIn,  etc.   -  Contact  Info,  Family  Members,   Friends,  Acquaintances     -  Interests,  Haunts,  Paferns   -  Skillsets,  Jobs,  Colleagues   -  Answers  to  Security  Ques:ons     Resources and Methods
  • 23. Social  Media   -  Forums,  Groups,  Mailinglists   -  Birthdate,  Age,  LocaCon   -  Hobbies,  FeCshes   -  Trusted  Usernames   -  Breaches     Resources and Methods
  • 25. Resources and Methods Yahoo  Groups  -­‐  Freecycle  
  • 26. - Whois     -  Full  Name   -  Phone  Number   -  Fax  Number   -  Email  Address(es)   -  Physical  Address     Resources and Methods
  • 28. Data  Brokers   -  Spokeo,  Intelius,  pipl,  peekyou,  etc.   -  Free   -  Full  Name  (Incl.  Maiden  Name),  Age   -  Current  and  Former  Addresses   -  Family  Members  /  Ages  /  Addresses   -  Paid   -  Criminal  Records   -  Schools   -  Retail  AcCvity  InformaCon   Resources and Methods
  • 31. Public  Records   -  Business  IncorporaCon,  Deeds,  etc.   -  Business  Partners   -  Addresses   -  Histories   -  Mappings  to  Other  Business   Resources and Methods
  • 36. Public  Records   -  PoliCcal  ContribuCons   -  Name,  Address,  PoliCcal   AffiliaCon,  DonaCon  Amounts   -  PeCCons   -  Name,  Geographic  LocaCon,  Fuel   For  Social  Engineering     Resources and Methods
  • 37. EXIF  Data   -  Photos,  Videos,  Audio   -  Device  /  Computer  InformaCon   -  Soiware  InformaCon   -  Times  and  Dates   -  GPS  Coordinates     Resources and Methods
  • 39. Social  Engineering     -  ISP  /  Phone  Company  as   Spouse  or  Delegate   -  Current/Former  Place  of  Work   -  Family  as  Friends   -  Friends  as  Family     Resources and Methods
  • 40. Social  Media  Mindfulness   -  Tighten  Security  and  Privacy  Se_ngs   -  Facebook,  Google+,  LinkedIn,  etc.   -  Restrict  Personal  InformaCon   -  Vet  ConnecCon  Requests   -  Untag  Judiciously   -  Block,  Uninstall  3rd  Party  Apps   Defense Methods
  • 41. Secure  Your  Accounts    -­‐  Use  Strong  Passphrases    -­‐  Use  Two-­‐Factor  Auth    -­‐  Do  Not  Reuse  Passwords    -­‐  Shutdown  and  Clean-­‐out  Old,   Disused  Accounts    -­‐  Don’t  Let  Retail  Sites  Save  Data   Defense Methods
  • 43. Data  Clearinghouse  Opt-­‐Outs   -  Spokeo:   -  hfp://www.spokeo.com/opt_out/new   -  VerificaCon  needed:  Email  address   -  Pipl   -  hfps://pipl.com/directory/remove/   -  VerificaCon  needed:  Email  address   -  ZoomInfo   -  hfp://www.zoominfo.com/lookupEmail   -  VerificaCon  needed:  Email  address     Defense Methods More:  hfp://www.computerworld.com/arCcle/2849263/doxxing-­‐defense-­‐remove-­‐your-­‐personal-­‐info-­‐from-­‐data-­‐brokers.html  
  • 44. Data  Clearinghouse  Opt-­‐Outs   -  Whitepages:   -  hfps://support.whitepages.com/hc/en-­‐us/ arCcles/203263794-­‐How-­‐do-­‐I-­‐remove-­‐my-­‐ people-­‐search-­‐profile-­‐   -  VerificaCon  needed:  Email  address  and  Phone   Number   -  Intellius  (and  subsidiaries)   -  hfps://www.intelius.com/optout.php   -  VerificaCon  needed:  Government  ID     Defense Methods More:  hfp://www.computerworld.com/arCcle/2849263/doxxing-­‐defense-­‐remove-­‐your-­‐personal-­‐info-­‐from-­‐data-­‐brokers.html  
  • 45. Registering  a  Fic::ous     or  “Doing  Business  As”  (DBA)  name        -­‐  Protect  Your  Name,  Your   Partners,  Your  LLC  or  CorporaCon    -­‐  County  Clerk’s  Office  or  State   Government  Website  or  Office       Defense Methods
  • 46. Land  Trusts  /  Holding  Corpora:ons        -­‐  Protect  Your  Name,  Address,  Etc.    -­‐  Keep  Sales  Price  Private      -­‐  Consult  a  Real  Estate  Lawyer       Defense Methods
  • 47. Wiping  EXIF  Data  From  Media     -­‐  ExifTool  by  Phil  Harvey  (Win/Mac/Nix)   hfp://www.sno.phy.queensu.ca/~phil/exiiool/     -­‐  Windows:  Property  Details       Turn  off  Loca:on  Tagging  on  Devices   Defense Methods
  • 49. -­‐  Use  different  and  ‘Meaningless’   Email  Accounts,  Usernames,  and   Passwords   -­‐  Employ  Pseudonyms   -­‐  Be  Wary  of  Cloud  Services   -­‐  Rotate  Phone  Numbers  and   Passwords  Oien   -­‐  Shred  All  IdenCfying  Paper  /  Mail   Маскировка (Maskirovka)
  • 50. -­‐  DifferenCated  InformaCon  Release   -­‐  False  InformaCon   -­‐  Pics  of  Places  You  Haven’t  Been   -­‐  “Evidence”  of  Hobbies  You  Don’t  Have   -­‐  Early  InformaCon   -­‐  Late  InformaCon   -­‐  Don’t  Post  Photos  Right  Away   -­‐  Family  /  Friends  Corroborate   Маскировка (Maskirovka)
  • 51. -­‐ Always  Use  (No-­‐Split)  VPN   -­‐ Watch  for  DNS  /  IP  Leaks   -­‐ Consider  TOR   -­‐ Don’t  Use  Skype   -­‐ Start  Building  Other  IdenCCes   -­‐ Encrypt  All  The  Things   -­‐ OTR,  PGP,  Etc.   Маскировка (Maskirovka)
  • 52. -  MiCgate  Immediate  Danger   -  Call  911,  File  a  Police  Report   - Fully  Document   -  Shreenshots,  Printouts,  etc.   - Clean-­‐up   -  Close  Down  Accounts   I’ve Been Doxxed!
  • 53. - Credit  Watch  Services   - ID  Thei  Watch  Services   - ID  Thei  or  Blackmail   Afempts  =  Contact  FBI   - Inform  Local  Police  About   any  SWATing  Concerns   I’ve Been Doxxed!