A Magazine for the George Mason University Community

Unto the Breach

By Preston Williams on November 2, 2015

Mason courses in chaos theory and complexity helped investigative cybersecurity journalist Brian Krebs, BA International Studies ’94, develop the labyrinthine thinking skills needed to unravel costly data breaches at Target and many other major retailers.

Preparation for other aspects of the job? Well, there’s no Mason class that teaches you how to handle international cybercriminals who threaten your life, steal your identity, post your personal information online, shut down your website, offer you a five-figure bribe to quash a story, arrange for heroin to be delivered to your home, and report a fictitious murder so that cops flood your doorstep and handcuff you around the same time your mother is arriving for dinner.

Brian Krebs

Brian Krebs/Photo by Kristof Clerix

Krebs, whose Krebs on Security blog is a must-read for 800,000 to 1.5 million visitors per month, has personally experienced all of that. One more: Six hours into his visit to Moscow, a Google alert popped up announcing Krebs’s arrival in the country, helpfully providing the name and address of his hotel.

If Krebs’s life sounds like a movie, it very well might be. Sony last year bought the rights to a 2014 New York Times profile of Krebs that asserted that “few have done more to shed light on the digital underground.” His book, Spam Nation, debuted at No. 4 on the New York Times’ Crime and Punishment bestseller list last year.

Krebs’s occupational defenses exceed firewalls. He keeps a 12-gauge shotgun propped in a corner of his office—a guest bedroom in his Northern Virginia home. His bunker is outfitted with home security monitoring devices and four screens that enable him to digitally snoop the cyber underworld for real-time scoops that can affect millions of consumers, such as in late 2013 when an estimated 40 million Target customers had their credit and debit card information stolen during a three-week span.

Krebs, who worked his way up at the Washington Post from clerical jobs to starting one of the initial blogs at the newspaper, was one of the first mainstream journalists to grasp the sinister digital danger that lurked at a time when most everyone else was griping about the inconveniences of spam. Krebs warned that those who spam also scam, and that the outcomes could be costly.

Security professionals, IT executives, and even the cybercriminals that Krebs ferrets out—who sometimes, in begrudging homage, include his name in their hacker code—have followed his work ever since.

“Brian has a knack for investigating important stories that aren’t being covered by other reporters and explaining technical issues in a way that they are understandable to nontechnical people,” says Mason computer science professor Damon McCoy, who frequently brings in Krebs as a guest lecturer. “He has reported many of the largest breaking stories in cybersecurity, sometimes days before other reporters.”

Often, however, neither the good guys nor the bad guys appreciate Krebs’s work. The criminals don’t want to be outed—although a mention on Krebs’s site can lend them a certain backhanded credibility—and the executives from the companies that the cyber crooks have fleeced don’t want breaches publicized because that can shake customer faith.

An estimated one-third of U.S. citizens have been victims of cybercrime. So Krebs knows that he will have plenty more stories to write. And, most likely, plenty more stories to tell.

“Those electives I took at Mason have direct application to cybercrime and cybersecurity,” says Krebs, who grew up in Fairfax, Virginia, and helped start Mason’s chapter of the Phi Kappa Theta fraternity. “Complexity is the enemy of security. The bad guys only have to find one way in. The defenders have to defend every single weakness and entrance and crack and crevice.”

No Comments Yet »

Leave a comment