Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime Security Idle

Cybercriminals Has Heroin Delivered To Brian Krebs, Then Calls Police 187

Okian Warrior writes in about a package of heroin that found its way to the door of Brian Krebs. "'Fans' of [security researcher Brian Krebs] have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery."
This discussion has been archived. No new comments can be posted.

Cybercriminals Has Heroin Delivered To Brian Krebs, Then Calls Police

Comments Filter:
  • by Svenne ( 117693 ) on Thursday August 01, 2013 @04:39AM (#44444595) Homepage

    http://krebsonsecurity.com/ [krebsonsecurity.com]

  • Czar (Score:5, Interesting)

    by vikingpower ( 768921 ) on Thursday August 01, 2013 @05:00AM (#44444669) Homepage Journal

    A guy named Czar posted a thinly veiled threat as a comment upon Krebs' blog post:

    "and easy to speak of the lives of others [hackers, carders, botmasters]

    you [Krebs] invade the forum these guys and find that they do not go doing anything?, it would be foolish on your part

    be realistic, you are at risk talking shit about these guys

    this minimum and that they can make in relation to you,

    Now, imagine if it was a bomb?, what do you think? [Krebs]

    would be surprising if some hacker will not do this someday

    good luck with your work, the risks are increasing lol;"

    Now one wonders how THAT is going to be played out....

  • Krebs is a scam. (Score:4, Interesting)

    by vovick ( 1397387 ) on Thursday August 01, 2013 @05:07AM (#44444699)

    I posted a comment on his blog a while ago where I questioned the validity of the results of his research [krebsonsecurity.com] that caught a lot of attention [slashdot.org] a while back. For example, one of his biggest finds was that that one of the scammer' name is Vasily Ivanovich Petrov, which is just a placeholder name just like Joe Public in Russian. He never approved my comment or provided any feedback. If he was an actual researcher, he wouldn't silence reasonable criticism towards him.

    It's sad to see him get one meaningless article after another on Slashdot.

    • by Paradise Pete ( 33184 ) on Thursday August 01, 2013 @05:55AM (#44444847) Journal

      He never approved my comment or provided any feedback.

      And so to you the only reasonable explanation is that he read your comment and covered it up, secure in knowing that no one else could catch that error, even though (assuming it's true) it would be obvious to millions of people.
      Comments "awaiting moderation" are often never read by anyone and simply fall into a bucket. If they get moderated at all they can easily be inadvertently flagged as spam along with dozens and dozens of other actual spam comments.

      • by vovick ( 1397387 ) on Thursday August 01, 2013 @06:39AM (#44444985)

        even though (assuming it's true) it would be obvious to millions of people.

        First of all, I greatly doubt his article was read by millions. Second of all, how many readers spoke Russian to spot the questionable moment? Very few, I must imagine.

        Comments "awaiting moderation" are often never read by anyone and simply fall into a bucket.

        That is certainly a valid thought. However, a few comments praising his research got approved both before and after mine. In addition, he commented on some of them in person. This is leading me believe that he did read my comment, even though I will never be able to prove it (great way to deal with the critique, Krebs!).

    • by Chrisq ( 894406 ) on Thursday August 01, 2013 @07:27AM (#44445191)

      I posted a comment on his blog a while ago where I questioned the validity of the results of his research [krebsonsecurity.com] that caught a lot of attention [slashdot.org] a while back. For example, one of his biggest finds was that that one of the scammer' name is Vasily Ivanovich Petrov, which is just a placeholder name just like Joe Public in Russian. He never approved my comment or provided any feedback. If he was an actual researcher, he wouldn't silence reasonable criticism towards him.

      It's sad to see him get one meaningless article after another on Slashdot.

      I posted a suggestion to the Pope on how to run the Catholic church and he never approved the comment. This proves he's a fake, right?

      • Re: (Score:2, Funny)

        by eyenot ( 102141 )

        You can't prove the de facto standard to be fake.

        The Pope is the de facto authority of the Catholic church. To back up this relationship, the Pope is regarded as infallible within the church. Questioning the Pope's authority over church matters doesn't even make sense, because it's an unquestionable authority.

        On the other hand, Krebs is not de facto authority *over* the facts and knowledge of security. If Krebs says encryption doesn't work, that doesn't make encryption fail to work. Whereas if the Pope says

        • by Chrisq ( 894406 )
          I was just illustrating that because someone does not post a comment by any old tom, dick, or harry does not necessarily mean that they are fakes.
        • by unitron ( 5733 )

          ... Questioning the Pope's authority over church matters doesn't even make sense, because it's an unquestionable authority....

          Can I question whether it's unquestionable?

          Would that be okay?

          Or is it unquestionably unquestionable?

          And is it only unquestionable because it refuses to answer any questions?

    • Some people have that name :

      http://en.wikipedia.org/wiki/Vasily_Ivanovich_Petrov.

      When yous ay some guy is "joe Smith" and the first hit is a general in the army... That means at least ONE person is named that way, and therefore ANOTHER can be. So your assumption that the name means nothing is falsified.
      • by vovick ( 1397387 )

        Great to see that you found the link I have already posted in an earlier reply [slashdot.org]! I didn't hold an

        assumption that the name means nothing

        I just raised the point which I believe is important that the criminal's name he presented as a significant result is likely to be fictional. If you were a security researcher yourself and a criminal you traced would call himself Joe Bloggs, you would want to recheck your sources before presenting your discovery, would you?
        There were lots of other questionable moments in his "research" related to Russian hackers,

  • by LeepII ( 946831 ) on Thursday August 01, 2013 @05:56AM (#44444851)
    You have to wonder how often law enforcement does this to justify SWAT raids.
    • Not often, I'd think. Failed SWAT raids are quite expensive, and embarrassing. The SWAT members involved would not take wasting their time lightly.

      Misreporting crimes to get them dealt with by another bureaucracy or other department, though, is an interesting way to work around frightened police or bystanders. Remember how assault, especially rape, victims are sometimes encouraged to scream "fire" insead of merely "help I'm being raped"? I've actually run to a fire alarm when my cell phone was out of charg

      • Re: (Score:3, Interesting)

        by Anonymous Coward
        If you justify the raid with planted evidence it is no longer considered "failed".

        Get some reading comprehension.
      • Given that probably about 90% SWATs shouldn't exist to start with (I remember an article here not so long ago) I'd bet they run to "demonstrate" they are in fact so much needed.

  • Cybercriminals HAS [sic] Heroin?

    What is this, I Can Haz Slashdot?

    • Re: (Score:3, Funny)

      by Anonymous Coward
      There's a missing 'e'. What he means is cybercriminals kidnapped Wonder Woman and mailed her to this security researcher's home.
    • Cybercriminals HAS [sic] Heroin?

      What is this, I Can Haz Slashdot?

      OP here - all the typos are my fault and the editors didn't notice them.

      No excuse, it was late and I was tired. I'll try to do better in future submissions. I did submit a working link - *that* I checked - no idea how it got screwed up...

      • by unitron ( 5733 )

        I clicked on your "working link" and it did, in fact, work.

        To be nitpicky about it, I right-clicked and clicked "open in new tab".

        But it might have been better to have written

        Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways...

        • by unitron ( 5733 )

          I clicked on your "working link" and it did, in fact, work.

          To be nitpicky about it, I right-clicked and clicked "open in new tab".

          But it might have been better to have written

          Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways...

          And I just screwed up my own editing.

          Meant to say

          But it might have been better to have written

          "Security researcher Brian Krebs writes

          Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways...

