Posts Tagged: Nicole Perlroth


21
Mar 14

Sony Pictures Plans Movie About Yours Truly

Sony Pictures is reportedly planning to make a big screen movie based at least in part on my (mis)adventures over the past few years as an independent investigative reporter writing about cybercrime. Some gumshoe I am: This took me by complete surprise.

Credit: BrianKrebsFacts.com

Source: BrianKrebsFacts.com

The first inkling I had of this project came a few weeks ago when New York Times reporter Nicole Perlroth forwarded me a note she’d received from a Hollywood producer who was (and still is) apparently interested in acquiring my “life rights” for an upcoming film project. The producer reached out to The Times reporter after reading her mid-February 2014 profile of me, which chronicled the past year’s worth of reader responses from the likes of the very ne’er-do-wells I write about daily. Perlroth’s story began:

“In the last year, Eastern European cybercriminals have stolen Brian Krebs’s identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.”

I didn’t quite know what to make of the Hollywood inquiry at the time, and was so overwhelmed and distracted with travel and other matters that I neglected to follow up on it. Then, just yesterday, I awoke to a flurry of messages both congratulatory and incredulous on Twitter and Facebook regarding a story in The Hollywood Reporter:

“Sony has picked up the rights to the New York Times article ‘Reporting From the Web’s Underbelly,’ which focused on cyber security blogger Brian Krebs. Krebs, with his site KrebsonSecurity.com, was the first person to expose the credit card breach at Target that shook the retail world in December.”

Continue reading →


17
Feb 14

Yours Truly Profiled in The New York Times

Today’s New York Times features a profile of this author — a story titled, “Reporting from the Web’s Underbelly”. The piece, written by The Times’s Silicon Valley reporter Nicole Perlroth, observes:

Mr. Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Mr. Krebs was first to uncover at Adobe, Target and Neiman Marcus….

…Unlike physical crime — a bank robbery, for example, quickly becomes public — online thefts are hushed up by companies that worry the disclosure will inflict more damage than the theft, allowing hackers to raid multiple companies before consumers hear about it.

“There’s a lot going on in this industry that impedes the flow of information,” Mr. Krebs said. “And there’s a lot of money to be made in having intelligence and information about what’s going on in the underworld. It’s big business but most people don’t want to pay for it, which explains why they come to someone like me.”

Read more here.

Update, 12:43 p.m., ET: Adding this as an update because my comment got buried, and because a sentence about my discovery of The Post’s payroll data has already led to one “Krebs has done a bit of illegal hacking himself,” story. The NYT piece makes it sound like I hacked my way into the Post’s payroll system, but in truth it was far less interesting/glamorous than that. Basically, the newly-hired guy in charge of Windows share security at washingtonpost.com had for some oddball reason undone all the security put in place by his predecessor, so all local shares on the network were more or less readable by anyone who had network credentials.

In short, I was able to see the salaries.xls file without even using my keyboard. Just open Windows Explorer, click…\\Finance….click…\\Accounting….click…\\Payroll…whoaaa!

The only reason I did not lose my job over that discovery was that I brought it to the attention of the Post.com’s security team immediately. They fired the guy responsible for undoing all the security that very day. The head of security showed up at his desk with a box and told him he had 15 minutes to clear out his stuff.