By Charles Joseph | Cybersecurity Advocate
Over the past three decades, Brian Krebs has combined his knowledge of computers and his talent for investigative journalism to become the world’s most famous cybersecurity reporter.
In articles for publications like the Washington Post and on his blog, Krebs on Security, he’s told hundreds of riveting stories about hackers, software vulnerabilities, digital privacy, and the tech world at large.
But years of unmasking cybercriminal identities, revealing critical security flaws, and exposing the seedy underbelly of the internet have made Krebs many enemies, from black hats to major tech companies.
Brian Krebs at a Glance
- Alabama-born Brian Krebs saw computers strictly as a hobby until 1999, when he started writing for the Washington Post’s tech website, Newsbytes.com.
- After his home computer was infected by malware in 2001, Krebs became engrossed in cybersecurity, and by 2005 he had his own Post-sponsored cybersecurity blog, Security Fix.
- Krebs taught himself Russian in order to infiltrate hacker forums for his articles, a skill that helped him bring down multiple illicit hosting providers and other web companies.
- After losing his job at the Post in 2009, Krebs started his own blog, Krebs on Security.
- On the blog, Krebs broke multiple massive cybersecurity stories, including the discovery of the Stuxnet worm and the Target credit card breach.
- Krebs’ reporting made him the target of both digital and real-life attacks, ranging from identity theft to SWATting to defamation lawsuits, the worst DDoS attack in history.
- Today, Krebs on Security is read by millions of people and is considered one of the most esteemed cybersecurity blogs ever created.
Brian Krebs at a Glance
Brian Krebs’ Early Life
Born in Alabama in 1972, Brian Krebs never expected that he’d one day become a cybersecurity expert.
Though he enjoyed tinkering with computers as a child, including posting on bulletin boards and doing some programming on his tech-loving father’s Apple II, Krebs’ initial career bent was far more analog. He earned his B.A. in International Relations from George Mason University in 1994, then took a job at the Washington Post in 1995.
In the Post’s circulation department, Krebs answered phones while working his way up the ladder. He took dictation from field reporters, sorted mail, and assisted editors in the editorial department before landing a position as a staff writer for Newsbytes.com, the Post’s tech newswire, in 1999.
But cybersecurity as a field didn’t capture Krebs until 2001 when he became personally entangled in its complexities. He had an old HP computer at home and decided to try installing Red Hat Linux on it for use as a firewall.
Before he could complete his project, though, his computer was infected by the Lion worm, which locked his system down. Infuriated but intrigued, he began looking into the worm, its construction, and its creator — and found himself hooked on cybersecurity.
Security Fix Takes Off
In 2002, Krebs leveraged his newfound expertise in cybersecurity to land a position as a full-time staff writer for the Washington Post’s online edition. By 2005, he’d made enough of a name for himself that the Post gave him his own blog, Security Fix.
At Security Fix, Krebs had the freedom to conduct in-depth investigations and report on whatever he wished. So he went in deep, learning hacker slang and Russian in order to infiltrate cybercriminal forums.
This dedication led to the takedown of numerous cybercriminals. In 2008, his reporting brought down two hosting providers: Atrivo, which hosted a variety of malware, and McColo, which hosted some of the world’s largest botnets and whose shutdown resulted in an immediate 70% global reduction in spam emails.
Another 2008 Security Fix investigation revealed that EstDomains, a domain name registrar, was owned by a convicted money launderer and credit card fraudster. International regulations prohibited registrar officers from having criminal records, so EstDomains was quickly shuttered.
But despite this success, Security Fix’s days were numbered: in 2009, 1,500 blog posts later, the Post informed Krebs that it was merging its print and digital departments and that he was being laid off in the process. Though Krebs was initially shocked, he knew that he’d found his calling, and created his own independent blog, Krebs on Security.
Krebs Breaks the Stuxnet Story
In July 2010, Krebs on Security became one of the hottest blogs on the planet when Krebs posted an expose on Stuxnet, a terrifying new worm that had been mystifying — and terrorizing — the cybersecurity community for weeks.
The worm had been wreaking havoc on nuclear facilities and industrial control systems, especially in Iran. Incredibly sophisticated and with the potential to cause society-disrupting damage, news of its spread had initially been confined to security researchers and companies like Microsoft.
But Krebs had long acted as a bridge between the cybersecurity community and the general public, and he saw it as his duty to spread the word about the worm. On July 15, he authored a post about Stuxnet that was soon being read by hundreds of thousands of people worldwide — and that identified the malware, correctly, as being used for espionage.
