Brian Krebs’ Post

Normally when I confront a notorious hacker with connections to their real-life identity, I get fed a bunch of unlikely explanations for why those connections are there ("I was hacked" or "someone stole my account"). But this big-time access broker I profiled in today's story flat out admitted who he was. How refreshing. From the piece: "Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups." https://lnkd.in/eGMYeTAu

The Not-So-Secret Network Access Broker x999xx

krebsonsecurity.com

49 Comments

Mark Nelson

My Ph.D. reimagines the process space to increase security 10x. If you're into Intel's Software Guard Extensions (SGX), cybersecurity, secure computing, trusted enclaves, I'd love to connect.

Great article Brian Krebs. A quote from an important passage…. “On the Russian crime forums, x999xx said he never targets anything or anyone in Russia, and that he has little to fear from domestic law enforcement agencies provided he remains focused on foreign adversaries.”

12 Reactions

Maria Teigeiro, CISSP

Security Magician - Security to Accelerate Business

The reality is that cybercrime is the new warfare. If there were a hacker in the US focused on Russian targets, do we think the FBI or CIA would be helping or hindering their work? The real travesty is that US war machine is so driven by weapons manufacturers that it is spending more money on killing people than cyber counter terrorism.

6 Reactions

Joseph Wyckoff

Computer Professional, Security Professional, Linguist

"On the Russian crime forums, x999xx said he never targets anything or anyone in Russia, and that he has little to fear from domestic law enforcement agencies provided he remains focused on foreign adversaries." Russia has been attacking the U.S. for decades. Time to wake up folks.

2 Reactions

Peter Ashley

Software leader specializing in cybersecurity, big data, SaaS, AWS - ex Dell Secureworks, Symantec, 2 startups, 19 patents, AWS Cert

Hackers are making millions and billions in our information and economic systems, and yet they are making no money in our political system. The contrast seems odd.

1 Reaction

Darrell Krebs

Yes, that's why I keep, all my devices safe with Norton lifelock 360 24/7

2 Reactions

Michael P. O'Hara

Security, GRC & INFR SME | Extensive work in Cyber, DR/BCP & Digital Transformation | Cyber advisory board member - US & Israel | Can be hands-on in multiple areas of IT.

x999xx has the "freedom" to live his best life out in the open. He is living under the protection of a despot who funds any nation-state that collaborates with Russian security agencies. The value that a blue-chip hacker brings to Putin's coffers is many times worth the cover (i.e. will never be renditioned/extradited, possibly has a security detail) provided by the Russian state.

2 Reactions

Max Solonski

▷ CISO ▷ Software and hardware security ▷ Privacy ambassador ▷ I build effective cybersecurity programs, exceptional teams, and rational processes.

Out of the way? He left traces everywhere.

1 Reaction

Amy Chaney

Executive Risk Officer | CRO & vCISO | Board Member | Speaker - Technology, Cybersecurity & Cloud

As a hacker-tracker; it is easier to be recognizable when your government 🐻 provides aircover in the form of willful blindness or appreciation 👏 of the craft. 💣

3 Reactions

Free AI Tools & ChatGPT Prompts 🔥

Fascinating read! Transparency in the world of hacking is a rare find. Authenticity is key, even in unexpected places. Brian Krebs

1 Reaction

See more comments

To view or add a comment, sign in

More Relevant Posts

Brian Krebs
2w
Report this post
This is admittedly a longish read, but I promise it's worth it. On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity. https://lnkd.in/gCx5hqUh

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

krebsonsecurity.com

76 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
3w
Report this post
Scoop published over the weekend: A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. https://lnkd.in/ePf4kzyd

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

krebsonsecurity.com

28 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
1mo
Report this post
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot. https://lnkd.in/ga3Hwniz

‘Operation Endgame’ Hits Malware Delivery Platforms

krebsonsecurity.com

39 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
1mo
Report this post
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. https://lnkd.in/e9b_2KZM

Is Your Computer Part of ‘The Largest Botnet Ever?’

krebsonsecurity.com

28 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
1mo
Report this post
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. https://lnkd.in/eAGe9qVi

Treasury Sanctions Creators of 911 S5 Proxy Botnet

krebsonsecurity.com

3 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
1mo
Report this post
Just published the second-longest blog post in my 14 year career as an independent reporter. This story is the result of a ridiculous amount of research. I hope you like it, because I learned tons reporting this, and there needs to be a broader conversation about some of the issues raised by this research. The lede: Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. https://lnkd.in/eDjYu_qY

Stark Industries Solutions: An Iron Hammer in the Cloud

krebsonsecurity.com

77 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
1mo
Report this post
Scoop: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. https://lnkd.in/e9N9ybrE

Why Your Wi-Fi Router Doubles as an Apple AirTag

krebsonsecurity.com

74 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
1mo
Report this post
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. https://lnkd.in/gjPRw66M

How Did Authorities Identify the Alleged Lockbit Boss?

krebsonsecurity.com

26 Comments
Like Comment
To view or add a comment, sign in
Brian Krebs
2mo
Report this post
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. The leader of Lockbit of course denies they got the right guy. https://lnkd.in/ejs8Gn5a

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

krebsonsecurity.com

38 Comments
Like Comment
To view or add a comment, sign in

168,515 followers

View Profile Follow

Brian Krebs’ Post

The Not-So-Secret Network Access Broker x999xx

krebsonsecurity.com

More from this author

Why Spammy Online Pharmacies Actually Have Amazing Customer Service

Explore topics