Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Brian Krebs

From Wikipedia, the free encyclopedia
American journalist

Brian Krebs
Born1972 (age 52–53)
Alabama, U.S.
EducationB.A. inInternational Relations,George Mason University, 1994
Occupation(s)Security journalist
Investigative reporter
OrganizationThe Washington Post (1995–2009)
Known forCoverage of profit-seekingcybercriminals
Websitekrebsonsecurity.com

Brian Krebs (born 1972) is an Americanjournalist andinvestigative reporter. He is best known for his coverage of profit-seekingcybercriminals.[1] Krebs is the author of a dailyblog, KrebsOnSecurity.com, coveringcomputer security andcybercrime. From 1995 to 2009, Krebs was a reporter forThe Washington Post and covered tech policy, privacy and computer security as well as authoring theSecurity Fix blog.

Early life and education

[edit]

Born in 1972 inAlabama,[1] Krebs earned aB.A. inInternational Relations fromGeorge Mason University in 1994.[2] His interest in cybercriminals grew after acomputer worm locked him out of his own computer in 2001.[1]

Career

[edit]

1999–2007

[edit]

Krebs started his career atThe Washington Post in the circulation department. From there, he obtained a job as a copy aide in the Post newsroom, where he split his time between sorting mail and taking dictation from reporters in the field. Krebs also worked as an editorial aide for the editorial department and the financial desk. In 1999, Krebs went to work as a staff writer for Newsbytes.com, a technology newswire owned byThe Washington Post.[3]

When thePost sold Newsbytes in 2002, Krebs transitioned to Washingtonpost.com inArlington, Virginia as a full-time staff writer. Krebs's stories appeared in both the print edition of the paper and Washingtonpost.com. In 2005, Krebs launched theSecurity Fix blog, a daily blog centered around computer security, cyber crime and tech policy. In December 2009, Krebs left Washingtonpost.com and launched KrebsOnSecurity.com.

Krebs has focused his reporting at his blog on the fallout from the activities of several organized cybercrime groups operating out ofeastern Europe that have stolen tens of millions of dollars from small to mid-sized businesses throughonlinebanking fraud.[4] Krebs has written more than 75 stories about small businesses and other organizations that were victims of online banking fraud, an increasingly costly and common form of cybercrime.

2008–2012

[edit]

Krebs wrote a series of investigative stories that culminated in the disconnection or dissolution of several Internet service providers that experts said catered primarily to cyber criminals. In August 2008, a series of articles he wrote forThe Washington Post'sSecurity Fix blog led to the unplugging of anorthern California based hosting provider known as Intercage or Atrivo.[5]

During that same time, Krebs published a two-part investigation on illicit activity at domain name registrarEstDomains, one of Atrivo's biggest customers, showing that the company's president, Vladimir Tšaštšin, recently had been convicted ofcredit card fraud, document forgery andmoney laundering.[6] Two months later, theInternet Corporation for Assigned Names and Numbers (ICANN), the entity charged with overseeing the domain registration industry, revoked EstDomains' charter, noting that Tšaštšin's convictions violated an ICANN policy that prohibits officers of a registrar from having a criminal record.[7] In November 2011, Tšaštšin and five other men would be arrested byEstonian authorities and charged with running a massiveclick fraud operation with the help of the DNS Changer Trojan.[8]

In November 2008, Krebs published an investigative series that led to the disconnection ofMcColo, another northern California hosting firm that experts said was home to control networks for most of the world's largestbotnets.[9] As a result of Krebs's reporting, both of McColo's upstream Internet providers disconnected McColo from the rest of the Internet, causing an immediate and sustained drop in the volume ofjunk e-mail sent worldwide. Estimates of the amount and duration of the decline in spam due to the McColo takedown vary, from 40 percent to 70 percent, and from a few weeks to several months.[10]

Krebs is credited with being the first journalist, in 2010, to report on the malware that would later become known asStuxnet.[11] In 2012, he was cited in a follow-up to another breach ofcredit anddebit card data, in this case potentially more than 10 million Visa and MasterCard accounts with transactions handled byGlobal Payments Inc. ofAtlanta, Georgia.[12]

2013–present

[edit]

On March 14, 2013, Krebs became one of the first journalists to become a victim ofswatting.[13]

On December 18, 2013, Krebs broke the story thatTarget Corporation had been breached of 40 million credit cards. Six days later, Krebs identified a Ukrainian man who Krebs said was behind a primary black market site selling Target customers' credit and debit card information for as much asUS$100 apiece.[14] In 2014, Krebs published a book calledSpam Nation: The Inside Story of Organized Cybercrime—from Global Epidemic to Your Front Door, which went on to win a 2015PROSE Award.[15][16]

In 2016, Krebs's blog was the target of one of the largest everDDoS attacks using theMirai malware,[17] apparently in retaliation for Krebs's role in investigating the vDOS botnet.[18][19][20]Akamai, which was hosting the blog on apro bono basis, quit hosting his blog as a result of the attack, causing it to shut down.[21] As of September 25, 2016[update],Google'sProject Shield had taken over the task of protecting his site, also on apro-bono basis.[22]

An article by Krebs on 27 March 2018 on KrebsOnSecurity.com about the mining software company and script "Coinhive" where Krebs published the names of admins of the Germanimageboardpr0gramm, as a former admin is the inventor of the script and owner of the company, was answered by an unusual protest action by the users of that imageboard. Using the pun of "Krebs" meaning "Cancer" inGerman, they donated to charitable organisations fighting against those diseases, collecting more than 200,000 Euro of donations until the evening of 28 March to theDeutsche Krebshilfe charity.[23]

Prior to 2021, his investigation ofFirst American Financial's prior data breach led to an SEC investigation that concluding that "ensuing company disclosures preceded executives’ knowledge of unaddressed, months-old IT security reports."[24]

Awards and recognition

[edit]
  • 2004 –Carnegie Mellon CyLab Cybersecurity Journalism Award of Merit[25]
  • 2005 –CNET News.com listedSecurity Fix as one of the top 100 blogs, saying "Good roundup of significant security issues. The Washington Post's Brian Krebs offers a userful, first-person perspective".[26]
  • 2009 – Winner ofCisco Systems' 1st Annual "Cyber Crime Hero" Award[27]
  • 2010 – Security Bloggers Network, "Best Non-Technical Security Blog"[28]
  • 2010 – SANS Institute Top Cybersecurity Journalist Award[29]
  • 2011 – Security Bloggers Network, "Blog That Best Represents the Industry"[30]
  • 2014 – National Press Foundation, "Chairman's Citation Award"[31]
  • 2017 – ISSA's President's Award For Public Service[32]
  • 2019 – CISO MAG’s Cybersecurity Person of the Year[33]

See also

[edit]

Topics of Krebs's work:

