Security blogger's latest whodunit comes with a twist
Security blogger Brian Krebs is used to helping journalists explain the latest hack attack, and there have been plenty lately affecting the likes of Evernote, Twitter, Facebook, Apple and Microsoft. He isn’t used to being the story himself.
Such was the case this week when a denial of service attack shut down his website while at the same time police showed up at his door, pointed guns at him and threw him into handcuffs.
In a post titled “The World Has No Room For Cowards,” Krebs details what happened Thursday.
The story actually starts last August when Krebs filed a police report after receiving threats following a post he wrote about a service now located at booter.tw that can be hired to knock websites offline.
“One of the reasons that I opted to file the report was because I knew some of the young hackers who frequented the forum on which this service was advertised had discussed SWATting someone as a way of exacting revenge or merely having fun at the target’s expense,” Krebs wrote.
Swatting is when someone tricks authorities into dispatching units based on a false report. In Krebs’ case this week, someone spoofed his cell phone number to report that Russians had broken into his home and shot his wife — hence, the firearms pointed at him when he opened his front door.
Earlier in the day, Prolexic, a company that protects websites from DoS attacks, forwarded to Krebs a bogus letter it had received supposedly from the FBI that said his site should be shut down, accusing him of hosting illegal content and profiting from cybercriminal activity. The letter also included several references to a story Krebs had published regarding sssdob.ru, a site that sells access to Social Security numbers and credit reports.
After being cleared by police and later investigating the attack on his website, Krebs says he found evidence that booter.tw, the site that prompted his police report last year, may have been involved.
“For some bone-headed reason, the entire customer database file for booter.tw appears to be available for download if you happen to know the link to the archive. A search through that record shows that on Thursday afternoon Eastern Time, someone paid booter.tw to launch a series of denial-of-service attacks against my website,” Krebs wrote.
The story doesn’t end there.
After granting Ars Technica an interview about the incident, the tech website was also briefly knocked offline by what looks to be the same person who harassed Krebs.
Krebs, who has helped dismantle massive bot nets, tracked cyber criminals in person and made public volumes of criminal evidence against them, is used to getting attention, just not this dramatic.
He has been described by InfoWorld as “one of the best cyber crime journalists of his generation” who displays “a deeper understanding of organized cyber criminal gangs than most cyber cops.”