SAN FRANCISCO — In the last year, Eastern European cybercriminals have stolen Brian Krebs’s identity a half-dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home — just as his mother was arriving for dinner.
“I can’t imagine what my neighbors think of me,” he said dryly.
Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds, and heists like the recent ones that Krebs was first to uncover at Adobe, Target, and Neiman Marcus.
Krebs — a former reporter at The Washington Post, he taught himself to read Russian while jogging on his treadmill and blogs with a shotgun by his side — is so entrenched in the digital underground that he is on a first-name basis with major Russian cybercriminals. Many call him regularly, leak him documents about their rivals, and try to bribe and threaten him to keep their names and dealings off his blog. But few have done more to shed light on the digital underground than Krebs.
His obsession with hackers kicked in when he was just another victim. In 2001, a computer worm — a malicious software program that can spread quickly — locked him out of his home computer. “It felt like someone had broken into my home,” Krebs recalled.
He started looking into it. And he kept looking, learning about spam, computer worms, and the underground industry behind it. Eventually, his anger and curiosity turned into a full-time beat at The Post and then on his own blog.
Today, he maintains extensive files on criminal syndicates and their tools. Some security experts readily acknowledge he knows more about Russia’s digital underground than they do.
“I would put him up against the best threat intelligence analyst,” said Rodney Joffe, senior vice president at Neustar, an Internet infrastructure firm. “Many of us in the industry go to him to help us understand what the Eastern European criminals are doing.”
That proved the case in December, when Krebs uncovered the Target breach leading to what could be the biggest known Internet credit card heist. He had been poking around underground forums where criminals were bragging about a fresh haul of credit and debit cards. In following weeks, Krebs discovered breaches at Neiman Marcus; Michaels, the arts and crafts retailer; and White Lodging, which manages franchises for major hotel chains like Hilton, Marriott, and Starwood Hotels.
It is still unclear whether the attacks were related, but at least 10 other retailers may have been hit by the same hackers that hit Target but are reluctant to acknowledge it.
That is where Krebs comes in. Unlike physical crime — a bank robbery, for example, quickly becomes public — online thefts are hushed up by companies that worry the disclosure will inflict more damage than the theft, allowing hackers to raid multiple companies before consumers hear about it.
“There’s a lot going on in this industry that impedes the flow of information,” Krebs said. “And there’s a lot of money to be made in having intelligence and information about what’s going on in the underworld. It’s big business but most people don’t want to pay for it, which explains why they come to someone like me.”
Krebs is “doing the security industry an enormous favor by disseminating real-time threat information,” said Barmak Meftah, chief executive of AlienVault, a threat-detection service. “We are only as strong as our information. Unless we are very specific and effective about exchanging threat data when one of us gets breached, we will always be a step behind the attackers.”
The tally of victims from the breaches at Target, Neiman Marcus, and others now exceeds one-third of the US population — a grim factoid that may offer Krebs a strange sense of career vindication.
His readership is growing. In December, 850,000 readers visited his blog, mostly to learn more about the breach at Target. Though he will not disclose figures, Krebs says the salary he now makes from advertising, occasional speaking engagements, and consulting work is a “nice bump” from what he earned at The Post.
But there are risks implicit to being a one-man operation.
“The work that he’s done exposing Eastern European hackers has been seminal,” said Tom Kellermann, vice president at Trend Micro, a computer security company. “But Brian needs a bodyguard.”
Russian criminals routinely feed Krebs information about their rivals they obtain through hacks. After one episode, he began getting daily calls from a Russian cybercriminal seeking his files back. Krebs is writing a book about the ordeal, called “Spam Nation,” to be published by Sourcebooks this year.