WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
Krebs on Security's Brian Krebs reports that on the afternoon of March 14, he stepped outside his front door to find himself surrounded by police cars, with officers pointing guns at him. "I was instructed to face the house, back down my front steps and walk backwards into the adjoining parking area, after which point I was handcuffed and walked up to the top of the street," he writes.
What eventually became clear what that someone had called 911 using a spoofed caller ID, claiming to be Krebs and saying that Russians had broken into his house and shot his wife. This all happened soon after Krebs' Web site was hit by a series of denial of service attacks, and Prolexic, which protects Krebs' site from such attacks, received a fake FBI warning directing them to shut down his site.
"The letter to Prolexic made no fewer than five references to a story I published ... about sssdob.ru, a site advertised in the cybercrime underground that sells access to Social Security numbers and credit reports," Krebs writes. "That story was prompted by news media attention to exposed.su, a site that has been posting what appear to be Social Security numbers, previous addresses and other information on highly public figures, including First Lady Michelle Obama and the director of the FBI."
Soon after the denial of service attacks on Krebs' site, Ars Technica was hit by similar attacks. Both attacks, Ars Technica's Sean Gallagher explains, leveraged several accounts on booter.tw, which provides denial of service attacks as a paid service, officially for testing purposes.
But it gets weirder. The proprietor of booter.tw later told Krebs that the attacks on Krebs' site were launched by a hacker named Phobia. Another person with knowledge of the attacks told Krebs that they were launched by an online gaming group called Team Hype, which includes hackers Trojan, Shadow, Convict -- and Phobia.
Krebs quickly found an online profile that identified Phobia as 20-year-old Ryan Stevenson of Milford, Ct., who had contacted Wired's Mat Honan after Honan's iPhone, iPad and MacBook were wiped via his iCloud account. Krebs called Stevenson, who confirmed his involvement in the Honan attack but denied any involvement in the attacks on Krebs -- until his dad grabbed the phone, and Krebs could hear Stevenson frantically typing in the background.