Image: Shutterstock, Dreamansions.
KrebsOnSecurity.com turns 15 years old today! Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. It’s also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership (thank you!).
In case you missed any of them, here’s a recap of 2024’s most-read stories. In January, KrebsOnSecurity told the story of a Canadian man who was falsely charged with larceny and lost his job after becoming the victim of a complex e-commerce scam known as triangulation fraud. This can occur when you buy something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item for sale. Instead, they purchase the item using stolen payment card data and your shipping address. In this scam, you receive what you ordered, and the only party left to dispute the transaction is the owner of the stolen payment card.
Triangulation fraud. Image: eBay Enterprise.
March featured several investigations into the history of various people-search data broker services. One story exposed how the Belarusian CEO of the privacy and data removal service OneRep had actually founded dozens of people-search services, including many that OneRep was offering to remove people from for a fee. That story quickly prompted Mozilla to terminate its partnership with OneRep, which Mozilla had bundled as a privacy option for Firefox users.
A story digging into the consumer data broker Radaris found its CEO was a fabricated identity, and that the company’s founders were Russian brothers in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites.
Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious. Instead, we doubled down and published all of the supporting evidence that wasn’t included in the original story, leaving little room for doubt about its conclusions. Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.
Easily the longest story this year was an investigation into Stark Industries Solutions, a large, mysterious new Internet hosting firm that materialized when Russia invaded Ukraine. That piece revealed how Stark was being used as a global proxy network to conceal the true source of cyberattacks and disinformation campaigns against enemies of Russia.
The homepage of Stark Industries Solutions.
Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices, thanks to the ubiquity of mobile location data that is broadly and cheaply available.
Research published in September explored the dark nexus between harm groups and cybercrime communities consumed with perpetrating financial fraud. That analysis found an increasing number of young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.
One focus of that story was a Canadian cybercriminal who used the nickname Judische. Identified by the Mandiant as one of the most consequential threat actors of 2024, Judische was responsible for a hacking rampage that exposed private information on hundreds of millions of Americans. That story withheld Judische’s real name, but the reporting came in handy in late October when a 25-year-old Canadian man named Connor Riley Moucka was arrested and charged with 20 criminal counts connected to the Snowflake data extortions.
A surveillance photo of Connor Riley Moucka, a.k.a. “Judische” and “Waifu,” dated Oct 21, 2024, 9 days before Moucka’s arrest. This image was included in an affidavit filed by an investigator with the Royal Canadian Mounted Police (RCMP).
In November, KrebsOnSecurity published a profile of Judische’s accomplice — a hacker known as Kiberphant0m — detailing how Kiberphant0m had left a trail of clues strongly suggesting that they are or recently were a U.S. Army soldier stationed in South Korea.
My reporting in December was mainly split between two investigations. The first profiled Cryptomus, a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.
How to Lose a Fortune with Just One Bad Click told the sad tales of two cryptocurrency heist victims who were scammed out of six and seven figures after falling for complex social engineering schemes over the phone. In these attacks, the phishers abused at least four different Google services to trick targets into believing they were speaking with a Google representative, and into giving thieves control over their account with a single click. Look for a story here in early 2025 that will explore the internal operations of these ruthless and ephemeral voice phishing gangs.
Before signing off for 2024, allow me to remind readers that the reporting we’re able to provide here is made possible primarily by the ads you may see at the top of this website. If you currently don’t see any ads when you load this website, please consider enabling an exception in your ad blocker for KrebsOnSecurity.com. There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story. More importantly, all of our ads are static images or GIFs that are vetted by me and served in-house directly.
Fundamentally, my work is supported and improved by your readership, tips, encouragement and, yes, criticism. So thank you for that, and keep it coming, please.
Here’s to a happy, healthy, wealthy and wary 2025. Hope to see you all again in the New Year!
Happy 15th anniversary, Krebs on Security! Your relentless dedication and investigative work exposing cybercrime has cemented an extraordinary legacy in the cybersecurity world.
Amen to that!
Congratulations on 15 years of publishing security related news. Keep up the good, and important, work.
Congratulations on your 15-year anniversary publishing security related news. Keep up the good, and important, work!
Happy anniversary to Kreb’s On Security. Thank you for your fantastic reporting and insight.
Happy Anniversary
I have followed from the beginning, following from your previous gig. I have never been disappointed. Don’t worry about the ads, I only block third party content. They are of interest so effective.
Wow! Congratulations on your 15 years of hard work and dedication. You’re performing a vital service, and we appreciate it – and you!
Congratulations!
Well done, sir! Not many mailing lists of this nature last this long.
Congratulations on another year of excellent investigative reporting. I’ve been following you for many years and feel much safer in the cyber world thanks to your posts.
I love the blog and share your posts often. Happy 15th birthday!
I miss your Washington Post chats. 🙂 Best wishes for the future.
Congrats Brian! As someone who is not a tech pro, I’ve learned a lot from you(like about credit freezes for instance) and the comments here. Thanks for all you do!
Happy birthday, Krebs on Security! I always enjoy reading your posts and I’ve learned so much from your reporting.
Here’s to many more!
Cheers!
Happy 15th anniversary! Excellent work. Here’s to another 15 and beyond. Cheers.
Congratulations Brian! Your detective work and journalism are amazing. Thanks for keeping all of us informed!
Great work, and thank you! awareness is key! Keep up the great work!
Happy 15th!
On the ads, I read through an RSS reader. I’d be happy if you included the ad in the feed content, since I generally forget to click through to the site. It already works for the images inside the article.
Happy Birthday Krebs On Security – I thoroughly enjoy reading your blogs. Thank you and may you have many more!
First class reporting Brian. Keep up the good work.
Congratulations on your success from all the good work you do.
Congratulations Brian, and keep up the good work!
Please keep this going ! You provide a great service in outing the bad actors.
Congrats and thanks for all you do, Brian.
Happy 15th!
Maybe there are less articles but it’s hardly surprising considering how much research must be involved in writing them!
Appreciate all you do to alert us to risks we might not otherwise know about. Love seeing the bad guys taken down.
Happy 15th Brian, and here’s to many more!
Congratulations on 15 years. Your work is greatly appreciated!
Thank you for doing this important work, Brian!
Congrats, Brian, and thanks for all those years of news.
Congrats on your 15th year anniversary and thank you for all your work. It’s been very helpful inso many ways. And yes, I agree with Tom Linger’s statement: “Keep up the good, and important, work!” !!!