Cybercriminals Has Heroin Delivered To Brian Krebs, Then Calls Police 187
Okian Warrior writes in about a package of heroin that found its way to the door of Brian Krebs. "'Fans' of [security researcher Brian Krebs] have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery."
Working link to article (Score:5, Informative)
http://krebsonsecurity.com/ [krebsonsecurity.com]
Re:Working link to article (Score:5, Informative)
Or even better, http://krebsonsecurity.com/2013/07/mail-from-the-velvet-cybercrime-underground/ [krebsonsecurity.com]
Re: (Score:2)
Re: (Score:3)
Ahem, if you're going to point out a grammar mistake, it might be worthwhile checking your own correction:
"Cybercriminals Had Heroin Delivered To Brian Krebs, Then Call Police" (Cybercriminals call the police)
Or:
"Cybercriminal Has Heroin Delivered To Brian Krebs, Then Calls Police" (Cybercriminal calls the police)
Re:Working link to article (Score:5, Funny)
Warning @ Line 3: Expected end of statement or continuation delimiter.
Syntax Error @ Line 5: Extraneous capitalization of boolean list qualifier.
Syntax Error @ Line 5: Invalid list contiuation; Character ':' already in use. Syntax Error @ Line 7: Expected end of statement punctuation.
# Funny how you humans emulate dumb parsers while machine intelligence has overcome this_
Re: (Score:2)
Re: (Score:2)
Re:Working link to article (Score:5, Funny)
Re: (Score:3)
Re:Working link to article (Score:5, Funny)
Re: Working link to article (Score:2)
You probably were thinking on Cyberdyne.
Re: (Score:2)
Re:Working link to article (Score:4, Funny)
Re: (Score:3)
Completely off topic, but so is this whole discussion:
Thanks to Pulp Fiction, I can not make a language choice during an install without saying "English, mother fucker! Do you speak it?"
Okay, that's all I've got.
Re: (Score:3)
Re:Working link to editor (Score:4, Informative)
WARNING
You're an idiot if you actually clicked on that link.
Re: (Score:2)
Usually I call for cutting /. editors slack, as they weren't English majors, but COME ON... "Cybercriminals has?" Guys, lay off the beer when you're at work.
Yeah, that really "clanged" in my mind's ear as well, but then I thought, "Hey, maybe these guys have incorporated, and 'Cybercriminals' is the name of the business", which would make the headline acceptable in the US.
Of course in the UK it'd still be wrong.
Czar (Score:5, Interesting)
A guy named Czar posted a thinly veiled threat as a comment upon Krebs' blog post:
"and easy to speak of the lives of others [hackers, carders, botmasters]
you [Krebs] invade the forum these guys and find that they do not go doing anything?, it would be foolish on your part
be realistic, you are at risk talking shit about these guys
this minimum and that they can make in relation to you,
Now, imagine if it was a bomb?, what do you think? [Krebs]
would be surprising if some hacker will not do this someday
good luck with your work, the risks are increasing lol;"
Now one wonders how THAT is going to be played out....
Re: (Score:3, Funny)
I'm surprised your editor is still on speaking terms with you.
Re: (Score:2)
Well, it might get them off line at least.
Oh, stupid DragonSpeak.
Krebs is a scam. (Score:4, Interesting)
I posted a comment on his blog a while ago where I questioned the validity of the results of his research [krebsonsecurity.com] that caught a lot of attention [slashdot.org] a while back. For example, one of his biggest finds was that that one of the scammer' name is Vasily Ivanovich Petrov, which is just a placeholder name just like Joe Public in Russian. He never approved my comment or provided any feedback. If he was an actual researcher, he wouldn't silence reasonable criticism towards him.
It's sad to see him get one meaningless article after another on Slashdot.
Re:Krebs is a scam. (Score:5, Insightful)
And so to you the only reasonable explanation is that he read your comment and covered it up, secure in knowing that no one else could catch that error, even though (assuming it's true) it would be obvious to millions of people.
Comments "awaiting moderation" are often never read by anyone and simply fall into a bucket. If they get moderated at all they can easily be inadvertently flagged as spam along with dozens and dozens of other actual spam comments.
Re:Krebs is a scam. (Score:4, Insightful)
even though (assuming it's true) it would be obvious to millions of people.
First of all, I greatly doubt his article was read by millions. Second of all, how many readers spoke Russian to spot the questionable moment? Very few, I must imagine.
