MITIGATING THE EFFECTS OF DOXING By Ingrid N. Norris A Capstone Project Submitted to the Faculty of Utica College December 14, 2012 In Partial Fulfillment of the Requirements for the Degree of Master of Science in Cybersecurity Intelligence and Forensics © Copyright 2012 by Ingrid N. Norris All Rights Reserved ii Abstract Hacktivists create dossiers on any entity that is perceived to be an obstacle to their social or political agenda. This includes individuals, public and private entities, law enforcement agencies, military personnel, government officers, and other entities. Dossiers are created from the content found in social media networks, Google searches, private, public, government, and military websites, reverse IP lookup, social engineering, hacking, phishing, and other sources. Once information is found, online activists publicize the information via Pastebin, social media networks, other websites, and other forums. This is called doxing, a term derived from documents. The goal of doxing is to threaten, embarrass, harass, and humiliate the individual or organization to further the hacktivists agenda. The purpose of this capstone project is to call to attention the problems that arise as a consequence of hacktivists doxing individuals and other entities. The ramifications of doxing are critical to an individual’s and other entity’s safety because the information disseminated exposes the individual or organization to be a victim of identity theft, hacking, financial crimes, and other crimes. To mitigate the effects of doxing, individuals and organizations need to take an active role by being conscientious of the information disseminated via social media networks, over the phone, emails, texting, and other means. Organizations need to actively defend their infrastructure by implementing defense in depth best practices to protect the organization’s information and information systems. Following the “protect, detect, and react” model, organizations achieve information assurance that establishes a balance between people, technology, and operations. Keywords: Cybersecurity Intelligence and Forensics, Christopher Riddell, Vernon McCandlish, political activists, economic crimes, identity theft, information protection, technological crimes iii Acknowledgements I would like to thank my capstone project chairman, Christopher Riddell, and my technical advisor, Vernon McCandlish, for their guidance, expertise, enthusiasm, and understanding throughout this project. I cannot thank both of you enough for your time and patience. Thank you so much Vern for guiding me through the topic of doxing and teaching me about the world of cyber intelligence. My gratitude goes to my professors at Utica College for all the lessons and advising I obtained through the many years I have been at UC. Many thanks also for sharing your experiences; they helped me get a glimpse of the “real working world” in the criminal justice system. Thank you Joe Giordano for encouraging me to “hang in there;” your words of encouragement are immensely appreciated. Thank you also to the Utica College administration for assisting me in obtaining this degree. Last but not least, I must acknowledge my appreciation to the ECJS faculty and staff for giving me the opportunity to work amongst you. I have learned a lot about the intricacies in the academia world. Many thanks to my parents and parents-in-law, especially my Mom, for helping me look after my children while I worked and went to school. I would never have been able to complete any of my degrees without their encouragement, help, and support. Most importantly, I would like to thank my husband, Brian, for his constant encouragement, love, and support. Thank you also for being Mom and Dad during times when I had to do my homework, attend group meetings, and work on my capstone project. Lastly, I would like to thank my children for their patience and understanding while Mom did her homework. I have lots of making up to do! iv Table of Contents Abstract .......................................................................................................................................... iii Acknowledgements ........................................................................................................................ iv List of Illustrative Material ........................................................................................................... vii Statement of the Problem ............................................................................................................ 1 Hacktivists Common Modi Operandi ......................................................................................... 3 Website defacement ................................................................................................................ 3 Denial of service (DoS) attacks .............................................................................................. 4 Distributed denial of service (DDoS) attacks ......................................................................... 5 Justification of the Problem ........................................................................................................ 7 Current Deficiencies in Research ............................................................................................. 10 Literature Review.......................................................................................................................... 13 Social Media Networks ............................................................................................................. 13 Hacktivists Doxing Methods .................................................................................................... 16 Reconnaissance stage ............................................................................................................ 16 Google ................................................................................................................................... 17 Online public searches .......................................................................................................... 19 Microsoft’s Bing ................................................................................................................... 21 Reverse IP lookup ................................................................................................................. 22 Skype, *67, 411 ..................................................................................................................... 22 Private, public, and government websites ............................................................................. 23 Pastebin and similar websites ............................................................................................... 24 Hacking ................................................................................................................................. 24 Phishing ................................................................................................................................. 25 Maltego ................................................................................................................................. 25 Geolocation API specification .............................................................................................. 26 Discussion of Findings .................................................................................................................. 27 Ramifications of Doxing ........................................................................................................... 28 Privacy Concerns ...................................................................................................................... 30 Identity theft .......................................................................................................................... 33 Theft of intellectual property ................................................................................................ 34 Shared domain names perils ................................................................................................. 35 Harassment ................................................................................................................................ 35 Pizza bombs .......................................................................................................................... 35 Fax bombs ............................................................................................................................. 37 Twitter bombs ....................................................................................................................... 37 Email bombs. ........................................................................................................................ 39 Public Humiliation .................................................................................................................... 39 Recommendations and Conclusions ............................................................................................. 40 Defense in Depth ...................................................................................................................... 42 IA achieved through People .................................................................................................. 43 IA achieved through technology ........................................................................................... 44 Internal Firewall ...................................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages84 Page
-
File Size-