The Credit Card Chronicles
2012 saw Krebs beginning a streak of credit card fraud investigations that would soon make him an authority on the topic.
Global Payments, a credit card processor, experienced a system breach that compromised over 10 million credit cards. Krebs was one of the first to report on the breach, including unpublicized data like the number of affected credit unions and the rate of fraudulent activity on compromised accounts.
The following March, Krebs published an exposé on a cybercrime website that sold credit reports and SSNs. Hours later, a DDoS attack was launched against Krebs’ blog, and shortly after that, Krebs opened his door to find a SWAT team pointing guns at him.
Someone, presumably in response to the credit report post, had SWATted Krebs: falsely called him in to the police as an armed and dangerous threat. Though Krebs was quickly able to sort things out with the police, it was a harrowing experience that marked one of the first times a journalist had been SWATted.
Undeterred by the threat, Krebs continued his reporting. That October, he discovered that credit bureau Experian had sold hundreds of thousands of customers’ personal and financial data to an identity theft service.
And that December, he broke the biggest story of his career: 40 million credit cards had been compromised by a data breach at Target.
Using his undercover skills, Krebs tracked down the black market website where the stolen credit cards were being sold. He contacted Target, which had not yet disclosed the breach but was given the cold shoulder — so, feeling that the public deserved to know, he published his story.
The following day, Target finally admitted that there had been a data breach. By this time, nearly a million people had come to Krebs’ blog to read about the Target breach.
But this publicity had also made Krebs a prime target for cybercriminals: one used his identity to open a $20,000 credit line, while another mailed him 13 bags of heroin, then called the FBI to “rat him out”.
The Mirai Melee
Ever the diligent reporter, Krebs continued posting about data breaches and other cybercrime. He was on the front lines of the Neiman Marcus data breach, the Ashley Madison leak, and the abrupt shutdown of disk encrypting software TrueCrypt.
But he became the subject of his own story yet again in 2016 when he exposed the creators of the Mirai botnet.
Originally created by a college student to conduct DDoS attacks against rival Minecraft servers, Mirai was a simple yet sophisticated botnet that turned millions of IoT devices into unwitting members of its army. It was able to conduct DDoS attacks fifty times more powerful than had ever been seen before — and after Krebs published a post on it, he became its latest victim.
The DDoS attack against Krebs’ blog was record-setting: most attacks maxed out at around 2 Gbps, but Krebs was hit with 665 Gbps of traffic. His host, Akamai, informed him that it would no longer be able to host the blog, but Krebs was able to find a new home with Google’s Project Shield.
More determined than ever to stop Mirai, Krebs did some sleuthing and soon published a new post identifying the creators of the botnet: Paras Jha, Josiah White, and Dalton Norman. Shortly after that, the three hackers were arrested — and Krebs’ blog became more popular than ever.
Krebs Makes New Enemies
In 2018, Krebs published an article about the mining script Coinhive, which infected websites and hijacked visitors’ computers to mine cryptocurrency. In it, he named the creator of the script, who was also an administrator of a German imageboard.
Upon learning of this, the users of the imageboard banded together to get a bizarre form of revenge on Krebs. Playing on the German meaning of Krebs’ name, “cancer”, they raised $245,000 to donate to a cancer charity, giving the campaign its own hashtag: #KrebsIsCancer.
2021 saw Krebs make an enemy of a different sort. He published a post regarding a data breach at Ubiquiti, a networking equipment company, which he claimed was downplaying the attack.
Ubiquiti sued Krebs for defamation, claiming that his source for the accusation of downplaying was a former developer who was actually the person behind the attack. However, many in the cybersecurity community criticized the lawsuit as a freedom of press violation against a respectable journalist.
Krebs and Ubiquiti eventually came to an agreement, with Krebs removing the article and Ubiquiti dropping the lawsuit.
Today, Krebs is still doing what he does best: keeping the public informed about cybersecurity, regardless of who he angers. Recent posts have covered everything from a T-Mobile data breach to the arrest of Finland’s most-wanted hacker to yet another Experian hack.
Join Our Community
Brian Krebs: Chronicler of Cybercrime
Gaining a following (and making a living) as an independent journalist isn’t easy, even if you’ve got the illustrious background that Brian Krebs has.
But his intrepid undercover reporting, as well as his fearless mentality, have made Krebs on Security one of the most widely-read cybersecurity blogs ever created.
From tools of cyberwarfare to international data breaches to highly personal hacks, Krebs has made it his life’s mission to chronicle the world’s wildest tech stories — and break the news that nobody else dares to touch.
Brian Krebs Demystifies Today’s Hacker (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional