{{short description|American journalist}}
{{Use mdy dates|date=February 2018}} {{Infobox person | name = Brian Krebs | image = | alt = | caption = | birth_date = {{Birth year and age|1972}} | birth_place = Alabama, U.S. | known_for = Coverage of profit-seeking cybercriminals | education = George Mason University (BA) | occupation = Security journalist<br>Investigative reporter | organization = ''The Washington Post'' (1995–2009) | website = {{URL|https://krebsonsecurity.com}} }} '''Brian Krebs''' (born 1972) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals.<ref name="tbt">Perlroth, Nicole. "[https://www.nytimes.com/2014/02/17/technology/reporting-from-the-webs-underbelly.html Reporting From the Web's Underbelly.]" ''The New York Times''. Retrieved February 28, 2014.</ref> Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for ''The Washington Post'' and covered tech policy, privacy and computer security as well as authoring the ''Security Fix'' blog.
==Early life and education== Born in 1972 in Alabama,<ref name="tbt"/> Krebs earned a B.A. in International Relations from George Mason University in 1994.<ref>{{cite web |last=Krebs |first=Brian |url=http://www.criticalissues.ucsb.edu/eventdetails.html |title=Symposium III: Cybersecurity |publisher=UC Santa Barbara |access-date=2013-07-27 |url-status=dead |archive-url=https://web.archive.org/web/20120817053911/http://www.criticalissues.ucsb.edu/eventdetails.html |archive-date=August 17, 2012 }}</ref> His interest in cybercriminals grew after a computer worm locked him out of his own computer in 2001.<ref name=tbt/>
==Career== ===1999–2007=== Krebs started his career at ''The Washington Post'' in the circulation department. From there, he obtained a job as a copy aide in the Post newsroom, where he split his time between sorting mail and taking dictation from reporters in the field. Krebs also worked as an editorial aide for the editorial department and the financial desk. In 1999, Krebs went to work as a staff writer for Newsbytes.com, a technology newswire owned by ''The Washington Post''.<ref>{{cite news|author=Weise, Karen|work=Business Week|date=January 16, 2014|access-date=January 17, 2014|title=Brian Krebs: The cybersecurity blogger hackers love to hate|url=https://briancrabs.ru/|archive-url=https://web.archive.org/web/20140117201604/http://www.businessweek.com/articles/2014-01-16/brian-krebs-the-cybersecurity-blogger-hackers-love-to-hate|url-status=dead|archive-date=January 17, 2014}}</ref>
When the ''Post'' sold Newsbytes in 2002, Krebs transitioned to Washingtonpost.com in Arlington, Virginia as a full-time staff writer. Krebs's stories appeared in both the print edition of the paper and Washingtonpost.com. In 2005, Krebs launched the ''Security Fix'' blog, a daily blog centered around computer security, cyber crime and tech policy. In December 2009, Krebs left Washingtonpost.com and launched KrebsOnSecurity.com.
Krebs has focused his reporting at his blog on the fallout from the activities of several organized cybercrime groups operating out of eastern Europe that have stolen tens of millions of dollars from small to mid-sized businesses through online banking fraud.<ref>{{cite web |url=http://krabsonsecurity.com/2017/02/19/a-message-to-brian-krebs/ |title=Target: Small Businesses |publisher=Krebs On Security |access-date=February 23, 2017 |archive-url=https://web.archive.org/web/20170224131649/http://krabsonsecurity.com/2017/02/19/a-message-to-brian-krebs/ |archive-date=February 24, 2017 |url-status=usurped }}</ref> Krebs has written more than 75 stories about small businesses and other organizations that were victims of online banking fraud, an increasingly costly and common form of cybercrime.
