BrianKrebs
Latest
Mirai botnet creators plead guilty to charges over 2016 attack
The individuals behind the Mirai botnet that caused nationwide internet outages in October of last year have pleaded guilty to federal charges, ZDNet reports. Paras Jha, Josiah White and Dalton Norman were indicted by a court in Alaska earlier this month and have pleaded guilty to charges that carry a sentence of up to five years in prison.
Krebs pinpoints the likely author of the Mirai botnet
The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions.
Security writer recovers from massive revenge cyberattack
Journalists are no stranger to making enemies bent on retaliation. However, it's becoming increasingly difficult to survive that retaliation in the internet era... just ask security writer Brian Krebs. An unknown party knocked his website offline last week with a massive distributed denial of service attack (620Gbps of non-stop data) as revenge for exposing two major cyberattack sellers who've since been arrested. He's only back online after taking advantage of Alphabet's Project Shield, which protects journalists against censorship-oriented denial of service campaigns. His previous anti-DDoS provider, Akamai, had little choice but to drop him -- the company tells the Boston Globe that a sustained attack on that level would have cost the company "millions."
Huge DDoS attack takes down popular security researcher's site
Just a few weeks after helping to bust some of the biggest cyberattack sellers on the web, security researcher Brian Krebs' popular site, KrebsOnSecurity, has been knocked offline by a distributed denial of service (DDoS) attack. Earlier this week, Krebs noted that the site was facing one of the biggest DDoS attacks ever recorded, reaching a peak of 620 Gbps at its peak. But while his site managed to withstand the initial assault thanks to Akamai's Prolexic service, it was eventually taken offline after Akamai removed KrebsOnSecurity from its network.
Former Ashley Madison CTO sues security researcher over hacked emails
While it appears the hackers who stole a treasure trove of data from adultery-focused "dating" site Ashley Madison are done embarrassing the company, that doesn't mean the fallout from the attack has stopped. The latest drama involves noted security researcher Brian Krebbs, who says he's facing a libel lawsuit from former Ashley Madison CTO Raja Bhatia. The lawsuit stems from a report Krebs posted in late August in which he claimed that the leaked emails of now-former CEO Noel Biderman revealed a plot to hack Ashley Madison's competitors. Bhatia apparently took issue with a number of Krebs' claims in the article and asked for a retraction and correction, which thus far Krebs has been unwilling to do.
Darkode cybercrime forum seized as police arrest 28 members
In a coordinated takedown, law enforcement agents around the world have teamed up to shut down the well-known cybercrime forum Darkode, pursuing 70 of its members and associates resulting in 28 arrests so far. In the US, the Department of Justice and the FBI have announced criminal charges against 12 individuals including the site's alleged admin, Johan Anders Gudmunds, aka Mafi aka Crim aka Synthet!c, and the seizure of the site's servers. Dubbed Operation Shrouded Horizon, the effort by police in 20 countries took on a forum known as a place for cyber criminals to swap tips and tools (botnets, spamming services, you name it) of the trade. Brian Krebs has been reporting on Darkode's community for quite some time, including a profile published after its administrators tricked him into publishing details on a fake Java exploit.
MacBook wireless hack possibly much ado about nothing?
Several weeks ago, we regaled you with the tale of how a pair of hackers, David Maynor and Jon "Johnny Cache" Ellch claimed that they could pwn a MacBook in a minute flat. The dynamic duo then showed the exploit to Brian Krebs, a reporter at The Washington Post and a controversy ensued over the next few weeks as to who had shown exactly what to whom when. The most recent episode involved Apple telling Macworld two days ago that SecureWorks, Maynor's employer, hadn't showed Apple any specific information -- however, on its own, Apple discovered a problem, then released security and wireless patches for PowerPC-based and Intel-based Macs. Meanwhile, SecureWorks has been awfully mum on the issue, refusing to say anything further to Krebs or to the IDG News Service. Glenn Fleishman has a very lengthy blog entry over at Wi-Fi Net News that provides a play-by-play of this whole situation, but points out that Maynor and Ellch are scheduled to speak at Toorcon in San Diego later this month, and concludes by saying that he thinks the pair will show their cards and tell all, which may finally settle this torrid affair.
