Blogger Doxxes German Website’s Admins

InfoTech website IT Wire reports on the alleged doxxing perpetrated by a blogger named Brian Krebs, who unnecessarily revealed details about the administrators and moderators of imageboard forum, a popular Top 200 site in Germany whose online community values anonymity.

The website’s principals were doxxed by Krebs in a post that ostensibly was an attempt to identify who was behind the cryptocurrency mining service Coinhive.

Coinhive provides a script that can be used to mine the privacy-focused cryptocurrency known as Monero. The script has been abused by third parties who insert it into websites without permission.

Krebs’ long and tortuous article claimed to probe “who and what is Coinhive.” But after identifying the individual whom he claimed was behind the script, Krebs then included lurid details about one Matthias Moench who was the first owner of the domain – even though the article said “Mr Moench is only tangentially connected to this research.”

IT Wire:

Krebs took a drubbing on the popular news section of YCombinator, with the following among the user comments:

“I mean, doxxing Gamb wasn’t really necessary, he was always very paranoid about being doxxed, and users of the site know what happened to cha0s when he was doxxed. So i understand that they want to think a bit about how to handle this situation. I’ve complained about krebs being an asshole before on HN and this pretty much confirms it.”

“Brian basically doxxed random people for developing something that can also be used by criminals.”

“People use it [Coinhive] to do bad things, so this thing must be fundamentally evil. It is so evil, it does steal your processing power, that is worse than loss of personal data like credit cards and deserves to be the most evil malware of the millennium. /s” [sarcasm]

“Look at his tweets and headlines… that are used to promote the story: They are almost exclusively focusing on the Matthias Moench part, which is completely irrelevant to pr0gramm, Coinhive, and even the mindmap.”

“Publishing material by users he knew had trolled him to further the agenda that this is a right-wing site (it is not, the site has a huge fan base of Bernie Sanders and other leftist politicians).”

In response to the doxxing, angry users of created the hashtag #KrebsIsCancer to track their donations made for the fight against cancer, whose German word is Krebs. Image proofs of donations are plastered all over the homepage of


The German pr0gramm admins and mods are not the first victims of Brian Krebs’s penchant for compiling and publishing the personal details of individuals who have no relation to what he purports to cover as an issue worth reporting.

As iTWire noted, Krebs last year quietly unpublished a post he had written to uncover the people behind the Shadow Brokers group, blamed for leaking several National Security Agency exploits.

In that doxxing incident, Krebs compiled all he could find online about Michael A. Pecoraro, Nathan S. Heidbreder, and Gennadiy “Glen” Sidelnikov — whose names happened to be attached as authors in the metadata of a few of the leaked files. The first two have been presumed to be NSA employees. The third happened to be a contractor — Krebs had read in The New York Times and The Wall Street Journal about an unnamed contractor arrested in the case, and his top-notch detective skills led him to the Russian-speaking Sidelnikov.

The title of his November 27 post: Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

No reason was provided by Krebs for his later taking down of his story featuring the three above-named individuals, with a focus on Sidelnikov; the takedown was mentioned only at the very end of a later report he wrote on his blog — about the arrest of a Vietnamese American who pled guilty to taking home NSA material. In this later post, the Comments section was closed — regular readers believe this was to avoid criticism of his doxxing of individuals unrelated to the case.

For more on Brian Krebs’s notorious track record as a blogger/doxxer, read Sam Varghese’s article in IT Wire.