References

[edit]
  1. ^abcPerlroth, Nicole. "Reporting From the Web's Underbelly."The New York Times. Retrieved February 28, 2014.
  2. ^Krebs, Brian."Symposium III: Cybersecurity". UC Santa Barbara. Archived fromthe original on August 17, 2012. RetrievedJuly 27, 2013.
  3. ^Weise, Karen (January 16, 2014)."Brian Krebs: The cybersecurity blogger hackers love to hate".Business Week. Archived fromthe original on January 17, 2014. RetrievedJanuary 17, 2014.
  4. ^"Target: Small Businesses". Krebs On Security. Archived fromthe original on February 24, 2017. RetrievedFebruary 23, 2017.
  5. ^Krebs, Brian."Security Fix — Report Slams U.S. Host as Major Source of Badware". Voices.washingtonpost.com. Archived fromthe original on September 3, 2008. RetrievedFebruary 14, 2012.
  6. ^Krebs, Brian."Security Fix — EstDomains: A Sordid History and a Storied CEO". Voices.washingtonpost.com. Archived fromthe original on July 9, 2009. RetrievedFebruary 14, 2012.
  7. ^Krebs, Brian."Security Fix — ICANN De-Accredits EstDomains for CEO's Fraud Convictions". Voices.washingtonpost.com. Archived fromthe original on July 21, 2012. RetrievedFebruary 14, 2012.
  8. ^"The United States Department of Justice — United States Attorney's Office". Justice.gov. November 9, 2011. RetrievedFebruary 14, 2012.[permanent dead link]
  9. ^Krebs, Brian (November 11, 2008)."Major Source of Online Scams and Spams Knocked Offline".The Washington Post. Archived fromthe original on March 23, 2009.
  10. ^"McColo Outage". Cbl.abuseat.org. Archived fromthe original on December 18, 2008. RetrievedFebruary 14, 2012.
  11. ^Gross, Michael Joseph (March 2, 2011)."Stuxnet Worm: A Declaration of Cyber-War".Vanity Fair. RetrievedSeptember 25, 2016.
  12. ^Waters, Jennifer (March 30, 2012)."What to do if you fear your credit card's hacked".MarketWatch.
  13. ^Jackman, Tom (March 27, 2013)."'SWATing,' the seamy 'underweb,' and award-winning Fairfax cybercrime journalist Brian Krebs".The Washington Post. RetrievedJuly 27, 2013.
  14. ^Perlroth, Nicole (December 24, 2013)."Who Is Selling Target's Data?". The New York Times Company. RetrievedDecember 27, 2013.
  15. ^PROSE Awards."PROSE Awards: Winners".proseawards.com.
  16. ^"'Spam Nation' Wins PROSE Award – Krebs on Security". February 17, 2015. RetrievedMarch 20, 2025.
  17. ^"The internet of stings".The Economist. October 8, 2016.
  18. ^Ms. Smith (September 11, 2016)."Krebs' site under attack after alleged owners of DDoS-for-hire service were arrested". Network World. Archived fromthe original on September 12, 2016. RetrievedSeptember 25, 2016.
  19. ^"Massive web attack hits security blogger".BBC. September 22, 2016. RetrievedSeptember 25, 2016.
  20. ^Kovacs, Eduard (September 21, 2016)."Brian Krebs' Blog Hit by 665 Gbps DDoS Attack". Security Week. RetrievedSeptember 25, 2016.
  21. ^Evans, Steve (September 23, 2016)."Krebs Website Offline After Akamai Withdraws DDoS Protection".Infosecurity Magazine. RetrievedSeptember 23, 2016.
  22. ^Krebs, Brian (September 25, 2016)."The Democratization of Censorship". Krebs On Security.
  23. ^Catalin Cimpanu:Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article. bleepingcomputer.com, 28 March 2018
  24. ^Noah Barsky (August 31, 2021)."The SEC Exposed Cybersecurity's Fatal Flaw — Executive Resistance To Bad News".Forbes.
  25. ^"2004 Cybersecurity Journalism Awards :: CyLab". Cylab.cmu.edu. Archived fromthe original on March 6, 2006. RetrievedFebruary 14, 2012.
  26. ^"News.com's Blog 100 | CNET News.com". News.com.com. RetrievedFebruary 14, 2012.[permanent dead link]
  27. ^"Security"(PDF).Cisco. July 17, 2015.
  28. ^"RSA Conference | Security Blogger Meetup | They're all winners". Archived fromthe original on March 5, 2013. RetrievedJanuary 15, 2014.
  29. ^"2010 Top Cyber Security Journalist Award Winners". SANS. February 10, 2012. RetrievedFebruary 14, 2012.
  30. ^"RSA Conference | Security Blogger Meetup | And the Winners Are". 365.rsaconference.com. Archived fromthe original on February 14, 2012. RetrievedFebruary 14, 2012.
  31. ^"The 2014 Chairman's Citation Winner". RetrievedNovember 10, 2015.
  32. ^"ISSA International Awards".
  33. ^"Brian Krebs is the CISO MAG Cybersecurity Person of the Year". May 29, 2023.

External links

[edit]
International
National
Academics
Other
Retrieved from "https://en.wikipedia.org/w/index.php?title=Brian_Krebs&oldid=1281438880"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp