Skip to main content
SpringerLink
Log in

Doxing

  • Chapter
  • First Online:
Attribution of Advanced Persistent Threats

  • 1551 Accesses

Abstract

The most impressive attribution results are those that identify specific individuals, ideally with their real names and even photos. Objectively speaking, the concrete individuals behind the espionage attacks are usually less relevant than the organization they work for. Nevertheless, at least on an intuitive level, the accountability of the actors becomes much more tangible if real people like “UglyGorilla" are identified as the hackers behind an APT campaign and not just a faceless organization like the Third Department of the Chinese People’s Liberation Army. An important technique for identifying individuals is doxing, i.e. the research of personal data in public sources. This chapter explains how analysts use doxing methods to uncover the identity of APT group members and which factors determine the validity of the results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Howlett, W.: The Rise of China’s Hacking Culture-Defining Chinese Hackers. Master’s thesis. California State University (2016). http://scholarworks.lib.csusb.edu/cgi/viewcontent.cgi?article=1413&context=etd. Accessed 13 Sep 2017

  2. CrowdStrike: Hat-tribution to PLA Unit 61486. In: CrowdStrike Blog (2014). S. 14. https://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf. Accessed 8 Oct 2017

  3. ThreatConnect: Camerashy-Closing the aperture on China’s Unit 78020. In: ThreatConnect Blog (2015). http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf. Accessed 9 Oct 2017

  4. IntrusionTruth: What is the Hainan Xiandun Technology Development Company? (2020). https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/. Accessed 9 Jan 2020

Download references

Author information

Authors and Affiliations

  1. Bonn, Germany

    Timo Steffens

Authors
  1. Timo Steffens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Timo Steffens .

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer-Verlag GmbH Germany, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Steffens, T. (2020). Doxing. In: Attribution of Advanced Persistent Threats. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-61313-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-61313-9_9

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-61312-2

  • Online ISBN: 978-3-662-61313-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation