Brian Krebs

Last updated

Brian Krebs
Born1972 (age 5152)
Alabama, U.S.
Education B.A. in International Relations, George Mason University, 1994
Occupation(s)Security journalist
Investigative reporter
Organization The Washington Post (1995–2009)
Known forCoverage of profit-seeking cybercriminals
Website krebsonsecurity.com

Brian Krebs (born 1972) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. [1] Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.

Contents

Early life and education

Born in 1972 in Alabama, [1] Krebs earned a B.A. in International Relations from George Mason University in 1994. [2] His interest in cybercriminals grew after a computer worm locked him out of his own computer in 2001. [1]

Career

1999–2007

Krebs started his career at The Washington Post in the circulation department. From there, he obtained a job as a copy aide in the Post newsroom, where he split his time between sorting mail and taking dictation from reporters in the field. Krebs also worked as an editorial aide for the editorial department and the financial desk. In 1999, Krebs went to work as a staff writer for Newsbytes.com, a technology newswire owned by The Washington Post. [3]

When the Post sold Newsbytes in 2002, Krebs transitioned to Washingtonpost.com in Arlington, Virginia as a full-time staff writer. Krebs's stories appeared in both the print edition of the paper and Washingtonpost.com. In 2005, Krebs launched the Security Fix blog, a daily blog centered around computer security, cyber crime and tech policy. In December 2009, Krebs left Washingtonpost.com and launched KrebsOnSecurity.com.

Krebs has focused his reporting at his blog on the fallout from the activities of several organized cybercrime groups operating out of eastern Europe that have stolen tens of millions of dollars from small to mid-sized businesses through online banking fraud. [4] Krebs has written more than 75 stories about small businesses and other organizations that were victims of online banking fraud, an increasingly costly and common form of cybercrime.

2008–2012

Krebs wrote a series of investigative stories that culminated in the disconnection or dissolution of several Internet service providers that experts said catered primarily to cyber criminals. In August 2008, a series of articles he wrote for The Washington Post's Security Fix blog led to the unplugging of a northern California based hosting provider known as Intercage or Atrivo. [5]

During that same time, Krebs published a two-part investigation on illicit activity at domain name registrar EstDomains, one of Atrivo's biggest customers, showing that the company's president, Vladimir Tšaštšin, recently had been convicted of credit card fraud, document forgery and money laundering. [6] Two months later, the Internet Corporation for Assigned Names and Numbers (ICANN), the entity charged with overseeing the domain registration industry, revoked EstDomains' charter, noting that Tšaštšin's convictions violated an ICANN policy that prohibits officers of a registrar from having a criminal record. [7] In November 2011, Tšaštšin and five other men would be arrested by Estonian authorities and charged with running a massive click fraud operation with the help of the DNS Changer Trojan. [8]

In November 2008, Krebs published an investigative series that led to the disconnection of McColo, another northern California hosting firm that experts said was home to control networks for most of the world's largest botnets. [9] As a result of Krebs's reporting, both of McColo's upstream Internet providers disconnected McColo from the rest of the Internet, causing an immediate and sustained drop in the volume of junk e-mail sent worldwide. Estimates of the amount and duration of the decline in spam due to the McColo takedown vary, from 40 percent to 70 percent, and from a few weeks to several months. [10]

Krebs is credited with being the first journalist, in 2010, to report on the malware that would later become known as Stuxnet. [11] In 2012, he was cited in a follow-up to another breach of credit and debit card data, in this case potentially more than 10 million Visa and MasterCard accounts with transactions handled by Global Payments Inc. of Atlanta, Georgia. [12]

2013–present

On March 14, 2013, Krebs became one of the first journalists to become a victim of swatting. [13]

On December 18, 2013, Krebs broke the story that Target Corporation had been breached of 40 million credit cards. Six days later, Krebs identified a Ukrainian man who Krebs said was behind a primary black market site selling Target customers' credit and debit card information for as much as US$100 apiece. [14] In 2014, Krebs published a book called Spam Nation: The Inside Story of Organized Cybercrime—from Global Epidemic to Your Front Door, which went on to win a 2015 PROSE Award. [15]

In 2016, Krebs's blog was the target of one of the largest ever DDoS attacks using the Mirai malware, [16] apparently in retaliation for Krebs's role in investigating the vDOS botnet. [17] [18] [19] Akamai, which was hosting the blog on a pro bono basis, quit hosting his blog as a result of the attack, causing it to shut down. [20] As of September 25,2016, Google's Project Shield had taken over the task of protecting his site, also on a pro-bono basis. [21]

An article by Krebs on 27 March 2018 on KrebsOnSecurity.com about the mining software company and script "Coinhive" where Krebs published the names of admins of the German imageboard pr0gramm, as a former admin is the inventor of the script and owner of the company, was answered by an unusual protest action by the users of that imageboard. Using the pun of "Krebs" meaning "Cancer" in German, they donated to charitable organisations fighting against those diseases, collecting more than 200,000 Euro of donations until the evening of 28 March to the Deutsche Krebshilfe charity. [22]

Prior to 2021, his investigation of First American Financial's prior data breach led to an SEC investigation that concluding that "ensuing company disclosures preceded executives’ knowledge of unaddressed, months-old IT security reports." [23]

Allegations of defamation, lawsuit and apology

On March 29, 2022, Ubiquiti, a publicly traded technology company founded in San Jose, California, filed a lawsuit [24] against Brian Krebs and his blog Krebs on Security, in United States District Court for the Eastern District of Virginia. Ubiquiti's defamation complaint alleged "Krebs avoided obvious sources of public information that rebut his false and preconceived narrative against Ubiquiti, and Krebs doubled down on his attack against Ubiquiti despite possessing uncontroverted evidence that his source was incredible and actually involved in the attack" and that "he was determined to publish stories that adhere to his preconceived narrative that Ubiquiti and other companies." [25] According to an article [26] by ars TECHNICA, Ubiquiti claimed Krebs was "intentionally deceitful" and "financially incentivized" to not correct information the company alleged to be inaccurate. On August 31, 2022, Krebs posted an apology [27] admitting his "sole source" for his blog post was indicted by federal prosecutors for among other things "providing false information to the press." He closes his statement by saying he "missed the mark and, as a result, I would like to extend my sincerest apologies to Ubiquiti." The following day attorneys for both parties made a joint motion for "Stipulation of Dismissal". [28]

Awards and recognition

See also

Topics of Krebs's work:

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Bulletproof hosting</span> Internet service for use by cyber-criminals

Bulletproof hosting (BPH) is technical infrastructure service provided by an Internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks. BPH providers allow online gambling, illegal pornography, botnet command and control servers, spam, copyrighted materials, hate speech and misinformation, despite takedown court orders and law enforcement subpoenas, allowing such material in their acceptable use policies.

<span class="mw-page-title-main">Internet governance</span> System of laws, policies and practices

Internet governance consists of a system of laws, rules, policies and practices that dictate how its board members manage and oversee the affairs of any internet related-regulatory body. This article describes how the Internet was and is currently governed, some inherent controversies, and ongoing debates regarding how and why the Internet should or should not be governed in the future.

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure. Shadowserver provides its data at no cost to national CSIRTs and network owners.

<span class="mw-page-title-main">McColo</span> Defunct web hosting provider used for cybercrime

McColo was a US-based web hosting service provider that was, for a long time, the source of the majority of spam-sending activities for the entire world. In late 2008, the company was shut down by two upstream providers, Global Crossing and Hurricane Electric, because a significant amount of malware and botnets had been trafficking from the McColo servers.

EstDomains was a website hosting provider and a Delaware corporation headquartered in downtown Tartu, Estonia. EstDomains was known for hosting websites with malware, child pornography, and other illegal content. Brian Krebs of The Washington Post stated that EstDomains "appeared to be the registrar of choice for the infamous Russian Business Network." EstDomains was one of the largest domain registrars in the world. By 2007 EstDomains gained a reputation for hosting illegal content.

<span class="mw-page-title-main">Jart Armin</span> Cybercrime and computer security investigator and analyst

Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.

Jigsaw LLC is a technology incubator created by Google. It formerly operated as an independent subsidiary of Alphabet Inc., but came under Google management in February 2020. Based in New York City, Jigsaw is dedicated to understanding global challenges and applying technological solutions. From "countering extremism", online censorship, and cyber-attacks to protecting access to information. The current CEO is Yasmin Green.

<span class="mw-page-title-main">Ubiquiti</span> American technology company

Ubiquiti Inc. is an American technology company founded in San Jose, California, in 2003. Now based in New York City, Ubiquiti manufactures and sells wireless data communication and wired products for enterprises and homes under multiple brand names. On October 13, 2011, Ubiquiti had its initial public offering (IPO) at 7.04 million shares, at $15 per share, raising $30.5 million.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

The University College Dublin Centre for Cybersecurity & Cybercrime Investigation is a centre for research and education in cybersecurity, cybercrime and digital forensic science in Dublin, Ireland.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 DDoS attacks on Dyn. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

ThreatConnect is a cyber-security firm based in Arlington, Virginia. They provide a Threat Intelligence Platform for companies to aggregate and act upon threat intelligence.

<span class="mw-page-title-main">MalwareMustDie</span> Whitehat security research workgroup

MalwareMustDie, NPO is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog. They have a list of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is an American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

<span class="mw-page-title-main">Chris Krebs</span> American cybersecurity and infrastructure security expert (born 1977)

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020, when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

Ruslan Stoyanov is a Russian computer scientist. In December 2016, he was arrested on charges of treason as part of the Mikhailov case. In 2019, he was sentenced to 14 years in prison.

<span class="mw-page-title-main">DDoS-Guard</span> Russian-owned Internet infrastructure services provider

DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection and web hosting services. Researchers and journalists have alleged that many of DDoS-Guard's clients are engaged in criminal activity, and investigative reporter Brian Krebs reported in January 2021 that a "vast number" of the websites hosted by DDoS-Guard are "phishing sites and domains tied to cybercrime services or forums online". Some of DDoS-Guard's notable clients have included the Palestinian Islamic militant nationalist movement Hamas, American alt-tech social network Parler, and various groups associated with the Russian state.

Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.

References

  1. 1 2 3 Perlroth, Nicole. "Reporting From the Web's Underbelly." The New York Times . Retrieved February 28, 2014.
  2. Krebs, Brian. "Symposium III: Cybersecurity". UC Santa Barbara. Archived from the original on August 17, 2012. Retrieved July 27, 2013.
  3. Weise, Karen (January 16, 2014). "Brian Krebs: The cybersecurity blogger hackers love to hate". Business Week . Archived from the original on January 17, 2014. Retrieved January 17, 2014.
  4. "Target: Small Businesses". Krebs On Security. Archived from the original on February 24, 2017. Retrieved February 23, 2017.
  5. Krebs, Brian. "Security Fix — Report Slams U.S. Host as Major Source of Badware". Voices.washingtonpost.com. Archived from the original on September 3, 2008. Retrieved February 14, 2012.
  6. Krebs, Brian. "Security Fix — EstDomains: A Sordid History and a Storied CEO". Voices.washingtonpost.com. Archived from the original on July 9, 2009. Retrieved February 14, 2012.
  7. Krebs, Brian. "Security Fix — ICANN De-Accredits EstDomains for CEO's Fraud Convictions". Voices.washingtonpost.com. Archived from the original on July 21, 2012. Retrieved February 14, 2012.
  8. "The United States Department of Justice — United States Attorney's Office". Justice.gov. November 9, 2011. Retrieved February 14, 2012.[ permanent dead link ]
  9. Krebs, Brian (November 11, 2008). "Major Source of Online Scams and Spams Knocked Offline". The Washington Post. Archived from the original on March 23, 2009.
  10. "McColo Outage". Cbl.abuseat.org. Archived from the original on December 18, 2008. Retrieved February 14, 2012.
  11. Gross, Michael Joseph (March 2, 2011). "Stuxnet Worm: A Declaration of Cyber-War". Vanity Fair . Retrieved September 25, 2016.
  12. Waters, Jennifer (March 30, 2012). "What to do if you fear your credit card's hacked". MarketWatch .
  13. Jackman, Tom (March 27, 2013). "'SWATing,' the seamy 'underweb,' and award-winning Fairfax cybercrime journalist Brian Krebs". The Washington Post. Retrieved July 27, 2013.
  14. Perlroth, Nicole (December 24, 2013). "Who Is Selling Target's Data?". The New York Times Company. Retrieved December 27, 2013.
  15. PROSE Awards. "PROSE Awards: Winners". proseawards.com.
  16. "The internet of stings". The Economist. October 8, 2016.
  17. Ms. Smith (September 11, 2016). "Krebs' site under attack after alleged owners of DDoS-for-hire service were arrested". Network World. Archived from the original on September 12, 2016. Retrieved September 25, 2016.
  18. "Massive web attack hits security blogger". BBC. September 22, 2016. Retrieved September 25, 2016.
  19. Kovacs, Eduard (September 21, 2016). "Brian Krebs' Blog Hit by 665 Gbps DDoS Attack". Security Week. Retrieved September 25, 2016.
  20. Evans, Steve (September 23, 2016). "Krebs Website Offline After Akamai Withdraws DDoS Protection". Infosecurity Magazine. Retrieved September 23, 2016.
  21. Krebs, Brian (September 25, 2016). "The Democratization of Censorship". Krebs On Security.
  22. Catalin Cimpanu: Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article. bleepingcomputer.com, 28 March 2018
  23. Noah Barsky (August 31, 2021). "The SEC Exposed Cybersecurity's Fatal Flaw — Executive Resistance To Bad News". Forbes .
  24. "UBIQUITI INC. v. KREBS, 1:22-cv-00352 - CourtListener.com". CourtListener. Retrieved July 16, 2024.
  25. "https://storage.courtlistener.com/recap/gov.uscourts.vaed.521759/gov.uscourts.vaed.521759.1.0.pdf" (PDF). courtlistener.com. March 29, 2022.{{cite web}}: External link in |title= (help)
  26. Chant, Tim De (March 31, 2022). "Ubiquiti sues journalist, alleging defamation in coverage of data breach". Ars Technica. Retrieved July 16, 2024.
  27. "Final Thoughts on Ubiquiti – Krebs on Security" . Retrieved July 16, 2024.
  28. "Stipulation of Dismissal – #22 in UBIQUITI INC. v. KREBS (E.D. Va., 1:22-cv-00352) – CourtListener.com". CourtListener. Retrieved July 16, 2024.
  29. "2004 Cybersecurity Journalism Awards :: CyLab". Cylab.cmu.edu. Archived from the original on March 6, 2006. Retrieved February 14, 2012.
  30. "News.com's Blog 100 | CNET News.com". News.com.com. Retrieved February 14, 2012.[ permanent dead link ]
  31. "Security" (PDF). Cisco. July 17, 2015.
  32. "RSA Conference | Security Blogger Meetup | They're all winners". Archived from the original on March 5, 2013. Retrieved January 15, 2014.
  33. "2010 Top Cyber Security Journalist Award Winners". SANS. February 10, 2012. Retrieved February 14, 2012.
  34. "RSA Conference | Security Blogger Meetup | And the Winners Are". 365.rsaconference.com. Archived from the original on February 14, 2012. Retrieved February 14, 2012.
  35. "The 2014 Chairman's Citation Winner" . Retrieved November 10, 2015.
  36. "ISSA International Awards".
  37. "Brian Krebs is the CISO MAG Cybersecurity Person of the Year". May 29, 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.