The story of a man who fights malware

by Charles Leaver

March 26, 2014

access_time 6 min read

Endpoint security is vital both to enterprises and individuals. Without it, these two groups place themselves at risk of attack. Few people know this better than Brian Krebs, a man who has devoted his career to exposing data attacks and working to identify their culprits. Through his continued work, Krebs has called attention to the importance of suitable data leak prevention software for computing users at any level.

A (self) education in the threat of data leakage
According to his blog, Krebs was a reporter at The Washington Post who learned firsthand that personal information security is not something one can take for granted. In 2001, Krebs mysteriously found himself barred from his own home computing network. As it turns out, the culprit was a Chinese hacking group that had wormed its way into Krebs' system.

The reality that malware can impact anyone unsettled Krebs enough to make him learn about it. And learn he did. In December 2009, he launched a blog called Krebs on Security, devoted to researching and exposing data attacks, as well as providing information about how users can safeguard against such incursions.

Nearly five years later, Krebs used this blog to expose the attack on Target, a malware breach that impacted one third of the country.

Falling afoul of the hacking community
Like any criminal enterprise, hackers do not want their illicit activities exposed. By placing himself in direct opposition to the cybercriminal underworld, Krebs exposed himself not just to cyber threats, but to actual threats as well.

According to The New York Times, Krebs discovered just how malicious such criminals can be when a SWAT team busted into his house and ordered Krebs to the ground. Despite his protestations, he was handcuffed and detained, until his wife arrived on the scene and set the record straight. The problem for the SWAT team is that they'd been told to expect a murderer. The cybercriminals who made the call wanted Krebs to suffer - a point they continue to make clear.

Krebs told the Times reporter that in addition to a phony SWAT call, hackers have sent illicit items to his house, stolen his identity several times and opened a line of credit with his name on it. The extent of these attacks proves hackers are as unrelenting as the malicious code they create.

But through it all, Krebs' focus remained clear: expose malware breaches, and the data loss prevention tools that can stop them.

Target and Krebs' growing public profile
Krebs emerged in the public eye when he played a major role in exposing the data breach against major retailer Target. But Krebs did not stop at the breach itself, and instead set out learning how it had happened. He found his answer in an HVAC company with which Target did business. Unfortunately for the company - which did not have the endpoint security of its powerhouse partner - its vulnerabilities made it a prime target for a phishing attack, and it was under the guise of this business that the malware gained access to Target's administrative infrastructure.

"Like Target, we are a victim of a sophisticated cyber attack operation," Fazio Mechancal, the breached HVAC company, said in response to Krebs' findings. "We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach."

As Krebs continues his fight against malware, popular interest in the man himself increases. According to SlashGear, Krebs' life rights have been purchased by Sony to make into a feature film. Blogging about that news, Krebs admitted he was surprised, but did not hesitate to offer casting suggestions - Edward Norton and Jim Carrey among them.