Security Market Segment LS
Tuesday, 30 April 2019 16:16

Infosec researchers slam ex-WaPO man Krebs over doxxing

Infosec researchers slam ex-WaPO man Krebs over doxxing Image by John Hain from Pixabay

A number of security researchers have sharply criticised security blogger Brian Krebs, a former employee of the Washington Post, after he doxxed two of them on Twitter, apparently because he disagreed with them about the operations of Spamhaus, an organisation set up to track email spammers and spam-related activity.

The researchers who were doxxed have the Twitter handles @notdan and @gexcolo; the latter's name is Vincent Canfield and he runs a service known as that provides professional email and XMPP addresses.

Canfield had accused Spamhaus recently of reacting to legitimate port scanning by automatically blocking the IPs from whence such probes came. Spamhaus was also claimed to not provide a swift means to redress any mistakes of this nature.

Spamhaus contested this view forcefully. The issue was written up by the British tech site, The Register, but the article appears not to have gone down well with the Spamhaus representative who was quoted therein.

Following this, @gexcolo posted a video on YouTube, providing what he claimed was evidence that Spamhaus was providing misleading information about its blocking of ordinary port scans.

Krebs' tirade came the following day, 25 April. But after it was over, he deleted all the tweets that he had posted about the two researchers. Some of them have been preserved by other researchers. (@notdan's version of events is here.)

krebs doxxing

Image courtesy PiotrSec of Hacked.WTF

Neither of these researchers, @notdan or @gexcolo, is involved in any illegal activity. And it is common for infosec researchers to have accounts on various forums, including social media, under pseudonyms. Some of the views expressed on such accounts may not be exactly kosher from a corporate perspective.

But journalists generally do not dox such individuals unless they are involved in some illegal activity and are using the accounts maintained under pseudonyms for such purposes.

Doxxing is defined by Wikipedia as "the Internet-based practice of researching and broadcasting private or identifiable information about an individual or organisation".

Among those who criticised Krebs for his doxxing was well-known American security researcher Jake Williams. "I recommend we follow the 'V is for Vendetta' approach to countering doxxing," he wrote. "I'll start: Krebs got it wrong, *I* am @notdan. Please call my employer @RenditionSec and complain if you think the video I participated in outing bad practices by Spamhaus was wrong."

British security researcher Kevin Beaumont also commented on Krebs' activity, but later deleted his tweets. "Transparency: I deleted two jokey tweets about that @briankrebs thing as I think there's better things to worry about in the world," he wrote. "As a general rule of thumb I don't think people's real-world identities should be linked in apparently random Twitter threads."

Krebs appears to have form in outing people who do not agree with him. Back in 2014, he posted the CV of an individual who had written what he characterised as a bad review of a book he authored.

When British security researcher Marcus Hutchins asked whether doxxing a person for this was going a bit too far, his response was: "Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me."

krebs doxxing2

Image courtesy PiotrSec of Hacked.WTF

More recently, Krebs was criticised by users of a German image board after he revealed details about several admins and moderators in an article which claimed to identify who was behind the cryptocurrency mining service Coinhive.

And as iTWire has reported, in 2017, Krebs quietly took down a story (archived version here) he had written purporting to uncover the people behind the Shadow Brokers group who leaked a number of NSA exploits on the Web in 2016. No reason was offered for this takedown and it was mentioned only at the very end of a story he wrote about the arrest of a Vietnamese American who pleaded guilty to taking masses of NSA material home.

Comments were not allowed on this article, presumably to avoid criticism of his earlier claim. The allegations about the identity of the Brokers were fed to Krebs by a Washington DC-based security firm, InGuardians, a fact he mentioned only in the 30th paragraph of his story.

iTWire contacted Krebs for comment, asking: "On 25 April, you spent a fair bit of time doxxing two security researchers, who go by the Twitter handles @notdan and @gexcolo. Neither of these individuals is involved in any illegal activity. Do you think it was fair on your part to dox them?

"Later you deleted all the tweets in the exchange. If you thought it was the right thing to do, why delete the tweets?

"The incident that appears to have sparked your tweet barrage appears to be a claim by @gexcolo that Spamhaus was blacklisting IPs that were not doing vulnerability scans or originating traffic.

"Do you think that you have better technical knowledge around this area than @gexcolo? One of your tweets appears to indicate that you do.

"In this context, it also needs to be asked: do you have any commercial or other ties to Spamhaus? According to one report, Spamhaus has been cited 37 times in your blog since 2010.

"You appear to have a habit of doxxing people. In March last year, you doxxed a number of admins and moderators of the image board in an article that was supposedly about the person behind the cryptocurrency mining service Coinhive.

"Back in 2014, you doxxed someone who had written a review critical of some book you published. When you were asked about this, you dismissed it, saying, 'Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me'.

"The Society of Professional Journalists advises practitioners of the craft of journalism to 'Balance the public’s need for information against potential harm or discomfort. Pursuit of the news is not a licence for arrogance or undue intrusiveness'.

"Do you think what you have done is in keeping with this?

"It also says journalists should, 'Realise that private people have a greater right to control information about themselves than public figures and others who seek power, influence or attention. Weigh the consequences of publishing or broadcasting personal information'.

"Does your tirade on Twitter fit in with this?"

Krebs has not responded.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments