It also has something to do with the so called &quot;Hackerparagraph&quot; [1] under which whitehat hacking is basically impossible in Germany. Even writing a program that could potentially be used for hacking is a crime. If you followed the law word for word the authors of e.g. curl could be charged under this law.1: <a href="https:&#x2F;&#x2F;de.wikipedia.org&#x2F;wiki&#x2F;Vorbereiten_des_Aussp%C3%A4hens_und_Abfangens_von_Daten" rel="nofollow">https:&#x2F;&#x2F;de.wikipedia.org&#x2F;wiki&#x2F;Vorbereiten_des_Aussp%C3%A4hen...</a> [de]

Maybe the special agents watched the talk in their free time

I&#x27;m not deep into the topic, but AFAIK there generally isn&#x27;t a warm connection between the CCC and the BND in Germany (in the recent years mostly due to the BNDs involvement ins spying on German citizens, but I think there is also deeper history there). If a hacker collaborates with the BND they do run a risk of many of their peers not wanting to collaborate with them anymore.

So apparently some CCC-connected hackers already unmasked one of them years ago (as reported in the update, which could have also just linked to the talk here: <a href="https:&#x2F;&#x2F;media.ccc.de&#x2F;v&#x2F;37c3-12134-hirne_hacken_hackback_edition#t=1440" rel="nofollow">https:&#x2F;&#x2F;media.ccc.de&#x2F;v&#x2F;37c3-12134-hirne_hacken_hackback_edit...</a> )Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...

Spiegel recently did a video on them: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=HuwRrqM6H1M" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=HuwRrqM6H1M</a>

Semantic shift happens over time. A 2026 article is supposed to communicate to 2026, not 1996, readers.

I can&#x27;t find it in the jargon file: <a href="http:&#x2F;&#x2F;catb.org&#x2F;jargon&#x2F;html&#x2F;D.html" rel="nofollow">http:&#x2F;&#x2F;catb.org&#x2F;jargon&#x2F;html&#x2F;D.html</a>

&quot;Doxxing&quot; is from the 90s and was used to describe a hacker unmasking another hacker so they could be arrested. That&#x27;s almost exactly the same usage as here.

I think they obviously just took it as &#x27;exposure of personal information&#x27; period.

Certainly, criminals also have a right to privacy. However, the limited publication of personal data of criminals by law enforcement is generally a legally legitimate measure. Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.

&quot;Identifying a criminal&quot; doesn&#x27;t imply that it&#x27;s done by the government, and being done by the government doesn&#x27;t imply that it&#x27;s done to a criminal. This comment seems like quite a leap.

Innocent until proven guilty (in a court of law)?

ethics and morality are not interchangeable are they?anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that&#x27;s the social contract free people have with government&quot;doxxing&quot; a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...

&gt;Identifying a criminal is ethical.This outsourcing of one&#x27;s morals to the state is excessive even by already high western white collar internet standards.Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one&#x27;s moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.Edit: I&#x27;ll admit I played too loose with ethics vs morality here, but still the point stands.

I mean doxxing is totally incorrect. Let&#x27;s say for example there was a person on film near a crime scene, even though the police know they weren&#x27;t directly involved there is no violation of privacy in the US if the police post their picture and ask for them to come forward. Or even later find out their name and look for them publically.

&gt; Identifying a criminal is ethical.I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.

Feels odd for an infosec blog to use &#x27;doxxing&#x27; this way. Doxxing is generally considered to be unethical exposure of personal information.Identifying a criminal is ethical.

This does seem close to the original intent of &quot;doxxing&quot;, where information (&quot;dox&quot;) is publicized that connects a real-world identity to a previously anonymous online persona. These are hackers in the classic sense who were going out of their way to stay anonymous.The dilution of the word doxxing has been interesting, though. Some of the recent &quot;doxxing&quot; controversies have been about figures who weren&#x27;t all that anonymous to begin with. The pop culture meaning has been extended to cover any mention of someone&#x27;s real identity at all, even if it wasn&#x27;t a secret.

“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.”

Unfortunately language tends to get diluted. Nowadays in pop culture it means publishing anyone&#x27;s personal information, usually against their wishes.

It implies to me they _shouldn&#x27;t_ be releasing his name. In this case it sounds like they very much should be naming him.

So basically it&#x27;s like Terrorism or Genociding, where if it&#x27;s against the team you are rooting for, it is that, and if it&#x27;s not against your in-group it&#x27;s just War?I&#x27;d rather &quot;doxxing&quot; just mean &quot;de-anonymizing&quot; because that&#x27;s 1) how I already read it, 2) removes the whole &quot;who is the more moral side in this dispute therefore has the right to make the accusation&quot; problem

So it is doxxing if the doxxed committed wrongdoings from the perspective of... the doxxer? Ideals, morality, alignment, goals and purpose are and have always been a static constant for all humankind. There is no pineapple pizza, it is a lie, for I don&#x27;t like it, and therefore nobody else ever did either.

If someone wasn&#x27;t previously known, only an alias or alter-ego, but you then link those together with a real-life identity, that&#x27;s very much the definition of &quot;doxxing&quot;, at least the original definition, maybe it&#x27;s different today? Positive or negative doesn&#x27;t really matter, just like &quot;shooting&quot; or &quot;jumping&quot; in itself isn&#x27;t positive or negative, it&#x27;s just a verb.

Yeah, I’m not okay with this. Doxxing is a term with an extremely negative connotation and is often done to people who, bluntly, weren’t hiding or doing anything wrong. The correct term for the same act here is either “accuse” or “unmask”.

also it seems the US had already identified him 3 years prior?