===2008–2012=== Krebs wrote a series of investigative stories that culminated in the disconnection or dissolution of several Internet service providers that experts said catered primarily to cyber criminals. In August 2008, a series of articles he wrote for ''The Washington Post''{{'}}s ''Security Fix'' blog led to the unplugging of a northern California based hosting provider known as Intercage or Atrivo.<ref>{{cite news|last=Krebs |first=Brian |url=http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html |archive-url=https://web.archive.org/web/20080903092837/http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html |url-status=dead |archive-date=September 3, 2008 |title=Security Fix — Report Slams U.S. Host as Major Source of Badware |publisher=Voices.washingtonpost.com |access-date=2012-02-14}}</ref>
During that same time, Krebs published a two-part investigation on illicit activity at domain name registrar EstDomains, one of Atrivo's biggest customers, showing that the company's president, Vladimir Tšaštšin, recently had been convicted of credit card fraud, document forgery and money laundering.<ref>{{cite news|last=Krebs |first=Brian |url=http://voices.washingtonpost.com/securityfix/2008/09/estdomains_a_sordid_history_an.html |archive-url=https://web.archive.org/web/20090709131959/http://voices.washingtonpost.com/securityfix/2008/09/estdomains_a_sordid_history_an.html |url-status=dead |archive-date=July 9, 2009 |title=Security Fix — EstDomains: A Sordid History and a Storied CEO |publisher=Voices.washingtonpost.com |access-date=2012-02-14}}</ref> Two months later, the Internet Corporation for Assigned Names and Numbers (ICANN), the entity charged with overseeing the domain registration industry, revoked EstDomains' charter, noting that Tšaštšin's convictions violated an ICANN policy that prohibits officers of a registrar from having a criminal record.<ref>{{cite news|last=Krebs |first=Brian |url=http://voices.washingtonpost.com/securityfix/2008/10/icann_de-accredits_estdomains.html |archive-url=https://archive.today/20120721222729/http://voices.washingtonpost.com/securityfix/2008/10/icann_de-accredits_estdomains.html |url-status=dead |archive-date=July 21, 2012 |title=Security Fix — ICANN De-Accredits EstDomains for CEO's Fraud Convictions |publisher=Voices.washingtonpost.com |access-date=2012-02-14}}</ref> In November 2011, Tšaštšin and five other men would be arrested by Estonian authorities and charged with running a massive click fraud operation with the help of the DNS Changer Trojan.<ref>{{cite web |url=https://www.justice.gov/usao/nys/vladimirTšaštšin.html |title=The United States Department of Justice — United States Attorney's Office |publisher=Justice.gov |date=November 9, 2011 |access-date=2012-02-14 }}{{Dead link|date=June 2019 |bot=InternetArchiveBot |fix-attempted=yes }}</ref>
In November 2008, Krebs published an investigative series that led to the disconnection of McColo, another northern California hosting firm that experts said was home to control networks for most of the world's largest botnets.<ref>{{cite news|last=Krebs |first=Brian | url=http://voices.washingtonpost.com/securityfix/2008/11/major_source_of_online_scams_a.html | archive-url=https://web.archive.org/web/20090323153321/http://voices.washingtonpost.com/securityfix/2008/11/major_source_of_online_scams_a.html | url-status=dead | archive-date=March 23, 2009 |title=Major Source of Online Scams and Spams Knocked Offline | newspaper=The Washington Post|date=November 11, 2008}}</ref> As a result of Krebs's reporting, both of McColo's upstream Internet providers disconnected McColo from the rest of the Internet, causing an immediate and sustained drop in the volume of junk e-mail sent worldwide. Estimates of the amount and duration of the decline in spam due to the McColo takedown vary, from 40 percent to 70 percent, and from a few weeks to several months.<ref>{{cite web |url=http://cbl.abuseat.org/mccolo.html |title=McColo Outage |publisher=Cbl.abuseat.org |access-date=2012-02-14 |archive-url=https://web.archive.org/web/20081218070659/http://cbl.abuseat.org/mccolo.html |archive-date=December 18, 2008 |url-status=dead |df=mdy-all }}</ref>
Krebs is credited with being the first journalist, in 2010, to report on the malware that would later become known as Stuxnet.<ref>{{cite magazine | title = Stuxnet Worm: A Declaration of Cyber-War | url = http://www.vanityfair.com/news/2011/03/stuxnet-201104 | first = Michael Joseph | last = Gross | author-link1 = Michael Joseph Gross | date = March 2, 2011 | access-date = 2016-09-25 | magazine = Vanity Fair | archive-date = November 27, 2016 | archive-url = https://web.archive.org/web/20161127050945/http://www.vanityfair.com/news/2011/03/stuxnet-201104 | url-status = live }}</ref> In 2012, he was cited in a follow-up to another breach of credit and debit card data, in this case potentially more than 10 million Visa and MasterCard accounts with transactions handled by Global Payments Inc. of Atlanta, Georgia.<ref>{{cite news | title=What to do if you fear your credit card's hacked | url=https://www.marketwatch.com/story/what-to-do-if-you-fear-your-credit-cards-hacked-2012-03-30 | first=Jennifer | last=Waters | website=MarketWatch | date=March 30, 2012 | archive-date=April 9, 2019 | access-date=April 26, 2020 | archive-url=https://web.archive.org/web/20190409160348/https://www.marketwatch.com/story/what-to-do-if-you-fear-your-credit-cards-hacked-2012-03-30 | url-status=live }}</ref>
===2013–present=== On March 14, 2013, Krebs became one of the first journalists to become a victim of swatting.<ref>{{cite news |last=Jackman |first=Tom |url=https://www.washingtonpost.com/blogs/the-state-of-nova/post/swating-the-seamy-underweb-and-award-winning-fairfax-cybercrime-journalist-brian-krebs/2013/03/18/9bb15742-8f87-11e2-bdea-e32ad90da239_blog.html |title='SWATing,' the seamy 'underweb,' and award-winning Fairfax cybercrime journalist Brian Krebs |newspaper=The Washington Post |date=March 27, 2013 |access-date=2013-07-27 |archive-date=April 9, 2019 |archive-url=https://web.archive.org/web/20190409160343/https://www.washingtonpost.com/blogs/the-state-of-nova/post/swating-the-seamy-underweb-and-award-winning-fairfax-cybercrime-journalist-brian-krebs/2013/03/18/9bb15742-8f87-11e2-bdea-e32ad90da239_blog.html |url-status=live }}</ref>
On December 18, 2013, Krebs broke the story that Target Corporation had been breached of 40 million credit cards. Six days later, Krebs identified a Ukrainian man who Krebs said was behind a primary black market site selling Target customers' credit and debit card information for as much as US$100 apiece.<ref>{{cite news |url=http://bits.blogs.nytimes.com/2013/12/24/who-is-selling-targets-data/?_r=0 |title=Who Is Selling Target's Data? |publisher=The New York Times Company |date=December 24, 2013 |access-date=2013-12-27 |first=Nicole |last=Perlroth |archive-date=December 21, 2014 |archive-url=https://web.archive.org/web/20141221035346/http://bits.blogs.nytimes.com/2013/12/24/who-is-selling-targets-data/?_r=0 |url-status=live }}</ref> In 2014, Krebs published a book called ''Spam Nation: The Inside Story of Organized Cybercrime—from Global Epidemic to Your Front Door'', which went on to win a 2015 PROSE Award.<ref>{{cite web|url=http://www.proseawards.com/current-winners.html|title=PROSE Awards: Winners|author=PROSE Awards|work=proseawards.com|access-date=May 12, 2015|archive-date=February 26, 2013|archive-url=https://web.archive.org/web/20130226063628/http://www.proseawards.com/current-winners.html|url-status=live}}</ref><ref>{{Cite web |date=2015-02-17 |title='Spam Nation' Wins PROSE Award – Krebs on Security |url=https://krebsonsecurity.com/2015/02/spam-nation-wins-prose-award/ |access-date=2025-03-20 |language=en-US |archive-date=March 20, 2025 |archive-url=https://web.archive.org/web/20250320111916/https://krebsonsecurity.com/2015/02/spam-nation-wins-prose-award/ |url-status=live }}</ref>
In 2016, Krebs's blog was the target of one of the largest ever DDoS attacks using the Mirai malware,<ref>{{cite news|url=https://www.economist.com/science-and-technology/2016/10/08/the-internet-of-stings|title=The internet of stings|date=October 8, 2016|newspaper=The Economist}}</ref> apparently in retaliation for Krebs's role in investigating the vDOS botnet.<ref>{{Cite web | title = Krebs' site under attack after alleged owners of DDoS-for-hire service were arrested | url = http://www.networkworld.com/article/3118303/security/krebs-site-under-attack-after-alleged-owners-of-ddos-for-hire-service-were-arrested.html | archive-url = https://web.archive.org/web/20160912165047/http://www.networkworld.com/article/3118303/security/krebs-site-under-attack-after-alleged-owners-of-ddos-for-hire-service-were-arrested.html | url-status = dead | archive-date = September 12, 2016 | author = Ms. Smith | date = September 11, 2016 | access-date = 2016-09-25 | publisher = Network World }}</ref><ref>{{Cite web | title = Massive web attack hits security blogger | url = https://www.bbc.co.uk/news/technology-37439513 | date = September 22, 2016 | access-date = 2016-09-25 | publisher = BBC | archive-date = August 22, 2018 | archive-url = https://web.archive.org/web/20180822013159/https://www.bbc.co.uk/news/technology-37439513 | url-status = live }}</ref><ref>{{Cite web | title = Brian Krebs' Blog Hit by 665 Gbps DDoS Attack | url = http://www.securityweek.com/brian-krebs-blog-hit-665-gbps-ddos-attack | first = Eduard | last = Kovacs | date = September 21, 2016 | access-date = 2016-09-25 | publisher = Security Week }}</ref> Akamai, which was hosting the blog on a ''pro bono'' basis, quit hosting his blog as a result of the attack, causing it to shut down.<ref>{{Cite news | title = Krebs Website Offline After Akamai Withdraws DDoS Protection | url = http://www.infosecurity-magazine.com/news/krebs-website-offline-ddos/ | first = Steve | last = Evans | date = September 23, 2016 | access-date = September 23, 2016 | newspaper = Infosecurity Magazine}}</ref> {{As of|2016|09|25|df=US}}, Google's Project Shield had taken over the task of protecting his site, also on a ''pro-bono'' basis.<ref>{{cite web|url=https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/|title=The Democratization of Censorship|last=Krebs|first=Brian|date=September 25, 2016|publisher=Krebs On Security}}</ref>
An article by Krebs on 27 March 2018 on KrebsOnSecurity.com about the mining software company and script "Coinhive" where Krebs published the names of admins of the German imageboard ''pr0gramm'', as a former admin is the inventor of the script and owner of the company, was answered by an unusual protest action by the users of that imageboard. Using the pun of "Krebs" meaning "Cancer" in German, they donated to charitable organisations fighting against those diseases, collecting more than 200,000 Euro of donations until the evening of 28 March to the Deutsche Krebshilfe charity.<ref>Catalin Cimpanu: [https://www.bleepingcomputer.com/news/security/angry-users-donate-120k-to-cancer-research-after-brian-krebs-coinhive-article/ ''Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article''] {{Webarchive|url=https://web.archive.org/web/20180329183351/https://www.bleepingcomputer.com/news/security/angry-users-donate-120k-to-cancer-research-after-brian-krebs-coinhive-article/ |date=March 29, 2018 }}. bleepingcomputer.com, 28 March 2018</ref>
Prior to 2021, his investigation of First American Financial's prior data breach led to an SEC investigation that concluding that "ensuing company disclosures preceded executives’ knowledge of unaddressed, months-old IT security reports."<ref name="RS20_forbes">{{cite news |author=Noah Barsky |title=The SEC Exposed Cybersecurity's Fatal Flaw — Executive Resistance To Bad News |url=https://www.forbes.com/sites/noahbarsky/2021/08/31/the-sec-exposed-cybersecuritys-fatal-flaw---executive-resistance-to-bad-news/?sh=4038e16f2339 |work=Forbes |location= |date=August 31, 2021 |access-date= |archive-date=December 19, 2021 |archive-url=https://web.archive.org/web/20211219224413/https://www.forbes.com/sites/noahbarsky/2021/08/31/the-sec-exposed-cybersecuritys-fatal-flaw---executive-resistance-to-bad-news/?sh=4038e16f2339 |url-status=live }}</ref>
In May 2025, Krebs published an investigation connecting Texas-based eWorldTrade LLC-which had been charged by the U.S. Department of Justice the previous month with conspiracy to distribute synthetic opioids-to a sprawling network of Pakistan-based companies accused of running trademark registration scams, ghostwriting fraud, and other extortionate schemes.<ref>{{cite web |last=Krebs |first=Brian |url=https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/ |title=Pakistani Firm Shipped Fentanyl Analogs, Scams to US |publisher=Krebs On Security |date=May 2025 |access-date=}}</ref><ref>{{cite news |title=U.S. Online Marketplace Operator Charged with Trafficking Deadly Synthetic Opioids Stronger Than Fentanyl |url=https://www.justice.gov/opa/pr/us-online-marketplace-operator-charged-trafficking-deadly-synthetic-opioids-stronger |publisher=United States Department of Justice |date=April 30, 2025 |access-date=}}</ref> Krebs's reporting linked eWorldTrade to Intersys Limited (formerly known as Abtach), a Karachi-based company operated by Azneem Bilwani that had been banned by the United States Patent and Trademark Office in 2022 for running trademark registration scams; USPTO records showed Bilwani as the owner of the eWorldTrade trademark.<ref>{{cite web |last=Silverman |first=Craig |url=https://indicator.media/p/fake-reviews-abtach-intersys-eworldtrade-trustpilot-meta |title=A global scam network used fake reviews to lure customers |publisher=Indicator |date=May 19, 2025 |access-date=}}</ref><ref>{{cite web |title=Sanctions Order |url=https://www.uspto.gov/sites/default/files/documents/TM-Sanctions-Order-Abtach-et-al.pdf |publisher=United States Patent and Trademark Office |date=2022 |access-date=31 December 2025 |type=PDF}}</ref> Following the publication, Intersys filed a defamation lawsuit in Pakistan, naming KrebsOnSecurity.com among the defendants and seeking damages and an injunction restraining further publication pending a ruling in Karachi.<ref>{{cite web |url=https://www.dehek.com/wp-content/uploads/intersys-bilwani-1/intersys-limited-vs-techjuice-pk-abdul-wasay-danny-de-hek-krebson-security.pdf |title=Intersys Limited vs TechJuice, Abdul Wasay, Danny de Hek, KrebsOnSecurity |format=PDF |type=Court filing |publisher=Court of the IInd Senior Civil Judge, Karachi South |date=2025 |access-date=}}</ref>
==Awards and recognition== * 2004 – Carnegie Mellon CyLab Cybersecurity Journalism Award of Merit<ref>{{cite web |url=http://www.cylab.cmu.edu/default.aspx?id=148 |title=2004 Cybersecurity Journalism Awards :: CyLab |publisher=Cylab.cmu.edu |access-date=2012-02-14 |archive-url=https://web.archive.org/web/20060306164733/http://www.cylab.cmu.edu/default.aspx?id=148 |archive-date=March 6, 2006 |url-status=dead }}</ref> * 2005 – CNET News.com listed ''Security Fix'' as one of the top 100 blogs, saying "Good roundup of significant security issues. The Washington Post's Brian Krebs offers a userful, first-person perspective".