Journalist Brian Krebs has been writing about computer security for years, much to the chagrin of the online fraudsters and identity thieves he reports upon. He often finds himself on the receiving end of online attacks from these criminals, but last month, they hatched a much more elaborate plan. Brooke speaks to Krebs about being harassed by Russian cyber criminals.
Shigeto - Ringleader
BROOKE GLADSTONE:Today, Russia is notorious for sophisticated online identity fraudsters and credit card thieves. Last week, five men in Russia and Ukraine were charged with the hack of a dozen large corporations, allegedly stealing 160 million credit card numbers. Virginia-based journalist Brian Krebs writes about how to protect your computer from these kinds of criminals, on his website, Krebs on Security. And criminals really hate that. In the past six months, Krebs has suffered denial of service attacks on his website, had his cable bill paid for the next three years with stolen credit cards and even fallen victim to a swatting. That’s when police are tricked into checking your house for a nonexistent shooting or a bomb. But all of that was nothing compared to the bizarre prank staged by some Russian cyber criminals this month, led by the administrator of an underground online forum of identity thieves.
BRIAN KREBS:He used the nickname “Fly” and “Flycracker.” And I’m not really sure what this guy’s problem is. He’s kind of had it in for me for a while. His Twitter account avatar has always been some spoof of my picture, you know, whether it's like my severed head being held up or, you know, I mean, he changes it every once in a while.
But this guy’s had – he’s had it in for me for a little while.
BROOKE GLADSTONE:So here he is, sitting, presumably in Russia, or at least writing in Russian, and he says what?
BRIAN KREBS:I’m putting together a fun. We’re all gonna pool our money and buy Krebs some heroin because he’s a smack addict and he’s suffering from withdrawal.
So, you know, we’re – we’re gonna fix him up so everything’s okay.
BROOKE GLADSTONE:And he got a bunch of people willing to contribute to this fund to buy you heroin?
BRIAN KREBS:Correct, yeah. He raised about 200 dollars, and then he went on the Silk Road, probably the blackest of the black markets on the Internet. You cannot access it just by typing in the URL for the Silk Road in your browser. But once you’re there ,and you have an account, you can buy whatever you want. Most people are going there for drugs.
BROOKE GLADSTONE:Mm-hmm. And it’s been called the “eBay for drugs,” right?
BRIAN KREBS:I think that’s accurate because you basically have a bunch of sellers who are selling everything from crack-cocaine to I don’t even know – they’re probably selling rocket launchers, for all I know.
But they have feedback from their customers. It is very much like eBay. And the administrator of this forum created an account on the Silk Road in my name, and then had it sent to my house.
BRIAN KREBS:Well, the, the goal was to, once it was delivered, call the police by spoofing one of my neighbors’ phone numbers –
BRIAN KREBS:- and complain that I was, you know, having drugs shipped to the house.
BROOKE GLADSTONE:Okay, so you’re watching Fly and his pals. What was your reaction?
BRIAN KREBS:At first, it was kind of hard to believe. Then I decided, well, it’s probably a good idea to just let the local cops know. So, I called the local Fairfax County police and said, can you send somebody out to take a report? It took me about 20 minutes to [LAUGHS] explain what was going on and, fortunately, I had screenshots –
- and other visual aids. But the guy took the report and he said, if, if they follow through on this, just give us a call, and here’s your case number. It was funny ‘cause this guy was shakin’ his head the whole time. The policeman kept saying, you know, I can’t get off the Internet fast enough.
I – by the time I retire, I want Google to know nothing about me. Then a few days ago, Fly updated the thread and said, all right, the heroin’s on its way, I’ve got a tracking number for anybody who wants it.
It, it should be at Krebs’ house on Tuesday morning. [LAUGHS] And it came via US Postal Service. [LAUGHS]
Our nice mail carrier lady who comes every day, she knocked on the door and handed it to me. And it was basically an express mail envelope, and inside was a magazine from the Chicago Tribune, and taped to the back of that magazine were 13 individual packets of heroin.
So, I called the police and I talked to the nonemergency dispatch people. And funny enough, I’m getting to be on the first name basis with these cops, ‘cause I, I called and started to tell her my story, and she goes, oh, Mr. Krebs! [LAUGHS]
BROOKE GLADSTONE:[LAUGHS] Oh, the heroin guy, yes…
BRIAN KREBS:Yes, the heroin guy, how can you forget? So I said, look, I really want to know if this is the real deal. And she said, oh well, it’s not a problem. All the cops in Fairfax County carry field test kits. Anyway, the guy comes out, and he’s like, oh, I have a – yeah, I have a field test kit in my car. Well, it turns out he was all out of heroin tests. So I still don’t know whether it was the real deal.
BROOKE GLADSTONE:You know who this guy Fly is. You don’t want to say, that's fine.
BROOKE GLADSTONE:You say you don't know what he has against you. I just don’t believe that.
You know, I, I think a lot of these guys, to the extent that they have tried to harass me, they do it because they can. It really doesn't take that much effort. There are a lot of things you can do - just with a few mouse clicks to make somebody have a bad day.
BROOKE GLADSTONE:Don’t you worry about these guys, that theymight stop pranking and start, you know, plugging?
BRIAN KREBS:I certainly do take personal security very seriously, and it's something I think about quite a lot. But I don't consider what I do to be any more or less dangerous than say, people who get sent to war zones or covering any other topic that involves organized crime.
BROOKE GLADSTONE:You know, when people describe cyber war, they often describe these massive interruptions of commerce. The kind of thing you’re engaged in feels like a one-man cyber war. Should your average Web denizen be worried about it?
BRIAN KREBS:Are you asking whether sending drugs to people’s houses from the Silk Road and trying to frame them with the police –
- is gonna be the next big thing?
BROOKE GLADSTONE:Well, if you put it that way, it sounds like a stupid question. [LAUGHING]
BRIAN KREBS:[LAUGHS] No, I – I don’t think it will – they’re not gonna do this to your average Internet user, but they might interact with those users in other ways, you know, like steal their identity or their credit card numbers or what have you.
BROOKE GLADSTONE:Brian Krebs, thank you very much.
BRIAN KREBS:Thanks for having me, Brooke.
[MUSIC UP AND UNDER]
BROOKE GLADSTONE:Brian Krebs writes about computer security at KrebsonSecurity.com.
WNYC 93.9 FM and AM 820 are New York's flagship public radio
stations, broadcasting the finest programs from NPR, PRI and American Public Media, as well as a wide range of award-winning local
programming. WNYC is a division of
New York Public Radio.