Wait. Is that what&#x27;s happening here? Are they expecting the international criminal to be given a right to privacy until he&#x27;s convicted?

I do not understand this logic either. They take GDPR way too serious haha. JK obv.

I think this is not how wanted lists work, here in Germany at least. Do they work this way where you are living? The goal of wanted lists in Germany is to find the person the police is searching for to put them in front of a court if the prosecution can make a case.Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don&#x27;t know.

Back in the day, being doxed meant having your real name, address, phone number, email, etc. posted online for anyone to do what they would.This seems to be just issuing an arrest warrant.

Uh, you think they should just put &quot;UNKN&quot; on the wanted list instead of the person they believe is UNKN? That&#x27;s not very helpful...

&gt; Putting someone on a (most) wanted list is &quot;doxing&quot;?No, if they just put UNKN on the most wanted list, then it wouldn&#x27;t be doxing. But then they also tie UNKN together with &quot;Daniil Maksimovich Shchukin&quot;, and that&#x27;s the doxxing, regardless or not if it&#x27;s on a most wanted list.

Putting someone on a (most) wanted list is &quot;doxing&quot;?[Edit] &quot;An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions.&quot;

what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal?Who knows, but I&#x27;m also not sure how you avoid that situation. Presumably, to be &quot;doxxed&quot; like this, there&#x27;s substantive evidence he is actually the criminal. Strikes me as just one more downside of being a successful (but now identified) extortionist.

It seems to me that the meaning of the word &quot;doxxing&quot; has slowly drifted to mean &quot;revealing information about somebody without their consent&quot;, be it by state actor, a company or an individual.BTW, what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal? Attempts of theft, robbery and extortion have happened in the wake of such announcements.There was even a case where somebody attempted to impersonate an intelligence officer and try to force a recently doxxed cyber criminal to bribe them.

That wouldn&#x27;t sound cool. Especially as noone actually gives a fuck about what germany wants.

How is &quot;this is the name of the formerly anonymous extortionist&quot; doxxing?Unless there&#x27;s something not covered in the article, his current address, family members, phone, etc were not listed. That&#x27;s not doxxing; that&#x27;s &quot;here&#x27;s a guy were want to arrest.&quot;

I think people are getting stuck on the concept of the word doxing here. In anonymous online hacking circles, the idea that you&#x27;re exposing anyone&#x27;s OPSEC at all is considered basically doxing. People do it regularly, but it&#x27;s seen as a clear indication of being an enemy.Some take a &quot;full disclosure&quot; style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying &quot;hey remember that time you signed off with your real name?&quot; or &quot;I know your clearnet address&quot;

I feel accepted spelling of the word is &#x27;doxxes&#x27;; doxes in my head reads as &#x27;dokeses&#x27;.Also talk about a headline that would mean absolute gibberish just a couple decades ago.

Since when does putting criminals on official wanted lists count as doxxing?!? If they want their information taken down they just have to show up in court.

No, it doesn&#x27;t, at least not to me. I can disagree with a law while also agreeing to obey it and that those who break it should have consequences. I can hold these two opposing ideas because that is the basis by which governments function. If everybody gets to decide for themselves what should be&#x2F;not be a crime, then we don&#x27;t have a society. Society is about compromise. What I&#x27;m seeing is not compromise. What I&#x27;m seeing is people dismissing the whole of law because there&#x27;s one they don&#x27;t agree with, or an application or even abuse of the law that offends them. It&#x27;s an abandonment of balance and a dismissing of rational conversation.

Sure, but do you consider this specific case a real crime?

It probably depends on what people think about the laws that define what a &quot;real crime&quot; is.E.g. in germany it was a real crime to grow some weed. Now it&#x27;s legal, but even before a lot of reasonable people didn&#x27;t want someone go to jail over weed.

Some of the comments here (and lately on HN in general) are very concerning to me. Are we really going to pretend that people accused of real crimes shouldn’t be arrested, charged and, if found guilty, have an appropriate sentence? It doesn’t take many more than 2 brain cells rubbing together to see that that won’t end well. Whataboutism, political differences, and even real injustices in my opinion do not make this a reasonable position.

I find it entertaining that even as part of a Russian hacking gang, the real threat is the Russian tax authorities. Regardless of how you got the money, need to pay the taxes.

&gt; 56.10 — Restaurant activities and food delivery servicesThat one is a classic for russian criminals and warlords.

Found his record in Russia&#x27;s official company registry. This is what he officially does as an entepreneur:<pre><code> 56.10 — Restaurant activities and food delivery services

 47.23 — Retail sale of fish, crustaceans, and mollusks in specialized stores

 47.25.12 — Retail sale of beer in specialized stores

 47.25.2 — Retail sale of soft drinks in specialized stores

 47.29.39 — Retail sale of other food products in specialized stores, not included in other groups

 68.20 — Lease and management of own or leased real estate
</code></pre>
Money is reinvested into selling beer and fish :) Interestingly, he registered all that in 2019, just when the ransoms started.

The parent commenter has apparently never heard of organized crime.

Go look at the al Qaeda emails recovered from the raid that killed bin Laden and you&#x27;ll find all the same stuff. Turns out that the way businesses operate is just a good way to operate human organizations in general, whether their goal is to sell widgets or blow up infidels.

This reads less like “hacking” and more like an optimized business.Clear specialization, outsourcing, and reinvestment — very similar to how startups scale.

German police name alleged leaders of GandCrab and REvil ransomware groups