Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
I'm not deep into the topic, but AFAIK there generally isn't a warm connection between the CCC and the BND in Germany (in the recent years mostly due to the BNDs involvement ins spying on German citizens, but I think there is also deeper history there). If a hacker collaborates with the BND they do run a risk of many of their peers not wanting to collaborate with them anymore.
It also has something to do with the so called "Hackerparagraph" [1] under which whitehat hacking is basically impossible in Germany. Even writing a program that could potentially be used for hacking is a crime. If you followed the law word for word the authors of e.g. curl could be charged under this law.
Isn’t that by design so governments can prosecute citizens they don’t like? For example, curl is probably ok but that one annoying Kim Dotcom guy is probably going to catch a case under some dubious law.
The pirate bay case, one of the laws cited by the judges was an law written to target biker bars and their owners. It only takes a bit of creative work to bend laws and prior cases to match an already made conclusion, if that conclusion has enough political support.
In that way, I don't really think the government need to design laws to have loop holes in them. With enough political pressure they can get the judges to make any decision they like.
> If you followed the law word for word the authors of e.g. curl could be charged under this law.
They really couldn't. BVerfG (Germany's constitutional court) has clearly said that dual use tools have a presumption of not being tools to break the law. It's been very clear that mens rea matters. And that a narrow reading of the law is the only constitutional reading.
The problem here is taking "word for word" as "by dictionary meaning", which is never how laws are read.
It's still a problematic law (together with §202a/b) because it doesn't clearly carve out space for grey-hat activities (white-hat attacks with authorization really don't fall under it even with creative reading).
On the upside, Germany is considering fixing that. On the downside, it moves with the speed of classic German bureaucracy and is being "discussed" since 2024.
> some countries find such creative ways to stifle innovation while they look to be caring about safety or what not
I'm not sure white-hat hacking is broadly compatible with German culture. Keep in mind that going bankrupt in Germany permanently closes off lots of avenues, from future lending to whether you can be in senior management at a public company.
Bankruptcy does not usually permanently bar you from loans or holding senior management position, there are temporary restrictions, unless grossly negligent. But your point still stands I guess, when compared to the US
Well at least the german state can collaborate with russian agents in projects like wirecard and not violate any laws when threatening journalists reporting on its collaborations.
>There (...) isn't a warm connection between the CCC and the BND in Germany
Fun fact: In the 1990s, the CCC e.V. was declared a terrorist organization by the BND. Also, a lot of members have been sued for Landesverrat (high treason) for disclosing found vulnerabilities and/or doing journalistic work.
For example, the netzpolitik guys have been sued for high treason twice.
Just as a side note on how competent the German state is to use their existing talent to work on issues in cyber security.
> If a hacker collaborates with the BND they do run a risk of many of their peers not wanting to collaborate with them anymore.
Another fun fact: There is no effective witness protection program in Germany. You have to have been attacked almost murdered twice (with legal cases leading to prosecution) before you can apply for the witness protection program.
And they're asking themselves why all the witnesses in high profile cases from Europol/Interpol keep disappearing ...
Putting someone on a (most) wanted list is "doxing"?
[Edit] "An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions."
Yeah, I’m not okay with this. Doxxing is a term with an extremely negative connotation and is often done to people who, bluntly, weren’t hiding or doing anything wrong. The correct term for the same act here is either “accuse” or “unmask”.
So basically it's like Terrorism or Genociding, where if it's against the team you are rooting for, it is that, and if it's not against your in-group it's just War?
I'd rather "doxxing" just mean "de-anonymizing" because that's 1) how I already read it, 2) removes the whole "who is the more moral side in this dispute therefore has the right to make the accusation" problem
So it is doxxing if the doxxed committed wrongdoings from the perspective of... the doxxer? Ideals, morality, alignment, goals and purpose are and have always been a static constant for all humankind. There is no pineapple pizza, it is a lie, for I don't like it, and therefore nobody else ever did either.
doxxing is a term that is commonly reserved for private information that the doxxed individual has an expectation to be treated as such, that is to say, it's not in the public interest.
