Abstract
The most impressive attribution results are those that identify specific individuals, ideally with their real names and even photos. Objectively speaking, the concrete individuals behind the espionage attacks are usually less relevant than the organization they work for. Nevertheless, at least on an intuitive level, the accountability of the actors becomes much more tangible if real people like “UglyGorilla" are identified as the hackers behind an APT campaign and not just a faceless organization like the Third Department of the Chinese People’s Liberation Army. An important technique for identifying individuals is doxing, i.e. the research of personal data in public sources. This chapter explains how analysts use doxing methods to uncover the identity of APT group members and which factors determine the validity of the results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Howlett, W.: The Rise of China’s Hacking Culture-Defining Chinese Hackers. Master’s thesis. California State University (2016). http://scholarworks.lib.csusb.edu/cgi/viewcontent.cgi?article=1413&context=etd. Accessed 13 Sep 2017
CrowdStrike: Hat-tribution to PLA Unit 61486. In: CrowdStrike Blog (2014). S. 14. https://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf. Accessed 8 Oct 2017
ThreatConnect: Camerashy-Closing the aperture on China’s Unit 78020. In: ThreatConnect Blog (2015). http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf. Accessed 9 Oct 2017
IntrusionTruth: What is the Hainan Xiandun Technology Development Company? (2020). https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/. Accessed 9 Jan 2020
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2020 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Steffens, T. (2020). Doxing. In: Attribution of Advanced Persistent Threats. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-61313-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-662-61313-9_9
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-61312-2
Online ISBN: 978-3-662-61313-9
eBook Packages: Computer ScienceComputer Science (R0)