          "

  • Slightly off topic (Score:4, Interesting)

    by Presto Vivace ( 882157 ) <ammarshall@vivaldi.net> on Thursday August 01, 2013 @06:57AM (#44445049) Homepage Journal
    but I have to wonder how many bitcoin users are government intelligence officers of assorted nationalities, or even security officers for assorted private corporations doing stuff that they do not want traced.
  • by korbulon ( 2792438 ) on Thursday August 01, 2013 @07:08AM (#44445105)

    This is obviously yet another blatant attempt by the federal government to discredit a real American hero. Not convinced? Look at the facts:

    1. Heroin is known by several street names, including (but not limited to) smack, dope, junk, brown sugar, and WHITE HORSE
    2. "Brian" is an Irish-Breton name meaning 'High'.
    3. Krebs is German for 'Cancer', but in a pinch can also mean 'Crab'
    4. 'Crab' has four letters. Four in German is 'vier', which when pronounced sounds like 'fear' in English.
    5. In July of 1963 a little-known top-secret project sanctioned by the CIA was started, which studied - among other things - the effects of illicit drugs on sea-faring crustaceans. The name of this project was Operation Dungeness. Among the members of the research team was - you guessed it - a German scientist of dubious political background, last name of Krabbe.
    6. As the Dungeness scientists became deranged with drugs and power, their range of test subjects expanded from sea-faring crustaceans to rodents and finally to small orphan children
    7. These orphas were harvested from foster homes and from the streets,to become nameless waifs, but one of these orphan children was nicknamed Brian Krebs ('High Crab') - a sick joke of the scientists
    8. One dark and stormy night a lightning strike knocked out the main power transformer suppling power to the underground lab. In the ensuing chaos, Krebs escaped, but during the escape he was bitten by a radioactive sea-faring crustacean, and it left a mark in the shape of a 'K' on his outer right thigh
    9. Armed with the truth, Krebs reached an uneasy truce with government goons, keeping them at bay - for now. But behind the scenes he wages a one man crusade against the mad CIA scientists who subjected him to a wide range of inhumane experiments as a nameless waif. Masquerading as a security expert, he uses his contacts in the underground to uncover evidence which will one day bring the perpetrators to justice.
    10. But the government does not stand idly by: knowing that direct confrontation is out of the question, it instead opts for a campaign of slander, defamation, and sabotage. This latest attempt to deliver illicit drugs is not simply meant to defame and criminalize Krebs, it is a message. And that message is: "We are coming for you."

    I could go on and on, but I believe these facts speak for themselves.

    • Score:1, Troll? Man, the mods have no sense of humor today.

    • by Shatrat ( 855151 )

      Krebs is German for 'Cancer', but in a pinch can also mean 'Crab'

      Krebs is german for Crabs. Cancer is Latin for Crab. There's no pinch needed.

      • Krebs is german for Crabs. Cancer is Latin for Crab. There's no pinch needed.

        "Krebs" is German for both "crab" and "cancer", no pinch nor Latin needed.

    • by unitron ( 5733 )

      So he has a secret base in the K-Man Islands?

    • It wasn't until the 6th or 7th step that I realised you were pulling the piss.

      I also hopefully goggled operation dungeness, only to be sorely disappointed.

  • by PopeRatzo ( 965947 ) on Thursday August 01, 2013 @07:09AM (#44445109) Journal

    I tried that "Hey, cybercriminals delivered this heroin to me" routine and the cops didn't buy it.

    I have shitty luck.

    • by Ksevio ( 865461 )
      Did you tell them before it was delivered or when they walked in on you injecting it?
  • War on Drugs (Score:5, Insightful)

    by FuzzNugget ( 2840687 ) on Thursday August 01, 2013 @07:47AM (#44445303)

    Another reason why the war on drugs does more harm than good. This guy is lucky to be alive and was very fortunate to have the wherewithal to be one step ahead of the ne'er-do-wells. Anyone else would have had a very real chance of getting injured, maimed or killed by the local paramilitary police force. Let's not kid ourselves, it probably helps that he's white and privileged, too.

