17
Feb 14

Yours Truly Profiled in The New York Times

Today’s New York Times features a profile of this author — a story titled, “Reporting from the Web’s Underbelly”. The piece, written by The Times’s Silicon Valley reporter Nicole Perlroth, observes:

Mr. Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Mr. Krebs was first to uncover at Adobe, Target and Neiman Marcus….

…Unlike physical crime — a bank robbery, for example, quickly becomes public — online thefts are hushed up by companies that worry the disclosure will inflict more damage than the theft, allowing hackers to raid multiple companies before consumers hear about it.

“There’s a lot going on in this industry that impedes the flow of information,” Mr. Krebs said. “And there’s a lot of money to be made in having intelligence and information about what’s going on in the underworld. It’s big business but most people don’t want to pay for it, which explains why they come to someone like me.”

Read more here.

Update, 12:43 p.m., ET: Adding this as an update because my comment got buried, and because a sentence about my discovery of The Post’s payroll data has already led to one “Krebs has done a bit of illegal hacking himself,” story. The NYT piece makes it sound like I hacked my way into the Post’s payroll system, but in truth it was far less interesting/glamorous than that. Basically, the newly-hired guy in charge of Windows share security at washingtonpost.com had for some oddball reason undone all the security put in place by his predecessor, so all local shares on the network were more or less readable by anyone who had network credentials.

In short, I was able to see the salaries.xls file without even using my keyboard. Just open Windows Explorer, click…\\Finance….click…\\Accounting….click…\\Payroll…whoaaa!

The only reason I did not lose my job over that discovery was that I brought it to the attention of the Post.com’s security team immediately. They fired the guy responsible for undoing all the security that very day. The head of security showed up at his desk with a box and told him he had 15 minutes to clear out his stuff.

Tags: , ,

82 comments

  1. Congratulations. Keep up the good work. I truly admire you.

    • Thanks. Replying here so that it’s up top. The story makes it sound like I hacked my way into the Post’s payroll system. But in truth it was far less interesting/glamorous than that. Basically, the guy in charge of Windows share security at WP.com had for some oddball reason undone all that security, so all local shares on the network were more or less browsable by anyone who had network credentials.

      In short, I was able to see the salaries.xls file without even using my keyboard. Just open Windows Explorer, click…\\Finance….click…\\Accounting….click…\\Payroll…

      The only reason I didn’t lose my job over that discovery was that I brought it to the attention of the Post’s security team immediately. They fired the guy responsible for undoing all the security that very day. They showed up at his desk with a box and told him he had 15 minutes to clear out his stuff.

  2. Wow, congratulations! Really nice article. I am glad to see you getting recognition from a major news outlet. The pictures look good, too!

  3. I have been always impressed by your write-ups. Please keep the flag flying high

  4. Congratulations…your investigation articles about cyber-crime are a like a masters level course in information security. I read them all and can’t thank you enough…keep up the good work!

  5. Hank Arnold (MVP)

    Good deal. You deserve all the kudos you get!!

  6. Congrats Brian!

    Much more appreciated than all the interesting hi-profile pieces, are your continued and concerted professional efforts to explore and expose these criminal activities.

    I appreciate how in your efforts to bring transparency to this scourge, you don’t try and hide your identity. In contrast, I condemn and lose trust in the companies that try and conceal, then minimize, any security breaches they suffer. They only add to their problem by not handling their damage control in a transparent and professional way.

    As we lose confidence in many of these companies abilities to competently protect our private personal and financial data, and to then show us how they are regaining our trust, we find we need to look to third parties to tell us what has happened, what’s going in, and to give us practical advice on what we need to do to protect ourselves. This is the niche you fill for me, and I thank you from the heart that you occupy it so well!

    Congrats and thanks again!

  7. Congratulations on an appropriately praiseworthy write-up in the New York Times! Those are great pictures of you in your office, with the self-assuredness of an arms-crossed Peter Norton. Didn’t see the shotgun, but I have no doubt it’s there:

    “​Mr. Krebs — a former reporter at The Washington Post who taught himself to read Russian while jogging on his treadmill and who blogs with a 12-gauge shotgun by his side — is so entrenched in the digital underground that he is on a first-name basis with some of Russia’s major cybercriminals. Many call him regularly, leak him documents about their rivals, and try to bribe and threaten him to keep their names and dealings off his blog.​”

    May I suggest at least a couple of big dogs, too? 😉

  8. Good for you Brian.

  9. You don’t see a lot of women in the field, so this is refreshing on many levels.

    Congrats Brian, and well done Nicole!

  10. Congratulations, Brian. Well deserved.
    Thank you for allowing the picture of your office to published, to the very least it will help me demonstrate my wife that more than one computer and screen are indeed needed.
    Out of curiosity, what is the large black device set toward the window, between the fax or printer with headphones on it and the lamp+flower. (My guess is for either an Audio amplifier or a security DVR).

    • Thanks everybody for the kind remarks!

      George, the black box is an Onkyo AV/multimedia receiver.

      Oh and 3 screens is the way to go. Makes it tons easier to do work that involves graphs, spreadsheets, comparisons, etc. You get spoiled, though, when you are away from them with just one.

  11. A Twitter verified checkmark can’t be far behind! I knew him when . . .

  12. Thank you Brian Krebs for exposing & informing consumers about these problems. Barbara

  13. Nice to see you’re getting some long-deserved recognition. I have been a reader/subscriber for many years, and always recommend your newsletter/website to my friends.

  14. Brian, why did the Post insist on making your Security Fix It blog more about general technology? It seems like there are plenty of sites out there with that kind of information.

  15. Aloha Brian,

    First of all “Congratulations” on this write up in the New York Times. Your departure from the Washington Post was when I began to question their judgement. (Yes, I was a follower even then.) You were not the first and not the last of the best they have driven away.

    Second: Please get a new office away from your home. With this new publicity you have become an even bigger target. But, I hope you know this.

    For years I have been receiving your reports. I am grateful for the ‘heads up’ you send about software updates. But, I never know what to do about the revelations you send about the gangsters you uncover.

    I am worried about the safety of you and your family. Yes, Virginia is not Russia. However, you have made lots of sociopaths angry. Now, I’m afraid, this Times piece will even stoke them.

    You are always writing about security. Please look in the mirror.

    This may be the time to request support.

  16. Brian,

    Looking forward to your book. If it is any reflection of your life, it will be exciting to read.

    I bet the Washington Post is kicking itself all around the block – letting you go – such poor judgment on its part.

    Our gain.

    Thanks Brian, for all the good you do.

    It is much appreciated.

    • “Looking forward to your book.” Skip the book, go straight to movie. The Rasbora story sounds like a real life Matthew Broderick in the 1983 movie “War Games.” with the impact of the attack that “was large enough that it caused network congestion in parts of Europe.” Someone call 1-800-Tom-Hanks and get a deal going. The character actor hired to play Rasbora should be punishment enough for Rasbora, “whose real-life identity is being withheld because he’s a minor.”

  17. – well researched security news
    – written in simple, understandable terms.
    – reported as soon as they happen.

    = You are the best, Brian!.

  18. Thank God you’re on our side!

  19. You’re the MAN, Brian.

    Keep up the great work!!!!

  20. Congratulations, Brian! I’m delighted for you. I’ve been following you for years, beginning way back in your Washington Post days. I don’t know how I’d manage to keep up with all the necessary security without your wise advice. Thank you very much!

  21. Excellent work Brian , only a 12 gauge Lol :).

  22. Awesome read, Brian! Congratulations!

    Similarly, I once got infected and since then, been crusading to spread the word, and clean the uninformed users PC.
    I just never wrote a blog and went on to become the newest investigative-net journalist blogger! 🙂

  23. Clark W. Griswold

    Great work as always and so jealous of your office setup. My so called office is shared with my wife and kids….when I work in my office I usually have some sort of scrapbooking item that my wife left on the desk or empty pop tart wrappers to clean up. I also have a dog who has gas issues so as you can see I have a glamorous life.

  24. Good going!

  25. “… tries to write pieces that cannot be found elsewhere.”

    TRIES? as if you don’t really write pieces that are unique? that is probably the only part I don’t agree with 😉

  26. Brian Fiori (AKA The Dean)

    Kudos! Excellent article.

  27. Great! I love to read your articles.

  28. Dude! We have the same chair!

    Much deserved respect for what you do. Stay safe, you’re shoes would be hard to refill!

  29. Congrats! You have earned it. Keep up the good work.

  30. This article ran below the fold on the front page in the Minneapolis Star Tribune today — home newspaper for Target’s corporate HQ.