Comments "awaiting moderation" are often never read by anyone and simply fall into a bucket.
That is certainly a valid thought. However, a few comments praising his research got approved both before and after mine. In addition, he commented on some of them in person. This is leading me believe that he did read my comment, even though I will never be able to prove it (great way to deal with the critique, Krebs!).
Re: (Score:2)
Are you saying that if Krebs did what OP is alleging, that makes it a conspiracy? Who would Krebs have to be in with? Krebs, himself? Is this perhaps why you're already implying that if Krebs takes action, that action is necessarily "evil"? Because you see Krebs as an unnatural form of two different people? I don't get it.
Re: (Score:2)
Banner adds and clickety click clicks. Plus of course marketing and gaining those highly profitable mass media consultancy (heavy on the con) spots, especially if you going to push the pro government security propaganda line. Of course it seems really lame to 'publicly' seek donations to purchase heroin unless of course you are seeking to publicly expose your scheme to frame someone (which doesn't make any sense at all), as obviously framing someone must be kept really really secret as it tends to fail oth
Re: (Score:2)
Damn if it wasn't several days ago I'd say mod parent up.
The whole part about publicly/semi-publicly (might as well be the same thing in many situations, and oh look there was Krebs himself sitting in the balcony) soliciting blackmail funds really is stupid when you put it plainly.
I was more floored by the fact that Krebs was allowed to tamper with the heroin that was delivered and take those pictures. I can't imagine a single sheriff's department anywhere in America that would find that Kosher. Funny, Kreb
Re: (Score:2)
You probably (if you tell the truth) just commented on a several-month-old blog post, nobody checks the spam filters of those.
One of the little known good features of Slashdot is that all threads go to archive mode in two weeks. This removes one of the biggest problems with blog spam, which is dropping SEO bait at the end of old comment threads, like bird poop on a car that's been parked under a tree for a few months. It also avoids the problem of people who can't be arsed to check the dates on threads, and post in dead threads as through there was still a conversation going on.
Re:Krebs is a scam. (Score:5, Funny)
I posted a comment on his blog a while ago where I questioned the validity of the results of his research [krebsonsecurity.com] that caught a lot of attention [slashdot.org] a while back. For example, one of his biggest finds was that that one of the scammer' name is Vasily Ivanovich Petrov, which is just a placeholder name just like Joe Public in Russian. He never approved my comment or provided any feedback. If he was an actual researcher, he wouldn't silence reasonable criticism towards him.
It's sad to see him get one meaningless article after another on Slashdot.
I posted a suggestion to the Pope on how to run the Catholic church and he never approved the comment. This proves he's a fake, right?
Re: (Score:2, Funny)
You can't prove the de facto standard to be fake.
The Pope is the de facto authority of the Catholic church. To back up this relationship, the Pope is regarded as infallible within the church. Questioning the Pope's authority over church matters doesn't even make sense, because it's an unquestionable authority.
On the other hand, Krebs is not de facto authority *over* the facts and knowledge of security. If Krebs says encryption doesn't work, that doesn't make encryption fail to work. Whereas if the Pope says
Re: (Score:2)
Re: (Score:2)
... Questioning the Pope's authority over church matters doesn't even make sense, because it's an unquestionable authority....
Can I question whether it's unquestionable?
Would that be okay?
Or is it unquestionably unquestionable?
And is it only unquestionable because it refuses to answer any questions?
So this general is named Joe public ? (Score:2)
http://en.wikipedia.org/wiki/Vasily_Ivanovich_Petrov.
When yous ay some guy is "joe Smith" and the first hit is a general in the army... That means at least ONE person is named that way, and therefore ANOTHER can be. So your assumption that the name means nothing is falsified.
Re: (Score:2)
Great to see that you found the link I have already posted in an earlier reply [slashdot.org]! I didn't hold an
assumption that the name means nothing
I just raised the point which I believe is important that the criminal's name he presented as a significant result is likely to be fictional. If you were a security researcher yourself and a criminal you traced would call himself Joe Bloggs, you would want to recheck your sources before presenting your discovery, would you?
There were lots of other questionable moments in his "research" related to Russian hackers,
Re: Krebs is a scam. (Score:4, Interesting)
He never approved my comment, so it never made it in the comment section. I didn't do anything significant, I just made a couple of observations that made his research look less exciting, the most significant find I already mentioned above. A good lesson for me to avoid dealing with blogs and bloggers that pre-moderate comments or at least preserve them locally.
