
New York Times says Krebs wrongly implicated Briton in Twitter hack - LinuxBender
https://itwire.com/security/new-york-times-says-krebs-wrongly-implicated-briton-in-twitter-hack.html
======
lowmemcpu
Wow, this entire article seems to be more a "let's repost every tweet that
hates Krebs". Most of it assumes he is a "a 50-year-old dude in a suit" doing
cyberstalking, but I don't think that is an accurate description. Keep in
mind, much of the criminal hackers do not like Krebs because he exposes them.
People Swat his house and attempt to entrap him. So reposting a bunch of hate-
Tweets is stupid.

Yes, Krebs' does his own research, but he also has hundreds of security
researchers and contacts that provide him info, many of those are insiders. In
his book Spam Nation, he even goes to Russia to visit a crime boss to ask
tough questions. This isn't some cyberstalker.

Krebs is a better researcher than most, so I tend to trust his doxx. Most of
the info he publishes is already public (poor opsec) and he is more thorogh
than Reddit. Can he be wrong? Sure..... should he doxx? I don't know, that's
an ethics question.. but if he's wrong on this, I'm sure Brian will reconsider
that in the future

~~~
badRNG
There are two issues to consider here: whether he is correctly identifying the
people he doxxes and the ethical implications of his decision to do so. He
received a fair bit of backfire for doxxing security researchers a few years
ago (including @notdan) [https://itwire.com/security/infosec-researchers-slam-
ex-wapo...](https://itwire.com/security/infosec-researchers-slam-ex-wapo-man-
krebs-over-doxxing.html)

For me (and I'd imagine most folks coming to a board called "Hacker News"),
doxxing independent security researchers for the crime of port scanning is
highly unethical behavior, and this vigilante crusade to doxx hackers is
appearing to generate yet more collateral damage in the reckless pursuit of
clout.

~~~
dopamean
I agreed with everything you said until the last four words. What would make
you think that Krebs is motivated by a "reckless pursuit of clout?"

~~~
badRNG
I suppose we can never truly know what motivates anyone to do anything. I'm
not committed to that stance, but even if he had the most pure of motivations
it wouldn't materially change the consequences (both ethical and practical) of
his actions.

------
invokestatic
Anecdotal, but a few years ago I had an acquaintance doxxed and written about
by Krebs for no particular reason. He contacted Krebs over IM to supply some
details about an upcoming article, if I recall something about a DDoS ring. At
some point, their conversation deteriorated and, to my recollection, he
started trolling Krebs a bit.

Come a few days later, Krebs dropped a new blog on his site about a DDoS ring.
The article starts fine, but in the middle of it, it brings up my
acquaintance. For no reason. It has his full dox, and even has a picture of
him along with some screenshots of their IM session.

Now, it wasn’t explicitly stated that he was connected to the DDoS ring, but
Krebs placed him in the article anyway, leading readers to understand that he
was implicated — falsely of course.

Was trolling Krebs in bad taste? Probably. Worthy of being lumped in with a
bunch of DDoS skids, doxxed, and more? Doubtful.

~~~
thrownaway954
so why didn't your "acquaintance" sue him for libel then?

I'm sorry, but i'm calling BS on this. if someone wrote something damaging
about me (especially a well known figure like Krebs), i would sue the living
crap out of them. this isn't some dude on twitter that no one listens to
making a false statement, this is a credible and world renown journalist
making a false statement. that right there would be enough for any lawyer to
sue based on libel and seek damages.

~~~
invokestatic
Not only would litigation cost tens of thousands of dollars (out of reach for
this person) and risky, nothing Krebs said was technically false. Krebs made
no specific claims about his involvement, just included him in the article
without explicitly stating why.

------
sneak
It’s time to stop listening to this guy. He’s got a history of doxxing people
he doesn’t like, for trivial things like bad reviews even.

Please don’t promote or link Krebs.

~~~
non-entity
Ok this is entirely off topic, but I'll ask because Krebs is being discussed.
Does anyone else find the comments on his blog posts incredibly toxic relative
to other tech blogs?

I've seen his site linked on HN several times and in many of those cases, the
content was fine, but the comments seemed to turn into strange, angry rants.

~~~
celticninja
Yup, and given his proclivity to dox it is concerning that some call for
violence.

~~~
hashkb
Concerning, but not surprising. Doxxing is violence; or at least a precursor.

------
mc32
Ha, hah! The NYT has the gall to accuse someone else of doing the same thing
they do!

Yes I think Krebs went over the line for no good reason other than maybe
thinking he was scooping all the other people in cybersecurity, but they NYT
is also not blameless and will do whatever advances their own agenda. Maybe
they’ll be introspective about this, but I doubt it.

~~~
thephyber
> Maybe they’ll be introspective about this

Strange request of an entire organization. I imagine this ebbs and flows with
the individual employees that join/leave.

------
seebetter
“Only the mastermind is guilty. Everyone else are just inconsequential actors.
No one lied, they just made mistakes. Yes I’m involved in Internet crime
antics but I’m innocent.”

------
gowld
Does anyone else find itwire.com articles incoherent to read?

------
auiya
The New York Times is getting into the attribution game now?

------
thrownaway954
i find it very hard to believe that Krebs would just randomly blame some
person without credible evidence. just as i stated in my response to
@invokestatic:

"this isn't some dude on twitter that no one listens to making a false
statement, this is a credible and world renown journalist making a false
statement."

Krebs would have a lot to lose if he didn't do his research and made stuff up
for the sake of a story. i'm sorry but i personally think this is just a poor
attempt at discrediting him.

~~~
zucker42
> i find it very hard to believe that Krebs would just randomly blame some
> person without credible evidence

I do not find this hard to believe. He could have simply made a mistake. He
could have evidently credible evidence which ends up being flawed. This
defense of Krebs is baffling to me, because it doesn't even defend his actions
on their merits and his claims on the evidence he provided. The argument in
Krebs's favor is that you trust Krebs, which is a fine enough point but
unlikely to convince people who don't trust Krebs.

Even if he is right about this person, publicly revealing them instead of just
contacting the police seems like a highly questionable decision to me.

