FYI.

This story is over 5 years old.

Tech

How Dark Web Trolls Nearly Got a Cybersecurity Writer Arrested

With the Silk Road, bitcoins, heroin, and SWAT teams, this is the most cyberpunk frame job yet.
Image via Flickr Creative Commons

Brian Krebs, a well known security expert and former writer for The Washington Post, has been the target of cyberhackers, including a cyber prank known as SWATting. More recently, he was the subject of a framing attempt facilitated with the use of bitcoins in a story that feels like something out of a Richard K. Morgan novel.

Krebs wrote for the Post and its Security Fix blog from 1995 to 2009. He focused on the rise of online crime, including articles that led to the crumbling of a California hosting service called McColo Corp. that sent out a large portion of the world's junk e-mail, as well as pieces that tracked those who sell illegally obtained credit reports and initiate DDoS attacks. He has since created a website called Krebs On Security that focuses on similar topics. As a result of his anti-hacker vigilantism, the writer has become a enemy for those who manipulate the web for nefarious activities.

Advertisement

He has shrugged off faux Paypal donations from hacked accounts and fake lines of credit opened in his name, but on July 13th he published a blog post about an attack "that takes the cake as the most elaborate."

The administrator of an "exclusive cybercrime forum" tried to frame Krebs by purchasing heroin, mailing it to his home, and then calling the police from a neighbor's number. Luckily, Krebs actively engages with the forum and saw the frame trap build in real time, allowing him to tip the police before the smack arrived at his door.

The administrator, known online as "Fly" or "Flycracker," started a discussion thread called "Krebs Fund" which detailed his steps leading to the heroin scam. Fly created a bitcoin wallet that members donated to, which topped out at more than two bitcoins, before purchasing drugs on Silk Road under Krebs' name. He even posted a fake message on the cybercrime forum titled "Helping Brian Fund":

Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the “Helping Brian Fund”, and shortly we will create a bitcoin wallet called “Drugs for Krebs” which we will use to buy him the purest heroin on the Silk Road.  My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!

What nice friends. Several bags of heroin were purchased for 1.65 bitcoins, or around $165 at today's rate, and were delivered to Krebs' home a few days later in a thin package with a copy of Chicago Confidential inside. Twelve baggies were taped to the back of the magazine, marked with skull icons as advertised in the Silk Road ad. The seller even included an extra gram for free.

Advertisement

Krebs gave the heroin to the police (after opening the package donning a surgical mask and gloves), but still does not know the identity of Fly.

Krebs has not had a smooth first half of 2013. In March, he was prey to a SWATting prank that he described as more dangerous than a bomb threat. To pull off the malicious prank, cyberhackers used an instant message service designed for hearing and deaf callers to warn the police that Russians had broken into his home and shot his wife.

He received a knock on his door and opened it to about a half dozen squad cars, semi-automatic weapons, and shotguns before getting handcuffed and interrogated. He managed to convince the police that they were tricked, referencing a report he filed last August after he received non-specific threats from members who write on the forum of a service website called absoboot.com that can be hired to dismantle websites. Someone on the forum had mentioned SWATting and Krebs predicted that he might eventually receive a similar attack.

In a post called "The World Has No Room For Cowards," Krebs wrote that SWATting "puts peoples' lives at risk, wastes huge amounts of taxpayer dollars, and draws otherwise scarce resources away from real emergencies."

Bitcoins on their own mark a grey area of legality, but there have been several instances in which they were used for out-and-out crime like the Flycracker fraud. Last week, the Guardian reported that a bitcoin investment program promising a 7 percent return was actually a Ponzi scheme.

Trendon T. Shavers, founder of the "Bitcoin Savings and Trust" (BTCST), claimed to have raised 700,000 bitcoins in the last three years, and was asking for investments to garner more. In reality, he was using bitcoins from new investors to cover investor withdrawals and deposit interest payments, according to the US Securities and Exchange Commission.

There have been other instances of bitcoin-related crime, which is expected for an internet-only, unregulated currency. Notable past indicidents include a ploy by Trojan horse Infostealer.coinbit that attempted to steal Bitcoin wallets, as well as many instances of cyberhackers sending DDoS attacks to Mt.Gox, the leading bitcoin exchange company, in attempts to influence exchange pricing or simply for the good old lulz.

Krebs will be talking about DDoS attacks at the Black Hat hackers conference in Las Vegas on August 1st. He has been savvy enough to escape the wraith of these cyberhackers in the past, but let's hope that he can continue to be one step ahead of his enemies in the upcoming months.