Security Market Segment LS
Tuesday, 30 April 2019 16:16

Infosec researchers slam ex-WaPO man Krebs over doxxing

Infosec researchers slam ex-WaPO man Krebs over doxxing Image by John Hain from Pixabay

A number of security researchers have sharply criticised security blogger Brian Krebs, a former employee of the Washington Post, after he doxxed two of them on Twitter, apparently because he disagreed with them about the operations of Spamhaus, an organisation set up to track email spammers and spam-related activity.

The researchers who were doxxed have the Twitter handles @notdan and @gexcolo; the latter's name is Vincent Canfield and he runs a service known as that provides professional email and XMPP addresses.

Canfield had accused Spamhaus recently of reacting to legitimate port scanning by automatically blocking the IPs from whence such probes came. Spamhaus was also claimed to not provide a swift means to redress any mistakes of this nature.

Spamhaus contested this view forcefully. The issue was written up by the British tech site, The Register, but the article appears not to have gone down well with the Spamhaus representative who was quoted therein.

Following this, @gexcolo posted a video on YouTube, providing what he claimed was evidence that Spamhaus was providing misleading information about its blocking of ordinary port scans.

Krebs' tirade came the following day, 25 April. But after it was over, he deleted all the tweets that he had posted about the two researchers. Some of them have been preserved by other researchers. (@notdan's version of events is here.)

krebs doxxing

Image courtesy PiotrSec of Hacked.WTF

Neither of these researchers, @notdan or @gexcolo, is involved in any illegal activity. And it is common for infosec researchers to have accounts on various forums, including social media, under pseudonyms. Some of the views expressed on such accounts may not be exactly kosher from a corporate perspective.

But journalists generally do not dox such individuals unless they are involved in some illegal activity and are using the accounts maintained under pseudonyms for such purposes.

Doxxing is defined by Wikipedia as "the Internet-based practice of researching and broadcasting private or identifiable information about an individual or organisation".

Among those who criticised Krebs for his doxxing was well-known American security researcher Jake Williams. "I recommend we follow the 'V is for Vendetta' approach to countering doxxing," he wrote. "I'll start: Krebs got it wrong, *I* am @notdan. Please call my employer @RenditionSec and complain if you think the video I participated in outing bad practices by Spamhaus was wrong."

British security researcher Kevin Beaumont also commented on Krebs' activity, but later deleted his tweets. "Transparency: I deleted two jokey tweets about that @briankrebs thing as I think there's better things to worry about in the world," he wrote. "As a general rule of thumb I don't think people's real-world identities should be linked in apparently random Twitter threads."

Krebs appears to have form in outing people who do not agree with him. Back in 2014, he posted the CV of an individual who had written what he characterised as a bad review of a book he authored.

When British security researcher Marcus Hutchins asked whether doxxing a person for this was going a bit too far, his response was: "Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me."

krebs doxxing2

Image courtesy PiotrSec of Hacked.WTF

More recently, Krebs was criticised by users of a German image board after he revealed details about several admins and moderators in an article which claimed to identify who was behind the cryptocurrency mining service Coinhive.

And as iTWire has reported, in 2017, Krebs quietly took down a story (archived version here) he had written purporting to uncover the people behind the Shadow Brokers group who leaked a number of NSA exploits on the Web in 2016. No reason was offered for this takedown and it was mentioned only at the very end of a story he wrote about the arrest of a Vietnamese American who pleaded guilty to taking masses of NSA material home.

Comments were not allowed on this article, presumably to avoid criticism of his earlier claim. The allegations about the identity of the Brokers were fed to Krebs by a Washington DC-based security firm, InGuardians, a fact he mentioned only in the 30th paragraph of his story.

iTWire contacted Krebs for comment, asking: "On 25 April, you spent a fair bit of time doxxing two security researchers, who go by the Twitter handles @notdan and @gexcolo. Neither of these individuals is involved in any illegal activity. Do you think it was fair on your part to dox them?

"Later you deleted all the tweets in the exchange. If you thought it was the right thing to do, why delete the tweets?

"The incident that appears to have sparked your tweet barrage appears to be a claim by @gexcolo that Spamhaus was blacklisting IPs that were not doing vulnerability scans or originating traffic.

"Do you think that you have better technical knowledge around this area than @gexcolo? One of your tweets appears to indicate that you do.

"In this context, it also needs to be asked: do you have any commercial or other ties to Spamhaus? According to one report, Spamhaus has been cited 37 times in your blog since 2010.

"You appear to have a habit of doxxing people. In March last year, you doxxed a number of admins and moderators of the image board in an article that was supposedly about the person behind the cryptocurrency mining service Coinhive.

"Back in 2014, you doxxed someone who had written a review critical of some book you published. When you were asked about this, you dismissed it, saying, 'Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me'.

"The Society of Professional Journalists advises practitioners of the craft of journalism to 'Balance the public’s need for information against potential harm or discomfort. Pursuit of the news is not a licence for arrogance or undue intrusiveness'.

"Do you think what you have done is in keeping with this?

"It also says journalists should, 'Realise that private people have a greater right to control information about themselves than public figures and others who seek power, influence or attention. Weigh the consequences of publishing or broadcasting personal information'.

"Does your tirade on Twitter fit in with this?"

Krebs has not responded.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments