Putting someone on a (most) wanted list is "doxing"?
[Edit] "An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions."
moomin 2 hours ago [-]
Yeah, I’m not okay with this. Doxxing is a term with an extremely negative connotation and is often done to people who, bluntly, weren’t hiding or doing anything wrong. The correct term for the same act here is either “accuse” or “unmask”.
krono 13 minutes ago [-]
So it is doxxing if the doxxed committed wrongdoings from the perspective of... the doxxer? Ideals, morality, alignment, goals and purpose are and have always been a static constant for all humankind. There is no pineapple pizza, it is a lie, for I don't like it, and therefore nobody else ever did either.
vpinkeroff 8 minutes ago [-]
You have understand that we're dealing with Morals™, if you're an enemy of the States, anything is on the table. Even some of the things the States is actively calling other countries out for, see Iran for example and how silent the EU, ICC, and NATO is when its "Daddy", as Rutte put it, commits atrocities.
embedding-shape 2 hours ago [-]
If someone wasn't previously known, only an alias or alter-ego, but you then link those together with a real-life identity, that's very much the definition of "doxxing", at least the original definition, maybe it's different today? Positive or negative doesn't really matter, just like "shooting" or "jumping" in itself isn't positive or negative, it's just a verb.
landl0rd 1 hours ago [-]
No, if I kidnap someone it's kidnapping. If the police based on probable cause receive and execute a warrant for someone's arrest, it's an arrest. This is how the state monopoly on violence works.
usrusr 2 hours ago [-]
And if the police actually catches the accused and puts them in jail, is that kidnapping? Most verbs have far more semantics than just the most basic before/after state diff.
embedding-shape 1 hours ago [-]
Well, no, kidnapping is unlawful abduction. But abduction is always abduction, regardless of who does it, police can abduct people too, but when criminals do so, we call it kidnapping, since it's illegal. Not sure what point you were trying to make, but I think it failed to land properly.
mschild 1 hours ago [-]
"Doxing" has negative connotations.
Its almost always associated with a private person (ie not police or anyone of a judicial system) releasing personal information with malicious intent.
As the person above you said, semantics are important. This is a judicial system specifically searching for a person they believe to have caused severe criminal harm.
KPGv2 1 hours ago [-]
I have, admittedly, only been on the Internet for thirty-five years or so, but I seem to recall that a long time ago reading about people "doxxing" guys who posted pictures of them torturing cats and dogs.
"Doxxing" certainly doesn't carry a negative connotation in that usage. Unless you live in a culture where torturing domesticated animals is a good thing.
ANd I recall that, before that, hackers would doxx other hackers in the 90s in order to get them arrested. Again, that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
ptero 20 minutes ago [-]
> that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
I disagree. Tying a pseudonym to an IRL persona for purposes of law enforcement is a part of an official investigation.
Doxxing is specifically non-government unmasking and dissemination of that tie for extrajudicial purposes, almost always for harassment. There is a world of difference between them and we should not fudge them together with terminology. My 2c.
strbean 28 minutes ago [-]
There is still an inherent negative aspect to the "Don't Fuck with Cats" doxxing. Vigilantes publicly revealing the identity of (suspected) perpetrators can enable further vigilante action, and this can cause harm to innocent people if the identification was incorrect, or unwittingly impede law enforcement. And that's before considering whether vigilantism is inherently good or bad.
See the canonical example of this going wrong: the Reddit 'investigation' of the Boston Bomber, where someone was misidentified, doxxed, and their family was harassed.
Of course, law enforcement is capable of making the same mistakes. But ideally they have better safeguards, and victims of their negligence have much better recourse.
BurningFrog 1 hours ago [-]
Doxxing a hostile act.
If it's negative depends on if you think they deserve the hostility.
rwmj 2 hours ago [-]
If you want an alias that's fine, just don't use it to do crimes.
ffsm8 2 hours ago [-]
[dead]
mc32 2 hours ago [-]
Unfortunately language tends to get diluted. Nowadays in pop culture it means publishing anyone's personal information, usually against their wishes.
KingOfCoders 2 hours ago [-]
“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.”
busterarm 2 hours ago [-]
also it seems the US had already identified him 3 years prior?
stuckkeys 1 hours ago [-]
I do not understand this logic either. They take GDPR way too serious haha. JK obv.
embedding-shape 2 hours ago [-]
> Putting someone on a (most) wanted list is "doxing"?
No, if they just put UNKN on the most wanted list, then it wouldn't be doxing. But then they also tie UNKN together with "Daniil Maksimovich Shchukin", and that's the doxxing, regardless or not if it's on a most wanted list.
KingOfCoders 2 hours ago [-]
I think this is not how wanted lists work, here in Germany at least. Do they work this way where you are living? The goal of wanted lists in Germany is to find the person the police is searching for to put them in front of a court if the prosecution can make a case.
Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don't know.
embedding-shape 2 hours ago [-]
What do you mean "this is not how wanted lists work"? The goal everywhere is to find the people on the wanted list, that's why they're called "wanted" in the first place. Is there something in my comment indicating I don't believe wanted lists are for finding people?
KingOfCoders 1 hours ago [-]
"No, if they just put UNKN on the most wanted list, then it wouldn't be doxing."
I misread that as it either would be the thing to do or an alternative option and you were against putting names on a wanted list.
embedding-shape 1 hours ago [-]
No, I was just trying to clarify that the "doxxing" part is not the "add $name to $list" but "tie $alias to $real-name".
throwaway7783 1 hours ago [-]
Isn't this just the good old "aka"?
KingOfCoders 44 minutes ago [-]
Like in " William H. Bonney aka The Kid"? Doxing in the 19th century by the government it seems.
stackghost 38 minutes ago [-]
Back in the day, being doxed meant having your real name, address, phone number, email, etc. posted online for anyone to do what they would.
This seems to be just issuing an arrest warrant.
alistairSH 31 minutes ago [-]
Uh, you think they should just put "UNKN" on the wanted list instead of the person they believe is UNKN? That's not very helpful...
2 hours ago [-]
alistairSH 32 minutes ago [-]
How is "this is the name of the formerly anonymous extortionist" doxxing?
Unless there's something not covered in the article, his current address, family members, phone, etc were not listed. That's not doxxing; that's "here's a guy were want to arrest."
Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
Feels odd for an infosec blog to use 'doxxing' this way. Doxxing is generally considered to be unethical exposure of personal information.
Identifying a criminal is ethical.
moffkalast 3 hours ago [-]
I think they obviously just took it as 'exposure of personal information' period.
sieabahlpark 2 hours ago [-]
[dead]
KPGv2 1 hours ago [-]
"Doxxing" is from the 90s and was used to describe a hacker unmasking another hacker so they could be arrested. That's almost exactly the same usage as here.
Sharlin 1 hours ago [-]
Semantic shift happens over time. A 2026 article is supposed to communicate to 2026, not 1996, readers.
It comes from leetspeak. Identity documents -> docs -> dox
cucumber3732842 3 hours ago [-]
>Identifying a criminal is ethical.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
Yokohiii 2 hours ago [-]
Certainly, criminals also have a right to privacy. However, the limited publication of personal data of criminals by law enforcement is generally a legally legitimate measure. Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
cucumber3732842 2 hours ago [-]
>criminals
>law
>legally
You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
The action the government took was not a "good" action by any moral standard. But it was perhaps the least worse action available all things considered. Can't just whisk people off the street in a foreign country or drone them over such matters, those options would be worse.
Yokohiii 1 hours ago [-]
> You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
It's not, in Germany we have separation of powers.
> The action the government took was not a "good" action by any moral standard.
Morals aren't binary. Morals have context.
oytis 1 hours ago [-]
Running a ransomware gang is immoral. Catching someone running a ransomware gang is good. If publishing their name helps catch them, it's also good. Not sure where do you see the gap between legality and morality in this case
flipped 1 hours ago [-]
People often forget that Threat Actors (TA) are the ones keeping the infosec alive. They are doing a good job of scaring people into implementing actual security protocols and thereby improving everyone's security posture. The whole infosec would collapse without TAs, let's not forget that. They create jobs.
oytis 44 minutes ago [-]
That's right. They also create jobs for police though, and now German police is doing theirs
zaphar 2 hours ago [-]
Is it your position that privacy is a right regardless of any action you take? Many rights are dependent on circumstance and in tension with other rights. In this case I think you can make the case that their right to privacy is lost.