Someone who breaks the law and is actively searched for obviously has no expectation of privacy, or do you think the people visiting Epstein's island were doxxed?
You have understand that we're dealing with Morals™, if you're an enemy of the States, anything is on the table. Even some of the things the States is actively calling other countries out for, see Iran for example and how silent the EU, ICC, and NATO is when its "Daddy", as Rutte put it, commits atrocities.
If someone wasn't previously known, only an alias or alter-ego, but you then link those together with a real-life identity, that's very much the definition of "doxxing", at least the original definition, maybe it's different today? Positive or negative doesn't really matter, just like "shooting" or "jumping" in itself isn't positive or negative, it's just a verb.
No, if I kidnap someone it's kidnapping. If the police based on probable cause receive and execute a warrant for someone's arrest, it's an arrest. This is how the state monopoly on violence works.
More to the point, if the police or whoever shoot someone in self defence, that someone is "killed". If I, or the police shoot someone for fun, it's "murder". In both cases the victim is "killed"
True, self defense isn't called murder. But if the government drone strikes an American citizen without a trial or anything, that's "extrajudicial killing", not murder.
And if the police actually catches the accused and puts them in jail, is that kidnapping? Most verbs have far more semantics than just the most basic before/after state diff.
Well, no, kidnapping is unlawful abduction. But abduction is always abduction, regardless of who does it, police can abduct people too, but when criminals do so, we call it kidnapping, since it's illegal. Not sure what point you were trying to make, but I think it failed to land properly.
Its almost always associated with a private person (ie not police or anyone of a judicial system) releasing personal information with malicious intent.
As the person above you said, semantics are important. This is a judicial system specifically searching for a person they believe to have caused severe criminal harm.
While I don’t think this case is accurately described as Doxxing I also reject the definition that the state can’t commit Doxxing. The reason this situation doesn’t count is because of due process, not simply state action. The state is not infallible, regardless of what immunity may try to establish.
The point is the outcome and magnitude of "kidnapping" and "abduction" are the same, so it's not fair people are treated differently if the terms are virtually synonymous. The impact is the same. If it was a truly just system, the people in power would subscribe to the same rules they codify into law.
I have, admittedly, only been on the Internet for thirty-five years or so, but I seem to recall that a long time ago reading about people "doxxing" guys who posted pictures of them torturing cats and dogs.
"Doxxing" certainly doesn't carry a negative connotation in that usage. Unless you live in a culture where torturing domesticated animals is a good thing.
ANd I recall that, before that, hackers would doxx other hackers in the 90s in order to get them arrested. Again, that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
There is still an inherent negative aspect to the "Don't Fuck with Cats" doxxing. Vigilantes publicly revealing the identity of (suspected) perpetrators can enable further vigilante action, and this can cause harm to innocent people if the identification was incorrect, or unwittingly impede law enforcement. And that's before considering whether vigilantism is inherently good or bad.
See the canonical example of this going wrong: the Reddit 'investigation' of the Boston Bomber, where someone was misidentified, doxxed, and their family was harassed.
Of course, law enforcement is capable of making the same mistakes. But ideally they have better safeguards, and victims of their negligence have much better recourse.
> that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
I disagree. Tying a pseudonym to an IRL persona for purposes of law enforcement is a part of an official investigation.
Doxxing is specifically non-government unmasking and dissemination of that tie for extrajudicial purposes, almost always for harassment. There is a world of difference between them and we should not fudge them together with terminology. My 2c.
What if the government reveals the name of a victim of sexual assault? Is that doxxing? What about a political rival in connection with a made up crime? What about a true but benign crime such as accessing reproductive healthcare?
Most people who dox for a reason they think is justified will nonetheless reject the label of doxing for what they did. They'll say "I didn't dox him, I just discovered publicly available but obscure information about him and posted it."
This does seem close to the original intent of "doxxing", where information ("dox") is publicized that connects a real-world identity to a previously anonymous online persona. These are hackers in the classic sense who were going out of their way to stay anonymous.
The dilution of the word doxxing has been interesting, though. Some of the recent "doxxing" controversies have been about figures who weren't all that anonymous to begin with. The pop culture meaning has been extended to cover any mention of someone's real identity at all, even if it wasn't a secret.
