Security Market Segment LS
Thursday, 09 July 2020 14:21

Ex-WaPO man Krebs slams website, security firm, and opens himself to backlash

Ex-WaPO man Krebs slams website, security firm, and opens himself to backlash Image by Gerd Altmann from Pixabay

Former Washington Post writer Brian Krebs has opened himself up to criticism about his stance on ransomware by slamming the website Bleeping Computer and security firm Cyble for providing what he deems to be "public relations help" to ransomware gangs.

Krebs did not name either the firm or the website — which gets its name from the noise a Windows computer makes when it boots while infected with malware — but linked to both and charged them with "trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organised crime".

He added, "Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognisable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism."

However, Krebs himself recently reported an alleged ransomware attack, based on hearsay from a reader who had "heard" from a source at a hospital about an attack.

In Krebs' words: "On Tuesday, a KrebsOnSecurity reader who asked to remain anonymous said a relative working for Fresenius Kabi's US operations reported that computers in his company's building had been roped off, and that a cyber attack had affected every part of the company's operations around the globe. The reader said the apparent culprit was the Snake ransomware."

Bleeping Computer founder Lawrence Abrams has created a niche for his site as hardly any sites are exclusively devoted to ransomware.

iTWire reports regularly on ransomware for two reasons: writing about such attacks regularly focuses attention on the lackadaisical approach to security taken by firms that deal in personally identifiable information; it also highlights the casual attitude towards ransomware taken by Microsoft.

Ransomware gangs have recently begun stealing data as part of their modus operandi, making every attack effectively a data breach. Like businessmen and businesswomen, they try to monetise their assets and make money repeatedly off a single break-in; thus paying the ransom is never recommended by law enforcement or info security advisers.

Krebs positioned his coverage of ransomware as being in the public spirit by writing: "KrebsOnSecurity has sought to highlight ransomware incidents at companies whose core business involves providing technical services to others - particularly managed service providers that have done an exceptionally poor job communicating about the attack with their customers. Overall, I've tried to use each story to call attention to key failures that frequently give rise to ransomware infections, and to offer information about how other companies can avoid a similar fate."

Abrams often quotes the people behind ransomware attacks and this could be interpreted as encouraging cyber criminals. However, it is common practice for reporters to interview people who have committed crimes in other areas.

Cyble is also not doing anything unusual. Many other firms like Kaspersky, Trend Micro, Check Point, FireEye, Mandiant (part of FireEye), ESET, Sophos, Recorded Future, Lookout and Trustwave use similar information as Cyble does as a marketing tool.

Asked why he had singled out Bleeping Computer and Cyble, Krebs responded: "They were just the most recent examples from many of late, as you have just noted."

When iTWire asked whether Krebs had noticed that he was also guilty of the same things he was accusing this site and company of, he said that as in the article, when he had written about ransomware incidents it had almost invariably been because he had heard from multiple customers of the affected company, and because the affected company did a poor job of communicating with their customers about the attacks.

"I would hardly call customers of a victim company unreliable, especially when I am hearing the same thing from multiple customers. And I don't think I've ever written about a victim of ransomware without first getting some kind of confirmation from the victim first. And in many of those stories, I've actually interviewed the head of the company and included information about how the compromise happened and what the victim firm did in response to it," Krebs said.

"I don't spend a lot of time looking at the various ransomware crime gang blogs. However, I do spend quite a bit of time working with trusted sources to identify and alert companies that are being targeted for ransomware attacks. I probably do one or two of these notifications per week, sometimes more. And I almost never write about those victims, even when I know they are victims. The case of Florence, Alabama, was one recent exception."

Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News