Hubbry Logo
Brian KrebsBrian KrebsMain
Open search
Brian Krebs
Community hub
Brian Krebs
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Brian Krebs
Brian Krebs
Brian Krebs
View on Wikipedia
from Wikipedia

Brian Krebs (born 1972) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals.[1] Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.

Key Information

Early life and education

[edit]

Born in 1972 in Alabama,[1] Krebs earned a B.A. in International Relations from George Mason University in 1994.[2] His interest in cybercriminals grew after a computer worm locked him out of his own computer in 2001.[1]

Career

[edit]

1999–2007

[edit]

Krebs started his career at The Washington Post in the circulation department. From there, he obtained a job as a copy aide in the Post newsroom, where he split his time between sorting mail and taking dictation from reporters in the field. Krebs also worked as an editorial aide for the editorial department and the financial desk. In 1999, Krebs went to work as a staff writer for Newsbytes.com, a technology newswire owned by The Washington Post.[3]

When the Post sold Newsbytes in 2002, Krebs transitioned to Washingtonpost.com in Arlington, Virginia as a full-time staff writer. Krebs's stories appeared in both the print edition of the paper and Washingtonpost.com. In 2005, Krebs launched the Security Fix blog, a daily blog centered around computer security, cyber crime and tech policy. In December 2009, Krebs left Washingtonpost.com and launched KrebsOnSecurity.com.

Krebs has focused his reporting at his blog on the fallout from the activities of several organized cybercrime groups operating out of eastern Europe that have stolen tens of millions of dollars from small to mid-sized businesses through online banking fraud.[4] Krebs has written more than 75 stories about small businesses and other organizations that were victims of online banking fraud, an increasingly costly and common form of cybercrime.

2008–2012

[edit]

Krebs wrote a series of investigative stories that culminated in the disconnection or dissolution of several Internet service providers that experts said catered primarily to cyber criminals. In August 2008, a series of articles he wrote for The Washington Post's Security Fix blog led to the unplugging of a northern California based hosting provider known as Intercage or Atrivo.[5]

During that same time, Krebs published a two-part investigation on illicit activity at domain name registrar EstDomains, one of Atrivo's biggest customers, showing that the company's president, Vladimir Tšaštšin, recently had been convicted of credit card fraud, document forgery and money laundering.[6] Two months later, the Internet Corporation for Assigned Names and Numbers (ICANN), the entity charged with overseeing the domain registration industry, revoked EstDomains' charter, noting that Tšaštšin's convictions violated an ICANN policy that prohibits officers of a registrar from having a criminal record.[7] In November 2011, Tšaštšin and five other men would be arrested by Estonian authorities and charged with running a massive click fraud operation with the help of the DNS Changer Trojan.[8]

In November 2008, Krebs published an investigative series that led to the disconnection of McColo, another northern California hosting firm that experts said was home to control networks for most of the world's largest botnets.[9] As a result of Krebs's reporting, both of McColo's upstream Internet providers disconnected McColo from the rest of the Internet, causing an immediate and sustained drop in the volume of junk e-mail sent worldwide. Estimates of the amount and duration of the decline in spam due to the McColo takedown vary, from 40 percent to 70 percent, and from a few weeks to several months.[10]

Krebs is credited with being the first journalist, in 2010, to report on the malware that would later become known as Stuxnet.[11] In 2012, he was cited in a follow-up to another breach of credit and debit card data, in this case potentially more than 10 million Visa and MasterCard accounts with transactions handled by Global Payments Inc. of Atlanta, Georgia.[12]

2013–present

[edit]

On March 14, 2013, Krebs became one of the first journalists to become a victim of swatting.[13]

On December 18, 2013, Krebs broke the story that Target Corporation had been breached of 40 million credit cards. Six days later, Krebs identified a Ukrainian man who Krebs said was behind a primary black market site selling Target customers' credit and debit card information for as much as US$100 apiece.[14] In 2014, Krebs published a book called Spam Nation: The Inside Story of Organized Cybercrime—from Global Epidemic to Your Front Door, which went on to win a 2015 PROSE Award.[15][16]

In 2016, Krebs's blog was the target of one of the largest ever DDoS attacks using the Mirai malware,[17] apparently in retaliation for Krebs's role in investigating the vDOS botnet.[18][19][20] Akamai, which was hosting the blog on a pro bono basis, quit hosting his blog as a result of the attack, causing it to shut down.[21] As of September 25, 2016, Google's Project Shield had taken over the task of protecting his site, also on a pro-bono basis.[22]

An article by Krebs on 27 March 2018 on KrebsOnSecurity.com about the mining software company and script "Coinhive" where Krebs published the names of admins of the German imageboard pr0gramm, as a former admin is the inventor of the script and owner of the company, was answered by an unusual protest action by the users of that imageboard. Using the pun of "Krebs" meaning "Cancer" in German, they donated to charitable organisations fighting against those diseases, collecting more than 200,000 Euro of donations until the evening of 28 March to the Deutsche Krebshilfe charity.[23]

Prior to 2021, his investigation of First American Financial's prior data breach led to an SEC investigation that concluding that "ensuing company disclosures preceded executives’ knowledge of unaddressed, months-old IT security reports."[24]

In May 2025, Krebs published an investigation connecting Texas-based eWorldTrade LLC-which had been charged by the U.S. Department of Justice the previous month with conspiracy to distribute synthetic opioids-to a sprawling network of Pakistan-based companies accused of running trademark registration scams, ghostwriting fraud, and other extortionate schemes.[25][26] Krebs's reporting linked eWorldTrade to Intersys Limited (formerly known as Abtach), a Karachi-based company operated by Azneem Bilwani that had been banned by the United States Patent and Trademark Office in 2022 for running trademark registration scams; USPTO records showed Bilwani as the owner of the eWorldTrade trademark.[27][28] Following the publication, Intersys filed a defamation lawsuit in Pakistan, naming KrebsOnSecurity.com among the defendants and seeking damages and an injunction restraining further publication pending a ruling in Karachi.[29]

Awards and recognition

[edit]
  • 2004 – Carnegie Mellon CyLab Cybersecurity Journalism Award of Merit[30]
  • 2005 – CNET News.com listed Security Fix as one of the top 100 blogs, saying "Good roundup of significant security issues. The Washington Post's Brian Krebs offers a userful, first-person perspective".[31]
  • 2009 – Winner of Cisco Systems' 1st Annual "Cyber Crime Hero" Award[32]
  • 2010 – Security Bloggers Network, "Best Non-Technical Security Blog"[33]
  • 2010 – SANS Institute Top Cybersecurity Journalist Award[34]
  • 2011 – Security Bloggers Network, "Blog That Best Represents the Industry"[35]
  • 2014 – National Press Foundation, "Chairman's Citation Award"[36]
  • 2017 – ISSA's President's Award For Public Service[37]
  • 2019 – CISO MAG’s Cybersecurity Person of the Year[38]

See also

[edit]

Topics of Krebs's work:

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Brian Krebs

View on Grokipedia
from Grokipedia
Brian Krebs is an American investigative specializing in cybersecurity and , renowned for his independent reporting that exposes profit-driven hacking operations, data breaches, and underground criminal networks. After serving as a reporter at The Washington Post from 1995 to 2009—where he authored over 1,300 posts for the Security Fix blog and covered topics including botnets and privacy threats—he launched the award-winning blog KrebsOnSecurity.com on December 29, 2009, which has since become a primary resource for detailed investigations into online fraud and ecosystems. Krebs, who lacks a formal technical background but developed expertise through self-directed study and collaboration with security professionals, has disrupted numerous cybercriminal activities, such as spam operations and access brokers, often leading to arrests and infrastructure takedowns by law enforcement. His 2014 book Spam Nation chronicles the rise of organized spam and pharmaceutical syndicates, drawing on years of fieldwork into their operations. Krebs's aggressive pursuit of sources in hacker forums and markets has earned him accolades like the M3AAWG Mary Litynski Award and multiple cybersecurity honors, but it has also provoked severe retaliation, including record-scale DDoS attacks exceeding 600 Gbps that temporarily crippled his site and prompted reliance on specialized services.

Early life

Family background and upbringing

Brian Krebs was born in 1972 in . He spent his formative years in , in the Washington, D.C. suburbs, where his family resided. As a child, Krebs entered the world of newspapers early, initially assisting his elder siblings with their Washington Post paper route before inheriting and expanding it to deliver to dozens of homes in the neighborhood as a young teen. By age nine, he managed a large route serving more than 200 households, an experience that instilled discipline and provided his first sustained contact with journalistic operations. This hands-on involvement with circulation marked the beginning of Krebs' affinity for the publication and reporting, predating his formal career there by over a decade. During high school, he channeled this interest into extracurricular activities, contributing to the school and gaining practical editing and writing skills, though he declined an opportunity to serve as editor to focus on other pursuits. Limited public details exist regarding his parents or dynamics, reflecting Krebs' preference for amid his high-profile investigations into cyber threats. His upbringing in a suburban environment near federal institutions may have indirectly influenced his later focus on policy and security matters, though he has not explicitly linked the two.

Education

Krebs earned a degree in International Studies from in , graduating in 1994. During his time at the university, he took a few courses but reported little interest in at that stage of his education. His academic focus on international studies aligned with early career interests in and global affairs rather than or cybersecurity, fields in which he later specialized. No records indicate advanced degrees or further formal education in cybersecurity or related disciplines.

Career beginnings

Pre-Washington Post journalism

Prior to his tenure at The Washington Post, Brian Krebs had limited involvement in , primarily through extracurricular activities during high school, where he contributed to the school newspaper but ultimately did not pursue the editor role due to competing interests. He earned a liberal arts degree from in 1994. No records indicate professional experience or publications prior to joining The Washington Post in late 1995, where he initially worked in non-editorial roles such as the circulation department, handling customer service and phone inquiries. This entry-level position, secured through a personal recommendation, marked the start of his media career, transitioning later to newsroom support tasks like mail delivery and dictation before advancing to reporting.

Washington Post tenure (1995–2009)

Krebs joined in 1995, initially in the Circulation Department as a , before advancing to copy aide roles involving administrative tasks such as delivering mail, taking dictation, and typing at speeds exceeding 100 from 1995 to 1996. He then served as an editorial aide from 1996 to 1999, working on the Editorial page by handling letters to the editor and assisting with layout. In 1999, following 's acquisition of the tech newswire Newsbytes, Krebs transitioned to a full-time writing position there, marking his entry into . By 2002, he had moved to washingtonpost.com, where he covered , issues, and emerging threats. Krebs's focus sharpened on cybersecurity after a personal network compromise in 2001, evolving into dedicated coverage by 2004 amid events like the Blaster Worm outbreak, which highlighted widespread vulnerabilities in Windows systems. In 2005, he launched the Security Fix blog on the Washington Post site, authoring over 1,300 posts that dissected topics such as , spam operations, and profit-driven . During this period, he contributed hundreds of stories to washingtonpost.com and the print newspaper, including eight front-page articles and a Post Magazine cover feature on operators who commandeered infected computers for illicit activities. Notable investigations included a 2008 series on the McColo hosting service, a key hub for spam and distribution; Krebs reported its coordinated shutdown on November 11, 2008, which led to a two-thirds drop in global spam volumes within days. In 2009, he exposed cyber gangs targeting small businesses through , detailing FBI estimates of $40 million stolen from U.S. firms, a $1.3 million attempted heist against a Washington, D.C.-area company, and a Louisiana business's lawsuit against over $97,000 in losses. His tenure ended in 2009 when his position was eliminated amid organizational changes at the newspaper.

Independent journalism and KrebsOnSecurity

Launch and early years (2009–2012)

In 2009, following the merger of 's online and print newsrooms that led to layoffs including his position, Brian Krebs launched KrebsOnSecurity.com as an independent platform dedicated to in-depth reporting on cybersecurity and . The site's inaugural post on 29, 2009, served as a retrospective compilation of Krebs' prior investigative work from 2005–2009 at , emphasizing series on organized groups that defrauded small- to mid-sized businesses of millions through techniques like account takeovers and deployment. From 2010 onward, KrebsOnSecurity shifted toward real-time investigations unconstrained by traditional media timelines, focusing on profit-driven cybercriminals, spam operations, and data breaches. Krebs leveraged his self-taught expertise in tracing underground forums and campaigns—honed since a personal infection incident—to expose vulnerabilities, such as overlooked indicators of employee insider threats in 2009 breaches reported in mid-2010 analyses. The blog's emphasis on verifiable details from hacker confessions, seized server data, and corroboration distinguished it from broader news outlets, building a readership among security professionals and victims seeking actionable insights. By 2011–2012, early milestones included Krebs' reporting on compromises, such as the March 2012 alert from Visa and about a U.S.-based breach later confirmed at , where hackers accessed cardholder data via exploits starting in early March. These pieces highlighted recurring patterns in economics, including the sale of stolen credentials on black markets, and prompted corporate disclosures that might have otherwise remained internal. Krebs funded the operation independently through consulting and book projects, maintaining editorial freedom amid growing threats from exposed actors who began targeting his site with denial-of-service attacks by late 2012.

Major developments (2013–present)

In December 2013, KrebsOnSecurity reported that was investigating a significant , revealing that cybercriminals had stolen and data from up to 40 million customers' point-of-sale systems between November 27 and December 15, 2013. This disclosure, based on sources within the company's security team, exposed the use of custom like BlackPOS and ignited global scrutiny of retail payment security vulnerabilities. The story prompted Target to confirm the intrusion publicly and led to congressional hearings, executive resignations, and accelerated adoption of chip technology in the U.S. That same year, on March 14, 2013, Krebs became a target of when a DDoS attack coincided with a call prompting armed police to raid his home, mistaking the fabricated threat for reality. Krebs traced the incident to a suspect using the "[email protected]," highlighting early retaliation from cybercriminals against his reporting. A pivotal escalation came in September 2016, after KrebsOnSecurity detailed the operations of vDOS, an Israeli-based DDoS-for-hire service that had earned approximately $600,000 from over 8,000 customers in two years by renting attack capacity. In response, the site faced what was then the largest recorded DDoS attack, peaking at 665 gigabits per second on September 20, leveraging the Mirai IoT to overwhelm servers. The assault disrupted the blog for nearly four days, forcing Krebs to seek mitigation from after his prior provider withdrew service. This event underscored the risks of targeting profit-driven cybercrime infrastructures and contributed to subsequent arrests of vDOS operators. From 2017 onward, KrebsOnSecurity sustained its focus on high-impact cybercrime exposures amid ongoing threats, including detailed analyses of breached databases' lifecycle and broker networks selling access to ransomware affiliates. In December 2023, marking the tenth anniversary of the Target breach, the blog identified the real-life persona behind the Rescator carding marketplace, a key outlet for stolen data from that incident and others totaling over 100 million records. More recently, in August 2024, it covered the National Public Data breach, which exposed sensitive records on hundreds of millions of Americans, including Social Security numbers and addresses, via a vulnerability in the background-check firm's systems. These investigations have maintained the site's influence, despite persistent DDoS attempts and the inherent dangers of sourcing from underground forums.

Notable investigations

Data breaches and corporate exposures

Krebs broke the story of the 2013 Target Corporation on December 18, 2013, citing sources who indicated the retailer was probing the theft of millions of customer and records from its point-of-sale systems. The intrusion, active from November 27 to December 15, 2013, exposed magnetic stripe data from 40 million cards, enabling production, alongside personal details from up to 70 million additional customers. Krebs subsequently revealed that attackers phished login credentials from Target's HVAC vendor, Fazio Mechanical Services, using malware-laden emails, granting remote access to the retailer's network via unsegmented vendor portals. In September 2014, Krebs reported banks attributing a surge in fraudulent transactions to stolen cards originating from Home Depot stores, based on black market sales patterns detected on underground forums. The breach, which began in April 2014, involved custom infecting 7,000 of Home Depot's 100,000 point-of-sale terminals, ultimately compromising 56 million payment cards and 53 million customer email addresses. Home Depot confirmed the exposure after Krebs' initial alert, noting attackers exfiltrated data undetected for five months due to inadequate and segmentation. Krebs' investigations often preceded corporate disclosures by monitoring cybercrime marketplaces for batches of stolen credentials and card dumps, as seen in his exposure of vulnerabilities at Stores and in early 2014, where he linked forum postings to unreported retail compromises. In 2019, he detailed a flaw at that publicly exposed 885 million and files without , stemming from improper sequential ID handling in their online document portal. These reports highlighted systemic issues like third-party access risks and weak , prompting regulatory scrutiny and industry-wide reevaluations of payment security.

Cybercrime networks and spam operations

Krebs' investigations into spam operations highlighted the role of in disseminating pharmaceutical and goods promotions, which accounted for a substantial share of global in the early 2010s. In March 2011, he detailed the abrupt shutdown of the Rustock , a network of approximately 500,000 to 800,000 compromised Windows machines that generated up to 30 billion spam messages daily, primarily advertising fake drugs and male enhancement products. The disruption, achieved through Microsoft's seizure of 26 command-and-control servers, caused worldwide spam volumes to drop by over 50 percent within days, underscoring Rustock's dominance in the spam ecosystem. Further analysis by Krebs revealed that Rustock's resilience stemmed from its design, which embedded deeply within infected systems to evade detection, and its reliance on U.S.-based firms for domain registrations and infrastructure. Expanding beyond individual botnets, Krebs exposed the interconnected infrastructure enabling persistent spam campaigns, including "bulletproof" hosting services in and that shielded operators from . His 2014 book Spam Nation chronicled how firms like ChronoPay provided processing for spam affiliates, fueling operations that generated millions in illicit revenue from fake online pharmacies, while internal rivalries—such as feuds between Russian processors—occasionally prompted self-disclosures leading to arrests. To conduct these probes, Krebs learned Russian to infiltrate cybercrime forums and trace financial flows, revealing how lax regulations in jurisdictions like allowed spam networks to thrive by laundering profits through and similar systems. Krebs also uncovered hybrid cybercrime syndicates blending spam with financial fraud, such as the Eastern European "Business Club" network, which from 2008 onward defrauded businesses of over $100 million via check counterfeiting, ATM skimming, and malware distribution advertised through spam channels. His reporting on groups like Pakistan's "The Manipulaters," active since at least , detailed their evolution from basic kits sold via spam to sophisticated web hosting scams targeting sites. These exposures often prompted operational shifts among criminals, as seen when spam gangs adopted techniques from state-sponsored actors, such as repurposing leaked Hacking Team for resilient command-and-control in spam botnets. Overall, Krebs' work demonstrated how spam served as an entry point for broader networks, with economic incentives driving their scale and adaptability.

Cyberattacks and personal threats

DDoS attacks and retaliation

In September 2016, shortly after Krebs published an investigation into vDOS, an Israeli-operated DDoS-for-hire service that generated over $600,000 in revenue from 2012 to 2014 by providing "booter" attacks to clients, his website KrebsOnSecurity.com endured a massive distributed denial-of-service (DDoS) assault peaking at 620 gigabits per second (Gbps). The attack, which Krebs attributed to retaliation by vDOS operators or affiliates, leveraged the Mirai malware to commandeer hundreds of thousands of vulnerable Internet of Things (IoT) devices, such as CCTV cameras and routers, marking it as one of the largest DDoS incidents recorded at the time. Unable to sustain the traffic surge despite mitigation efforts by his provider Akamai, Krebs voluntarily took the site offline for nearly four days to prevent collateral damage to upstream networks. Subsequent analysis of attack packets revealed taunting messages directed at Krebs, reinforcing the retaliatory motive tied to his vDOS reporting, which included sourcing internal data exposing the service's administrators—two Israeli teenagers later charged by U.S. authorities for operating it and related schemes. In response, Krebs transitioned to Google's Project Shield, a free DDoS protection service for sites facing cybercensorship threats, which absorbed the ongoing assault and restored access without further downtime. This incident highlighted vulnerabilities in unsecured IoT ecosystems and prompted Krebs to advocate for stronger device security standards, while his continued exposés contributed to enforcement actions against DDoS-for-hire perpetrators. KrebsOnSecurity has faced recurrent DDoS campaigns, often linked to his disruptions of cybercrime operations, including spam networks and carding forums. A more recent escalation occurred on May 12, 2025, when the site absorbed a 6.3 terabits per second (Tbps) attack—over ten times the scale of the 2016 event—orchestrated via the Aisuru botnet, which exploits misconfigured cloud servers and IoT devices for amplified volumetric floods. Project Shield successfully mitigated the barrage, keeping the site operational, though Krebs noted the attack's intensity tested even enterprise-grade defenses. While the precise motive remains unconfirmed, the timing aligns with Krebs' ongoing scrutiny of botnet operators and stresser services, echoing patterns of reprisal from prior incidents. Krebs' countermeasures emphasize defensive resilience and investigative persistence over offensive actions, including collaborations with ISPs, researchers, and agencies like the FBI to trace and dismantle attacker infrastructures, as seen in the vDOS fallout where his reporting facilitated arrests and asset forfeitures. He has publicly critiqued the commoditization of DDoS tools, arguing that such attacks serve as tools for silencing independent on cyber threats, and urged strategies like traffic scrubbing and IoT updates. In 2013, Krebs faced multiple physical threats in retaliation for his investigations into operations. On one occasion, adversaries orchestrated a incident by making false emergency calls to police, prompting a heavily armed response to his home that left him at gunpoint. Separately that , a Russian cybercriminal mailed over one gram of pure to his residence as part of a scheme to frame him for drug possession, followed by an anonymous tip to authorities; the plot was thwarted when Krebs alerted upon receiving the package. The perpetrator, Ukrainian national Sergey Vovnenko, was extradited, pleaded guilty to conspiracy to commit wire fraud and aggravated , and received a 41-month sentence in 2017. These incidents stemmed directly from Krebs's exposure of illicit forums and actors, highlighting the escalation from digital to real-world harm by those disrupted by his reporting. Ongoing threats have necessitated enhanced personal security protocols. Following early exposures of spam and networks, Krebs adopted measures including relocation to an undisclosed location to mitigate doxxing and risks. He has publicly discussed the psychological toll and the need for vigilance against actors willing to transition from online harassment to physical endangerment, as evidenced by patterns in retaliation. Legally, Krebs has encountered claims from entities implicated in his breach reporting. In March 2022, Networks filed a against him in federal court, alleging his articles on a 2015 data compromise falsely portrayed the incident as a hack rather than employee , seeking for reputational . The suit contended Krebs's coverage was motivated by ad revenue and lacked evidence, though it underscored tensions between journalistic scrutiny and corporate narratives on security failures. In June 2024, operators of Radaris, a firm, threatened litigation unless Krebs retracted a story revealing their CEO as a fabricated identity linked to prior fraud allegations. Earlier, in 2015, a former executive issued a over Krebs's reporting on internal hacking ties. These actions reflect attempts by exposed parties to challenge or suppress through civil proceedings, often prioritizing damage control over substantive rebuttal.

Publications and contributions

Books and writings

Krebs authored Spam Nation: The Inside Story of Organized —from Global Epidemic to Your Front Door, published by Sourcebooks in September 2014, which details the operations of major spam networks, pharmaceutical counterfeiters, and distributors targeting consumers worldwide. The book draws on Krebs's investigative reporting to expose figures such as the Russian cybercriminal networks behind operations like the Rustock and the pharmaceutical spam rings of Evaldas Rimasauskas and others, emphasizing their economic incentives and evasion tactics. Prior to his independent work, Krebs contributed over 1,300 articles to The Washington Post's Security Fix blog between 2006 and 2009, focusing on vulnerabilities in financial systems, , and emerging threats like and data broker exposures. His freelance writings have appeared in outlets including Wired and , often expanding on case studies from his reporting. Since launching KrebsOnSecurity in 2009, he has produced thousands of in-depth posts analyzing breaches, scams, and hacker forums, though these form the core of his ongoing journalism rather than standalone publications.

Media appearances and collaborations

Krebs has featured in several documentary series examining . In the 2022 Netflix series Web of Make Believe: Death, Lies & the Internet, he contributed insights into online threats, including cases involving and digital deception. He also appeared as a cybersecurity investigator in the 2024 miniseries The Ashley Madison Affair, analyzing the 2015 breach of the that exposed millions of user . On broadcast media, Krebs has provided expert commentary on major networks. He appeared on CBS Mornings to discuss data breaches and online security vulnerabilities. In 2014, he was interviewed on NPR's All Tech Considered about the personal hazards of infiltrating dark web hacker forums to expose credit card theft operations. Krebs has guested on numerous podcasts focused on cybersecurity. In a 2014 episode of the Steptoe Cyberlaw Podcast, he detailed gaining access to Russian cyberfraud sites to break stories on organized crime rings. He also joined the Risky Business podcast to analyze security news, including targeted attacks on refugees and malware developments. In terms of collaborations, Krebs has partnered with cybersecurity firms for joint media discussions. He co-presented a webinar with CSO Sam Curry on emerging trends, such as evolution and attribution challenges. Prior to launching his independent blog in 2009, he collaborated with as a reporter, authoring over 1,300 posts for its Security Fix blog on topics including phishing scams and .

Awards and recognition

Key honors received

In 2004, Krebs received the Carnegie Mellon CyLab Cybersecurity of Merit for his reporting on cybersecurity issues while at . The recognized him as one of its Top Cyber Security Journalists in 2010, honoring his investigative work on cyber threats. In 2013, KrebsOnSecurity won the "Blog That Best Represents the Industry" award at the RSA Conference Security Blogger Meetup, acknowledging its influence in the field. Krebs was awarded the M3AAWG Mary Litynski Award in 2014 for lifetime achievements in protecting the online community through anti-abuse investigations. That same year, the Association of Certified Fraud Examiners presented him with the Guardian Award at its Global Fraud Conference for contributions to combating cyber fraud. In 2015, the National Press Foundation granted Krebs its Chairman's Citation, recognizing individuals whose work advances public understanding of critical issues, following his reporting on major data breaches. His book Spam Nation earned the 2015 PROSE Award in the category of popular science and popular mathematics, presented by the Association of American Publishers for excellence in professional and scholarly publishing. The Information Systems Security Association (ISSA) awarded Krebs its President's Award for Public Service in 2017, citing KrebsOnSecurity's role in exposing cyber risks and promoting security awareness. CISO Magazine named him Cybersecurity Person of the Year in 2019 for ongoing investigations into cybercrime networks.

Industry acknowledgments

Krebs has garnered significant respect within the cybersecurity industry for his detailed exposés on operations, with professionals frequently citing his reporting as instrumental in disrupting illicit networks. For instance, his work has been credited with prompting immediate industry responses, such as enhanced detection measures following breach disclosures, earning him a as a pivotal figure in elevating awareness of profit-driven threats. Industry leaders and publications have highlighted Krebs' influence through inclusions in curated lists of key experts. He is featured among the top cybersecurity influencers by outlets like Sprinto, which notes his coverage of cybercriminals as essential reading for professionals tracking evolving threats. Similarly, StationX ranks him among 15 top experts, emphasizing his post-hack pivot to in-depth that informs defensive strategies. Cobalt.io includes him in 15 cybersecurity influencers, praising his independent investigations into breaches and as benchmarks for the field. Practical endorsements underscore this acknowledgment, including DDoS mitigation support from after his site endured record attacks in 2016, a gesture reflecting industry solidarity with his adversarial role against hackers. Cybersecurity firms and analysts have lauded his methodological rigor, with BusinessWeek describing how his revelations provoke both IT sector admiration and criminal backlash, influencing policy and operational shifts. Peers in threat intelligence and often reference Krebs' analyses as foundational, as seen in Cybertec Security's designation of his as a "staple" for understanding underground economies, which has shaped hiring and training priorities in security operations. His impact extends to speaker circuits, where he is positioned as a leading authority by agencies like AAE Speakers Bureau, affirming his role in educating industry audiences on real-world vulnerabilities.

Criticisms and controversies

Methodological critiques

Critics have argued that Krebs' investigative approach, which frequently draws on tips and from cybercriminals operating in underground forums, risks incorporating biased or fabricated information intended to harm rivals rather than reveal truths. Such sources, motivated by competitive advantages within criminal ecosystems, may provide selective leaks that mislead reporters, potentially compromising the reliability of published findings. This methodological concern posits that without robust independent corroboration—such as forensic analysis or multi-source cross-verification—reports could amplify propagated by actors with vested interests. A prominent example arose in Krebs' January 2021 coverage of a purported breach at Networks, where he reported that hackers had stolen and customer data, alleging a cover-up based on screenshots, logs, and communications from an anonymous hacker contacting him via an online forum. contested these claims in a March 2022 , asserting that the "hacker" was a fired insider, John Senko, who fabricated evidence as part of an scheme demanding $2 million and had impersonated external threat actors to manipulate Krebs into publicizing false narratives. The argued that Krebs neglected adequate verification, including timely outreach for , and published unconfirmed details that damaged its , highlighting a potential flaw in prioritizing speed and source-provided artifacts over exhaustive pre-publication scrutiny. The suit was later dismissed following settlement, with Krebs retracting the articles and removing them from his site, acknowledging the insider's role in the . This incident has been cited as evidence that Krebs' methodology, while yielding breakthroughs in exposing hidden operations, can falter when sources exploit journalistic channels for personal gain, underscoring the challenges of validating illicitly obtained data in opaque digital underworlds.

Responses from adversaries

In September , following Krebs' reporting on the vDOS DDoS-for-hire service, which led to the arrests of its two Israeli administrators, the site krebsonsecurity.com endured a sustained distributed denial-of-service (DDoS) attack peaking at 620 gigabits per second—one of the largest recorded at the time—rendering it inaccessible for nearly a week. The assault, powered by the Mirai exploiting insecure devices, was widely attributed to retaliation by associates of the exposed operators, though no direct claim of responsibility emerged from the perpetrators. Earlier, in July 2013, adversaries attempted to discredit Krebs by forging evidence to frame him as a smuggler, involving planted shipping records and communications intercepted en route to U.S. authorities; the plot was thwarted when Krebs alerted officials, highlighting tactics used by Eastern European cybercriminals to neutralize investigative threats. More recently, in late 2024, members of the hacking group—linked to breaches at companies like —publicly referenced Krebs in online forums, issuing threats of physical violence alongside boasts about their operations, as part of broader against researchers exposing their activities. Such responses underscore a pattern where exposed cybercriminals resort to technical sabotage, , and direct menaces rather than substantive rebuttals to Krebs' findings.

Impact and legacy

Influence on cybersecurity practices

Brian Krebs' exposés on major data breaches, such as his early reporting on the 2013 Target incident that affected 110 million customers, accelerated industry-wide improvements in breach detection and disclosure protocols, prompting retailers to implement enhanced point-of-sale and segmentation to prevent lateral movement by attackers. His detailed investigations into card-not-present fraud and underground markets influenced financial institutions to strengthen transaction monitoring and adopt machine learning-based systems, reducing fraud losses reported by the from $5.7 billion in 2016 to more stable levels post-2018 through better practices. The 2016 distributed denial-of-service (DDoS) attack on KrebsOnSecurity.com, peaking at 620 gigabits per second via the exploiting insecure (IoT) devices, highlighted systemic flaws in device manufacturing and updates, leading vendors like those in the IoT space to integrate default credential changes and remote kill switches as standard practices, as evidenced by subsequent FCC guidelines on IoT security. This incident also spurred service providers to offer advanced as a norm, with Krebs crediting it for broader adoption of networks and traffic scrubbing in enterprise defenses. Krebs' analyses of economics, including the value of compromised corporate assets like access sold for $10–$100 per credential on forums, have driven organizations to prioritize privileged access management and zero-trust architectures, with surveys from cybersecurity firms noting increased implementation rates following his 2016 reporting on such markets. His emphasis on human-centric risks—such as susceptibility and weak hygiene—in over 1,300 Washington Post Security Fix posts and subsequent blog entries has informed training programs, evidenced by data showing interpersonal and communication skills as top priorities for 70% of hiring managers in cybersecurity roles by 2020. Through collaborations with law enforcement, Krebs' takedowns of operations like the 2014 contributed to multinational disruptions, fostering public-private information sharing models that underpin frameworks such as the U.S. Cybersecurity and Infrastructure Security Agency's Joint Cyber Defense Collaborative, launched in to systematize threat intelligence exchange. His advocacy for proactive monitoring over reactive fixes has influenced best practices guidelines, including those from the Financial Services Information Sharing and Analysis Center, which cite real-world breach case studies akin to his reports for recommending continuous logging and endpoint detection.

Broader societal effects

Krebs' investigative reporting has elevated public awareness of large-scale breaches, compelling retailers and financial institutions to enhance consumer protections. His December 18, 2013, revelation of the breach, which exposed 40 million credit and debit card accounts along with personal from 70 million customers, preceded the company's official acknowledgment and triggered widespread media coverage, congressional hearings, and accelerated adoption of chip technology in the United States to mitigate point-of-sale vulnerabilities. This event underscored the real-world consequences of inadequate cybersecurity, fostering greater consumer vigilance regarding payment security and pressuring lawmakers to strengthen breach notification requirements under frameworks like the Federal Trade Commission's guidelines. By dismantling cybercrime infrastructures through detailed exposés, Krebs has facilitated law enforcement operations that curtailed schemes impacting millions. His coverage of underground forums like in 2004 provided critical intelligence leading to FBI arrests of over 100 members involved in and , disrupting a key hub for stolen financial data distribution. Similarly, reporting on DDoS-for-hire services prompted actions such as Operation Tarpit in , resulting in nearly three dozen arrests across the U.S. and for users of these "booter" services, which had enabled widespread online disruptions affecting businesses and individuals. These interventions have reduced the operational capacity of syndicates, indirectly lowering rates and associated economic losses estimated in the hundreds of billions annually for the U.S. economy. Krebs' documentation of spam and ecosystems, as detailed in his 2014 book Spam Nation, has informed anti-abuse strategies adopted by providers and regulators, contributing to a decline in global spam volumes from peak levels exceeding 85% of traffic in the early . This has alleviated burdens on internet infrastructure and everyday users, while highlighting intersections between and social harms, such as online extortion targeting vulnerable youth, prompting platforms to bolster moderation against "harm groups" that coerce self-injury. Overall, his emphasis on tracing criminal proceeds has advanced understandings of 's funding mechanisms, influencing public discourse on digital hygiene and supporting efforts to deter participation through heightened accountability.

References

  1. https://krebsonsecurity.com/about/
  2. https://krebsonsecurity.com/2024/12/happy-15th-anniversary-krebsonsecurity/
  3. https://www.sourcebooks.com/9781492603238-spam-nation-tp.html
  4. https://www.m3aawg.org/news/investigative-journalist-brian-krebs-receives-m3aawg-mary-litynski-award-for-protecting-online
  5. https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/
  6. https://www.cyberbpo.com/biography-study-brian-krebs/
  7. https://threatpicture.com/people/brian-krebs/
  8. https://krebsonsecurity.com/2023/12/happy-14th-birthday-krebsonsecurity/
  9. https://www.secureworld.io/industry-news/interview-security-journalist-brian-krebs
  10. https://www.audible.com/author/Brian-Krebs/B00MSE86TI
  11. https://www.gfoa.org/sunday-keynote-brian-krebs1
  12. https://www.csoonline.com/article/548588/security-interview-with-a-fearless-cyber-crime-journalist.html
  13. https://www.rsaconference.com/experts/brian-krebs
  14. https://krebsonsecurity.com/2009/12/story-driven-resume-my-best-work-2005-2009-3/
  15. https://www.poynter.org/reporting-editing/2014/tech-reporter-brian-krebs-hacks-it-on-his-own-one-scoop-at-a-time/
  16. https://www.bloomberg.com/news/articles/2014-01-16/brian-krebs-the-cybersecurity-blogger-hackers-love-to-hate
  17. https://krebsonsecurity.com/2010/07/hacked-companies-hit-by-the-obvious-in-2009/
  18. https://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/
  19. https://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
  20. https://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/
  21. https://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
  22. https://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/
  23. https://www.theverge.com/2013/3/15/4109568/cyber-blogger-brian-krebs-ddos-attack-police-raid
  24. https://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/
  25. https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
  26. https://www.bbc.com/news/technology-37439513
  27. https://cloud.google.com/blog/products/identity-security/project-shield-blocked-a-massive-recent-ddos-attack-heres-how
  28. https://engineering.nyu.edu/news/israeli-online-attack-service-vdos-earned-600000-two-years
  29. https://krebsonsecurity.com/2021/07/the-life-cycle-of-a-breached-database/
  30. https://krebsonsecurity.com/2023/12/ten-years-later-new-clues-in-the-target-breach/
  31. https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data/
  32. https://krebsonsecurity.com/
  33. https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
  34. https://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/
  35. https://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/
  36. https://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/
  37. https://krebsonsecurity.com/2011/03/rustock-botnet-flatlined-spam-volumes-plummet/
  38. https://www.nbcnews.com/id/wbna42135231
  39. https://krebsonsecurity.com/2011/03/homegrown-rustock-botnet-fed-by-u-s-firms/
  40. https://www.amazon.com/Spam-Nation-Organized-Cybercrime-Epidemic/dp/1492603236
  41. https://www.npr.org/sections/alltechconsidered/2014/11/18/364730954/how-a-feud-between-two-russian-companies-fueled-a-spam-nation
  42. https://www.usatoday.com/story/tech/2014/12/02/brian-krebs-computer-security-spam-nation/19805743/
  43. https://krebsonsecurity.com/2015/08/inside-the-100m-business-club-crime-gang/
  44. https://krebsonsecurity.com/2024/04/the-manipulaters-improve-phishing-still-fail-at-opsec/
  45. https://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/
  46. https://fortune.com/2016/09/27/google-krebs-project-shield-hack/
  47. https://www.pcmag.com/news/back-online-krebs-laments-use-of-ddos-attacks-to-censor-speech
  48. https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
  49. https://krebsonsecurity.com/tag/ddos/
  50. https://hackread.com/krebsonsecurity-6-3-tbps-ddos-attack-aisuru-botnet/
  51. https://www.kansas.com/news/local/article192152254.html
  52. https://news.sophos.com/en-us/2017/02/21/thugs-who-sent-brian-krebs-heroin-and-a-swat-team-sentenced/
  53. https://krebsonsecurity.com/2019/09/interview-with-the-guy-who-tried-to-frame-me-for-heroin-possession/
  54. https://www.bbc.com/news/technology-28034532
  55. https://www.infosecurity-magazine.com/news/hacker-that-tried-to-frame-krebs/
  56. https://www.theguardian.com/technology/blog/2013/jul/31/cybercrime-bitcoin-heroin-brian-krebs
  57. https://www.wsj.com/tech/cybersecurity/hacking-brian-krebs-snowflake-waifu-49b87fce
  58. https://www.npr.org/transcripts/329838961
  59. https://arstechnica.com/tech-policy/2022/03/ubiquiti-sues-journalist-alleging-defamation-in-coverage-of-data-breach/
  60. https://www.theregister.com/2022/03/30/ubiquiti_brian_krebs/
  61. https://krebsonsecurity.com/2024/06/krebsonsecurity-threatened-with-defamation-lawsuit-over-fake-radaris-ceo/
  62. https://www.techdirt.com/2015/09/09/security-researcher-brian-krebs-receives-legal-threat-former-ashley-madison-exec-over-hacking-allegations/
  63. https://www.amazon.com/Spam-Nation-Organized-Cybercrime-Epidemic/dp/1402295618
  64. https://krebsonsecurity.com/2022/06/krebsonsecurity-in-new-netflix-series-on-cybercrime/
  65. https://www.imdb.com/name/nm6920900/
  66. https://www.npr.org/sections/alltechconsidered/2014/07/08/329838961/the-hazards-of-probing-the-internets-dark-side
  67. https://www.lawfaremedia.org/article/steptoe-cyberlaw-podcast-episode-18-interview-brian-krebs
  68. https://risky.biz/risky-business/23/
  69. https://www.cybereason.com/blog/webinar-krebs-curry-and-cyber-security
  70. https://www.cmu.edu/cmtoday/issues/dec-2004-issue/feature-stories/carnegie-mellon-presents-cybersecurity-journalism-awards/index.html
  71. https://krebsonsecurity.com/2010/03/krebsonsecurity-author-twice-honored/
  72. https://krebsonsecurity.com/2013/03/krebsonsecurity-wins-awards/
  73. https://www.propertycasualty360.com/2014/11/03/reporter-brian-krebs-to-be-honored-with-acfe-award/
  74. https://krebsonsecurity.com/2015/01/krebsonsecurity-wins-ntl-journalism-award/
  75. https://krebsonsecurity.com/2015/02/spam-nation-wins-prose-award/
  76. https://krebsonsecurity.com/2019/12/ciso-magazine-honors-krebsonsecurity/
  77. https://www.fraudconferencenews.com/home/2014/10/30/how-brian-krebs-became-the-worlds-leading-cybercrime-investigative-journalist
  78. https://sprinto.com/blog/influential-cisos-and-cybersecurity-leaders-to-follow/
  79. https://www.stationx.net/top-cyber-security-experts/
  80. https://www.cobalt.io/blog/15-cybersecurity-influencers
  81. https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/
  82. https://www.businessweek.com/articles/2014-01-16/brian-krebs-the-cybersecurity-blogger-hackers-love-to-hate
  83. https://info.cybertecsecurity.com/the-31-cyber-security-influencers-you-need-to-be-following-in-2020
  84. https://www.aaespeakers.com/keynote-speakers/brian-krebs
  85. https://news.ycombinator.com/item?id=32664669
  86. https://www.law360.com/articles/1479558/ubiquiti-hits-journalist-brian-krebs-with-defamation-claims
  87. https://www.breaches.cloud/incidents/ubiquiti/
  88. https://www.infosecurity-magazine.com/news/krebs-website-hit-by-620-gbps-ddos/
  89. https://www.theverge.com/2013/7/30/4571096/brian-krebs-foiled-heroin-framing-plot
  90. https://www.nytimes.com/2014/02/17/technology/reporting-from-the-webs-underbelly.html
  91. https://www.latimes.com/business/hiltzik/la-fi-hiltzik-iot-cybersecurity-20160928-snap-story.html
  92. https://krebsonsecurity.com/2016/07/the-value-of-a-hacked-company/
  93. https://www.reddit.com/r/cybersecurity/comments/hxgmm8/brian_krebs_career_advice_for_joining/
  94. https://cyberquizpro.com/learn-center/brian-krebs-vs-cyber-crime-the-mind-of-the-internets-top-investigator
  95. https://www.congress.gov/event/113th-congress/senate-event/LC28084/text
  96. https://krebsonsecurity.com/2016/12/operation-tarpit-targets-customers-of-online-attack-for-hire-services/
  97. https://trumpwhitehouse.archives.gov/wp-content/uploads/2018/02/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf
  98. https://krebsonsecurity.com/2024/09/the-dark-nexus-between-harm-groups-and-the-com/
Add your contribution
Related Hubs
User Avatar
No comments yet.