(krebsonsecurity.com)
Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
1: https://de.wikipedia.org/wiki/Vorbereiten_des_Aussp%C3%A4hen... [de]
Identifying a criminal is ethical.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
>law
>legally
You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
The action the government took was not a "good" action by any moral standard. But it was perhaps the least worse action available all things considered. Can't just whisk people off the street in a foreign country or drone them over such matters, those options would be worse.
It's not, in Germany we have separation of powers.
> The action the government took was not a "good" action by any moral standard.
Morals aren't binary. Morals have context.
[1] https://en.wikipedia.org/wiki/Parable_of_the_broken_window
The same thing is true with computers. Imagine all the nice things we could have if we didn't have to worry about people abusing the systems we build.
It's on like place 10 out of 180, which makes it one of the least corrupt places.
It also has some surprisingly non-boomer departments, like the Sovereign Tech Fund. Either way you need to celebrate police doing good things and immoral actors being exposed, it can only have good outcomes.
Perhaps it deters them, or deters the next generation of such hackers. Or at least it makes their life less enjoyable, which is fair since they were only able to afford their travels due to their illicitly acquired wealth.
The one that has just invested in Scala? In year 2026? There are many good things about Germany, but competence in tech is not one of them.
It historically was used for this exact case: revealing someone hiding behind a pseudonym for purposes of law enforcement. The term dates back to the 90s, if not earlier.
This isn't something Gen Z made up. It's a Gen X term. "Hack the gibson" era. Wargames era.
I might want to do violence upon you for some reason. Maybe I hate you. Maybe you're doing something that I don't like. If I'm lucky I can round up half a dozen buddies to help. But I don't have infinite resources and infinite reach, so my capability is rather laughable unless you live next door.
Buuuut, if I craft it just right, I can cause the state with it's practically infinite resources, infinite men with guns who kick in doors, etc, etc to choose to kick in your door and do violence upon you. (And the request usually looks a lot like doing their job for them "hey look over here there's this specific person doing this specific thing that you're supposed to go after", but that's beside the point.)
Same as how if I craft a request to a 3rd party server just right a few Kb of on my end can become dozens of Mb on yours.
The German police can't reach these guys. Hence why they're doxing them. They're hoping to structure things such that those who can reach them respond to the request (i.e. rounding up these guys will be a line item in some larger geopolitical context).
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
[Edit] "An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions."
The dilution of the word doxxing has been interesting, though. Some of the recent "doxxing" controversies have been about figures who weren't all that anonymous to begin with. The pop culture meaning has been extended to cover any mention of someone's real identity at all, even if it wasn't a secret.
I’ve been seeing it come up in discussions about court cases where people are under the belief that requiring online personalities real names in the court documents is somehow illegal because it’s doxxing.
Most of us grew up on the Internet, and consequently our world view is incredibly screwed and not particularly based on facts
I'd rather "doxxing" just mean "de-anonymizing" because that's 1) how I already read it, 2) removes the whole "who is the more moral side in this dispute therefore has the right to make the accusation" problem
Someone who breaks the law and is actively searched for obviously has no expectation of privacy, or do you think the people visiting Epstein's island were doxxed?
https://en.wikipedia.org/wiki/Extrajudicial_killing#United_S...
Its almost always associated with a private person (ie not police or anyone of a judicial system) releasing personal information with malicious intent.
As the person above you said, semantics are important. This is a judicial system specifically searching for a person they believe to have caused severe criminal harm.
"Doxxing" certainly doesn't carry a negative connotation in that usage. Unless you live in a culture where torturing domesticated animals is a good thing.
ANd I recall that, before that, hackers would doxx other hackers in the 90s in order to get them arrested. Again, that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
See the canonical example of this going wrong: the Reddit 'investigation' of the Boston Bomber, where someone was misidentified, doxxed, and their family was harassed.
Of course, law enforcement is capable of making the same mistakes. But ideally they have better safeguards, and victims of their negligence have much better recourse.
I disagree. Tying a pseudonym to an IRL persona for purposes of law enforcement is a part of an official investigation.
Doxxing is specifically non-government unmasking and dissemination of that tie for extrajudicial purposes, almost always for harassment. There is a world of difference between them and we should not fudge them together with terminology. My 2c.
If it's negative depends on if you think they deserve the hostility.
No, if they just put UNKN on the most wanted list, then it wouldn't be doxing. But then they also tie UNKN together with "Daniil Maksimovich Shchukin", and that's the doxxing, regardless or not if it's on a most wanted list.
Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don't know.
I misread that as it either would be the thing to do or an alternative option and you were against putting names on a wanted list.
This seems to be just issuing an arrest warrant.
Unless there's something not covered in the article, his current address, family members, phone, etc were not listed. That's not doxxing; that's "here's a guy were want to arrest."
BTW, what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal? Attempts of theft, robbery and extortion have happened in the wake of such announcements.
There was even a case where somebody attempted to impersonate an intelligence officer and try to force a recently doxxed cyber criminal to bribe them.
Who knows, but I'm also not sure how you avoid that situation. Presumably, to be "doxxed" like this, there's substantive evidence he is actually the criminal. Strikes me as just one more downside of being a successful (but now identified) extortionist.
Some take a "full disclosure" style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying "hey remember that time you signed off with your real name?" or "I know your clearnet address"
Also talk about a headline that would mean absolute gibberish just a couple decades ago.
E.g. in germany it was a real crime to grow some weed. Now it's legal, but even before a lot of reasonable people didn't want someone go to jail over weed.
No people were harmed so I am leaning towards no crime committed.
Clear specialization, outsourcing, and reinvestment — very similar to how startups scale.
56.10 — Restaurant activities and food delivery services
47.23 — Retail sale of fish, crustaceans, and mollusks in specialized stores
47.25.12 — Retail sale of beer in specialized stores
47.25.2 — Retail sale of soft drinks in specialized stores
47.29.39 — Retail sale of other food products in specialized stores, not included in other groups
68.20 — Lease and management of own or leased real estate
That one is a classic for russian criminals and warlords.