2020年11月13日星期五

Doxing(起底)

Doxing 即是港式粵語「起底」。英文版 Doxing 源於九十年代的黑客文化,最初的寫法是 “drop docs” ,即是把目標人物的 Documents(透過合法或非法途徑收集到的個人資料)放上網。docs Documents 的簡寫,日後轉化成 docx 再演變成 dox doxx。尋仇的人通常怒火中燒趕喉趕命,黑客也是不喜歡說話的年輕人,於是把 drop 字去掉,簡化成今日的版本 Doxing Doxxing,尋仇者(或黑客)的英文版叫 Doxer

「起底」背後的動機,可以是報復、欺凌、不同意閣下的立場或言行,看不過眼(閣下的長相),揭發(黑材料)令某人失去工作,介入別人的感情生活(令某人被分手),對某人帶來不便或構成滋擾甚至是迫害,敲詐勒索,諸如此類。至於個人資料的來源,可以是透過合法的途徑收集(例如:查冊),也可以是透過非法的途徑收購(例如:Dark Web),請參考<延伸閱讀>部份提供的英文材料。對港人來說,中文版「起底」並非新鮮事物。因為社會運動持續,過去十幾個月內,這個詞經常在新聞報導中出現,受害人包括官員、警察、法官。

今日我們生活於平衡時空,當現實世界中的組織或制度被騎劫或滲透或扭曲,無法發揮應有的作用,就會有人試圖在虛擬世界中尋求公義甚至是自行執法,又或者嘗試建立另一套遊戲規則。玩「起底」並非反對派或年輕人的專利,建制派、黑社會、國產凌凌漆、紅色無間道或外國情報人員間中也露一手(例如:美國公佈的制裁中港官員名單被形容為國家級「起底」),透過公開仇家的黑材料玩輿論戰或搶佔地盤,諸如此類。對,間諜橫行=制度失效。

當舊制度失效,無法解決的矛盾或衝突在網上大爆發,依附舊制度的執法人員試圖透過舊法律框架去解決問題,就必定面對很多技術性的困難(原因:政府部門常見的官僚主義是為了保障某個利益集團),可以是科技發展的速度超越法律框架的更新速度,也可以是兩個世界(以及不同的世代)的價值觀念南轅北轍,於是雞同鴨講很難溝通也缺乏談判基礎,結果演變成一個貓捉老鼠(提示:Tom & Jerry)的遊戲,即是長期持續的網絡遊擊戰,跟街頭抗爭一樣。新舊交替的年代,遊戲規則變得很混亂,有人躲進灰色地帶,就是那麼一回事。

插圖來源:youtube.com

YouTube 精選:

Doxing - Meaning, definition, explanation (5:23)

https://www.youtube.com/watch?v=qd0EMMHTNCQ

Tom & Jerry | Is Jerry Taking Care of Tom? | Classic Cartoon | WB Kids (4:39)

https://www.youtube.com/watch?v=HJFxTsX0Ok0

參考資料/延伸閱讀:

Urban Dictionary - Doxing

https://www.urbandictionary.com/define.php?term=doxing

Definition: Using private information gleaned from the internet to attack someone with whom you disagree, often by publishing their person info, opening them to abuse and possibly, danger. While many consider doxing to be unethical, there continues to be a segment of internet users who will do anything to attack someone they don't like, or disagree with on an issue.

What is doxing? Weaponizing personal information 

By Josh Fruhlinger, August 31, 2020, published on CSO Online

Anti-Money Laundering News and Information

https://i-aml.com/news/what-is-doxing-weaponizing-personal-information/

Extract: Doxing (or doxxing) is the practice of revealing personal information about someone online without their consent. The word first emerged in the world of online hackers in the 1990s, where anonymity was deemed sacred; in most cases, people’s real-world identities were unknown to their allies and rivals. A feud between hackers might escalate when someone decided to “drop docs” on somebody else — that is, post documents revealing the legal name of a person who had only been known as a username or alias up to that point. “Docs” became “dox,” which in turn lost the “drop” and became a verb by itself, occasionally being written with an extra “x” as “doxxing.”

Modern-day doxers aim to reveal information that can move their conflict with their targets from the internet to the real world, including home addresses, employers, social security numbers, private correspondence, and criminal history or otherwise embarrassing personal details. The goals range from intimidating or humiliating victims, causing a loss of employment or breaking off of relationships, or making the target a victim of in-person harassment or assault.

How do doxers sniff out personal data? Well, let’s start with the legal methods. To begin with, if the doxer knows your legal name, a surprising amount of information about you is a matter of public record: your voter registration, property records, marriage and divorce records, mug shots, and more. These details aren’t necessarily a quick Google search away, but they can be obtained from government agencies readily enough, often at low to no cost. And if you’re posting on a forum or online community, the managers of the site will have access to information about you that won’t necessarily be visible to the public.

Doxers can use other techniques to connect an online pseudonym to a real-world person. Since many people use identical or similar handles across multiple sites or online communities, for instance, breadcrumbs of personal data revealed in different contexts can be combined to create a fuller picture of a person than they might realize.

Another way to zero in on a target: file metadata. Microsoft Office files have information embedded in them about the user who created them. And sure, maybe you don’t usually post Word files online, but what about photos? These have EXIF data embedded, which can include the exact geographic location where the photo was taken — a quick way to figure out where someone lives, since many photos are taken at home.

However, doxers don’t necessarily restrict themselves to legal methods of tracking down information on their targets — and indeed more nefarious methods may involve less effort. The quickest route to finding and weaponizing personal information about a target may be to simply buy it, whether from legal, if shady, data brokers or from databases passed around on the dark web derived from the innumerable data breaches that afflict companies large and small. If a doxer can connect their target’s name, email address, or social media handle with a record in one of those databases, they can get a wealth of information that can then be posted publicly. There are even paid doxing as a service outfits out there. Other techniques, like IP logging or packet sniffing, may be more frequently associated with hacking aimed at account compromise, but a compromised account can of course offer up personal data like names, addresses, social security numbers, and the like.

What is doxing?

Written by Dan Rafter for NortonLifeLock

https://us.norton.com/internetsecurity-privacy-what-is-doxing.html

Extract: Doxing, short for "dropping dox," is an online attack in which hackers dig up personal information and documents — hence, the “dox” part of “dropping dox” — to expose the real identities of people hoping to remain anonymous. The goal is often to shame or harass a victim. Hackers might expose the identity of an anonymous message board troll, for instance, as a way to embarrass that person. They might hope that person loses a job or is shunned by co-workers or friends.

The Cyberbullying Research Center said that today, doxing — which can also be spelled "doxxing" — typically involves someone collecting the private personal information of victims, everything from home addresses and Social Security numbers to credit card numbers or bank account information, and then disseminating this information to the public without the target's permission. Doxing isn’t illegal if the information exposed is part of the public record. This includes arrest records, marriage certificates, major traffic violations, and divorce records. If someone publishes these records, even without your consent, they are not doing anything illegal. Doxing can be illegal if someone publishes information that isn’t in the public record, such as your bank account information, credit card numbers, or birth certificate. Doxers are acting illegally when they access this information and publish it.

Wikipedia - Doxing

https://en.wikipedia.org/wiki/Doxing

Extract: Doxing, or doxxing (from "dox", abbreviation of documents), is the Internet-based practice of researching and publicly broadcasting private or identifying information (especially personally identifying information) about an individual or organization. The methods employed to acquire this information include searching publicly available databases and social media websites (like Facebook), hacking, and social engineering. It is closely related to Internet vigilantism and hacktivism. Doxing may be carried out for various reasons, including inflicting harm, harassment, online shaming, extortion, coercion, business analysis, risk analytics, aiding law enforcement or vigilante versions of justice.

Etymology. "Doxing" is a neologism that has evolved over its brief history. It comes from a spelling alteration of the abbreviation "docs" (for "documents") and refers to "compiling and releasing a dossier of personal information on someone". Essentially, doxing is revealing and publicizing the records of an individual, which were previously private or difficult to obtain. The term dox derives from the slang "dropping dox" which, according to Wired writer Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose opponents to harassment or legal repercussions. Consequently, doxing often comes with a negative connotation because it can be a vehicle for revenge via the violation of privacy.

高院批臨時禁令禁對司法人員「起底」 

即時生效至 1113

明報 2020-10-30

https://news.mingpao.com

節錄:律政司今日(30 日)獲高等法院批出臨時禁制令,禁止公眾對法官「起底」,臨時禁制令即時生效至 11 13 日。臨時禁制令禁止任何人以非法方式披露司法人員及其家人的個人資料,包括法官的配偶和子女等。據悉,網民從去年 11 月起對法官及其家人「起底」,警方網絡安全及科技罪案調查科至今發現逾 90 個披露法官個人資料的帖文,涉及通訊軟件 Telegram 及連登討論區。被「起底」者包括各級法院的法官,主要因為審理反修例運動的案件而被「起底」。警方表示,自 2019 11 月以來,警方在各種社交媒體上觀察到針對司法人員的「起底」活動,而這種活動在最近幾個月更有所惡化。被「起底」的司法人員及其家屬受到不同程度的滋擾,包括電話滋擾,以及盜用個人資料申請網上娛樂影視服務、2019 冠狀病毒病檢測和器官捐贈等。

