Brian Krebs

Born in 1972 inAlabama,^[1]Krebs earned aB.A.inInternational RelationsfromGeorge Mason Universityin 1994.^[2]His interest in cybercriminals grew after acomputer wormlocked him out of his own computer in 2001.^[1]

Krebs started his career atThe Washington Postin the circulation department. From there, he obtained a job as a copy aide in the Post newsroom, where he split his time between sorting mail and taking dictation from reporters in the field. Krebs also worked as an editorial aide for the editorial department and the financial desk. In 1999, Krebs went to work as a staff writer for Newsbytes, a technology newswire owned byThe Washington Post.^[3]

When thePostsold Newsbytes in 2002, Krebs transitioned to Washingtonpost inArlington, Virginiaas a full-time staff writer. Krebs's stories appeared in both the print edition of the paper and Washingtonpost. In 2005, Krebs launched theSecurity Fixblog, a daily blog centered around computer security, cyber crime and tech policy. In December 2009, Krebs left Washingtonpost and launched KrebsOnSecurity.

Krebs has focused his reporting at his blog on the fallout from the activities of several organized cybercrime groups operating out ofeastern Europethat have stolen tens of millions of dollars from small to mid-sized businesses throughonlinebanking fraud.^[4]Krebs has written more than 75 stories about small businesses and other organizations that were victims of online banking fraud, an increasingly costly and common form of cybercrime.

Krebs wrote a series of investigative stories that culminated in the disconnection or dissolution of several Internet service providers that experts said catered primarily to cyber criminals. In August 2008, a series of articles he wrote forThe Washington Post'sSecurity Fixblog led to the unplugging of anorthern Californiabased hosting provider known as Intercage or Atrivo.^[5]

During that same time, Krebs published a two-part investigation on illicit activity at domain name registrarEstDomains,one of Atrivo's biggest customers, showing that the company's president, Vladimir Tšaštšin, recently had been convicted ofcredit card fraud,document forgeryandmoney laundering.^[6]Two months later, theInternet Corporation for Assigned Names and Numbers(ICANN), the entity charged with overseeing the domain registration industry, revoked EstDomains' charter, noting that Tšaštšin's convictions violated an ICANN policy that prohibits officers of a registrar from having a criminal record.^[7]In November 2011, Tšaštšin and five other men would be arrested byEstonianauthorities and charged with running a massiveclick fraudoperation with the help of the DNS Changer Trojan.^[8]

In November 2008, Krebs published an investigative series that led to the disconnection ofMcColo,another northern California hosting firm that experts said was home to control networks for most of the world's largestbotnets.^[9]As a result of Krebs's reporting, both of McColo's upstream Internet providers disconnected McColo from the rest of the Internet, causing an immediate and sustained drop in the volume ofjunk e-mailsent worldwide. Estimates of the amount and duration of the decline in spam due to the McColo takedown vary, from 40 percent to 70 percent, and from a few weeks to several months.^[10]

Krebs is credited with being the first journalist, in 2010, to report on the malware that would later become known asStuxnet.^[11]In 2012, he was cited in a follow-up to another breach ofcreditanddebit carddata, in this case potentially more than 10 million Visa and MasterCard accounts with transactions handled byGlobal Payments Inc.ofAtlanta, Georgia.^[12]

On March 14, 2013, Krebs became one of the first journalists to become a victim ofswatting.^[13]

On December 18, 2013, Krebs broke the story thatTarget Corporationhad been breached of 40 million credit cards. Six days later, Krebs identified a Ukrainian man who Krebs said was behind a primary black market site selling Target customers' credit and debit card information for as much asUS$100 apiece.^[14]In 2014, Krebs published a book calledSpam Nation: The Inside Story of Organized Cybercrime—from Global Epidemic to Your Front Door,which went on to win a 2015PROSE Award.^[15]

In 2016, Krebs's blog was the target of one of the largest everDDoSattacks using theMiraimalware,^[16]apparently in retaliation for Krebs's role in investigating the vDOS botnet.^[17][18][19]Akamai,which was hosting the blog on apro bonobasis, quit hosting his blog as a result of the attack, causing it to shut down.^[20]As of September 25, 2016^[update],Google'sProject Shieldhad taken over the task of protecting his site, also on apro-bonobasis.^[21]

An article by Krebs on 27 March 2018 on KrebsOnSecurity about the mining software company and script "Coinhive" where Krebs published the names of admins of the Germanimageboardpr0gramm,as a former admin is the inventor of the script and owner of the company, was answered by an unusual protest action by the users of that imageboard. Using the pun of "Krebs" meaning "Cancer"inGerman,they donated to charitable organisations fighting against those diseases, collecting more than 200,000 Euro of donations until the evening of 28 March to theDeutsche Krebshilfecharity.^[22]

Prior to 2021, his investigation ofFirst American Financial's prior data breach led to an SEC investigation that concluding that "ensuing company disclosures preceded executives’ knowledge of unaddressed, months-old IT security reports."^[23]

On March 29, 2022,Ubiquiti,a publicly traded technology company founded in San Jose, California, filed a lawsuit^[24]against Brian Krebs and his blog Krebs on Security, in United States District Court for the Eastern District of Virginia. Ubiquiti's defamation complaint alleged "Krebs avoided obvious sources of public information that rebut his false and preconceived narrative against Ubiquiti, and Krebs doubled down on his attack against Ubiquiti despite possessing uncontroverted evidence that his source was incredible and actually involved in the attack" and that "he was determined to publish stories that adhere to his preconceived narrative that Ubiquiti and other companies."^[25]According to an article^[26]byars TECHNICA,Ubiquiti claimed Krebs was "intentionally deceitful" and "financially incentivized" to not correct information the company alleged to be inaccurate. On August 31, 2022, Krebs posted an apology^[27]admitting his "sole source" for his blog post was indicted by federal prosecutors for among other things "providing false information to the press." He closes his statement by saying he "missed the mark and, as a result, I would like to extend my sincerest apologies to Ubiquiti." The following day attorneys for both parties made a joint motion for "Stipulation of Dismissal".^[28]

• 2004 –Carnegie MellonCyLab Cybersecurity Journalism Award of Merit^[29]
• 2005 –CNETNews listedSecurity Fixas one of the top 100 blogs, saying "Good roundup of significant security issues. The Washington Post's Brian Krebs offers a userful, first-person perspective".^[30]
• 2009 – Winner ofCisco Systems' 1st Annual "Cyber Crime Hero" Award^[31]
• 2010 – Security Bloggers Network, "Best Non-Technical Security Blog"^[32]
• 2010 – SANS Institute Top Cybersecurity Journalist Award^[33]
• 2011 – Security Bloggers Network, "Blog That Best Represents the Industry"^[34]
• 2014 – National Press Foundation, "Chairman's Citation Award"^[35]
• 2017 – ISSA's President's Award For Public Service^[36]
• 2019 –CISO MAG’s Cybersecurity Person of the Year^[37]

Topics of Krebs's work:

• Intuit
• mSpy
• Russian Business Network
• BlueLeaks
• Dark0de

• Official website
• Aghast at Avast’s iYogi Support
• CNET News.Com "Blog 100" review^{[permanent dead link‍]}
• AppearancesonC-SPAN