Published on August 2nd, 2020 📆 | 4303 Views ⚑0
Blogger Krebs wrongly accuses man of Twitter hack, gets doxxed himself this time
Krebs accused a British man of being behind an attack on Twitter that hijacked the accounts of many rich and famous Americans — including Elon Musk, Joe Biden, Barack Obama and Jeff Bezos — on 15 July and used to advertise cryptocurrency scams.
He claimed that someone going by the pseudonym of PlugWalkJoe was a pivotal player in the hack. His mistake was pointed out by The New York Times on 18 July, with the paper saying that the teenager, whose real name is Joseph O’Connor, a British citizen aged 21, had told the newspaper that he had been getting a massage near the place he was staying in Spain when the hack came to light.
The newspaper said logs from the online messaging platform Discord showed that while PlugWalkJoe acquired the Twitter account @6 through “ever so anxious,” and briefly personalised it, he was not otherwise involved in the conversation. PlugWalkJoe added in an interview with The Times: “I don’t care. They can come arrest me. I would laugh at them. I haven’t done anything.”
After this, Krebs wrote a second article about O’Connor which disproved his own theory, and distanced O’Connor from the hack. But he did not mention that he had made a grievous error.
On Saturday, Australian time, there were reports that three people had been arrested for the Twitter incident, with a teenager named Graham Clark of Tampa, Florida, being named as the mastermind of the attack which ended with about US$100,000 being scammed from people worldwide. Clark was hit with 30 felony charges.
Mason Sheppard, 19, from Bogner Regis in Britain, who used the alias Chaewon, was charged with wire fraud and money laundering while Orlando-based Nima Fazeli, 22, nicknamed Rolex, was accused of aiding and abetting the crimes, according to a statement from the US Department of Justice.
But Krebs has not publicly acknowledged on his website that he was wrong to name O’Connor as being behind the hack. He wrote an article about the arrests but made no mention about his stuff-up and did not offer even a word of apology.
Twitter user Darren Martyn was incensed at the fact that Krebs had again wrongly accused someone and outed them, a practice known in infosec circles as doxxing.
So Brian Krebs has been proven wrong yet again. When will someone do something about that doxing psychopath trying to ruin random kids lives? He’s just like doxbin but with corporate sponsors.
— Darren Martyn (@_darrenmartyn) August 1, 2020
Doxxing is defined by Wikipedia as “the Internet-based practice of researching and broadcasting private or identifiable information about an individual or organisation”.
“So Brian Krebs has been proven wrong yet again. When will someone do something about that doxxing psychopath trying to ruin random kids lives?,” Martin asked in a tweet. “He’s just like Doxbin but with corporate sponsors.”
Doxbin is a site which publishes details of people who have been doxxed for a reason: another Twitter user, named Ross, linked to complete details about Krebs which were on the site.
Included in that data are details of Krebs’ credit worthiness, his address, his social scrutiny number, his date of birth, the nature of his business, his telephone numbers, his email address, the name of his wife, her date of birth, her social security number and her address.
Details about 13 of Krebs’ relatives were also published by Doxbin, with links to their Facebook pages in some cases
brain krabs is a horrible neurological disease
— ⚓⋘⋖çşƒ⓷⓷⓷⋗⋙⚓ (@csf_333) August 1, 2020
Krebs has form in doxxing people he mentions in his blog posts. His doxxing of O’Connor was based on information he claimed to have received from a single source.
Replying to Martyn’s tweet, another user, who goes by the handle Plazmaz (Dylan) wrote: “The fact Krebs does this for minors and ever had any credibility has always been so mind boggling to me.”
And a third user, who has the handle ????, added: “As soon as I saw the arrest announcement I noticed the kid he tried to pin the whole thing on wasn’t among them, shocked that he never suffers any consequences at this point.”
In April 2019, Krebs was sharply criticised by infosec researchers, after he doxxed two of them on Twitter, apparently because he disagreed with them about the operations of Spamhaus, an organisation set up to track email spammers and spam-related activity.
Krebs’ personal details posted on Doxbin.
Neither of these researchers, @notdan or @gexcolo, is involved in any illegal activity. And it is common for infosec researchers to have accounts on various forums, including social media, under pseudonyms. Some of the views expressed on such accounts may not be exactly kosher from a corporate perspective.
Back in 2014, Krebs posted the CV of an individual who had written what he characterised as a bad review of a book he authored.
When British security researcher Marcus Hutchins asked whether doxxing a person for this was going a bit too far, his response was: “Dox people? Hardly. I think it helps to add context. The guy is a convicted cyber crook who’s in jail. Of course he hates me.”
In March 2018, Krebs was taken to task by users of a German image board pr0gramm.com after he revealed details about several admins and moderators in an article which claimed to identify who was behind the cryptocurrency mining service Coinhive.
Krebs has also made false claims in other stories, quietly taking down a story he wrote in December 2017 that purported to uncover the people behind the Shadow Brokers group who leaked a number of NSA exploits on the Web.
No reason was offered for this takedown and it was mentioned only at the very end of a story he wrote about the arrest of a Vietnamese American who pleaded guilty to taking masses of NSA material home.
Comments were not allowed on this article, presumably to avoid criticism of his earlier claim. The allegations about the identity of the Brokers were fed to Krebs by a Washington DC-based security firm, InGuardians, a fact he mentioned only in the 30th paragraph of his story.
iTWire has contacted Krebs for comment.