高院准延長禁對司法人員「起底」臨時禁制令 

官:審案只在黑白、非黃藍之間決定

明報 2020-11-13

https://news.mingpao.com

節錄:有審理反修例運動案件的法官遭網民「起底」,律政司上月 30 日獲高等法院批出臨時禁制令,禁止公眾不法發布 156 名司法人員及其家屬的個人資料,包括各級法院的法官。臨時禁制令的限期原定今日(13 日)屆滿,高院法官高浩文下令將禁制令延長至另有審訊或法庭命令為止。法官高浩文頒下判辭指出,法官審理案件時,只會在「黑與白之間」作決定,但從來不在「黃與藍之間」抉擇;法官有時會考慮黑白之間的灰色地帶,但無論裁決如何,當事人都可以提覆核或上訴。高浩文強調,法官必須準備承受外界批評,惟公眾不應該隨意上升至人身攻擊法官,甚至侵犯法官的私隱,令法治受損。高浩文表示,近期有司法人員就示威案件作裁決或判刑後,隨即被網民起底,主要涉及通訊軟件 Telegram、連登討論區和「香港編年史」網站。部分帖文引述法官在庭上的說話,亦提及「親中」、「親共」和「撐警」字眼,揚言法官「不得好死」及「死全家」等。另有帖文公開法官及其妻女的個人資料,導致法官不斷收到騷擾電話,以及被人擅自登記器官捐贈。高浩文認為,法庭將處理更多關於公眾活動的案件,如果不明文禁止針對法官的起底行為,情況會愈趨嚴重,因此批准延長禁制令。

蔡玉玲盼港台管理層表現出道德勇氣 感謝各界支持

RTHK 2020-11-10

https://news.rthk.hk/rthk/ch/component/k2/1559227-20201110.htm

香港電台《鏗鏘集》編導蔡玉玲因採訪查冊,被控兩項明知作出虛假陳述罪,違反《道路交通條例》,案件中午在粉嶺裁判法院提堂。港台製作人員工會代表、市民及其他團體代表在法院外聲援,工會代表舉起「查冊無罪、採訪有理」、「公眾利益、誰在畏懼」等標語。港台電視部公共事務組總監王祿霞亦有陪同她出庭。蔡玉玲開庭前在法院外表示,港台管理層和同事都希望公務員事務局和律政司,能夠為她作為「服務提供者」,因工作捲入刑事訴訟提供協助,但明白港台作為傳媒機構同時也作為政府部門的兩難局面,她希望管理層在制度內盡力爭取之餘,在制度外如果能夠展現出道德勇氣承擔今次事件,這才能有效振作港台員工士氣,以及展現港台的傳媒風骨。

相關的文章:

貼街招

2017 5 31

http://xiaoshousha.blogspot.hk/2017/05/blog-post_31.html
節錄:如果是追討錢債情債,通常是張貼於某君的居所或工作地點附近,讓對方的親友、鄰居、上司或同事看見,目的是迫使當事人現身,交代事情或償還欠款。對,玩群眾壓力。為了加強驚嚇效果,討債街招一般會採用特大的紅色字體印刷,又或者用紅色噴漆直接寫在牆上。這種追債手法,已經轉移到網上世界,透過社交媒體進行。

Online Form

2018913

https://xiaoshousha.blogspot.com/2018/09/online-form.html

節錄:有苦主找到其中一間侵權出版社的創辦人,發現是 Amazon 的前員工,把他的 LinkedIn Profile 貼在苦主的 Facebook 群組,呼籲大家上門尋仇。我有,對方 Block 我。戰況最激烈的時候,LinkedIn 發電郵通知我,表示如果收到 Report of abuse 可能會 Close account,溫馨提示,明白。科技發展往往比法律制度走得更快更前,所以網上侵權行為的苦主要靠社交媒體跨國追兇,替自己討回公道。港大校方和香港警察好像幫不上忙,大部份時間靠邊站。

養鬼仔

2016 5 27

http://xiaoshousha.blogspot.hk/2016/05/blog-post_27.html
節錄:社交媒體似「養鬼仔」的說法,來自一位刻薄的時裝博客。某日翻閱女性雜誌,看見一篇專欄文章如是說。作者的結論:粉絲多?且慢高興,網民喜怒無常,水能載舟亦能覆舟,萬一閣下踩錯線(即是:在敏感話題上採取錯誤的立場),你會死得很慘,就像那些「養鬼仔」的人一樣。「鬼仔」不容易養,千萬要小心。那麼恐怖? Auntie 有不少男讀者,那麼我豈不是變成「養狗公」?我啋! 

