Brian Krebs is probably my favorite security investigator, journalists and blogger. Brian is the guy who uncovered the Target breach last winter, and I highly recommend his blog, Krebs on Security, as a great read if you are interested in the dark web and how cybercrime works.
In an interesting case of “hacker-fu” or my skills beat your skills hacking, last summer Brian was targeted by a hacker known alternatively as “Fly,” “Flycracker,” and “Muxacc.” It started with taunts and threats on Twitter, followed by the posting of Krebs credit report online. As Krebs detailed on his blog, as he investigated his adversary, he discovered a plot to send him heroin through the Silk Road web site in order to have him arrested for drug trafficking. Krebs alerted the police, and when the plot was foiled, the Fly sent him a floral arrangement in the shape of a cross complete with a threatening note.
Ultimately Krebs was able to uncover the identity of Fly as Ukrainian national Sergei Vovnenko. Krebs was able to find keylogging reports on a compromised email account belonging to Sergei that indicated that Sergei was spying on his own wife’s computer activity. From those logs Krebs was able to discover his real name, the name of his wife, and their location in Naples, Italy. Vovnenko has been arrested and is in jail in Italy awaiting extradition to the United States, although he will probably be tried on computer fraud charges in Italy first.
The story reads like spy fiction, but is real. I encourage you to click over to his blog, and to the related story on Sophos, which covers a few of Brian’s other exploits.Share