KPGv2 1 hours ago [-]
> Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
It historically was used for this exact case: revealing someone hiding behind a pseudonym for purposes of law enforcement. The term dates back to the 90s, if not earlier.
This isn't something Gen Z made up. It's a Gen X term. "Hack the gibson" era. Wargames era.
cucumber3732842 40 minutes ago [-]
Doxxing is basically a DDOS reflection attack but for real violence, or threat thereof, instead of 1s and 0s.
I might want to do violence upon you for some reason. Maybe I hate you. Maybe you're doing something that I don't like. If I'm lucky I can round up half a dozen buddies to help. But I don't have infinite resources and infinite reach, so my capability is rather laughable unless you live next door.
Buuuut, if I craft it just right, I can cause the state with it's practically infinite resources, infinite men with guns who kick in doors, etc, etc to choose to kick in your door and do violence upon you. (And the request usually looks a lot like doing their job for them "hey look over here there's this specific person doing this specific thing that you're supposed to go after", but that's beside the point.)
Same as how if I craft a request to a 3rd party server just right a few Kb of on my end can become dozens of Mb on yours.
The German police can't reach these guys. Hence why they're doxing them. They're hoping to structure things such that those who can reach them respond to the request (i.e. rounding up these guys will be a line item in some larger geopolitical context).
wswin 2 hours ago [-]
not the state, but the law
2 hours ago [-]
wat10000 3 hours ago [-]
"Identifying a criminal" doesn't imply that it's done by the government, and being done by the government doesn't imply that it's done to a criminal. This comment seems like quite a leap.
jstanley 2 hours ago [-]
It's the government who defines what "criminal" means.
wat10000 2 hours ago [-]
Not necessarily. I'm free to make my own determination on the matter.
zaphar 2 hours ago [-]
You are certainly free to make up your own definitions for words and speak a dialect that is niche but you will not be effectively communicating when you do. By commonly understood definition criminality is a matter of law.
wat10000 1 hours ago [-]
[dead]
dmos62 3 hours ago [-]
Innocent until proven guilty (in a court of law)?
gigatexal 2 hours ago [-]
ethics and morality are not interchangeable are they?
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
mc32 2 hours ago [-]
Not disagreeing with your preface but I was under the impression that while it took governments some time to figure things out, kinetic bombing in retaliation for cyberwarfare was pretty much ruled out unless the cyberwarfare results in direct mass casualties (for example cyber sabotaging a refinery results in an explosion which results in casualties.). Else we’d have bombed North Korea, China, Ukraine, Russia, Romania, etc.
layer8 2 hours ago [-]
> Identifying a criminal is ethical.
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
KingOfCoders 2 hours ago [-]
They put the person on a wanted list.
layer8 2 hours ago [-]
My comment isn’t about this specific case. It’s about the general claim.
pixl97 50 minutes ago [-]
I mean doxxing is totally incorrect. Let's say for example there was a person on film near a crime scene, even though the police know they weren't directly involved there is no violation of privacy in the US if the police post their picture and ask for them to come forward. Or even later find out their name and look for them publically.
dfir-lab 2 hours ago [-]
[dead]
user070707 2 hours ago [-]
[flagged]
alexmocki 4 hours ago [-]
This reads less like “hacking” and more like an optimized business.
Clear specialization, outsourcing, and reinvestment — very similar to how startups scale.
kgeist 3 hours ago [-]
Found his record in Russia's official company registry. This is what he officially does as an entepreneur:
56.10 — Restaurant activities and food delivery services
47.23 — Retail sale of fish, crustaceans, and mollusks in specialized stores
47.25.12 — Retail sale of beer in specialized stores
47.25.2 — Retail sale of soft drinks in specialized stores
47.29.39 — Retail sale of other food products in specialized stores, not included in other groups
68.20 — Lease and management of own or leased real estate
Money is reinvested into selling beer and fish :) Interestingly, he registered all that in 2019, just when the ransoms started.
ivan_gammel 3 hours ago [-]
Classic money laundering.
ecshafer 1 hours ago [-]
I find it entertaining that even as part of a Russian hacking gang, the real threat is the Russian tax authorities. Regardless of how you got the money, need to pay the taxes.
diath 5 minutes ago [-]
That's not specific to Russia, almost every country in the world requires you to report illegal income for tax purposes, including the US.
tokai 2 hours ago [-]
> 56.10 — Restaurant activities and food delivery services
That one is a classic for russian criminals and warlords.
wat10000 3 hours ago [-]
Go look at the al Qaeda emails recovered from the raid that killed bin Laden and you'll find all the same stuff. Turns out that the way businesses operate is just a good way to operate human organizations in general, whether their goal is to sell widgets or blow up infidels.
raverbashing 4 hours ago [-]
Ah yes a business like the mafia
tgv 3 hours ago [-]
The parent commenter has apparently never heard of organized crime.