狗咬狗

2016 11 30

http://xiaoshousha.blogspot.hk/2016/11/blog-post_30.html
節錄:新舊媒體之間的關係,似乎是「狗咬狗」。過去數年,廣告收入從舊媒體轉移至新媒體,於是舊媒體停刊熄機裁員減薪,新媒體則只會聘請三十歲以下的年輕人,你叫舊媒體的傳媒人怎麼辦?中年轉業還是提早退休?難怪新聞部的男女主播輪流跳船,然後透過其他途徑把名氣套現,止蝕抽身轉型轉飯碗。簡單地說:新的殺死舊的,但老前輩尚未死得,還有一點反擊能力。

炒埋一碟

2019 6 26

http://xiaoshousha.blogspot.com/2019/06/blog-post_26.html
節錄:新與舊,幾條線,炒埋一碟,形成亂局。修訂<逃犯條例>(又名:送中條例)的背後,可以是中共的派系鬥爭,同時亦牽涉中美角力。舊的,是特首和建制派的態度。數十年如一日用廢話敷衍、拖延和打發香港人,但是今次已經不行了。新的,是香港年輕人的想法。小朋友明白,不可以再玩和理非非和上街遊行的那一套,因為沒有用。要玩,就要玩老人家不懂的,還要爭取國際社會(及台灣)的理解和支持,香港才有機會找到出路。

雙軌制(四)

2011 11 20

http://xiaoshousha.blogspot.hk/2011/11/blog-post_20.html
節錄:問題太複雜,當權者只想把它留給下一代,於是會想辦法鞏固過渡性的安排,又或者是把它無限期地延長下去,好處是可以保留面子,厚顏一點更可以自吹自擂,說成是史無前例的偉大發明。解決香港問題的「一國兩制」以及處理台灣問題的「一個中國,各自表述」都是好例子。總之,馬馬虎虎,得過且過,含糊其辭,自欺欺人。這套含混過關的技巧,是中國人官場的必修科,是文化基因,也是不傳之秘。

諜影

2016 4 22

http://xiaoshousha.blogspot.hk/2016/04/blog-post_22.html
節錄:根據 Washington Post 的報導,負責分析文件的國際調查記者聯盟 (The International Consortium of Investigative Journalists, ICIJ) 背後的美國公共誠信中心 (Center for Public Integrity),金主是國際大鱷索羅斯 (George Soros)。他較早前表示會「沽空亞洲貨幣」,令偉大祖國非常緊張,官媒輪流開炮。索羅斯戰績彪炳,利用在金融市場賺來的錢,資助共產黨的對頭人。中國和俄羅斯的領導人首當其衝,被爆陰毒,理所當然。

隱身術

2019 9 27

https://xiaoshousha.blogspot.com/2019/09/blog-post_27.html
節錄:早於 2018 年初中美貿易戰爆發之前,紅色資本的海外併購活動已經遇到困難。西方國家基於國家安全考慮,對中資說不(提示:倫敦交易所),又或者設置障礙。中資的回應方式,是動用港人、台商、南洋華僑甚至親共洋人(Panda Hugger) 當人頭或Frontman,讓大股東可以退居幕後。這些雕蟲小技,曾經欺騙外資銀行的華為公主孟晚舟(提示:匯豐+Skycom)應該懂。

遲早要還

2020 6 7

https://xiaoshousha.blogspot.com/2020/06/blog-post.html
節錄:大國相爭,買辦死先,是香港的命運。金融中心地位受損,是最低消費 (Minimum charge) 或附帶傷害 (Collateral damage)。中美兩國處於半戰爭狀態,局部開火,平民百姓被誤傷或誤殺,私人財產被破壞或充公,也很常見,無法避免。至於美軍空投炸彈的命中率,請參考二戰時期的紅磡觀音廟幾乎被誤炸事件,阿彌陀佛!所以香港人又開始移民和撤資了。

地獄黑仔王

2020 8 13

https://xiaoshousha.blogspot.com/2020/08/blog-post.html

節錄:中美關係惡化,蔓延到金融領域,在美國有業務的中資銀行可能有麻煩,萬一被排除於美元結算系統以外,日常營運肯定會受影響,今次中銀又是首當其衝。根據國際傳媒的報導,中銀內部已經進行相關研究,開始準備應變計畫,請參考<延伸閱讀>部份所提供的英語報導。

13/11/2020

 

沒有留言: