20 comments

[ 5.5 ms ] story [ 129 ms ] thread
Kudos to him for doing and publishing the research, I would personally be a little bit afraid to expose criminals and criminal organizations.
It would not be the first time that it would bite him back
There have been several attacks against Brian Krebs in the past. From sending heroin* to his house, to adding his name to malware ("malware created by Brian Krebs"). This is because he always posts pictures and full names of criminals and is also why I have no sympathy for Brian Krebs, as I dislike online pillories and the rehabilitation of criminals is made massively more difficult this way. Nevertheless, attacks against him are of course to be condemned.

* https://krebsonsecurity.com/2019/09/interview-with-the-guy-w...

And don't forget the funeral wreath sent to his home address with his wife's and his name on them. That guy is not afraid of anything
Damn, that's a cold message to send someone.
The criminals he exposes are absolute scum, I doubt their attacks against him would be much less severe had he only exposed their operations and not their identity. They have no qualms swatting people who are completely innocent, if Krebs pulled punches with them I highly doubt theyd reciprocate
I'm all for rehabilitation, but let's not kid ourselves. These Russian cybercriminals who have been in business for over a decade aren't going to just turn around and suddenly become productive members of global society.
(comment deleted)
That is not the reason for being against publishing the name of these complete and utter scumbags.

The only reason not to publish names is that there's always the risk of a false positive.

Couldn't a criminal leave enough info to point to someone else? Then Krebs exposes a mark.
Yep this is what happens most of the time.
Is there evidence to support that "most of the time" he unmasks marks instead of the real actors?
... No
You tried to gather evidence and were unsuccessful or you are guessing none exist?
That’s what the CIA does. See shadow brokers and the toolkit used to “change” attribution.
This is something to be investigated honestly