Doxbin (darknet): Difference between revisions

Doxbin

File:Doxbin Logo.png
Homepage of Doxbin on 26 April 2022
Type of site	Dox publisher
Registration	Optional
Launched	May 30, 2011 (2011-05-30)
Current status	Active
Written in	PHP

Doxbin is a document sharing and publishing website which invites users to contribute personally identifiable information, or "dox", of any person of interest. It was previously operated on the darknet as a Tor hidden service, by a person known on the internet as nachash.^[1] Since its takedown in 2014, nachash has stepped down and relinquished his ownership to a predecessor that used the username "King Oren" when interviewed. He said in an interview that he is hosting Doxbin on the World Wide Web, as well as on Darknet and Tor hidden service websites. He declined to release the link to either of them, saying, "The people that use the service know how to find it, that's what keeps it secure and out of the reach of incompetent people using it for malice things".^{[citation needed]}

Due to the illegal nature of much of the information it published (such as social security numbers, bank routing information, and credit card information, all in plain-text), the old Doxbin was one of many sites seized during Operation Onymous, a multinational police initiative, in November 2014.^[2] Even though this type of material was technically not illegal, it was still taken down which lawyers responded to as "because they could."

The new Doxbin is operated by people on the internet known as "Brenton" and "kt".

History

The original (onion based) Doxbin was established to act as a secure, anonymous venue in May 30, 2011 for the publication of dox first established by people by the usernames of nachash, king oren, CGOD, and Phocus. Dox being a term in Internet culture which refers to personally identifiable information about individuals, including social security numbers, street addresses, usernames, emails, and passwords, obtained through a variety of legal and illegal means.^[3]

In November 2012, Doxbin's Twitter handle @Doxbin was attributed to an attack on Symantec, coordinated with Anonymous' Operation Vendetta.^[2]

It first attracted attention in March 2014 when its then-owner hijacked a popular Tor hidden service, The Hidden Wiki, pointing its visitors to Doxbin instead as a response to the maintenance of pages dedicated to child pornography links.^[4][5][6] In June 2014, their Twitter account was suspended, prompting the site to start listing the personal information of the Twitter founders and CEO.^[7] In October 2014, Doxbin hosted personal information about Katherine Forrest, a federal judge responsible for court rulings against the owner of Tor-based black market Silk Road, leading to death threats and harassment.^[3][8]

Doxbin and several other hidden services were seized in November 2014 as part of the multinational police initiative Operation Onymous.^[9][10][11] Shortly thereafter, one of the site's operators who avoided arrest shared the site's logs and information about how it was compromised with the Tor developers email list, suggesting it could have either been the result of a specialized distributed denial of service attack (DDoS) or exploited mistakes in its PHP code.^{[9][10][12][13]} However, the site could still be restored easily by setting up a new domain.^[14]

Since nachash's raid, he has gone on to write a darknet market vendor guide entitled "So, You Want To Be a Darknet Drug Lord…".^[15] and is claimed to have gone MIA in 2015

The new Doxbin claimed nachash shared a Doxbin template-like code on GitHub, which people have since been using inefficiently and that have been taken down after short periods of time. The new Doxbin claims to overcome these issues standing for "highest availability possible".

New Doxbin

The onion Doxbin seized by the FBI when Operation Onymous occurred.

Onion based Doxbin logo

In late 2018, a new Doxbin site on the World Wide Web, which has since been up and the current one being used.^[16]

The new service, claims to "stand for the highest availability possible." and that "your submitted doxes will stay up" (as long as they follow the site's privacy policy and TOS). The site also has multiple domain mirrors (alternatives) in the case of a domain takedown. Additionally claiming to not store any access logs or IP's but only a browser user agent string.

Legality

Because it is hosted in Europe, Doxbin has to follow the GDPR law.

Doxbin does not allow any minor, illegally obtained or harassing/threatening info. It is legal as of GDPR law. Using Section 230 of the Communications Decency Act to be immune to liability and cyberstalking/stalking law, it has an email for law enforcement which this all makes it legally immune.

The privacy section about the illegal information, mentions that they do not allow illegally obtained material and instigates by saying "Can anybody prove it? Not unless you brag about it.", it also says that "Doxbin was not made for harassment, intimidation or to cause nuisance." but also mentions that "It is impossible for some php code to harass somebody."

"Any pastes directly threatening and/or attempt to injure or hurt any particular individuals will be swiftly removed."

"Hall of Autism"

The Hall of Autism is a page on Doxbin that has a list of notorious doxes, and that is used to insult people based on their regrettable pasts and things they've done, such as "script kiddies". It also has pedophiles and other like-minded people.

It's mostly big notorious doxes in the community that are added there.

Database Leak

In November 2021, Doxbin was sold to a person under the alias "White". According to kt and Brenton, he proceeded to do nothing but break the site and get bullied. He then put the site up for sale again.

Brenton and kt offered to buy Doxbin back and White agreed, but due to him not being a part of the project anymore, he got demoted in Doxbin's community Discord server.

White then got "upset" and tried to steal Doxbin's Discord server vanity invite (a custom public server invitation link) and attempted to also take back the domains and Telegram group.

White refused to hand over Doxbin's Twitter account, but kt hacked into it. Though he couldn't change the email or password. "kt" then used that account to tweet something against Twitter's TOS and Guidelines, which ended up getting the account banned. In Doxbin's official post, they wrote a statement saying "If we can't have it, nobody can."

Between 9th November 2021 - January 4th 2022, anyone who logged into Doxbin had their account credentials leaked in plain text. Bcrypt hashed passwords (before White owned Doxbin), blacklist information, 2FA secret codes, also got leaked with it.

kt and Brenton say "The compromised data is an issue, and will impact our reputation heavily; but it happened and we cannot change it."

White and Lapsus$

White was doxxed, but he was also a member of a new ransomware group called Lapsus$ which had a list of notable breaches, such as ones from Nvidia or T-Mobile.

White's house got raided on the morning of April 1, 2022 and earlier in December 2021, both for relations to Lapsus$

However, when Lapsus$ got caught, White got charged with:

• Three counts of unauthorized access to a computer with intent to impair the reliability of data.
• One count of fraud by false representation.
• One count of unauthorized access to a computer with intent to hinder access to data.
• One count of causing a computer to perform a function to secure unauthorized access to a program.

The UK National Health Service confirmed that the dox was used in the police investigation. ("The UK National Health Service has confirmed this paste helped in the police investigation.")

Notes

1. The "White and Lapsus$" section contains info from a source that violates Wikipedia's privacy guidelines. Therefore no citations will be added. Same for section "Legality"[[#ref_{{{1}}}|^]]
2. The sources in "Database Leak" section use impudence and trash talk and come from a blacklisted source[[#ref_{{{1}}}|^]]
3. Do not add links to the site itself, as it is blacklisted.

See also

• Cyberstalking legislation
• Internet privacy
• Privacy law

References

1. Keller, Kevin. "The Tor browser: A forensic investigation study". The Tor Browser: A Forensic Investigation Study.
2. Fox-Brewster, Tom (2014-12-09). "The darkweb's nihilistic vigilante sees the light". The Guardian. ISSN 0261-3077. Archived from the original on 2021-03-23. Retrieved 2020-11-06.
3. Howell O'Neill, Patrick (10 November 2014). "Dark Net hackers steal seized site back from the FBI". Daily Dot. Archived from the original on 17 November 2014. Retrieved 25 January 2015.
4. Howell O'Neill, Patrick (12 March 2014). "Deep Web hub hacked and shut down over child porn links". Daily Dot. Archived from the original on 2015-04-02. Retrieved 2015-01-25.
5. Mead, Derek (13 March 2014). "A Hacker Scrubbed Child-Porn Links from the Dark Web's Most Popular Site". Vice. Archived from the original on 11 October 2016. Retrieved 26 August 2017.
6. "Twitter Founders' Personal Information Released on Doxbin". Darkweb News. 12 June 2014. Archived from the original on 27 January 2015. Retrieved 27 January 2015.
7. Tarquin (June 12, 2014). "Twitter Founders' Personal Information Released on DOXBIN". Archived from the original on 27 January 2015. Retrieved 20 August 2015.
8. "Site Doxx'es Judge of Silk Road Case – Calls To "Swat" Her". DeepDotWeb. 13 October 2014. Archived from the original on 24 March 2015. Retrieved 25 January 2015.
9. Rauhauser, Neal (11 November 2014). "Doxbin's Nachash On Operation Onymous (P.1)". DeepDotWeb. Archived from the original on 28 January 2015. Retrieved 25 January 2015.
10. Gallagher, Sean (9 November 2014). "Silk Road, other Tor "darknet" sites may have been "decloaked" through DDoS". Ars Technica. Archived from the original on 22 April 2017. Retrieved 14 June 2017.
11. O'Neill, Patrick Howell (17 November 2014). "Tor eyes crowdfunding campaign to upgrade its hidden services". Daily Dot. Archived from the original on 12 February 2015. Retrieved 25 January 2015.
12. Muadh, Zubair (12 November 2014). "Doxbin's Nachash On Operation Onymous (P.2)". Deepdotweb. Archived from the original on 28 January 2015. Retrieved 25 January 2015.
13. nachash [handle]. "[tor-dev] yes hello, internet supervillain here". [tor-dev] mailing list archive. Archived from the original on 2015-02-04. Retrieved 2015-01-25.
14. "The darkweb's nihilistic vigilante sees the light". the Guardian. 2014-12-09. Archived from the original on 2021-03-23. Retrieved 2021-04-28.
15. DeepDotWeb (15 April 2015). "So, You Want To Be a Darknet Drug Lord…". Archived from the original on 19 October 2015. Retrieved 21 September 2015.
16. "Wayback Machine". web.archive.org. Retrieved 2022-04-26.