    If we had sane drug policy, the worst that could have happened is having the drugs confiscated and getting a slap-on-the-wrist regulatory fine.

    • by Hentes ( 2461350 )

      I know that people here tend to sympathise with hackers and distrust the cops, but blaming this on the police instead of the criminals who plotted it is beyond ridiculous.

      • by swb ( 14022 )

        But the criminal setup only works if the police response to it is over-the-top, and with drugs it always is. The police aren't responsible for this "prank" but they are responsible.

        If I was your neighbor and I called the police suspecting you got a suspicious package that didn't involve drugs, it might warrant a squad driving by to check out the house and possibly stopping to talk to me (who made the call) to get more information. They might knock on your door and say "Yeah, your neighbor was concerned..

        • by Hentes ( 2461350 )

          Not sure whether any of you RTFAd because that's totally not what happened. The police handled it cool.

          • by swb ( 14022 )

            Sure, there was more in play than in most situations and Krebs has some actual credibility as a security consultant so a story (with evidence) about being setup is great exculpatory evidence.

            But most people wouldn't be able to track a frame-up like this and would be left helpless victims of SWAT tactics and prosecutorial hostility.

    • Let's not kid ourselves, it probably helps that he's white and privileged, too.

      The vast majority of the US prison population is white and male. Women have significantly lower arrest, conviction, and incarceration rates - with significantly lower sentencing lengths, higher probation rates, etc. Women are enormously privileged when it comes to the criminal justice system, and that includes when they're victims; males are victims of violent crime at a ratio of 3:1 men:women, and case clearance rates for fe

      • and in every category of disease, men are afflicted more than women and are more likely to die from said disease.

        Breast cancer?

        • by gmhowell ( 26755 )

          and in every category of disease, men are afflicted more than women and are more likely to die from said disease.

          Breast cancer?

          If one man and one woman each contract breast cancer, the man is far, far more likely to die.

  • by Joe_Dragon ( 2206452 ) on Thursday August 01, 2013 @08:03AM (#44445403)

    I hope he does not have to pay EFT fees and other stuff to fix that and that they don't cut him off. What cable co lets someone pay for 3 years up front like that without an fraud flag going up?

  • Neat little detail (Score:2, Insightful)

    by CODiNE ( 27417 )

    In the article it mentions a new name was set up "briankrebs7" and used to make the Silk Road purchase.

    Further down in the screenshot it says in the upper right corner :
    "Hi, briankrebs7"

    It's a pretty important detail that he had control of this account and impressive that he was able to hack into it that quickly before the package arrived.

    So it tells us a bit that the article doesn't. To what level has he pwn'd thecc.bz and how deeply does he get into these boards while investigating?

    Would be funny if a spa

  • by azav ( 469988 ) on Thursday August 01, 2013 @10:00AM (#44446581) Homepage Journal

    That title is just embarrassing.

    Either of these are correct:

    Cybercriminals Have Heroin Delivered To Brian Krebs, Then Calls Police
    or
    Cybercriminal Has Heroin Delivered To Brian Krebs, Then Calls Police

    Let's at least hold our submissions up to standards of English that we should have learned before leaving grammar school.

  • by slashmydots ( 2189826 ) on Thursday August 01, 2013 @10:05AM (#44446673)
    Security researcher or enthusiast rule #1: if you're going to try and frame someone or whatever, don't fucking post about it on the public internet
    • I think the person with the heroin and the plan didn't know how to impersonate a call from a neighbor -- which was required to make the report plausible. Thus a post asking for help was reasonable.
  • A manager came into my office one day and asked if I would change her phone number because someone had been making appointments in her name with her contact information for breast enlargement consultations with various surgeons. They were calling her to confirm the appointments once or twice a week for a couple months.

  • If this story is legit, then the dumbfuck Brian should get a misdemeanor for tampering with evidence. His blog is proof that he knows it's evidence, so ignorance (not even normally allowed anyway) is no excuse.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...