30
Mar 20

Annual Protest to ‘Fight Krebs’ Raises €150K+

In 2018, KrebsOnSecurity unmasked the creators of Coinhive — a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals — as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of thousands of euros to nonprofits that combat cancer (Krebs means “cancer” in German). This week, the forum is celebrating its third annual observance of that protest to “fight Krebs,” albeit with a Coronavirus twist.

Images posted to the decidedly not-safe-for-work German-language image forum pr0gramm[.]com. Members have posted a large number of ‘thank you’ receipts from cancer research organizations that benefited from their fight cancer/krebs campaign.

On March 26, 2018, KrebsOnSecurity published Who and What is Coinhive, which showed the founder of Coinhive was the co-creator of the German forum pr0gramm[dot]com (not safe for work).  I undertook the research because Coinhive’s code at the time was found on tens of thousands of hacked Web sites, and Coinhive seemed uninterested in curbing widespread abuse of its platform.

Pr0gramm’s top members accused KrebsOnSecurity of violating their privacy, even though all of the research published about them was publicly available online. In protest, the forum’s leaders urged members to donate money to medical research in a bid to find a cure for Krebs (i.e. “cancer”). They ended up raising more than a quarter-million dollars worth of donations from members.

Last year’s commemoration of the protest fundraiser — dubbed “Krebsaction” by Pr0gramm — raised almost $300,000 for anti-cancer research groups. Interestingly, Coinhive announced it was shutting down around the same time as that second annual fundraiser.

This year’s Krebsaction started roughly three days ago and so far has raised more than 150,000 euros (~$165,000), with many Pr0gramm members posting screenshots of their online donations. The primary beneficiary appears to be DKMS, a German nonprofit that works to combat various blood cancers, such as leukemia and lymphoma.

The pr0gramm post kicking off this year’s “Krebsaction” fundraiser.

This year, however, Pr0gramm’s administrators exhorted forum members to go beyond just merely donating money to a worthy cause, and encouraged them to do something to help those most affected by the COVID-19/Coronavirus pandemic.

“This year pr0gramm-members shall not only donate but do a good act in terms of corona (and prove it), for example bring food to old people, bring proof of volunteering and such stuff,” reads the Pr0gramm image kicking off this year’s Krebsaction.  The message further states, “Posts mit geringem Einsatz können wir nicht akzeptieren,” which translates roughly to “Posts with little effort we cannot accept.”

Tags: , , ,

55 comments

  1. This is a super cool outcome of investigative journalism. It’s also unexpected.

    • It’s protest for unnecessarily disclosing names of people that are not involved in coinhive and are threatened with physical violence on a weekly basis.
      So it’s more like a good outcome after a mistake. Thanks for the inspiration anyways! 🙂

      • Chronic Grumbler

        Why they would be threatened if they were not involved? Go to police then with evidence of threats. Or you’re afraid that police investigation will find they WERE actually involved in Coinhive?

        • They are threatened because some users on the platform don’t like them. It doesn’t have anything to do with coinhive. Think of it as random Reddit users raging against their moderators. They are now exposed to more physical harassment because the site was founded by someone who did coinhive and left it 10 years ago.

          Thanks to Krebs, these users now have it easier to visit the current administrators.

          • Just do be correct here. He didn’t leave 10 years ago but 5.

            • Just to be even more correct: He didn’t even leave for good 5 years ago, but continued helping the team sporadically using another nick name. Eventually, with this alter ego, he started implementing the prototype of Coin Hive on Pr0gramm.

              • We could even be more precise:
                Using a different name is what I’d do too, when I get death threats.
                He helped as a contractor, but was not involved in the site’s administration and political decisions any more.
                He experimented with crypto currencies and asked the new administrator if he could test it on that site as an alternative payment model for their premium subscription. They agreed.
                Later, many people in the community asked if it would be possible to have a mining service for their own sites.
                Then cha0s created coinhive (because people asked for it).
                The prototype was taken offline some day. That was the entire connection with pr0gramm.
                Now what happened is that the administrators name for exposed, despite not even having the idea of creating coinhive.

        • Oh boo hoo. If you’re not getting threats on the internet you’re not a muckraker – or anything else. And I tend to doubt things until presented with evidence of them as opposed to anonymous 3rd party anecdotes. Angry misdirected postings from a few dozen idiots is par for any online action. Taking them seriously is where you probably erred. Almost all threats are only “successful” if you take them seriously and are substantively cowed. A threat is not even a crime unless CREDIBLE and SPECIFIC. The people who are going to do actual violence don’t need to warn you either nor do they need a good reason. It’s wise to pay attention but entirely foolish to allow yourself to believe something so frankly commonplace and amateurish without any real evidence of actual physical threat. Pretending Brian’s reporting of coinbase somehow specifically elicited that irrational foolishness is just evidence of same. Nobody was attacked. Expressions of anger were vented on the internet. Boo the hoo.

  2. This is a refreshing sidetrack into a new issue on KOS! Thank you so much Brian for reporting on this! How the times are changing because of COVID-19!

