Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil, GandCrab (krebsonsecurity.com)
208 points by Bender 6 hours ago
KingOfCoders 4 hours ago
Putting someone on a (most) wanted list is "doxing"?
[Edit] "An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions."
moomin 4 hours ago
Yeah, I’m not okay with this. Doxxing is a term with an extremely negative connotation and is often done to people who, bluntly, weren’t hiding or doing anything wrong. The correct term for the same act here is either “accuse” or “unmask”.
krono 2 hours ago
So it is doxxing if the doxxed committed wrongdoings from the perspective of... the doxxer? Ideals, morality, alignment, goals and purpose are and have always been a static constant for all humankind. There is no pineapple pizza, it is a lie, for I don't like it, and therefore nobody else ever did either.
Barrin92 11 minutes ago
vpinkeroff 2 hours ago
pmarreck 2 hours ago
So basically it's like Terrorism or Genociding, where if it's against the team you are rooting for, it is that, and if it's not against your in-group it's just War?
I'd rather "doxxing" just mean "de-anonymizing" because that's 1) how I already read it, 2) removes the whole "who is the more moral side in this dispute therefore has the right to make the accusation" problem
embedding-shape 4 hours ago
If someone wasn't previously known, only an alias or alter-ego, but you then link those together with a real-life identity, that's very much the definition of "doxxing", at least the original definition, maybe it's different today? Positive or negative doesn't really matter, just like "shooting" or "jumping" in itself isn't positive or negative, it's just a verb.
landl0rd 3 hours ago
usrusr 4 hours ago
rwmj 3 hours ago
mc32 4 hours ago
Unfortunately language tends to get diluted. Nowadays in pop culture it means publishing anyone's personal information, usually against their wishes.
Aurornis 2 hours ago
This does seem close to the original intent of "doxxing", where information ("dox") is publicized that connects a real-world identity to a previously anonymous online persona. These are hackers in the classic sense who were going out of their way to stay anonymous.
The dilution of the word doxxing has been interesting, though. Some of the recent "doxxing" controversies have been about figures who weren't all that anonymous to begin with. The pop culture meaning has been extended to cover any mention of someone's real identity at all, even if it wasn't a secret.
lovich an hour ago
KingOfCoders 4 hours ago
“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.”
busterarm 4 hours ago
also it seems the US had already identified him 3 years prior?
stuckkeys 3 hours ago
I do not understand this logic either. They take GDPR way too serious haha. JK obv.
embedding-shape 4 hours ago
> Putting someone on a (most) wanted list is "doxing"?
No, if they just put UNKN on the most wanted list, then it wouldn't be doxing. But then they also tie UNKN together with "Daniil Maksimovich Shchukin", and that's the doxxing, regardless or not if it's on a most wanted list.
KingOfCoders 4 hours ago
I think this is not how wanted lists work, here in Germany at least. Do they work this way where you are living? The goal of wanted lists in Germany is to find the person the police is searching for to put them in front of a court if the prosecution can make a case.
Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don't know.
embedding-shape 3 hours ago
stackghost 3 hours ago
Back in the day, being doxed meant having your real name, address, phone number, email, etc. posted online for anyone to do what they would.
This seems to be just issuing an arrest warrant.
alistairSH 2 hours ago
Uh, you think they should just put "UNKN" on the wanted list instead of the person they believe is UNKN? That's not very helpful...
alistairSH 2 hours ago
How is "this is the name of the formerly anonymous extortionist" doxxing?
Unless there's something not covered in the article, his current address, family members, phone, etc were not listed. That's not doxxing; that's "here's a guy were want to arrest."
perlgeek 5 minutes ago
It seems to me that the meaning of the word "doxxing" has slowly drifted to mean "revealing information about somebody without their consent", be it by state actor, a company or an individual.
BTW, what do you think will happen when people find out that their neighbor is secretly a pretty wealthy criminal? Attempts of theft, robbery and extortion have happened in the wake of such announcements.
There was even a case where somebody attempted to impersonate an intelligence officer and try to force a recently doxxed cyber criminal to bribe them.
randomNumber7 39 minutes ago
That wouldn't sound cool. Especially as noone actually gives a fuck about what germany wants.
ddtaylor an hour ago
I think people are getting stuck on the concept of the word doxing here. In anonymous online hacking circles, the idea that you're exposing anyone's OPSEC at all is considered basically doxing. People do it regularly, but it's seen as a clear indication of being an enemy.
Some take a "full disclosure" style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying "hey remember that time you signed off with your real name?" or "I know your clearnet address"
jojomodding 3 hours ago
So apparently some CCC-connected hackers already unmasked one of them years ago (as reported in the update, which could have also just linked to the talk here: https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edit... )
Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
hobofan an hour ago
I'm not deep into the topic, but AFAIK there generally isn't a warm connection between the CCC and the BND in Germany (in the recent years mostly due to the BNDs involvement ins spying on German citizens, but I think there is also deeper history there). If a hacker collaborates with the BND they do run a risk of many of their peers not wanting to collaborate with them anymore.
foepys 36 minutes ago
It also has something to do with the so called "Hackerparagraph" [1] under which whitehat hacking is basically impossible in Germany. Even writing a program that could potentially be used for hacking is a crime. If you followed the law word for word the authors of e.g. curl could be charged under this law.
