The researchers who were doxxed have the Twitter handles @notdan and @gexcolo; the latter's name is Vincent Canfield and he runs a service known as Cock.li that provides professional email and XMPP addresses.
Canfield had accused Spamhaus recently of reacting to legitimate port scanning by automatically blocking the IPs from whence such probes came. Spamhaus was also claimed to not provide a swift means to redress any mistakes of this nature.
Spamhaus contested this view forcefully. The issue was written up by the British tech site, The Register, but the article appears not to have gone down well with the Spamhaus representative who was quoted therein.
Krebs' tirade came the following day, 25 April. But after it was over, he deleted all the tweets that he had posted about the two researchers. Some of them have been preserved by other researchers. (@notdan's version of events is here.)
Image courtesy PiotrSec of Hacked.WTF
Neither of these researchers, @notdan or @gexcolo, is involved in any illegal activity. And it is common for infosec researchers to have accounts on various forums, including social media, under pseudonyms. Some of the views expressed on such accounts may not be exactly kosher from a corporate perspective.
But journalists generally do not dox such individuals unless they are involved in some illegal activity and are using the accounts maintained under pseudonyms for such purposes.
Doxxing is defined by Wikipedia as "the Internet-based practice of researching and broadcasting private or identifiable information about an individual or organisation".
I recommend we follow the "V is for Vendetta" approach to countering doxxing.— Jake Williams (@MalwareJake) April 25, 2019
I'll start: Krebs got it wrong, *I* am @notdan. Please call my employer @RenditionSec and complain if you think the video I participated in outing bad practices by Spamhaus was wrong.
Among those who criticised Krebs for his doxxing was well-known American security researcher Jake Williams. "I recommend we follow the 'V is for Vendetta' approach to countering doxxing," he wrote. "I'll start: Krebs got it wrong, *I* am @notdan. Please call my employer @RenditionSec and complain if you think the video I participated in outing bad practices by Spamhaus was wrong."
British security researcher Kevin Beaumont also commented on Krebs' activity, but later deleted his tweets. "Transparency: I deleted two jokey tweets about that @briankrebs thing as I think there's better things to worry about in the world," he wrote. "As a general rule of thumb I don't think people's real-world identities should be linked in apparently random Twitter threads."
Transparency: I deleted two jokey tweets about that @briankrebs thing as I think there's better things to worry about in the world.— Kevin Beaumont ??♀️ (@GossiTheDog) April 26, 2019
As a general rule of thumb I don't think people's real world identities should be linked in apparently random Twitter threads.
Krebs appears to have form in outing people who do not agree with him. Back in 2014, he posted the CV of an individual who had written what he characterised as a bad review of a book he authored.
When British security researcher Marcus Hutchins asked whether doxxing a person for this was going a bit too far, his response was: "Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me."
Image courtesy PiotrSec of Hacked.WTF
More recently, Krebs was criticised by users of a German image board pr0gramm.com after he revealed details about several admins and moderators in an article which claimed to identify who was behind the cryptocurrency mining service Coinhive.
This DM was sent to me 1 week before Krebs doxed me. We were discussing how SpamHaus would probably retaliate for embarrassing them. Makes ya wonder who the bad guys are. pic.twitter.com/2gJWAtFidU— uɐpʇ[email protected] ✸ (@notdan) April 26, 2019
And as iTWire has reported, in 2017, Krebs quietly took down a story (archived version here) he had written purporting to uncover the people behind the Shadow Brokers group who leaked a number of NSA exploits on the Web in 2016. No reason was offered for this takedown and it was mentioned only at the very end of a story he wrote about the arrest of a Vietnamese American who pleaded guilty to taking masses of NSA material home.
Comments were not allowed on this article, presumably to avoid criticism of his earlier claim. The allegations about the identity of the Brokers were fed to Krebs by a Washington DC-based security firm, InGuardians, a fact he mentioned only in the 30th paragraph of his story.
Also, he called them out for creating drama, when he's really the one fueling the drama here. Streisand effect? https://t.co/mFQ9BeANR3— x0rz (@x0rz) April 25, 2019
iTWire contacted Krebs for comment, asking: "On 25 April, you spent a fair bit of time doxxing two security researchers, who go by the Twitter handles @notdan and @gexcolo. Neither of these individuals is involved in any illegal activity. Do you think it was fair on your part to dox them?
"Later you deleted all the tweets in the exchange. If you thought it was the right thing to do, why delete the tweets?
"The incident that appears to have sparked your tweet barrage appears to be a claim by @gexcolo that Spamhaus was blacklisting IPs that were not doing vulnerability scans or originating traffic.
"Do you think that you have better technical knowledge around this area than @gexcolo? One of your tweets appears to indicate that you do.
[email protected] ✸ (@notdan) April 30, 2019
"In this context, it also needs to be asked: do you have any commercial or other ties to Spamhaus? According to one report, Spamhaus has been cited 37 times in your blog since 2010.
"You appear to have a habit of doxxing people. In March last year, you doxxed a number of admins and moderators of the image board pr0gramm.com in an article that was supposedly about the person behind the cryptocurrency mining service Coinhive.
"Back in 2014, you doxxed someone who had written a review critical of some book you published. When you were asked about this, you dismissed it, saying, 'Dox people? Hardly. I think it helps to add context. The guy is a convicted cybercrook who's in jail. Of course he hates me'.
"The Society of Professional Journalists advises practitioners of the craft of journalism to 'Balance the public’s need for information against potential harm or discomfort. Pursuit of the news is not a licence for arrogance or undue intrusiveness'.
"Do you think what you have done is in keeping with this?
"It also says journalists should, 'Realise that private people have a greater right to control information about themselves than public figures and others who seek power, influence or attention. Weigh the consequences of publishing or broadcasting personal information'.
"Does your tirade on Twitter fit in with this?"
Krebs has not responded.