  3. Dude, tell the whole story about your deeply shameful behavior instead of using this action to promote your “work”.

    Krebs ist scheiße.

  4. Yeah, sadly there is no site to prevent retards like you which we could spend the money on, so we donate it to fight something similar annoying.

    • +1 🙂

    • I don’t get your comment. Who do you mean by “thieves”?
      Noone of the pr0gramm community or the current administrators was involved in coinhive – except one of the founders that left before he did coinhive.

  5. NEWSFLASH:

    The world will end at 9:00 PM GMT; film at 11:00.

  6. So, hang on. Let me recap. At first they “obtain” that money through some shady online activity and then they donate it to public-shame Krebs for exposing them. They must have a lot of minions on that website to even post here.

    • pr0gramm is one of the hugest sites in Germany. They have more than enough members for such donations. Its like the German reddit. Seems more like you are a brian minion. And its not like “them” made money with “shady online activity” (which was completely legal by the way) it was one former admin which left years ago.

      • It’s not like reddit. It’s like an imgur. Just a brainless scroll through endless memes.

        • There is more to it. You can see the comments only as a registered user. The comments are a large part in the actual content and provide space for deep discussions.

    • No. The money is being donated by the community directly. The donations have nothing to do with coinhive. And as it’s written in the article, coinhive was only the technique developed by the founders of pr0gramm. They were not the ones using it for criminal stuff.

      • “They were not the ones using it for criminal stuff.”

        Their knowledge of or profit from the aforementioned is unproven in both directions. You seem to be making exonerating statements rather than offering exonerating evidence. Not to say you’re wrong, but you’re wrong to say it with such assurity as if factually obvious in the record.

  7. The Sunshine State

    Let the cyber-trolling begin in these comments, looks like we already have one.

  8. Every year the Pr0gramm guys come here to get upset at Krebs for not only outing their beloved founder and admins but supposedly for taking credit for their generosity. So much fun to watch

    • Was also very funny when white knight Brian blackmailed, extorted and threatened relatives and members of the community. And then he tries to harvest the glory of the protest against him and his methods every year. He knowingly embezzles various facts about the protest so he doesn’t look like the bad guy.

      • I did what? Blackmailed, extorted, embezzled, threatened? Really? Please provide proof or evidence of such activity.

        • Chronic Grumbler

          AFAIK German privacy laws are a lot more protective than in the USA. So if you start persistently asking uncomfortable questions they see it as “blackmail”, maybe in Germany they could take you to court for that?
          But to take butthurt for “some guy who left years ago”… – looks like they just like butthurt in Deutschland, you know – some European thing…

          • “maybe in Germany they could take you to court for that?”

            Obviously extortion and such crimes are very specific for a reason. Anyone can attempt to take anyone to court, that doesn’t mean it works. Obviously it’s a tactic to shut people up by draining their resources, but it’s such an uphill case this would only serve to drain the attacker’s resources reliably.

            “AFAIK German privacy laws are a lot more protective than in the USA.”

            True, but Germany’s robust legal protections work both ways. A factually-faceted accusation (from a journalist no less) isn’t a crime or actionable. If he’s provably lying with an untoward motive to damage the subject, that’s different entirely. It’s also a difficult thing to prove. One thing you’ll discover if you read this blog is that Brian doesn’t need to make things up – There’s plenty enough even if he does speculate or extrapolate incorrectly in moments (as is human to do) to establish that as reasonably unintentional.

            • It’s not data protection laws per se. In Germany, there is something called the “Pressekodex” (press code) [1], which partially involves data protection.

              If you’re a German journalist, you are not allowed to publish identifying information about individuals unless it is really necessary and absolutely in public interest.

              Citing from article 8 (translated):
              “The press respects people’s private lives and their informational self-determination. However, if his behavior is of public interest, it can be discussed in the press. In the case of identifying reporting, the public’s interest in information must outweigh the interests of those affected that are worth protecting; mere sensational interests do not justify identifying reporting. If anonymization is required, it must be effective.
              The press guarantees editorial data protection.”

              So it might also be the differences in how journalism is done in the US vs. Germany that might get people angry. If this article was published by a German journalist, he could get into trouble for this. The problem that Gamb’s safety has now worsened despite not being involved in coinhive. The pr0gramm community is upset about exactly this (not about cha0s, who might did shady things). And this is something that would probably never happen in Germany.

              [1]: https://de.wikipedia.org/wiki/Pressekodex#Inhalt_des_Pressekodex

              • “If you’re a German journalist, you are not allowed to publish identifying information about individuals unless it is really necessary and absolutely in public interest.”

                Well there’s not a single omnilaw on that specific bent in the US, but if a publication did put out such information identifying individuals specifically and it was at all unclear whether they had justification or evidence for doing so, they would be opening themselves up to lawsuits – which is exactly how Germany resolves the situation also, Pressekodex or not.

                The publisher’s INTENT is the fulcrum, and that is only determinable at the end of a court processes’ outcome. So in this specific instance BK posted the names of people involved in the story but obviously didn’t get into addresses, phone numbers, unfounded accusations, etc.

