Kerbs on security, a well known security blog ran by Brian Kerbs has been challenging cyber criminals for years, leaking info about them and their malware. This week it finally caught up with him when his site went down due to a large DDoS attack.
On Friday, Krebs detailed in a post how it all started, when his site was targeted with “a fairly massive denial of service attack.”
That same afternoon, a technician from the company, Prolexic, called Brian. Prolexic is a company that Krebs hired to protect his site, KrebsOnSecurity.com, from DDoS attacks. Prolexic forwarded a letter they’d received earlier that day, made to look like it came from the US Federal Bureau of Investigation.
The letter, which Krebs shared here, claimed that Krebs’s site was “hosting illegal content, profiting from cybercriminal activity, and that it should be shut down,” Krebs writes.
Krebs had filed a police report last year on the suspicion that he would be SWATted. The individuals targeting Kerbs had, in fact, spoofed an emergency call to make it appear that it had come from his phone. Kerbs went on to say,
“I have seen many young hackers discussing SWATing attacks as equivalent to calling in a bomb threat to get out of taking exams in high school or college. Unfortunately, calling in a bomb threat is nowhere near as dangerous as sending a SWAT team or some equivalent force to raid someone’s residence. This type of individual prank puts peoples’ lives at risk, wastes huge amounts of taxpayer dollars, and draws otherwise scarce resources away from real emergencies. What’s more, there are a lot of folks who will confront armed force with armed force, all with the intention of self-defense.
“The local police departments of the United States are ill-equipped to do much to stop these sorts of attacks. I would like to see federal recognition of a task force or some kind of concerted response to these potentially deadly pranks. Hopefully, authorities can drive the message home that perpetrating these hoaxes on another will bring severe penalties. Who knows: Perhaps some of the data uncovered in this blog post and in future posts here will result in the legal SWATing of those responsible.”