PLI Podcast: Brian Krebs on Cybercrime, Cyber criminals, Botnets and Skimmers

Posted on 30 March 2011 by


Brian Krebs is the independent investigative journalist behind the Krebs on Security blog, which covers cybercrime. Krebs was, for 14 years, a reporter at The Washington Post, where he ran one of the most widely-read columns on cyber crime and cyber criminals until he left in 2009 to establish his own blog. Krebs on Security now covers online crime investigations, data breaches, Internet threats and, more than anyone, skimmers.

Download the podcast here

On this week’s Police-Led Intelligence Podcast Brian talks quite a bit with Dave and me about botnets, and the sale and rental of access to botnets by the criminal groups which control them. For example, if you want someone to think you’re attacking them from, say, Toledo, OH, a botnet master can rent you access on an Infected machine there.

This leads to a discussion of IP addresses, and ho cyber criminals mask their identity when routing communictions through hacked machines. David talks about his favorite analogy for this – an IP address is like an Internet phone number – and we ask Brian about how many machines on the Internet are infected.

The average botnet, he says, has a few hundred to a few thousand machines. But the overall numbers of infected machines on the web will surprise you. As will the fact that botnet herders spend a lot of time making sure that their victims’ machines will run smoothly and not too slowly, to ensure that victims don’t discover that they’re infected.

The conversation moves to Rustock, the botnet that microsoft moved to disrupt recently, and finally to the kinds of activities in which criminals engage on their victims’ machines. Dave asks about the kinds of companies which may become targets and Brian talks about schools, towns and other organizations which are typically the victims of “target-of-opportunity” type attacks. Krebs has interviewed more than 150 companies which have been the victim of trojans that have led to banking credential theft and ultimately illegal wire transfers from their business banking account.

Brian, it should be mentioned, does not use online banking for his company accounts!

We then begin a conversation about ATM and gas-station skimmers, an area in which Brian has been a leading source of information. Brian discusses the way skimmers work, how much they cost, where they come from and then raises some unsettling questions about what to do when a civilian discovers a skimmer on a cash machine or gas pump.