Journalists are supposed to report cybercrime. Now one of them is regularly on the receiving end.
Security journalists are normally pretty much ignored by cyber-criminals but campaigning security blogger Brian Krebs seems to have got under the skin of one Ukrainian cybercrook who hatched a plot to discredit him by sending him heroin bough on Silk Road.
The idea was pretty simple; send Krebs the substance and tip off the police. Luckily, Krebs learned of the scheme and was able to alert the authorities, even gaining access to the USPS consignment number which allowed them to track its journey.
The perpetrator was pretty annoyed at this and later sent Krebs a floral 'tribute' in the sinister shape of a cross as part of what had turned into a menacing campaign designed to frighten him off his speciality of exposing East European malware gangs.
At the time Krebs uncovered the scheme last summer, the individual behind it was known only by his handles 'Muxacc', 'Fly' and 'Flycracker', a crime forum admin who had also developed a penchant for making threats directed at Krebs on Twitter.
In a blog last week, Krebs reveals more detail about the extraordinary trail of evidence that led him back to the man behind the threats, Sergei Volneov, who was recently been arrested in Italy pending extradition after a joint operation with the US.
“This case is another reminder that nobody is anonymous, and that operational security is hard to do well consistently. But here’s a pro tip: If you’re a big time cybercrook and you’re planning to keylog your spouse’s computer, it’s probably best to delete the messages once you’ve read them,” wrote Krebs, referring to email clues Volneov allegedly left behind him.
Beyond the extreme nature of these events, Krebs is being brave in exposing his stalker's numerous mistakes that made tracking him far easier than it should have been. This is not the first time Krebs has been targeted by cyber-criminals and doubtless won't be the last - from reporting cybercrime to being part of the story of cybercrime.
Under attack on numerous fronts including the predictable one of having his website hit by DDoS, the most farcical attack was probably having a SWAT team sent to his house after a spoof phone call.
Held on credit card charges, it is still not clear whether Volneov will ever face a charge relating to the heroin plot against Krebs but it seems moot. These events are a reminder that just as criminality can now reach from country to country with ease, so can the people behind these crimes.