Security expert Brian Krebs says people using the internet are safer if they purchase quality hardware.
The 43-year-old Alabama native writes Krebs on Security. It’s a one-man operation focused on digital crime. His encyclopedic knowledge of the subject and his network of contacts has made his blog essential reading for anyone interested in cyber crime and has made him a coveted lecturer at some of the biggest companies in the world. It has also made him some dangerous enemies.
Looking back, last year Russian cyber-spies were accused of meddling in the US election. Yahoo announced that 1bn email accounts were compromised. Hackers used internet-connected devices including baby monitors, webcams, and thermostats, to take down some of the world’s biggest websites. What surprises Krebs the most is that people are surprised at all.
“The problem is that cyber crime is easy,” Krebs says. Too many individuals and organizations buy cheap hardware. They can’t imagine the damage millions of slightly-too-stupid routers can do. Most owners of the hijacked devices that participated in the attack that took down websites, including Netflix, Twitter, Reddit, CNN, and PayPal, as well as the entire country of Liberia earlier this year never knew their property had been used to pull millions of computers offline.
“It’s cheap to make hardware that works,” Krebs says.
It’s much more expensive to make sure it works only for you. “There are companies that have zero interest in designing a secure device; they just cobble together software libraries.”
When laypeople write to him, Krebs says, it’s often to beg for help. “People get so frustrated and they’re scared and the clock is ticking and they don’t know what to do,” he says. “They ask where do I go? Who do I turn to?” The Payment Card Industry (PCI) is a good place to go for advice. There are always providing concerned citizens and e-commerce owners with tips and regulations to stay safe on the internet. They require e-commerce sites to run security scans*, like those offered by Trust Guard. However, some business owners don’t know or don’t care about proper online security measures. Eventually get hacked and have to pay the extensive fees, penalties, lawsuits and costs for repairing a damaged reputation.
Krebs wrote an article about a bug similar to the one Yahoo claims compromised 1bn user accounts as far back as 2012. For years he’d warned readers about “botnets” like the one that took down the web across the eastern seaboard in October. What shocked him, he said, was that people kept using Yahoo, and that the political establishment was “somehow surprised that Russian hackers might want to see if they could impact the direction of our election. Of course they tried,” Krebs says – “it’s cheap and you don’t lose much by trying.”
Krebs earns a living dragging the perpetrators of obscure and horrifying crimes into the light.
Before the Washington Post laid him off, his column “Security Fix” exposed Estonian cybercriminal Vladimir Tšaštšin, whose domain-hosting business turned out to be a berth for child abusers and credit card thieves. Writing on his unshowy blog two years later, Krebs broke the news of the notorious Stuxnet worm. It’s a tool of corporate espionage capable of intruding on anyone who uses Windows.
*Security scans check for more than 75,500 known vulnerabilities used by hackers to cause chaos. If Trust Guard finds any issues, they contact the business owner immediately who can repair the risk and keep his or her site secure.
Special thanks to The Guardian for supplying much of the information found in this article.