This publication seems to be a major violation of privacy in several jurisdictions. Regardless of whether this guy is a criminal and whether his relative is complicit, their personal details should not be published in any form that is not an arrest order by law enforcement.
Now not only their private information is disclosed, but they also can become targets for other criminals (he is probably a rich person and unless he is a member of some offline syndicate, e.g. FSB, he can be a subject for kidnapping and extortion).
If the purpose of the publication is to put him in the spotlight, I do not see how those cybersecurity researchers are different from him.
Brian Krebs regularly publishes articles in which he reveals people's private data. I don't think that's okay either, but Brian is often celebrated for it and will continue to do so.
I used to enjoy reading krebsonsecurity.com, but since I realized that he is blatantly vigilante with these articles, I avoid the site. His argumentation is that he would only doxx criminals. However, this is not true, a few years ago he doxxed the developer of a large German imageboard and many volunteers of the imageboard, who wanted to remain anonymous for good reason. The criticized software of the developer had nothing to do with the imageboard and the developer also communicated that with Brian, but he didn't care about all that. The main thing was to sell the story well for him.
Brian Krebs, if you read this: a hearty "fuck you" from me for this action! You started something, that in the end destroyed one of the last places on the Internet, where one could still talk undisturbed. In my opinion, you are the biggest scum of all.
The board was "pr0gramm". In Krebs' words, "Multiple longtime pr0gramm members have remarked that since cha0s departed as administrator, the forum has become overrun by individuals with populist far-right political leanings."
He also justifies the "dox" because:
"So I set about trying to figure out who’s running pr0gramm. It wasn’t easy, but in the end all of the information needed to determine that was freely available online.
Let me be crystal clear on this point: All of the data I gathered (and presented in the detailed ‘mind map’ below) was derived from either public Web site WHOIS domain name registration records or from information posted to various social media networks by the pr0gramm administrators themselves. In other words, there is nothing in this research that was not put online by the pr0gramm administrators themselves."
I remember that! Thousands of pr0gramm users started donating money to the German cancer fund and other charities with the subject line "Krebs ist Scheiße" (Krebs is German for cancer). They made headlines with that. Lots of people outside pr0gramm started donating a bit later because of the articles. This resulted in hundreds of thousands of Euros in donations iirc.
They do this annually and are raising around 200k € every year for help against cancer. One could see this as a good outcome, but they made donations before the krebs story. They just started to talk about it after the story and that was something that was they didn't want to. One rule of pr0 is that you don't talk about the pr0. That was a good rule. Pr0 was like the internet was around 1999. A place to be together and having fun. A place to talk about everything. A social place, not those cancerous monsters that call themselves social networks these days.
Now they have to worry about what outsiders think about them and that slowly kills everything that was great about it.
Brian Kreb has a history of doxing essentially anyone he doesn't like. He literally once doxed someone whose crime was leaving a negative review of his book [1]. That kind of behavior is not OK, full stop.
What I think has happened is Krebs has spent too much time immersed in online troll culture, to the point where he now acts exactly like the people he writes about.
This wasn't just "someone whose crime was leaving a negative review of his book". From that image you posted, quoting Krebs: The guy is a convicted cybercrook who's in jail. Of course he hates me
Omitting that fact is incredibly misleading. For the record, I'm pretty ok seeing the crook's CV posted.
By this logic, would it likewise be acceptable to dox someone who wrote a positive review of the book, if it is found that the author of the review works somewhere favorable to Krebs (with the implication being that their review would then have a positive bias, much like the other review has a negative bias)? The problem with doxing and vigilantism is that it exposes people to undue harm. That is not an acceptable way to conduct yourself.
This is precisely one of the dangers of vigilantism and mob justice. In a civil society, it is up to the criminal justice to pursue criminals and discipline them, not the internet mob.
To be honest, I’m not sure this is the case. Russia does not extradite its citizens (this is written in Constitution), so the only way to prosecute criminals is to report the crime to Russian authorities. Extradition request is not a crime report. Question: did someone actually try to report cybercrime directly in Russia? Ransomware cases would be interesting also for tax authorities (at least from this perspective the case will be within Russian jurisdiction).
War crimes are not legal in USA, but USA codified in law non-cooperation with ICJ on that matter.
Does it mean we should start publishing personal data of US military?
I can't imagine law enforcement or intelligence has a favourable opinion of him either. This sort of vigilantism tips off cybercriminals to the fact that someone is on their trail and causes them to become proactive about moving themselves outside of any place they could be arrested. By publishing this information it leads FSB recruiters to cybercriminals while at the same time ensuring they stay within Russian soil where extradition treaties do not exist, meaning they will never be brought to trial.
That was my first thought when he mentioned the Skype handle being a relative, "perhaps even his sister" - that seems like it crosses the line.
If he has been stealing money from drug dealers etc, then outing his (potential) family - or worse, someone being fitted up - could have very bad repercussions.
Also there’s the fact that if you were going to do some serious cybercrime, it would make sense to leave a bunch of hard to find but still findable trails to a real person that isn’t you, so it could be a frame up!
For extra clever points, make it a person who already does protect their privacy by e.g. encrypting everything on local storage, doesn't like the cloud, and not being all over social media. If the cops bust them and can't find any evidence, they'll accuse them of hiding things, if they comply and decrypts their stuff and there's still nothing, the cops will still insist it was this person and they're still hiding something. If there's other incriminating stuff in the encrypted disks, boom the cops will bust them for that instead and will still think they got the master hacker...
Civil protest is often associated with privacy violations.
Belarusians that had to flee the country after August, 2020 set up a whole website where they meticulously map all those involved in stealing elections and beating protestors, see http://blackmap.org/
They even publish addresses of people who deliberately reported protestors to the authorities, together with the report summaries.
In a society run by bandits, violating privacy to expose their deeds is not even a lesser evil but a moral obligation.
Also, how is the work of Brian different from the work of Bellingcat or Navalny Team? Both are prased by media. So is Brian.
I have an answer: Privacy is a luxury, not a right. In peaceful times an democratic societies everyone can have some privacy.
When people starve to death, get beaten or killed while others amass riches, privacy means little in the face of defiance, hate and revenge.
You seem to be implying that Bellingcat/Navalny aren't proven hucksters and info-mercenaries who will say anything to keep their moneyed interests happy.
At least Brian is a plausibly independent (from powerful governments) blogger who occasionally publishes some high-signal, low-noise content. Although this sort of doxxing is out of hand even if Russians are "fair game" to his Western audience.
I followed Bellingcat and Navalny Team pretty closely for many years. I dislike some of the people behind both organisations but I am sure both organisations contribute to the society in a positive way.
Anyone who did above average things exposes themselves to privacy violations. This is recognized universally for politicians, for instance, otherwise why would we require our representantives to publish their tax declarations or simply campaign publicly?
Aaron Maté has done a lot of investigative journalism[1] into them.
Basically, Bellingcat is an "intelligence launderer" for the NATO-aligned IC. Agencies can feed them real or bogus intel and they will gladly publish it in return for $$$ and media clout. In some cases, they even fabricate propaganda as in the case of their collaborations with Navalny's team. I think they are closer to "useful idiots" rather than actual intelligence operatives, though.
What they are not is a largely independent OSINT group a la WikiLeaks. Bellingcat is firmly aligned with the most powerful government intelligence agencies on the planet and a darling to their media. They can be counted on to never undermine NATO's agenda (which Julian Assange is suffering immensely for doing), and are ostensibly compensated well for that.
To be clear, by deflecting are you implying that Bellingcat is not closely aligned financially and operationally with the NATO intelligence/media apparatus?
I don't see where he said that. He said basically that it's questionable to try to prove one entity is "aligned financially and operationally" with a bad actor by citing another entity that is "aligned financially and operationally" with a different bad actor. If they are so obviously bad, your case would be better made by not citing a source that is an unabashed and uncritical mouthpiece for a particular government.
You don't need to trust the Grayzone, or the Russian government (or Syrian or Iranian or Venezuelan or Chinese, whichever one is the most convenient to pin Grayzone to today) to see the though the smokescreen of Bellingcat's claim to being an independent "intelligence agency for the people". It's a total farce.