Beyond diluting it also seems that people are increasingly under the impression that internet rules are also the same in real life.
I’ve been seeing it come up in discussions about court cases where people are under the belief that requiring online personalities real names in the court documents is somehow illegal because it’s doxxing.
I grew up on the internet but early enough that the phrase “the internet isn’t real life” was bandied about, which I think made it easier to understand the different set of rules existing.
> Putting someone on a (most) wanted list is "doxing"?
No, if they just put UNKN on the most wanted list, then it wouldn't be doxing. But then they also tie UNKN together with "Daniil Maksimovich Shchukin", and that's the doxxing, regardless or not if it's on a most wanted list.
I think this is not how wanted lists work, here in Germany at least. Do they work this way where you are living? The goal of wanted lists in Germany is to find the person the police is searching for to put them in front of a court if the prosecution can make a case.
Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don't know.
What do you mean "this is not how wanted lists work"? The goal everywhere is to find the people on the wanted list, that's why they're called "wanted" in the first place. Is there something in my comment indicating I don't believe wanted lists are for finding people?
How is "this is the name of the formerly anonymous extortionist" doxxing?
Unless there's something not covered in the article, his current address, family members, phone, etc were not listed. That's not doxxing; that's "here's a guy were want to arrest."
It seems to me that the meaning of the word "doxxing" has slowly drifted to mean "revealing information about somebody without their consent", be it by state actor, a company or an individual.
BTW, what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal? Attempts of theft, robbery and extortion have happened in the wake of such announcements.
There was even a case where somebody attempted to impersonate an intelligence officer and try to force a recently doxxed cyber criminal to bribe them.
what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal?
Who knows, but I'm also not sure how you avoid that situation. Presumably, to be "doxxed" like this, there's substantive evidence he is actually the criminal. Strikes me as just one more downside of being a successful (but now identified) extortionist.
I think people are getting stuck on the concept of the word doxing here. In anonymous online hacking circles, the idea that you're exposing anyone's OPSEC at all is considered basically doxing. People do it regularly, but it's seen as a clear indication of being an enemy.
Some take a "full disclosure" style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying "hey remember that time you signed off with your real name?" or "I know your clearnet address"
Since when does putting criminals on official wanted lists count as doxxing?!? If they want their information taken down they just have to show up in court.
Found his record in Russia's official company registry. This is what he officially does as an entepreneur:
56.10 — Restaurant activities and food delivery services
47.23 — Retail sale of fish, crustaceans, and mollusks in specialized stores
47.25.12 — Retail sale of beer in specialized stores
47.25.2 — Retail sale of soft drinks in specialized stores
47.29.39 — Retail sale of other food products in specialized stores, not included in other groups
68.20 — Lease and management of own or leased real estate
Money is reinvested into selling beer and fish :) Interestingly, he registered all that in 2019, just when the ransoms started.
I find it entertaining that even as part of a Russian hacking gang, the real threat is the Russian tax authorities. Regardless of how you got the money, need to pay the taxes.
Go look at the al Qaeda emails recovered from the raid that killed bin Laden and you'll find all the same stuff. Turns out that the way businesses operate is just a good way to operate human organizations in general, whether their goal is to sell widgets or blow up infidels.
"Doxxing" is from the 90s and was used to describe a hacker unmasking another hacker so they could be arrested. That's almost exactly the same usage as here.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
Certainly, criminals also have a right to privacy. However, the limited publication of personal data of criminals by law enforcement is generally a legally legitimate measure. Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
The action the government took was not a "good" action by any moral standard. But it was perhaps the least worse action available all things considered. Can't just whisk people off the street in a foreign country or drone them over such matters, those options would be worse.
Running a ransomware gang is immoral. Catching someone running a ransomware gang is good. If publishing their name helps catch them, it's also good. Not sure where do you see the gap between legality and morality in this case
People often forget that Threat Actors (TA) are the ones keeping the infosec alive. They are doing a good job of scaring people into implementing actual security protocols and thereby improving everyone's security posture. The whole infosec would collapse without TAs, let's not forget that. They create jobs.
It's not a "made-up term", it's shorthand for a well-known argument. Not allowing re-usable arguments is like not allowing the use of libraries in software: It wastes time better spent on moving the frontier forward.
Well, to be honest, those old enough remember when cryptography was considered someting for the military and special services, and considering using encryption would put you under immediate suspicion. Now we can at least argue we need it to protect us from the cyber crime, even if we really have privacy and free speech in mind
German govt is also one of the most corrupt and vastly incompetent govt. It's run by bunch of boomers. Most of the prolific ransomware gangs have terrible opsec. De-anon'ing them is child's play. Most of the opsec-aware TAs never even get attributed, let alone get caught for any breaches.
It's on like place 10 out of 180, which makes it one of the least corrupt places.
It also has some surprisingly non-boomer departments, like the Sovereign Tech Fund. Either way you need to celebrate police doing good things and immoral actors being exposed, it can only have good outcomes.
Perhaps it deters them, or deters the next generation of such hackers. Or at least it makes their life less enjoyable, which is fair since they were only able to afford their travels due to their illicitly acquired wealth.
Is it your position that privacy is a right regardless of any action you take? Many rights are dependent on circumstance and in tension with other rights. In this case I think you can make the case that their right to privacy is lost.
> Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
It historically was used for this exact case: revealing someone hiding behind a pseudonym for purposes of law enforcement. The term dates back to the 90s, if not earlier.
This isn't something Gen Z made up. It's a Gen X term. "Hack the gibson" era. Wargames era.
Doxxing is basically a DDOS reflection attack but for real violence, or threat thereof, instead of 1s and 0s.
I might want to do violence upon you for some reason. Maybe I hate you. Maybe you're doing something that I don't like. If I'm lucky I can round up half a dozen buddies to help. But I don't have infinite resources and infinite reach, so my capability is rather laughable unless you live next door.
Buuuut, if I craft it just right, I can cause the state with it's practically infinite resources, infinite men with guns who kick in doors, etc, etc to choose to kick in your door and do violence upon you. (And the request usually looks a lot like doing their job for them "hey look over here there's this specific person doing this specific thing that you're supposed to go after", but that's beside the point.)
Same as how if I craft a request to a 3rd party server just right a few Kb of on my end can become dozens of Mb on yours.
The German police can't reach these guys. Hence why they're doxing them. They're hoping to structure things such that those who can reach them respond to the request (i.e. rounding up these guys will be a line item in some larger geopolitical context).
ethics and morality are not interchangeable are they?
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
Not disagreeing with your preface but I was under the impression that while it took governments some time to figure things out, kinetic bombing in retaliation for cyberwarfare was pretty much ruled out unless the cyberwarfare results in direct mass casualties (for example cyber sabotaging a refinery results in an explosion which results in casualties.). Else we’d have bombed North Korea, China, Ukraine, Russia, Romania, etc.
"Identifying a criminal" doesn't imply that it's done by the government, and being done by the government doesn't imply that it's done to a criminal. This comment seems like quite a leap.
You are certainly free to make up your own definitions for words and speak a dialect that is niche but you will not be effectively communicating when you do. By commonly understood definition criminality is a matter of law.
Well, the dude here hasn't been put on trial, let alone convicted, as far as I can tell from the article. So he's not officially considered a criminal by a government. Yet we all seem comfortable calling him one, so I'd say that it is not, in fact, commonly understood to be exclusively a matter of law.
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
I mean doxxing is totally incorrect. Let's say for example there was a person on film near a crime scene, even though the police know they weren't directly involved there is no violation of privacy in the US if the police post their picture and ask for them to come forward. Or even later find out their name and look for them publically.
Some of the comments here (and lately on HN in general) are very concerning to me. Are we really going to pretend that people accused of real crimes shouldn’t be arrested, charged and, if found guilty, have an appropriate sentence? It doesn’t take many more than 2 brain cells rubbing together to see that that won’t end well. Whataboutism, political differences, and even real injustices in my opinion do not make this a reasonable position.
It probably depends on what people think about the laws that define what a "real crime" is.
E.g. in germany it was a real crime to grow some weed. Now it's legal, but even before a lot of reasonable people didn't want someone go to jail over weed.
If we'd follow your line of thinking prosecution of those responsible for MH17 were also to remain anonymous. Which is obviously ridiculous.
If growing weed is illegal in Germany, and someone unknown grew a lot of weed in Germany, they end up being sought, and (eventually) their name and other details could end up in a police warrant.
The comparison is moot though since growing weed in Germany requires physical presence in Germany. The alleged cybercrimes could've originated from anywhere in the world due to the nature of the internet.
It just isn't doxing unless you don't see legal merit in the German police and German authorities. Which is obviously rhetoric the Russians want others to follow.
No, it doesn't, at least not to me. I can disagree with a law while also agreeing to obey it and that those who break it should have consequences. I can hold these two opposing ideas because that is the basis by which governments function. If everybody gets to decide for themselves what should be/not be a crime, then we don't have a society. Society is about compromise. What I'm seeing is not compromise. What I'm seeing is people dismissing the whole of law because there's one they don't agree with, or an application or even abuse of the law that offends them. It's an abandonment of balance and a dismissing of rational conversation.
You've got quite a black and white viewpoint, which is fine and is exactly how 'the law' works, hence: "the law is an ass". Many people have a bit of grey where it comes to the less obviously socially costly kind of crimes, often based on their own lifestyle and dependencies, therefore probably on the 'wrongly' side of rightly or wrongly. Usually, I would think the 'grey areas' are on the fringes where the social-effects of the law-breaking are more hidden or second/third order. This is all quite normal and won't change amongst society as a general rule.
What I notice as different, and I'll try to keep this as minimally political as possible but, as you say, it seems to be an increasing irrational tendency to throw the baby out with the bathwater. De-fund the police as an example. I think the positives outweigh the negatives in this example, by a fair margin, but people react to what they're exposed to and the focus on outrage-bait-for-engagement in the current media environment has this an an outcome.
Additionally, the decreasing respect for the rule of law by the leaders of countries only leads their populace into the same kind of thinking. Leading a country backwards from the civilisation that is borne from the application of rules around behaviour and into the chaos that preceded said civilisation (this is a long term process and can be turned around, I'm not saying to start panicking just yet).
Some grey area is OK, and is almost necessary, for the sake of the ability to have the conversation about moving the law to be more in line with societal expectations, but too much grey area leads back to societal breakdown and chaos.
Yes, I almost totally agree with all of this. And I do believe in gray areas, but I don’t expect law enforcement to. I think that leaves room for worse things like corruption/favoritism. I don’t deny that those things happen too, but those are also crimes that should be brought to justice.
If a business is destroyed by ransomware, all its employees lose their jobs. The business's customers lose the services the business was providing. The families supported by these jobs are now all at risk.
All that money goes somewhere. Much of it goes towards clothing, feeding, and housing people. Also, in most places it's a crime to rob anyone, even selfish assholes.
These groups typically exploit unpatched vulnerabilities and exposed credentials. Most companies don't discover they're vulnerable until after a breach. Regular security audits are the only real defense.
Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
1: https://de.wikipedia.org/wiki/Vorbereiten_des_Aussp%C3%A4hen... [de]
In that way, I don't really think the government need to design laws to have loop holes in them. With enough political pressure they can get the judges to make any decision they like.
They really couldn't. BVerfG (Germany's constitutional court) has clearly said that dual use tools have a presumption of not being tools to break the law. It's been very clear that mens rea matters. And that a narrow reading of the law is the only constitutional reading.
The problem here is taking "word for word" as "by dictionary meaning", which is never how laws are read.
It's still a problematic law (together with §202a/b) because it doesn't clearly carve out space for grey-hat activities (white-hat attacks with authorization really don't fall under it even with creative reading).
On the upside, Germany is considering fixing that. On the downside, it moves with the speed of classic German bureaucracy and is being "discussed" since 2024.
I'm not sure white-hat hacking is broadly compatible with German culture. Keep in mind that going bankrupt in Germany permanently closes off lots of avenues, from future lending to whether you can be in senior management at a public company.
Fun fact: In the 1990s, the CCC e.V. was declared a terrorist organization by the BND. Also, a lot of members have been sued for Landesverrat (high treason) for disclosing found vulnerabilities and/or doing journalistic work.
For example, the netzpolitik guys have been sued for high treason twice.
Just as a side note on how competent the German state is to use their existing talent to work on issues in cyber security.
> If a hacker collaborates with the BND they do run a risk of many of their peers not wanting to collaborate with them anymore.
Another fun fact: There is no effective witness protection program in Germany. You have to have been attacked almost murdered twice (with legal cases leading to prosecution) before you can apply for the witness protection program.
And they're asking themselves why all the witnesses in high profile cases from Europol/Interpol keep disappearing ...
nor should there be.
Similar to how us American hackers have a huge dislike and distrust of the FBI.
Your own law enforcement agency will lie to you, manipulate you, raid you, extort you, and imprison you over bullshit.
[Edit] "An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions."
I'd rather "doxxing" just mean "de-anonymizing" because that's 1) how I already read it, 2) removes the whole "who is the more moral side in this dispute therefore has the right to make the accusation" problem
Someone who breaks the law and is actively searched for obviously has no expectation of privacy, or do you think the people visiting Epstein's island were doxxed?
https://en.wikipedia.org/wiki/Extrajudicial_killing#United_S...
Its almost always associated with a private person (ie not police or anyone of a judicial system) releasing personal information with malicious intent.
As the person above you said, semantics are important. This is a judicial system specifically searching for a person they believe to have caused severe criminal harm.
"Doxxing" certainly doesn't carry a negative connotation in that usage. Unless you live in a culture where torturing domesticated animals is a good thing.
ANd I recall that, before that, hackers would doxx other hackers in the 90s in order to get them arrested. Again, that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
See the canonical example of this going wrong: the Reddit 'investigation' of the Boston Bomber, where someone was misidentified, doxxed, and their family was harassed.
Of course, law enforcement is capable of making the same mistakes. But ideally they have better safeguards, and victims of their negligence have much better recourse.
I disagree. Tying a pseudonym to an IRL persona for purposes of law enforcement is a part of an official investigation.
Doxxing is specifically non-government unmasking and dissemination of that tie for extrajudicial purposes, almost always for harassment. There is a world of difference between them and we should not fudge them together with terminology. My 2c.
If it's negative depends on if you think they deserve the hostility.
The dilution of the word doxxing has been interesting, though. Some of the recent "doxxing" controversies have been about figures who weren't all that anonymous to begin with. The pop culture meaning has been extended to cover any mention of someone's real identity at all, even if it wasn't a secret.
I’ve been seeing it come up in discussions about court cases where people are under the belief that requiring online personalities real names in the court documents is somehow illegal because it’s doxxing.
Most of us grew up on the Internet, and consequently our world view is incredibly screwed and not particularly based on facts
No, if they just put UNKN on the most wanted list, then it wouldn't be doxing. But then they also tie UNKN together with "Daniil Maksimovich Shchukin", and that's the doxxing, regardless or not if it's on a most wanted list.
Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don't know.
I misread that as it either would be the thing to do or an alternative option and you were against putting names on a wanted list.
This seems to be just issuing an arrest warrant.
Unless there's something not covered in the article, his current address, family members, phone, etc were not listed. That's not doxxing; that's "here's a guy were want to arrest."
BTW, what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal? Attempts of theft, robbery and extortion have happened in the wake of such announcements.
There was even a case where somebody attempted to impersonate an intelligence officer and try to force a recently doxxed cyber criminal to bribe them.
Who knows, but I'm also not sure how you avoid that situation. Presumably, to be "doxxed" like this, there's substantive evidence he is actually the criminal. Strikes me as just one more downside of being a successful (but now identified) extortionist.
Call the police? Isn't this the point?
Some take a "full disclosure" style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying "hey remember that time you signed off with your real name?" or "I know your clearnet address"
Also talk about a headline that would mean absolute gibberish just a couple decades ago.
That one is a classic for russian criminals and warlords.
Identifying a criminal is ethical.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
>law
>legally
You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
The action the government took was not a "good" action by any moral standard. But it was perhaps the least worse action available all things considered. Can't just whisk people off the street in a foreign country or drone them over such matters, those options would be worse.
[1] https://en.wikipedia.org/wiki/Parable_of_the_broken_window
The same thing is true with computers. Imagine all the nice things we could have if we didn't have to worry about people abusing the systems we build.
It's on like place 10 out of 180, which makes it one of the least corrupt places.
It also has some surprisingly non-boomer departments, like the Sovereign Tech Fund. Either way you need to celebrate police doing good things and immoral actors being exposed, it can only have good outcomes.
Perhaps it deters them, or deters the next generation of such hackers. Or at least it makes their life less enjoyable, which is fair since they were only able to afford their travels due to their illicitly acquired wealth.
The one that has just invested in Scala? In year 2026? There are many good things about Germany, but competence in tech is not one of them.
It's not, in Germany we have separation of powers.
> The action the government took was not a "good" action by any moral standard.
Morals aren't binary. Morals have context.
It historically was used for this exact case: revealing someone hiding behind a pseudonym for purposes of law enforcement. The term dates back to the 90s, if not earlier.
This isn't something Gen Z made up. It's a Gen X term. "Hack the gibson" era. Wargames era.
I might want to do violence upon you for some reason. Maybe I hate you. Maybe you're doing something that I don't like. If I'm lucky I can round up half a dozen buddies to help. But I don't have infinite resources and infinite reach, so my capability is rather laughable unless you live next door.
Buuuut, if I craft it just right, I can cause the state with it's practically infinite resources, infinite men with guns who kick in doors, etc, etc to choose to kick in your door and do violence upon you. (And the request usually looks a lot like doing their job for them "hey look over here there's this specific person doing this specific thing that you're supposed to go after", but that's beside the point.)
Same as how if I craft a request to a 3rd party server just right a few Kb of on my end can become dozens of Mb on yours.
The German police can't reach these guys. Hence why they're doxing them. They're hoping to structure things such that those who can reach them respond to the request (i.e. rounding up these guys will be a line item in some larger geopolitical context).
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
Is it ethical to dox a pregnant woman seeking an abortion in a southern US state?
Is it ethical to dox a gay human rights defender in Russia?
Is it ethical to dox a woman seeking an education in Afghanistan?
Not all criminals have done something wrong.
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
E.g. in germany it was a real crime to grow some weed. Now it's legal, but even before a lot of reasonable people didn't want someone go to jail over weed.
If growing weed is illegal in Germany, and someone unknown grew a lot of weed in Germany, they end up being sought, and (eventually) their name and other details could end up in a police warrant.
The comparison is moot though since growing weed in Germany requires physical presence in Germany. The alleged cybercrimes could've originated from anywhere in the world due to the nature of the internet.
It just isn't doxing unless you don't see legal merit in the German police and German authorities. Which is obviously rhetoric the Russians want others to follow.
What I notice as different, and I'll try to keep this as minimally political as possible but, as you say, it seems to be an increasing irrational tendency to throw the baby out with the bathwater. De-fund the police as an example. I think the positives outweigh the negatives in this example, by a fair margin, but people react to what they're exposed to and the focus on outrage-bait-for-engagement in the current media environment has this an an outcome.
Additionally, the decreasing respect for the rule of law by the leaders of countries only leads their populace into the same kind of thinking. Leading a country backwards from the civilisation that is borne from the application of rules around behaviour and into the chaos that preceded said civilisation (this is a long term process and can be turned around, I'm not saying to start panicking just yet).
Some grey area is OK, and is almost necessary, for the sake of the ability to have the conversation about moving the law to be more in line with societal expectations, but too much grey area leads back to societal breakdown and chaos.
Ransomware is a scourge enabled by crypto. We should do whatever we can to eliminate it.
All that money goes somewhere. Much of it goes towards clothing, feeding, and housing people. Also, in most places it's a crime to rob anyone, even selfish assholes.