Rendered at 17:50:38 GMT+0000 (Coordinated Universal Time) with Vercel.
[Edit] "An international search is underway for Daniil Maksimovich SHCHUKIN on suspicion of numerous counts of gang-related and commercial extortion using ransomware to the detriment of commercial enterprises, public facilities, and institutions."
Its almost always associated with a private person (ie not police or anyone of a judicial system) releasing personal information with malicious intent.
As the person above you said, semantics are important. This is a judicial system specifically searching for a person they believe to have caused severe criminal harm.
"Doxxing" certainly doesn't carry a negative connotation in that usage. Unless you live in a culture where torturing domesticated animals is a good thing.
ANd I recall that, before that, hackers would doxx other hackers in the 90s in order to get them arrested. Again, that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement.
I disagree. Tying a pseudonym to an IRL persona for purposes of law enforcement is a part of an official investigation.
Doxxing is specifically non-government unmasking and dissemination of that tie for extrajudicial purposes, almost always for harassment. There is a world of difference between them and we should not fudge them together with terminology. My 2c.
See the canonical example of this going wrong: the Reddit 'investigation' of the Boston Bomber, where someone was misidentified, doxxed, and their family was harassed.
Of course, law enforcement is capable of making the same mistakes. But ideally they have better safeguards, and victims of their negligence have much better recourse.
If it's negative depends on if you think they deserve the hostility.
No, if they just put UNKN on the most wanted list, then it wouldn't be doxing. But then they also tie UNKN together with "Daniil Maksimovich Shchukin", and that's the doxxing, regardless or not if it's on a most wanted list.
Perhaps this goes back to leftist terrorism in Germany in the 1970s, they would not use the code names of terrorists on the wanted lists but their real names to find them, because this is what they wanted - but I don't know.
I misread that as it either would be the thing to do or an alternative option and you were against putting names on a wanted list.
This seems to be just issuing an arrest warrant.
Unless there's something not covered in the article, his current address, family members, phone, etc were not listed. That's not doxxing; that's "here's a guy were want to arrest."
Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
Identifying a criminal is ethical.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
>law
>legally
You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
The action the government took was not a "good" action by any moral standard. But it was perhaps the least worse action available all things considered. Can't just whisk people off the street in a foreign country or drone them over such matters, those options would be worse.
It's not, in Germany we have separation of powers.
> The action the government took was not a "good" action by any moral standard.
Morals aren't binary. Morals have context.
It historically was used for this exact case: revealing someone hiding behind a pseudonym for purposes of law enforcement. The term dates back to the 90s, if not earlier.
This isn't something Gen Z made up. It's a Gen X term. "Hack the gibson" era. Wargames era.
I might want to do violence upon you for some reason. Maybe I hate you. Maybe you're doing something that I don't like. If I'm lucky I can round up half a dozen buddies to help. But I don't have infinite resources and infinite reach, so my capability is rather laughable unless you live next door.
Buuuut, if I craft it just right, I can cause the state with it's practically infinite resources, infinite men with guns who kick in doors, etc, etc to choose to kick in your door and do violence upon you. (And the request usually looks a lot like doing their job for them "hey look over here there's this specific person doing this specific thing that you're supposed to go after", but that's beside the point.)
Same as how if I craft a request to a 3rd party server just right a few Kb of on my end can become dozens of Mb on yours.
The German police can't reach these guys. Hence why they're doxing them. They're hoping to structure things such that those who can reach them respond to the request (i.e. rounding up these guys will be a line item in some larger geopolitical context).
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
Clear specialization, outsourcing, and reinvestment — very similar to how startups scale.
That one is a classic for russian criminals and warlords.