Security Market Segment LS
Tuesday, 30 April 2019 16:16

Infosec researchers slam ex-WaPO man Krebs over doxxing

Infosec researchers slam ex-WaPO man Krebs over doxxing Image by John Hain from Pixabay

A number of security researchers have sharply criticised security blogger Brian Krebs, a former employee of the Washington Post, after he doxxed two of them on Twitter, apparently because he disagreed with them about the operations of Spamhaus, an organisation set up to track email spammers and spam-related activity.

The researchers who were doxxed have the Twitter handles @notdan and @gexcolo; the latter's name is Vincent Canfield and he runs a service known as that provides professional email and XMPP addresses.

Canfield had accused Spamhaus recently of reacting to legitimate port scanning by automatically blocking the IPs from whence such probes came. Spamhaus was also claimed to not provide a swift means to redress any mistakes of this nature.

Spamhaus contested this view forcefully. The issue was written up by the British tech site, The Register, but the article appears not to have gone down well with the Spamhaus representative who was quoted therein.

Following this, @gexcolo posted a video on YouTube, providing what he claimed was evidence that Spamhaus was providing misleading information about its blocking of ordinary port scans.

Krebs' tirade came the following day, 25 April. But after it was over, he deleted all the tweets that he had posted about the two researchers. Some of them have been preserved by other researchers. (@notdan's version of events is here.)

krebs doxxing

Image courtesy PiotrSec of Hacked.WTF

Neither of these researchers, @notdan or @gexcolo, is involved in any illegal activity. And it is common for infosec researchers to have accounts on various forums, including social media, under pseudonyms. Some of the views expressed on such accounts may not be exactly kosher from a corporate perspective.

But journalists generally do not dox such individuals unless they are involved in some illegal activity and are using the accounts maintained under pseudonyms for such purposes.

Doxxing is defined by Wikipedia as "the Internet-based practice of researching and broadcasting private or identifiable information about an individual or organisation".

Among those who criticised Krebs for his doxxing was well-known American security researcher Jake Williams. "I recommend we follow the 'V is for Vendetta' approach to countering doxxing," he wrote. "I'll start: Krebs got it wrong, *I* am @notdan. Please call my employer @RenditionSec and complain if you think the video I participated in outing bad practices by Spamhaus was wrong."

British security researcher Kevin Beaumont also commented on Krebs' activity, but later deleted his tweets. "Transparency: I deleted two jokey tweets about that @briankrebs thing as I think there's better things to worry about in the world," he wrote. "As a general rule of thumb I don't think people's real-world identities should be linked in apparently random Twitter threads."

Krebs appears to have form in outing people who do not agree with him. Back in 2014, he posted the CV of an individual who had written what he characterised as a bad review of a book he authored.

When British security researcher Marcus Hutchins asked whether doxxing a person for this was going a bit too far, his response was: "Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me."

krebs doxxing2

Image courtesy PiotrSec of Hacked.WTF

More recently, Krebs was criticised by users of a German image board after he revealed details about several admins and moderators in an article which claimed to identify who was behind the cryptocurrency mining service Coinhive.

And as iTWire has reported, in 2017, Krebs quietly took down a story (archived version here) he had written purporting to uncover the people behind the Shadow Brokers group who leaked a number of NSA exploits on the Web in 2016. No reason was offered for this takedown and it was mentioned only at the very end of a story he wrote about the arrest of a Vietnamese American who pleaded guilty to taking masses of NSA material home.

Comments were not allowed on this article, presumably to avoid criticism of his earlier claim. The allegations about the identity of the Brokers were fed to Krebs by a Washington DC-based security firm, InGuardians, a fact he mentioned only in the 30th paragraph of his story.

iTWire contacted Krebs for comment, asking: "On 25 April, you spent a fair bit of time doxxing two security researchers, who go by the Twitter handles @notdan and @gexcolo. Neither of these individuals is involved in any illegal activity. Do you think it was fair on your part to dox them?

"Later you deleted all the tweets in the exchange. If you thought it was the right thing to do, why delete the tweets?

"The incident that appears to have sparked your tweet barrage appears to be a claim by @gexcolo that Spamhaus was blacklisting IPs that were not doing vulnerability scans or originating traffic.

"Do you think that you have better technical knowledge around this area than @gexcolo? One of your tweets appears to indicate that you do.

"In this context, it also needs to be asked: do you have any commercial or other ties to Spamhaus? According to one report, Spamhaus has been cited 37 times in your blog since 2010.

"You appear to have a habit of doxxing people. In March last year, you doxxed a number of admins and moderators of the image board in an article that was supposedly about the person behind the cryptocurrency mining service Coinhive.

"Back in 2014, you doxxed someone who had written a review critical of some book you published. When you were asked about this, you dismissed it, saying, 'Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me'.

"The Society of Professional Journalists advises practitioners of the craft of journalism to 'Balance the public’s need for information against potential harm or discomfort. Pursuit of the news is not a licence for arrogance or undue intrusiveness'.

"Do you think what you have done is in keeping with this?

"It also says journalists should, 'Realise that private people have a greater right to control information about themselves than public figures and others who seek power, influence or attention. Weigh the consequences of publishing or broadcasting personal information'.

"Does your tirade on Twitter fit in with this?"

Krebs has not responded.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News