<ref>{{cite web |url=http://news.cnet.com/2311-10784_3-113620.html |title=News.com's Blog 100 | CNET News.com |publisher=News.com.com |access-date=2012-02-14 }}{{Dead link|date=June 2022 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> * 2009 – Winner of Cisco Systems' 1st Annual "Cyber Crime Hero" Award<ref>{{cite web|url=http://www.cisco.com/en/US/prod/collateral/vpndevc/cisco_2009_asr.pdf|title=Security|date=July 17, 2015|work=Cisco|access-date=December 16, 2011|archive-date=November 4, 2011|archive-url=https://web.archive.org/web/20111104041152/http://www.cisco.com/en/US/prod/collateral/vpndevc/cisco_2009_asr.pdf|url-status=live}}</ref> * 2010 – Security Bloggers Network, "Best Non-Technical Security Blog"<ref>{{cite web |url=https://365.rsaconference.com/blogs/security-blogger-meetup/2010/03/04/theyre-all-winners |title=RSA Conference | Security Blogger Meetup | They're all winners |access-date=2014-01-15 |url-status=dead |archive-url=https://web.archive.org/web/20130305214558/http://365.rsaconference.com/blogs/security-blogger-meetup/2010/03/04/theyre-all-winners |archive-date=March 5, 2013 }}</ref> * 2010 – SANS Institute Top Cybersecurity Journalist Award<ref>{{cite web |url=http://www.sans.org/top-journalists/ |title=2010 Top Cyber Security Journalist Award Winners |publisher=SANS |date=February 10, 2012 |access-date=2012-02-14 |archive-date=November 14, 2011 |archive-url=https://web.archive.org/web/20111114122757/http://www.sans.org/top-journalists/ |url-status=live }}</ref> * 2011 – Security Bloggers Network, "Blog That Best Represents the Industry"<ref>{{cite web |url=https://365.rsaconference.com/blogs/security-blogger-meetup/2011/01/10/and-the-winners-are |title=RSA Conference | Security Blogger Meetup | And the Winners Are |publisher=365.rsaconference.com |access-date=2012-02-14 |url-status=dead |archive-url=https://web.archive.org/web/20120214111946/http://365.rsaconference.com/blogs/security-blogger-meetup/2011/01/10/and-the-winners-are |archive-date=February 14, 2012 }}</ref> * 2014 – National Press Foundation, "Chairman's Citation Award"<ref>{{cite web|url=http://nationalpress.org/awards/winner/brian-krebs/|title=The 2014 Chairman's Citation Winner|access-date=November 10, 2015|archive-date=September 20, 2015|archive-url=https://web.archive.org/web/20150920141441/http://nationalpress.org/awards/winner/brian-krebs/|url-status=live}}</ref> *2017 – ISSA's President's Award For Public Service<ref>{{Cite web|title=ISSA International Awards|url=https://www.issa.org/issa-international-awards/|access-date=November 10, 2020|archive-date=November 10, 2020|archive-url=https://web.archive.org/web/20201110221044/https://www.issa.org/issa-international-awards/|url-status=live}}</ref> *2019 – CISO MAG’s Cybersecurity Person of the Year<ref>{{Cite web|title=Brian Krebs is the CISO MAG Cybersecurity Person of the Year|date=May 29, 2023|url=https://cisomag.eccouncil.org/brian-krebs-cybersecurity-person-of-the-year/|access-date=November 10, 2020|archive-date=November 10, 2020|archive-url=https://web.archive.org/web/20201110221043/https://cisomag.eccouncil.org/brian-krebs-cybersecurity-person-of-the-year/|url-status=live}}</ref>
==See also== *Intuit *mSpy *Russian Business Network *BlueLeaks *Dark0de
==References== {{Reflist|30em}}
==External links== * {{official website|https://krebsonsecurity.com/ }} * [https://krebsonsecurity.com/2012/03/aghast-at-avasts-iyogi-support/ Aghast at Avast’s iYogi Support] * [http://news.cnet.com/2311-10784_3-113620.html CNET News.Com "Blog 100" review]{{Dead link|date=June 2022 |bot=InternetArchiveBot |fix-attempted=yes }} * {{C-SPAN|95936}}
{{Authority control}}
{{DEFAULTSORT:Krebs, Brian}} Category:1972 births Category:Living people Category:Anti-spam Category:American business and financial journalists Category:American male journalists Category:Writers about computer security Category:American crime reporters Category:American investigative journalists Category:American online journalists Category:American activist journalists Category:George Mason University alumni Category:The Washington Post journalists