In the past year, Eastern European cybercriminals have stolen Brian Krebs’ identity a half-dozen times, brought down his Web site, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep and called a SWAT team to his home just as his mother was arriving for dinner.
“I can’t imagine what my neighbors think of me,” he said.
Krebs, 41, tries to write articles that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Krebs was first to uncover at Adobe, Target and Neiman Marcus.
He covers this niche with much the same tenacity as his subjects, earning him their respect and occasional ire.
Krebs — a former reporter at the Washington Post who taught himself to read Russian while jogging on his treadmill and who blogs with a 12-gauge shotgun by his side — is so entrenched in the digital underground that he is on a first-name basis with some of Russia’s major cybercriminals. Many call him regularly, leak him documents about their rivals and try to bribe and threaten him to keep their names and dealings off his blog.
His clean-cut looks and plain-speaking demeanor seem more appropriate for a real-estate broker than a man who spends most of his waking hours studying the Internet’s underbelly. However, few have done more to shed light on the digital underground than Krebs.
His obsession with hackers kicked in when he was just another victim. In 2001, a computer worm — a malicious software program that can spread quickly — locked him out of his home computer.
“It felt like someone had broken into my home,” Krebs said.
He started looking into it. And he kept looking, learning about spam, computer worms and the underground industry behind it. Eventually, his anger and curiosity turned into a full-time beat at the Post and then on his own blog.
“I realized that if security breaks down, the technology breaks down,” Krebs said.
Today, he maintains extensive files on criminal syndicates and their tools. Some security experts readily acknowledge that he knows more about Russia’s digital underground than they do.
“I would put him up against the best threat intelligence analyst,” said Rodney Joffe, senior vice president at Neustar, an Internet infrastructure firm.
“Many of us in the industry go to him to help us understand what the Eastern European criminals are doing, how they work with each other and who is doing what to whom,” he said.
That proved the case in December last year when Krebs uncovered the Target breach, which led to what could be the biggest known Internet credit-card heist. That month, he had been poking around private, underground forums where criminals were bragging about a fresh haul of credit and debit cards.
Soon after, one of Krebs’ banking sources called to report a high number of fraudulent purchases and asked whether Krebs could pinpoint their origin. The source said that he had bought a large batch of stolen cards from an underground site and that they all appeared to have been used at Target.
Krebs checked with a contact at a second bank that had also been dealing with a spike in fraud. Together, they visited one forum and bought a batch of stolen cards. Again, the cards appeared to have one thing in common: They had been used at Target from late November last year to mid-December.