Interviews: Ask Brian Krebs About Security and Cybercrime

Brian Krebs got his start as a reporter at The Washington Post and after having his entire network taken down by the Lion Worm, crime and cybersecurity became his focus. In 2005, Krebs started the Security Fix blog and Krebs On Security in 2009, which remains one of the most popular sources of cybercrime and security news. Brian is credited with being the first journalist to report on Stuxnet and one of his investigative series on the McColo botnet is estimated to have led to a 40-70% decline in junk e-mail sent worldwide. Unfortunately for Krebs, he's also well known to criminals. In 2013 he became one of the first journalists to be a victim of Swatting and a few months later a package of heroin was delivered to his home. Brian has agreed to give us some of his time and answer any questions you may have about crime and cybersecurity. As usual, ask as many as you'd like, but please, one per post.

Cowards as affiliates

[japa]

You appear dedicated on continuing reporting on cybercrime, even though it may result to harm you (swatting etc). How often have you come into situation where someone you work with states they don't want to work with you any longer as association to you may result them to being target for criminals or some such?

Regrets

Do you regret any of the investigative techniques or decisions you have made over the years in relation to your security reporting?

Public Disclosure

Brian,

Are you generally in the Responsible Disclosure camp xor the Full Disclosure camp? And why?
(I recognize that you may handle this on a case by case basis. In that event, what determines your approach?)

-Bryant
a local Washingtonian.

Re:Long term solutions?

[gstoddart]

Awesome, we'll have a bunch of walled gardens, beholden to corporate interests, tightly controlled by governments, and which will still be full of security holes.

What could possibly go wrong?

China

[AdamD1]

Hello Brian. I'm a long time reader and fan.

I had a question regarding the frequency with which we hear about China being a major source of "state-sponsored" advanced persistent threat (APC) hacking. Many news outlets have referred to "Unit 61398" as a source for much of these attacks and data thefts.

Should we take Chinese hacks seriously as a threat? Do you feel it's an issue that will ever be resolved?

Thanks

ad

Should We Trust Kaspersky?

[Kagato]

As we seem to be heading back down into the familiar territory of the cold war I often wonder if nationalism is something we should consider when thinking about security. For instance I believe that Kaspersky is a very talented company but I can't help but to feel that they would be quite willing to turn a blind eye to malware from their own government. I hear commercials for Kaspersky threat detection software all the time but I would be hard pressed to actually use any of it. It certainly seems China, Russia and parts of Europe are taking country of origin into account when evaluating American security products. Am I wearing a tin-foil hat in feeling we should think twice about trusting Kaspersky?

And Hilarity Ensued

[sanjacguy]

What's the dumbest thing you've seen black hat hackers do?

Re:Kaspersky

[Fortran+IV]

You recently blogged ("Malware Evolution Calls for Actor Attribution") criticizing security companies that don't make the effort to identify the creators of malware. Do you think there are times when a company—such as Kaspersky in their recent attack—could be acting responsibly by deliberately suppressing (temporarily, one would hope) information they might have about the source of an attack?