Re: Krebs is a scam. (Score:3)
And you are French, obviously.
Re: (Score:2)
Did he delete your comment?
He did not approve it, so it never became visible. A comment cannot be "deleted" it never gets "approved". How convenient.
Re:Krebs is a scam. (Score:5, Funny)
He has uncovered the Anti-vovick conspiracy! Quick everyone look like you were doing something else...
Lord Krebs commands it!
Re: (Score:2)
Maybe one of his foes hacked in and removed your insightful little gem before he saw it, leaving no trace, so as to deprive him of the improvement he would otherwise have derived from it.
They are true fiends, I tell you, and there are no lengths to which they will not go, nor any concern for collateral damage such as that which was inflicted on you.
Re: (Score:2)
It's not just Vasily Petrov. It's Vasily Ivanovich Petrov. Three very common placeholder names chained in a row. At least one person does [wikipedia.org] have this name, but it seems very fishy to see a name like that in a hacker's credentials. I did not claim anything, all I did was make a valid observation that casted certain doubts on the results his work and he effectively muted me instead of giving his thoughts about this or just silently approving my comment.
Re:Krebs is a scam. (Score:4, Funny)
The word is not "casted", it is "cast". Please approve my correction comment /. mods!
Intended as ironic humor, not an insult just in case it gets over looked...
How often does law enforcement do this? (Score:4, Interesting)
Re: (Score:3)
Not often, I'd think. Failed SWAT raids are quite expensive, and embarrassing. The SWAT members involved would not take wasting their time lightly.
Misreporting crimes to get them dealt with by another bureaucracy or other department, though, is an interesting way to work around frightened police or bystanders. Remember how assault, especially rape, victims are sometimes encouraged to scream "fire" insead of merely "help I'm being raped"? I've actually run to a fire alarm when my cell phone was out of charg
Re: (Score:3, Interesting)
Get some reading comprehension.
Re: How often does law enforcement do this? (Score:2)
Given that probably about 90% SWATs shouldn't exist to start with (I remember an article here not so long ago) I'd bet they run to "demonstrate" they are in fact so much needed.
What the hell, Slashdot? (Score:2)
Cybercriminals HAS [sic] Heroin?
What is this, I Can Haz Slashdot?
Re: (Score:3, Funny)
My bad - will try harder (Score:2)
Cybercriminals HAS [sic] Heroin?
What is this, I Can Haz Slashdot?
OP here - all the typos are my fault and the editors didn't notice them.
No excuse, it was late and I was tired. I'll try to do better in future submissions. I did submit a working link - *that* I checked - no idea how it got screwed up...
Re: (Score:2)
I clicked on your "working link" and it did, in fact, work.
To be nitpicky about it, I right-clicked and clicked "open in new tab".
But it might have been better to have written
Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways...
Re: (Score:2)
I clicked on your "working link" and it did, in fact, work.
To be nitpicky about it, I right-clicked and clicked "open in new tab".
But it might have been better to have written
Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways...
And I just screwed up my own editing.
Meant to say
But it might have been better to have written
"Security researcher Brian Krebs writes
Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways...
"
Re: (Score:3)
... that's because the article was cut and pasted from the link. Which the author does write (it's Krebs' blog). In the first person, naturally. Whoever wrote the article took the first instance of "me", and replaced it editorially [using braces], and then failed to understand that it would be within acceptable editing as well as much easier to read if they took the liberty of changing the rest of the first-person references to refer to Krebs, as well.
Slightly off topic (Score:4, Interesting)
Re: (Score:3)
GOVERNMENT CONSPIRACY (Score:5, Funny)
This is obviously yet another blatant attempt by the federal government to discredit a real American hero. Not convinced? Look at the facts:
I could go on and on, but I believe these facts speak for themselves.
Re: (Score:2)
Score:1, Troll? Man, the mods have no sense of humor today.
Re: (Score:2)
Krebs is German for 'Cancer', but in a pinch can also mean 'Crab'
Krebs is german for Crabs. Cancer is Latin for Crab. There's no pinch needed.
Re: (Score:2)
"Krebs" is German for both "crab" and "cancer", no pinch nor Latin needed.
Re: (Score:2)
So he has a secret base in the K-Man Islands?
