Brian Krebs is one of the best cyber crime journalists of his generation. He's done more investigative reporting on the topic than anyone I know, displaying a deeper understanding of organized cyber criminal gangs than most cyber cops.
Brian has helped take down massive bot nets, tracked cyber crime bosses to their offices, and publicly presented volumes of detailed criminal evidence. He doesn't just summarize -- he shows you figures, links, bank accounts, and emails. Brian's investigations have taken him to Russia, where he has interviewed surprised criminal masterminds who were arrested weeks later.
[ Brace yourself for IT's 9 biggest security threats. | Find out how to block the viruses, worms, and other malware that threaten your business. | Learn how to protect your systems with InfoWorld's Security Central newsletter. ]
The projects that Brian has been a part of have surely prevented tens of thousands of innocent people from becoming victims. Brian's dedication and willingness to risk his own well-being put him in a class by himself. I think of Brian Krebs as an American hero.
I asked Brian to take a break from his award-winning blog KrebsOnSecurity to respond to a few questions.
Q: How did you get started writing about and investigating cyber crime?
A: The short story is that I started at the Washington Post at the end of 1995, working up from delivering mail to pitching stories to working one of the wire services, Newsbytes, in 1999. I started writing about technology and sometimes computer security.
Along the way I learned how to use Linux, then got hit by the Lion worm. It was my own stupid fault for getting infected, but learning what it did and how it did it got me interested in computer security.
In 2002 or 2003, I started working at Washingtonpost.com, and I started focusing on computer security topics. My editors didn't always appreciate what I pitched because the topics I wanted to focus on weren't always the type of stories that editors would traditionally put in a newspaper. But often the topics that I pitched -- and they rejected -- would end up a few weeks later in other newspapers, like the Wall Street Journal. They began to see the value and gave me my first blog, Security Fix. I loved that. I was able to get out topics I wanted to write about and do it far faster than what could be done in print.
Q: Why did you leave the Washington Post?
A: In 2009, washingtonpost.com merged with the print newspaper and a bunch of the dot-com people got let go, including me. They wanted me to write about topics that I wasn't interested in covering, so we went our separate ways. I started my new blog, KrebsOnSecurity, at the end of 2009.
Q: Upon reflection, was it a good decision to leave a highly respected newspaper for the blog world?
A: It's easily the best thing that ever happened to me. It gave me freedom. Besides allowing me to write about the topics I want to write about, it allows me to write about things when they are ready. My blog gives me the time to devote to a story. I have the luxury of being able to sit on a story to learn more and develop it more. I don't have to write two, three, or four stories a day, on topics picked by someone else, like some other reporters have to. I can take my time and dig deeper. I can do original reporting.