It used to be that newspaper reporters dreamed of becoming freelance writers in somewhere exotic — say, Paris, London, Hong Kong or Bali.
These days, they dream of starting blogs and living off the avails of advertising.
Brian Krebs used to be an IT security reporter with the Washington Post until he and management parted ways in 2009. Now his Krebs on Security blog is one of the most followed sources of cybersecurity news, particularly after breaking the story about thefts at retailers Target and Neiman Marcus.
For his efforts, according to a profile in the Sunday New York Times, over the years he has been harassed, threatened and subject to phony calls that bring police to his house, presumably by malware creators. Meanwhile his Web site is regularly under denial of service attacks.
Krebs has contacts among the cybercriminal underground, the article notes, who feed him unkind things about their competitors — is there no honour among thieves? — which shows the level of work he gets into.
“Brian needs a bodyguard,” one security vendor exec is quoted in the story. He has no plans to get one.
Krebs isn’t typing away on a beach. But — fortunately for those interested in IT security — his journey into freelancing has heightened the awareness of the trickery of crackers. In his latest blog on the Target thefts, he deduces that people behind the break-in weren’t directly after the retailer when they leveraged an HVAC contactor’s Web site. Instead they came up with enough information on customers — one of which was Target — to figure out what to do.