Re: (Score:2)
It wasn't until the 6th or 7th step that I realised you were pulling the piss.
I also hopefully goggled operation dungeness, only to be sorely disappointed.
Didn't work for me (Score:5, Funny)
I tried that "Hey, cybercriminals delivered this heroin to me" routine and the cops didn't buy it.
I have shitty luck.
Re: (Score:3)
War on Drugs (Score:5, Insightful)
Another reason why the war on drugs does more harm than good. This guy is lucky to be alive and was very fortunate to have the wherewithal to be one step ahead of the ne'er-do-wells. Anyone else would have had a very real chance of getting injured, maimed or killed by the local paramilitary police force. Let's not kid ourselves, it probably helps that he's white and privileged, too.
If we had sane drug policy, the worst that could have happened is having the drugs confiscated and getting a slap-on-the-wrist regulatory fine.
Re: (Score:2)
I know that people here tend to sympathise with hackers and distrust the cops, but blaming this on the police instead of the criminals who plotted it is beyond ridiculous.
Re: (Score:3)
But the criminal setup only works if the police response to it is over-the-top, and with drugs it always is. The police aren't responsible for this "prank" but they are responsible.
If I was your neighbor and I called the police suspecting you got a suspicious package that didn't involve drugs, it might warrant a squad driving by to check out the house and possibly stopping to talk to me (who made the call) to get more information. They might knock on your door and say "Yeah, your neighbor was concerned..
Re: (Score:2)
Not sure whether any of you RTFAd because that's totally not what happened. The police handled it cool.
Re: (Score:2)
Sure, there was more in play than in most situations and Krebs has some actual credibility as a security consultant so a story (with evidence) about being setup is great exculpatory evidence.
But most people wouldn't be able to track a frame-up like this and would be left helpless victims of SWAT tactics and prosecutorial hostility.
Re: (Score:2)
Let's not kid ourselves, it probably helps that he's white and privileged, too.
The vast majority of the US prison population is white and male. Women have significantly lower arrest, conviction, and incarceration rates - with significantly lower sentencing lengths, higher probation rates, etc. Women are enormously privileged when it comes to the criminal justice system, and that includes when they're victims; males are victims of violent crime at a ratio of 3:1 men:women, and case clearance rates for fe
Re: (Score:2)
and in every category of disease, men are afflicted more than women and are more likely to die from said disease.
Breast cancer?
Re: (Score:2)
and in every category of disease, men are afflicted more than women and are more likely to die from said disease.
Breast cancer?
If one man and one woman each contract breast cancer, the man is far, far more likely to die.
What about that free cable? (Score:3)
I hope he does not have to pay EFT fees and other stuff to fix that and that they don't cut him off. What cable co lets someone pay for 3 years up front like that without an fraud flag going up?
Neat little detail (Score:2, Insightful)
In the article it mentions a new name was set up "briankrebs7" and used to make the Silk Road purchase.
Further down in the screenshot it says in the upper right corner :
"Hi, briankrebs7"
It's a pretty important detail that he had control of this account and impressive that he was able to hack into it that quickly before the package arrived.
So it tells us a bit that the article doesn't. To what level has he pwn'd thecc.bz and how deeply does he get into these boards while investigating?
Would be funny if a spa
Re: (Score:2)
You're right... boy I look silly!
Please proof your title (Score:3)
That title is just embarrassing.
Either of these are correct:
Cybercriminals Have Heroin Delivered To Brian Krebs, Then Calls Police
or
Cybercriminal Has Heroin Delivered To Brian Krebs, Then Calls Police
Let's at least hold our submissions up to standards of English that we should have learned before leaving grammar school.
noob (Score:3)
Re: (Score:2)
He's not the only one. (Score:2)
A manager came into my office one day and asked if I would change her phone number because someone had been making appointments in her name with her contact information for breast enlargement consultations with various surgeons. They were calling her to confirm the appointments once or twice a week for a couple months.
Tampering with Evidence (Score:2)
Re: (Score:2)
Cybercriminals have...
i mean, wtf
I think that's actually a grammar check. In my experience people with a knowledge of English can do that. Slashdot editors ...
Seriously, come on folks.
Re: (Score:3)
Samzenpus is actually a cat. Don't hold it against him.
Re: (Score:2)
Samzenpus is actually a cat. Don't hold it against him.
My cats have better grammar than that. It's me-ow, not ow-me (a compound word in feline speak).
