Krebs on Security

Krebs on Security Krebs on Security is an independent investigative blog focusing on cybersecurity, cybercrime, data breaches, and information security. Founded and authored by Brian Krebs, the site has published original reporting, technical analysis, and interviews that intersect with major incidents, law enforcement operations, and private-sector responses. The blog has become a primary source cited by journalists, security researchers, and institutions addressing online fraud, malware campaigns, and breach disclosure.

Background and History

Brian Krebs, a former reporter at The Washington Post and contributor to Gigaom and The New York Times tech coverage, launched the blog in the late 2000s after covering multiple computer security stories for legacy outlets. Early reporting tied into investigations involving actors exposed by researchers at Mandiant, Symantec, and Kaspersky Lab, while drawing on technical analyses from conferences such as Black Hat USA and DEF CON. The site evolved alongside developments at companies like Microsoft, Cisco Systems, Google, and Yahoo!, chronicling incidents that involved entities including Target Corporation, Home Depot, Sony Pictures Entertainment, and Equifax. Krebs’s reporting has intersected with law enforcement agencies and initiatives including Federal Bureau of Investigation, Europol, Department of Homeland Security, and operations led by units such as FBI Cyber Division and multinational takedowns coordinated with INTERPOL.

Content and Coverage

The blog blends investigative narratives with technical breakdowns of threats such as botnets, phishing, ransomware, and carding forums. Posts often cite research from teams at FireEye, Trend Micro, Palo Alto Networks, CrowdStrike, and academic groups from institutions like Carnegie Mellon University and Massachusetts Institute of Technology. Coverage has included analysis of malware families linked to groups associated with states or criminal enterprises named in reporting by Recorded Future, Proofpoint, and ESET. Krebs has reported on data breaches affecting services like Adobe Systems, LinkedIn, Dropbox (service), and MySpace, while contextualizing implications with standards and frameworks from National Institute of Standards and Technology and practices advocated by organizations such as ISACA and Open Web Application Security Project. The blog frequently links investigative threads to underground marketplaces and forums traced to operators in regions associated with activity reported by Europol and research cited by Council of Europe cybersecurity efforts.

Impact and Influence

Krebs’s reporting has influenced corporate disclosure practices at major technology and retail firms, spurred law enforcement attention to specific criminal infrastructures, and informed policy discussions in forums like European Parliament hearings and United States Congress briefings. Coverage has been cited by mainstream outlets including Wired (magazine), The New York Times, The Wall Street Journal, and Reuters, and by industry analysts at firms such as Gartner and Forrester Research. The blog’s investigations have supported follow-on research by academic teams at Stanford University and University of California, Berkeley, and have been used as source material in technical sessions at RSA Conference and SANS Institute courses. Krebs’s public disclosures have also contributed to private-sector defensive measures adopted by banks and payment processors including Visa, Mastercard, and American Express.

Notable Investigations

Krebs reported on high-profile incidents that drew significant attention and remediation. He covered investigations into large-scale payment card breaches at retailers like Target Corporation and Home Depot, tracing malware families and breach timelines with input from security vendors. The blog documented the evolution and takedown of botnets such as those linked to operations tracked by Spamhaus and analyses by Microsoft Digital Crimes Unit. Krebs exposed operations on cybercrime marketplaces and carding forums that led to enforcement actions coordinated with agencies including FBI and Europol. His reporting on distributed denial-of-service attacks informed responses to incidents affecting providers like Akamai Technologies and Cloudflare, and detailed extortion campaigns leveraging ransomware families tied to actors identified in reporting by Cisco Talos and Sophos. Investigations into data broker exposures and large credential dumps cited compromises impacting services like Dropbox (service), LinkedIn, and major email providers.

Controversies and Legal Issues

The blog’s investigative approach has occasionally provoked legal and operational pushback. Reporting that named alleged perpetrators, intermediaries, or hosting providers sometimes generated disputes with parties cited, and technical disclosures prompted debates similar to cases involving responsible disclosure practices advocated by IETF and debated in venues such as DEF CON panels. High-profile reporting attracted retaliatory distributed denial-of-service attacks mirroring incidents observed in operations against media outlets like The New York Times and companies such as Sony Pictures Entertainment. Coverage has intersected with privacy discussions and regulatory scrutiny in jurisdictions influenced by laws such as the General Data Protection Regulation and U.S. disclosure expectations enforced by Securities and Exchange Commission guidance. Legal threats and cease-and-desist claims have been sent by entities disputing factual assertions, reflecting tensions between investigative journalism and operational security concerns involving service providers and prosecutors in cases handled by entities including United States Department of Justice.

Category:Cybersecurity Category:Investigative journalism