May 2, 2025
May 2, 2025
In security news circles, Brian Krebs is “the man.” He earned his chops writing for The Washington Post for 14 years before striking out on his own three years ago. As publisher of the Krebs on Security blog, he’s a one-man writing machine and cybercrime muckraker.
While his digging has uncovered lots of juicy news stories, it’s also made him some enemies. He’s been the recipient of pizzas he didn’t order, subjected to DDoS attacks on his Web site, surprised at his front door by police aiming guns at him after a fake hostage report, and uncovered a plot whereby an underground crime forum operator arranged to buy heroin, mail it to Brian’s house and then call the cops on him. Brian’s sleuthing foiled that plan last month, and he brazenly blogged about it.
When I came up with the idea for my “6 Questions” series of interviews with reporters at Defcon, talking to Brian was a no-brainer. He graciously took time out from boozing and schmoozing at the Lookout party last week to sit down with me. Always balancing on the edge of danger, he plopped down next to me close enough to the Artisan Hotel swimming pool to get splashed numerous times as partiers stripped to their skivvies and jumped into the water. Apparently nothing fazes him.
How many years have you been coming to Black Hat/Defcon?
Brian Krebs: Since 2005.
Why do you like to cover it?
BK: Because it keeps me going. It’s fun. That’s a hard question.
What’s your strategy or approach for covering the show?
BK: To meet as many people as possible and focus on the people. I don’t look at this as (news) stories. The most interesting thing is the people and learning what the f*ck is going on out there. There’s no shortage of press releases. I want to know the guy who knows the guy.
What do you think of this year?
BK: Pass. I haven’t gone to enough talks (yet).
What message do you have for PR people trying to engage with you?
BK: I generally do not write about stuff that is not exclusive. I don’t spend time writing about information you can see elsewhere. It needs to be unique to pitch me. Know what I wrote recently. Don’t pitch me on stuff I’ve already covered. That’s embarrassing. It happens a lot.
What’s the most interesting thing you’ve seen or done at a Defcon or Black Hat?
BK: At my first Defcon there was a Kegbot using RFID tags (to keep track of how much beer is dispensed to whom for team ranking purposes).
The interview kind of trails off at this point, and we pick our water-logged bodies off the concrete and head off into the rest of the night.