                Not to mention, he’s not publishing from Germany. It’s entirely unclear how a German convention would be enforced here outside of a US-law based lawsuit, but one imagines it not getting very far without some serious provable (& intended!) damages to point to.

        • Might be some proof of libel in this comment thread!

  9. However, the article is written very subjectively. I followed the action via Reddit and as far as I understood – see also this post on the Imageboard – a user sent a donation receipt between the “Brian Krebs Memes”.
    The action gets a lot of encouragement from the community, many of them follow suit – only AFTER that one of the admins gets in touch and suggests to repeat this action.

    In this respect I think your statement that the action was started by the admins is only partially correct – the initiator was a normal user of the site.

    pr0gramm.com/top/2447176

  10. Let me see if I have this straight: Brian outs some shady bunch, and the result is many donations to a worthy cause? What a weird world… And look at all the trolls!

    • Someone having an opinion that you do not agree with does not make them a troll, even if that makes life much easier.

      • Interesting response, coming from someone who doesn’t know his/her/its own name.

        • A Nickname on the internet

          is not something you would want to have as your real name. Not wanting to discuss a topic because “it is not your real name” is something really ridiculus. The facts are important, not the person who says it.

  11. Really?

    Must be a slow news cycle, I mean, I understand no one is tooting your horn, Brian, but there’s too much else going on in the online security world right now to be “Donald-Trumping” oneself with a needless article like this.

    Much more of this and there’s other security researchers & bloggers out there that deserve the eyeballs.

    • Haters gonna fate

      He’s pointing out the unintended (good?) consequences of a protest against his reporting that some would find unexpected and interesting. Maybe you don’t read with the same eyes as others?

      Brian didn’t make any Trumpian statements about what a great job he was doing. He pointed out there’s a movement organized AGAINST him, but that they’re doing good things also.

      You are of course free to take your eyeballs elsewhere anytime, though you didn’t drop any grand donations here in saying so.

  12. Ah, the usefulness of unintended puns.

  13. Love it!

  14. The owls are not as they seem

  15. Could you please stop using the protest against your “work” as an positive outcome you did! It´s just not true, beside your text is wrong… Stupid MF

    • can you please stop twisting the situation into some kind of good guy/bad guy, fighting for glory of OTHERS donations to a worthy cause?
      Krebs does what he does, goes after criminals (and does a good job).
      Thieves do what they do, take things others worked for.
      Meme makes do what they do, makes us laugh.
      programmers program, to program.
      Krebs took his time to mention the GOOD PEOPLE donating to BETTER the world, and you get upset.
      Get out of your own little ego pool and accept that Krebs is saying something positive about the community you supposedly belong to, unless you are one of the little slimy thieves, then just keep it up, I wouldn’t want you to break character.

    • Could you please a) point out where exactly the text is wrong and/or b) point out where exactly Krebs portrays the campaign as a “positive outcome [he] did” [sic]? Either that or shut up for good.

    • Could you please a) point out where exactly the text is wrong and/or b) point out where exactly Krebs portrays the campaign as a “positive outcome [he] did” [sic]? Either that or shut up for good.

      • First of all the donation were startet by a member, not by an admin. Than Brian published private data from current admins which have nothing to do with coinhive. The co-founder left this board years ago.
        At least here an example of your wished postitve outcome: “Interestingly, Coinhive announced it was shutting down around the same time as that second annual fundraiser.”

        But thats not the point. I’m not even mad when he portrays ist at positive outcome. I think the same way.
        But I haven’t read any article where he admits that he published also data from the wrong persons.

  16. Rube Goldberg's Razor

    The flak’s heaviest over the target, Mr. Krebs. Nice work. Wear that feather proudly.

  17. Fick dich Krebs!

    “In protest, forum’s leaders urge members to donate money […].” You´re such a bad journalist… noone of the owners had this idea! This was an idea out of the community because we were pretty angry about your article where you released real names of owners etc…
    To let it look like you are responsible for that just shows what a bad person you are in reality, just for your internet fame. Shame on you!
    This community is better than you and its idea to help other peoples is even better but please stop writing so much fake news and let things look different than they are in reality!
    Krebs ist scheiße!

    • Brian Fiori (AKA The Dean)

      I think your post describes exactly the opposite of what you think it. In a forum “Leaders” aren’t necessarily the “Owners”. I can’t tell you the owner’s name of over half the forums where I post.

      OTOH I CAN identify the “leaders” fairly quickly. And even if you don’t have the ability to identify leaders, you certainly should understand when a movement takes place, those who started it are, by definition, LEADERS.

  18. Mikey Likes It

    When I read the angry/silly comments from a handful of people who are put off by Brian’s outstanding reporting, I’m reminded of the words of one William Shakespeare:

    “The lady doth protest too much, methinks.”

    (and these are no ladies) (or gentlemen, either)

  19. While reading this story I had to stop and make sure that there was no malware on my computer that was redirecting my browser to TheOnion.com.