1: https://de.wikipedia.org/wiki/Vorbereiten_des_Aussp%C3%A4hen... [de]
jojomodding 41 minutes ago
Maybe the special agents watched the talk in their free time
mmanfrin 20 minutes ago
I feel accepted spelling of the word is 'doxxes'; doxes in my head reads as 'dokeses'.
Also talk about a headline that would mean absolute gibberish just a couple decades ago.
Phelinofist 5 hours ago
Spiegel recently did a video on them: https://www.youtube.com/watch?v=HuwRrqM6H1M
twodave an hour ago
Some of the comments here (and lately on HN in general) are very concerning to me. Are we really going to pretend that people accused of real crimes shouldn’t be arrested, charged and, if found guilty, have an appropriate sentence? It doesn’t take many more than 2 brain cells rubbing together to see that that won’t end well. Whataboutism, political differences, and even real injustices in my opinion to not make this a reasonable position.
randomNumber7 36 minutes ago
It probably depends on what people think about the laws that define what a "real crime" is.
E.g. in germany it was a real crime to grow some weed. Now it's legal, but even before a lot of reasonable people didn't want someone go to jail over weed.
crest 2 hours ago
Since when does putting criminals on official wanted lists count as doxxing?!? If they want their information taken down they just have to show up in court.
nailer 5 hours ago
Feels odd for an infosec blog to use 'doxxing' this way. Doxxing is generally considered to be unethical exposure of personal information.
Identifying a criminal is ethical.
KPGv2 3 hours ago
"Doxxing" is from the 90s and was used to describe a hacker unmasking another hacker so they could be arrested. That's almost exactly the same usage as here.
Sharlin 3 hours ago
Semantic shift happens over time. A 2026 article is supposed to communicate to 2026, not 1996, readers.
randomNumber7 35 minutes ago
nailer 3 hours ago
I can't find it in the jargon file: http://catb.org/jargon/html/D.html
stackghost 3 hours ago
moffkalast 5 hours ago
I think they obviously just took it as 'exposure of personal information' period.
cucumber3732842 5 hours ago
>Identifying a criminal is ethical.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
Yokohiii 4 hours ago
Certainly, criminals also have a right to privacy. However, the limited publication of personal data of criminals by law enforcement is generally a legally legitimate measure. Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
cucumber3732842 4 hours ago
KPGv2 3 hours ago
wswin 4 hours ago
not the state, but the law
wat10000 5 hours ago
"Identifying a criminal" doesn't imply that it's done by the government, and being done by the government doesn't imply that it's done to a criminal. This comment seems like quite a leap.
jstanley 4 hours ago
dmos62 5 hours ago
Innocent until proven guilty (in a court of law)?
gigatexal 4 hours ago
ethics and morality are not interchangeable are they?
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
mc32 4 hours ago
layer8 4 hours ago
> Identifying a criminal is ethical.
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
KingOfCoders 4 hours ago
They put the person on a wanted list.
layer8 4 hours ago
pixl97 3 hours ago
I mean doxxing is totally incorrect. Let's say for example there was a person on film near a crime scene, even though the police know they weren't directly involved there is no violation of privacy in the US if the police post their picture and ask for them to come forward. Or even later find out their name and look for them publically.
alexmocki 6 hours ago
This reads less like “hacking” and more like an optimized business.
Clear specialization, outsourcing, and reinvestment — very similar to how startups scale.
kgeist 5 hours ago
Found his record in Russia's official company registry. This is what he officially does as an entepreneur:
56.10 — Restaurant activities and food delivery services
47.23 — Retail sale of fish, crustaceans, and mollusks in specialized stores
47.25.12 — Retail sale of beer in specialized stores
47.25.2 — Retail sale of soft drinks in specialized stores
47.29.39 — Retail sale of other food products in specialized stores, not included in other groups
68.20 — Lease and management of own or leased real estate
ivan_gammel 5 hours ago
Classic money laundering.
ecshafer 3 hours ago
I find it entertaining that even as part of a Russian hacking gang, the real threat is the Russian tax authorities. Regardless of how you got the money, need to pay the taxes.
diath 2 hours ago
tokai 4 hours ago
> 56.10 — Restaurant activities and food delivery services
That one is a classic for russian criminals and warlords.
randomNumber7 31 minutes ago
raverbashing 5 hours ago
Ah yes a business like the mafia
tgv 5 hours ago
The parent commenter has apparently never heard of organized crime.
wat10000 4 hours ago
Go look at the al Qaeda emails recovered from the raid that killed bin Laden and you'll find all the same stuff. Turns out that the way businesses operate is just a good way to operate human organizations in general, whether their goal is to sell widgets or blow up infidels.