Monday, January 20, 2014

"The Adventures of a Cybercrime Gumshoe" (the guy who broke the Target story)

From BusinessWeek:

The Cybersecurity Blogger Hackers Love to Hate

“Some of these communities, you don’t just say, ‘Hey, what’s up, guys?’ ”—Brian Krebs
Photograph by Kristof Clerix
“Some of these communities, you don’t just say, ‘Hey, what’s up, guys?’ ”—Brian Krebs
The people who dislike cybersecurity blogger Brian Krebs aren’t subtle. In early January, Krebs got a bag of poop in the mail. That was better than the time last summer when he received 13 packets of heroin. Both were way, way better than the day last March when a SWAT team descended on his doorstep, lured by a fake report of a hostage situation. “Having multiple automatic weapons pointed at your head is not my idea of a great time,” Krebs deadpans. “The kind of work I do, I paint a big target on my head.”

Krebs’s talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals. His track record of scoops, including the Dec. 18 revelation that hackers stole tens of millions of customers’ financial data from Target (TGT), has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting. (Target didn’t respond to a request for comment.) Krebs often posts step-by-step details—without outing his sources—of how he’s uncovered which hackers breached whose corporate defenses. “That’s something people really want,” says Andy Ellis, chief security officer at Akamai Technologies (AKAM). “Everything he writes is some of our best open-source intelligence.”

Krebs, 41, started covering cybersecurity as a reporter for the Washington Post, where he’d worked his way up from the circulation department after college. In 2005 he launched the Post’s Security Fix blog and began to infiltrate the online forums and chat rooms where criminals often operate. “Some of these communities, you don’t just say, ‘Hey, what’s up, guys?’ ” Krebs says. He learned hacker slang, listened to hundreds of hours of Russian language lessons, and persuaded industry sources to share their tricks.
In 2009, when the Post merged its online and print newsrooms, Krebs lost his job. After the initial shock wore off, he started his own blog, krebsonsecurity.com. “I really wanted to continue doing what I was doing and didn’t see any reason to stop,” he says. He was the first to report on the existence of the Stuxnet virus, broke the news of a hack at Adobe Systems (ADBE), and uncovered how the credit bureau Experian (EXPN:LN) was tricked into selling consumer data to identity thieves. In a statement on Adobe’s website, the company’s chief security officer, Brad Arkin, thanked Krebs for his help.

On a typical day, Krebs runs on his treadmill, downs a smoothie, then by 9 a.m. heads to what he half-jokingly calls his command center, the U-shaped desk that fills most of a guest bedroom. On his desk sits a laptop and four monitors. One streams images from home security cameras, which he upgraded after the SWAT incident. A 12-gauge shotgun, another recent addition, leans in the corner.

“No intelligence agency could get as much as Brian Krebs does,” says Lance James, the head of intelligence at Deloitte. “Everybody wants to share with him.” When two Russian spammers who processed payments for fraudulent online pharmacies hacked each other, each sent the other’s accounting files to Krebs. (He’s turning that story into a book due out later this year from Sourcebooks.) Hackers also plant Krebs’s name in code on their malware. One hosted a malware network at f**kbriankrebs.com....MUCH MORE
HT to and headline from Mr. Krebs' blog, Krebs on Security