Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Akamai’s “Would-be” Spy and What He Disclosed to Under Cover Agents

Akamai Employee Elliot Doxer and What He Disclosed to Federal Agents

Akamai Employee Arrested

Akamai Employee Elliot Doxer and What He Disclosed to Federal Agents

Akamai Employee Arrested

Following this week’s story of an Akamai Employee being arrested and charged in federal court with secretly providing confidential business information to a person he believed to be an agent of a foreign government, we have some additional details gathered from court documents filed by the FBI.

Here’s a summarized order of events and what Elliot Doxer had disclosed to the under cover agent over the course of the investigation.

On June 22, 2006, Doxer sent the following email to the Consulate Of Country X in Boston. Due to several references Doxer made, we assume “Country X” to be Israel but that has not been officially confirmed. His original email, according to court documents reads as follows:

I am a jewish American who lives in Boston. I know you are always Looking for information and I am offering the little I may have. I work in a high tech company Called Akamai technologies and I Work in the finance department. We have more important clients Including department of defense, airline manufacturers like Airbus and some Arab companies from Dubai. And today, Attorney General Alberto Gonzales is here on premises. I would be happy to provide Information to you but the limit of my information is invoicing and customer contact information. All this may not be of any value to you but I would offer any help i can to help [Country X].

On September 18, 2007, an FBI undercover agent (“UA”) pretending to be an agent of country X, called Akamai’s general telephone number and asked to talk to “Elliot Doxer.” After the agent was transferred, a male came on the line and acknowledged that he was Doxer. The conversation (omitting pauses and non-grammatical interjections) between the UA and Doxer proceeded as follows:

UA: Elliot, my name is Benjamin.

Doxer: Yeah.

UA: I am calling because I believe that you and I, I understand that we share a mutual interest in the welfare of our people and our homeland.

Doxer: Okay UA: And, you may recall that you made an offer, an offer to help us about a year ago or so.

Doxer: Ah! Is this who I think it is?

UA: I think you know exactly who it is.

Doxer: Okay.

UA: The – it took us a little while, but, finally, we’re getting in touch with you regarding that matter.

Doxer: Okay. Doxer: You know I mean, I don’t have much to offer, but whatever, whatever I have, you know, I want to help. [Laughter]

UA: Well look, look you know it’s like a jigsaw puzzle, sometimes the pieces of the puzzle, and they may to you seem insignificant –

Doxer: – Okay –

Starting in October, 2007 an under cover FBI agent setup a “dead drop” location for them to exchange documents. The FBI setup video surveillance of the drop location and was able to confirm that individual visiting the location matched that of an RMV photograph of Elliot Doxer. According to court documents, Doxer visited the dead drop on at least 62 occasions to place items, retrieve items, and/or check for new items. Here’s a list of some information that was exchanged:

November 27, 2007 – Thirteen page list identifying Over 2,000 customers and customer contact data

April 14, 2008 – Contract papers between Akamai and a US Department of Defense contractor.

May 14, 2008 – Contractual papers between Akamai and an aerospace company, noting that the United States Airforce was the end user of the Akamai services.

June 27, 2008 – List of approximately 1,300 Akamai employees along with their office location, office phone numbers and e-mail addresses.

March 13, 2009 – Five Akamai business contracts, three of which were indicated as current customers, each including sensitive details including terms and pricing.

March 31, 2009 – Ten Akamai business contracts, three of which had expired, also containing contact details and contract terms and pricing.

What would a foreign country do with such information? Not much. As Doxer even described himself, the information he was able to provide may have little no worth to “Country X” – But what if this was “Company X” instead, a competitor perhaps?

Also, based on Doxer’s position, he doesn’t have access to any network or customer data, the true sensitive information that Akamai maintains. While Akamai doesn’t disclose the names of all it’s customers, most of the company’s customers can be figured out by searching Web site code or running some DNS queries.

Doxer is reportedly being held without bail and has not yet obtained an attorney to represent him. If convicted, Doxer faces a maximum penalty of 20 years’ imprisonment, a three-year term of supervised release, a $250,000 fine or twice the gain or loss, whichever is highest, and restitution to the victim – in this case, Akamai Technologies.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.