Re: (Score:2)
We-ows, you-ows, they-ows, keep going many, it's a whole new adjunct to lol-speak.
Re:WTH is Brian Krebs?! (Score:5, Funny)
...And why is an article with a broken link featuring on the /. homepage? Are the moderators drunk?
No, but they did recieve a small brown package in the mail this morning...
Re: (Score:2)
Did they get their neighbour to call the police?
Re:WTH is Brian Krebs?! (Score:5, Insightful)
The summary switches between third-party and first-person perspective multiple times which is confusing.
Is this the quality standard we are to expect from Slashdot now?
Re:WTH is Brian Krebs?! (Score:4, Insightful)
Re: (Score:2)
I only clicked into this story to say exactly that. What the summary is talking about is more than just confusing, it's undecipherable.
Re:Asshole blogger can has publicity stunt (Score:5, Funny)
I don't know who he, but I get the feeling that if he keeps publicizing everything that people send his way or do to him, it might become an internet past-time for more people to start doing the same. It'll be like an internet gameshow:
"Who can send the craziest thing to Brian Krebs?"
It's all fun and games til somebody decides to send a shit covered blasting cap or who knows what else.
Re: (Score:2)
Re:Asshole blogger can has publicity stunt (Score:5, Insightful)
I'm still amazed the police gave a shit. Around here they normally just fob you off until the drugs actually arrive, then arrest you and take your DNA, computers, phones etc. Then finally when you get a lawyer they might drop the case (typically takes about six months if it's fast-tracked) and then after a few years you get your stuff back.
Re: (Score:2)
Re:Asshole blogger can has publicity stunt (Score:4, Funny)
Re: (Score:3)
He looks pretty clean cut; that seems to go a long way with the police. From his history, it seems like the local police and him have a pretty intimate (and not adversarial) relationship. I think that helps quite a bit, too.
Repeat the situation with a mass-media stereotypical "hacker" and it would probably fit your description a little closer.
Re: (Score:3)
The police hate reports like this because they require huge resources to solve. Some guys in Russia ordered some drugs from the Farmers Market on Tor and paid with BitCoins. The seller presumably took steps to prevent them simply tracing the origin of the package. All the report does is add 1 to the unsolved drug crime stats for their area, making them look bad.
Re: (Score:3)
"Local police successfully intercept Heroin shipment"
"Police seize drugs worth $4000"
"Police thwart blackmail attempt"
"Police become fucking heroes of the night"
The police _love_ this sort of shit.
Re: (Score:2)
Most drug dealing thugs look like (1 Thugs or 2) clean cut executives
Most Corporate thugs look like (1 Thugs or 2) Clean cut executives
Profiling 101
Re: (Score:2)
Most drug dealers are Clean Cut Executive types (think Pharma)
Re:Asshole blogger can has publicity stunt (Score:5, Funny)
"Who can send the craziest thing to Brian Krebs?"
A bobcat? http://xkcd.com/325/ [xkcd.com]
Journalist can has risk (Score:5, Informative)
Brian Krebs is a former Washington Post investigative journalist who has been writing about Internet security issues for a long time. He writes a lot about malicious attacks and often exposes the attackers. These are not nice people, either; they are spammers, botnet herders, guys who make, sell and buy credit card skimmers, hackers who steal credit card info, guys who run DDoS-for-hire sites, etc.
He uses aliases to get himself invited to underground forums, monitors them for as long as he can, then exposes the criminals. The bad guys are also improving their own security, and becoming more adept at turning the tables. One forum placed unique values in the "# of posts" listed in the left side column of their forum, then outed him when he posted a screenshot.
Needless to say, the people he is messing with are very annoyed at him. They are trying all the tricks they can to harass him remotely, such as ordering merchandise paid for on his credit cards, sending him unwanted (and now illegal) stuff, and using his credit cards to donate to charities. They've been trying to send him all the craziest, most annoying, most hazardous stuff they can without personally touching the merchandise themselves. The most dangerous stuff they have managed to send him so far was the SWAT van full of cops in a midnight raid. If these guys could get someone else to ship him a live cobra in a box, or a shit covered blasting cap, they wouldn't hesitate for a second.
While he may not be a "hero", Mr. Krebs has done some good work at cleaning up several of the nastier elements that infest the Internet. You get less spam in your in box thanks to him.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
He's not investigating Dynacorp or the Franklin Cover up...