Well, something doesn't add up.
"The phone number tied to that Vkontakte account — 7617467845 — was assigned by the Russian telephony provider MegaFon to a resident in Khakassia, situated in the southwestern part of Eastern Siberia."
This number looks bogus, mobile phone numbers in Russia are +7(three digit provider code)(seven digits of actual number); given number is one digit short. We could assume this number is (three digit provider code)(seven digits of actual number) , but there's no provider with code 761 in Russia.
I never realized it was that involved. Ie that there are specialty roles in ransomware where people simply provide the access for a fee, and sell that to someone else to actually do the ransoming.
The other question of course is - can this be considered Russian sponsored if they choose not to ever prosecute? How does this end? It becomes a major career in Russia?
>The other question of course is - can this be considered Russian sponsored if they choose not to ever prosecute?
Here Russian police is lazy - if no one files a complaint, they won't do anything. Since he avoids targetting Russian organizations, law enforcement is probably completely unaware of him. Something can happen if American law enforcement contacts Russian law enforcement directly but it looks there's little cooperation there because of the mutual political animosity between USA & Russia (US/Russian embassies getting closed, ties being cut etc) I wonder what will happen if Interpol gets involved
Russia is an Interpol nation, so they should be able to operate there. It's amazing to me that someone this high profile and careless hasn't already been arrested, though. Perhaps there is some kind of protection in place.
>It's amazing to me that someone this high profile and careless hasn't already been arrested
A decade ago my town used to have a gang which operated the largest mail order bride scam in the country, all victims in US and Europe, too (i.e. none in Russia), for the same reasons. Many people in the town knew what they did and who they were (I personally knew 1 guy from there) but no one reported them to police because no one would benefit from fighting them and being labeled a snitch, and the general attitude (excuse) was that Americans and Europeans are supposedly very rich (at least, by Russian standards) so them losing $1000 here or there wasn't considered a serious problem or some moral dilemma. Police didn't care because formally no one filed an official complaint.
However, there was some foreign victim who really valued his lost money. He somehow managed to contact Russian police and thanks to his efforts the gang was eventually busted red-handed, I remember there was a TV report about the raid. As it turned out, basically it was 20-30 students spread across several rented commieblock appartments full of PC's. They made many mistakes leaving traces of their real identities (just like the guy in the OP), the one guy I knew from there was also ~18 yo, a pretty inexperienced kid, even before the raid I had suspected it's not a serious mafia cell protected by the government or anything, just a bunch of opportunistic scumbags who abuse the inertia of our police and the legal/political/linguistic barriers between our countries. To scam people or spread ransomware, all you need is programming/social engineering skills and a PC. If you are lucky and/or determined, you can earn a lot of money by just having that, no government sponsorship is required. The fact that the hacker in the OP's post also lives in Siberia in a provincial town reminds me of that student gang from my town; you wouldn't expect high-profile hackers sponsored by the federal government to use the same password for all sites they visit.
I think we can see if they are protected by authorities if Interpol requests will be flat-out rejected.
I wonder if he's ever stolen from a powerful drug dealer, who could afford to send someone to Russia to get revenge - not necessarily show up at the hacker's door, but to rent some locals who'd do that
To me it sounds gullible and one-dimensional to use the name of some far-away place with a different language system, to blame for every criminal or autocratic problem. Mafia in the USA runs health care and show girls -- poor idiots far away sell hijack tools.
There are smart people in every country, of every color and language.
I wouldn't be surprised if devices typically become compromised via automation - the ones responsible may not have the expertise & manpower needed to develop & deploy viable ransomware payloads, negotiating ransoms, providing "tech support" to "customers" who choose to pay the ransom and need help decrypting, etc. So they'd rather resell the access for a flat fee and leave it to others to milk out the actual targets for potentially more money. The low but steady stream of money they get might also be easier to launder than ransoms worth hundreds of thousands.
I doubt this is limited to ransomware - I bet customers of a "network access broker" would involve conventional malware such as spam/DoS bots, ad fraud, etc as well.
