Dec. 29 marks the 4th anniversary of KrebsOnSecurity.com! Below are a few highlights from this past year, and a taste of what readers can look forward to here in 2014.
If there was an important data breach in 2013, chances are that news of it first broke on this blog. Among KrebsOnSecurity’s biggest scoops this year were stories about breaches at Adobe, Bit9, Experian, LexisNexis, Target and The Washington Post.
Some of these stories are ongoing and will unfurl reluctantly but gradually throughout 2014. Look for a more thorough explanation of what really happened when Experian sold more than a year’s worth of consumer credit data directly to an underground service marketed to identity thieves, for example. And of course, we will almost certainly learn more about the “how” and “who” of the massive attack on Target.
The audience for this blog has grown tremendously in the past year. The site now attracts between 10,000 and 15,000 visitors per day. For the first time in its existence, KrebsOnSecuirty is on track to exceed more than 1 million pageviews this month (fittingly, this should come to pass sometime today).
That growth would not have been possible without you, dear loyal readers. 2013 featured more blog posts and more in-depth investigations than perhaps any other year, but the real value in this site comes from the community that has sprung up around it. Readers submitted more than 10,000 comments this past year. More than two dozen of you also supported this site directly via the PayPal or Bitcoin donation links in the blog sidebar. Whichever way you supported this site in 2013, a hearty THANK YOU for your contribution and encouragement.
As an ISO for a bank, KOS is a major “go to” resource for cyber breaches and almost anything having to do with cyber security. I have particularly enjoyed the pieces useful to financial institutions. You impart incredible knowledge that is useful to all regardless of IT knowledge. There is also the occasional chuckle from a miscreant and/or their tiny minions.
An excellent example is the Target breach. I read it here before it hit mainstream media and I was able to alert bank operations and senior management of what was coming down the pike in the next 24 hours. It provided a nice jump start. This information was invaluable. Same goes for the Adobe, Experian & Lexis Nexus breaches.
Congratulations Brian…keep up the excellent reporting.
Consider donating to the site that provides you with valuable information and investigative journalism. Especially if you, like me, block ads.
I can only hope 2014 will be better financially so I can do just that.
I did a little research on average page view income and found that $3 to $6 per thousand views seems to be a good guesstimate. If that’s truly the case, Brian earned roughly $2 over the past year from me checking his page EVERY SINGLE DAY. I would like challenge fellow KOS readers to donate $4 (or more) in honor of KrebsOnSecurity’s fourth birthday.
I christened my reissued Visa card (thanks Brian) with a donation via PayPal.
This is an excellent site, but I do a look-over-my-shoulder to a website called http://www.databreaches.net as well. The author over there is a big KOS fan as well.
Been following your blog for ages and I still wait eagerly for every new revelation, general information, scoop that you write about. Your blog is one of the “ten-must-follow” that I was once taught to pay special attention to and so I follow that advice. Keep up the good work!
With the two biggest security stories being your scoop on the Target hack and the implosion of Java, is there any possibility that the two are connected? Is the Target Point of Sale written in java? Is that how hackers were able to access so much?
Just curious if the extremely vulnerable Java is what made the Target hack possible.
>Just curious if the extremely vulnerable Java is what made the Target hack possible.
From all reports, the core Target CC theft was not related to Java, but instead made possible because the card reader data was not encrypted at the reader.
But the starting penetration into the Target network could have been a Java vulnerability via another client computer, any web browser vulnerability, or a spear phishing attack.
Congratulations on your 4th anniversary, Brian! Your blogs have kept many of us vigilant and made us a lot smarter. Your advice is always dependable and most professional, and I appreciate and admire that in you! I’ve followed your columns since you wrote for the WSJ and am so grateful for what you are providing us with in your blogs. Many thanks! Have a happy and healthy New Year!
Thanks for saving me so much money: Since discovering your blog earlier this year, I have not spent one dime for crime thrillers or spy novels. Your investigative journalism is far more compelling than fiction.
Happy 4th Birthday & Many happy returns of the day.
Edgar loves your site. Huge compliment. Kudos.
Happy 4 years! As a newbie to the cyber security industry, I am definitely am thankful for your blog and the quality content you deliver — in plain English. When I first entered the field (a mere three months ago) I was a complete fish out of water. Though still I’m no expert, reading content like yours definitely has helped me gain a definitive understanding of the goings-on of my industry. Major kudos to you!
Though I’m not looking forward to seeing any major breaches in 2014, I’d be lying if I wasn’t excited for brand new content! Cheers!
Let me add one more post of congratulations from a reader who has been following you from several years on WaPo.
Brian are you in any way related to Hans Krebs (Wehrmacht general) http://en.wikipedia.org/wiki/Hans_Krebs_%28Wehrmacht_general%29 ??
or to Hans Krebs (SS general)
Krebs is the German language word for “crab” and “cancer” (both the disease and the sign of the zodiac). It is also a common German surname: http://en.wikipedia.org/wiki/Krebs
Brian, I always enjoy reading your articals. I hope 2014 will be good as 2013 was for krebsonsecurity.
Thank you !
Hello Mr. Krebs and Everyone:
I now of someone who had been taken at Target as far back as October of 2013!
Anyway, I love this website Very Much and did not realize there was a “Donate” button here (I guess that I am so engrossed in reading your articles that I don’t notice anything else!)
. . . be that as it may I have rectified the situation by making my first donation of the year to http://www.krebsonsecurity.com
PLEASE keep up this Good and Timely work!
Northeastern United States
Readers who might want to support the site, but have no money at this time, may consider turning off their AdBlock Plus, or some of the items on NoScript, so they can show their support that way too!
I just realized my ABP re-enabled for some reason, and your post reminded by to check! 🙂
Oh my goodness! Incredible article dude! Thank you, However I am
encountering difficulties with your RSS. I don’t know the reason
why I can’t subscribe to it. Is there anybody
else having identical RSS issues? Anybody who knows the answer can you kindly respond?
Contact Brian using the email system at the end of http://krebsonsecurity.com/about/ .
May 2014 be an even better year for KOS, as I now spend more time here than at TechRepublic. CBS has torpedoed that site into oblivion! 🙁
I wonder how much Target, Adobe, etc have kicked in for support… Like most people who read on here I work for a living aka like most people I can’t usually afford to take the old lady out for a date much less single-handedly support the dozens of websites that play some role in my professional development. The information is certainly valuable, but it seems like corporate america should be the ones giving support.
Wow 4, a lot and lot more to come. Cheers!
You should do an article on web-based ransomware
Happy Birthday, and Many many Happy returns of the day 😀
Congratulations. Thanks for your outstanding research and blog.
Frankly, I am appalled that so few people have made donations to support this site. KrebsOnSecurity often provides update information before the software providers notify users. KoS alerts us to potential threats such as CryptoLocker. I wonder how many readers of KoS have purchased CryptoPrevent from FoolishIT as a result of the alert from KoS. Regular readers of KoS should regard a yearly donation to KoS in the same way that yearly renewals of antivirus software are made. If you are a business, the donation is tax deductible. Come on guys and gals; do what’s right!
Happy Birthday, KOS! Thank you for all the intriguing news and breaking it down for us non-techies. My favorite post this year was on the ATM skimmers. It’s my nerdy ambition to find a skimmer some day … thanks to your inspiration. I definitely agree that you deserve more donations and will start with $14 for 2014.