Q: How did you start getting into the Russian-organized cyber crime?
A: That's where the type of crime I like to investigate often intersects. I started investigating the Russian Business Network and moved out from there. I realized that most of the major cyber crime is done by a few hundred people, many of them Russian. A few hundred people produce the malware, provide the services, and so on. There are lots of wannabes and posers, but the guys who are the glue for the community is a far smaller, more elite group. I thought it would be interesting to learn and isolate who some of the major players are, so I discovered some of the places and platforms where they hang out. I got tired of using translation services, and I've always had a fascination with foreign languages, so I started to teach myself Russian.
Q: How do you go to Russia, investigate syndicate crime bosses, meet them in person on their own turf, and not get killed?
A: (laughs) I certainly don't think what I do is something that would get me killed and I don't want to become a target. But if there is a strategy, it's that I didn't tell anyone I was going to Russia. I certainly surprised the people that I went to see. If they had known I was coming maybe they would not have met with me. Surprise is a nice tool to be able to use. I had a little despair when I first got to Russia, in St. Petersburg. I had a Google alert for my name on various Russian cyber crime sites, and on some Russian blog, there was a posting telling everyone that I was there and what hotel I was staying in.
Q: What is the biggest roadblock to shutting down organized cyber crime?
A: Corruption. As long as the level of corruption is what is it, it will be difficult. For example, in this one case it was clear that the individuals involved, who were about to be arrested, were given the heads-up by the law enforcement authorities, because they all slipped out of the country when the searches for them went down. The law enforcement guys have their work cut out for them. Tracking and proving financial cyber crime is hard. It's far easier for them to convict child pornographers.
Q: Your website is often hit by denial-of-service attacks. How is that going?
A: Better. I have the services of [a well known anti-DDoS vendor] and that seems to be helping. I used to be attacked at least once a week. Now it's less.
Q: What's next for Brian Krebs?
A: I'm writing a book. I've got 60,000 words done. I've been working on it for two years, mostly research time.
Q: Do you want to share the name?
Q: Surprise is a theme, I see. Well, thanks for talking to us today, and keep up the good fight!
This story, "Interview with a fearless cyber crime journalist," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.