NYT Says Krebs Wrongly Implicated Briton In Twitter Hack

For the second time in as many days, former Washington Post employee Brian Krebs has been caught out for making false accusations against an individual over last week’s Twitter scams, with The New York Times pointing out that he had wrongly identified an individual known as PlugWalkJoe as being a pivotal player in the Twtter hack.

The NYT contacted PlugWalkJoe, whose real name is Joseph O’Connor, 21, a British citizen, who told the newspaper that he had been getting a massage near his current home in Spain when the hack came to light.

I realize that Krebs does great research and often finds perpetrators and all that jazz but he often names them. Correct me please if I am missing something, but how is that any different from the vigilantism that security folks get mad at hacktivists about? Serious question https://t.co/imnWvSsHVl

— Gabriella “Biella” Coleman (@BiellaColeman) July 18, 2020

The newspaper said logs from the online messaging platform Discord showed that while PlugWalkJoe acquired the Twitter account @6 through “ever so anxious,” and briefly personalised it, he was not otherwise involved in the conversation.

PlugWalkJoe added in an interview with The Times: “I don’t care. They can come arrest me. I would laugh at them. I haven’t done anything.”

As iTWire reported on Friday, Krebs was accused of doxxing O’Connor based on information from a single source. The charge was levelled by Sean Hollister of the tech website Verge.

A screenshot from Krebs’ story accusing O’Connor of involvement in the Twitter hack.

Krebs has a history of doxxing people without any real reason for doing so, even if they were tangential to any story he was writing.

In March 2018, he came under fire from users of a German image board pr0gramm.com after he revealed details about several admins and moderators in an article which claimed to identify who was behind the cryptocurrency mining service Coinhive.

Unpopular opinion: much of Brian Krebs’ career is based on publicly doxxing teenage script kiddies, which would be unethical in any other community except for infosec apparently https://t.co/kyYvCoiN1M

— Mustafa Al-Bassam (@musalbas) July 18, 2020

In April last year, Krebs was again slammed by security researchers after he doxxed two of them on Twitter, apparently because he disagreed with them about the operations of Spamhaus.

Asked for his reaction to Krebs’ repeated doxxing of people when there did not appear to be any reason to do so, former NSA hacker Jake Williams said: “It’s one thing to send information to law enforcement. It’s another entirely to dox them based on circumstantial digital evidence.”

Williams, now an independent businessman who runs an infosec firm known as Rendition Infosec, added: “In the age of digital advertising requiring clicks, I get why journalists do it, but I can’t get behind it.”

iTWire has contacted Krebs for comment and asked him if he either plans to issue a correction to his story or whether he has any intention of contacting O’Connor in order to offer him an apology.

Even the worst criminals (much worse than bitcoin scammers…) deserve due process.

Doxxing someone is unacceptable vigilante crap, independently if you’re right or wrong about your allegations. You *must* know it’s the equivalent of exposing someone to a lynch mob.

— joe (@Joe0blivian) July 18, 2020

Update, 19 July: A group called HackerHealth has put out a tweet advertising a Brian Krebs Repellent for US$1. In its tweet, it says: “Are you a Discord user between the ages of 12 and 17? If so, we have bad news for you: a 50-year-old dude in a suit named @briankrebs is probably cyber stalking you in anticipation of a very public doxxing. Protect yourself today!”

Are you a Discord user between the ages of 12 and 17? If so, we have bad news for you: a 50-year-old dude in a suit named @briankrebs is probably cyberstalking you in anticipation of a very public doxing. Protect yourself today! https://t.co/wIaKvJ5IRO

— Hacker Health (@TheHackerHealth) July 18, 2020

The tweet, which was retweeted by Mustafa Al Bassam, a doctoral researcher in the UK and a former black hat hacker with LulzSec, links to a description of the repellent. It says: “Are you a Discord user between the ages of 12 and 17? If so, we have bad news for you: a 50-year-old dude in a grey suit named Brian Krebs is probably cyber stalking you in anticipation of a very public doxxing. Protect yourself today with our laboratory tested Brian Krebs Repellent.

“With an extremely large following and active blog rife with monetisation, the wild Krebs constantly needs to fuel his uncontrollable urge to expose the identities of teenage script kiddies, thus enabling him to further profit from corporate talks about his latest doxxing.

“The Krebs is a ferocious and persistent species and standard repellents/tranquillisers will simply not penetrate his enormous defensive forehead.

“Luckily, through years of science and testing, our unique formula has been proven to deter Krebs for up to 24 hours, causing him to lose the ability to log your chats, stalk your childhood Instagram, or ask your family/friends incriminating questions about you.

“Take action now against the horrors of being Krebsed.

“Unlike those hacked verified accounts on Twitter, we’re actually giving back to the community! This item is currently only $1!”

The “convincing answer” I’m finding from Krebs is that he has an unhealthy obsession with cyberstalking and publicly doxing teenagers. https://t.co/dDhcaZjtr8

— Darren Martyn (@_darrenmartyn) July 18, 2020

Non American teenagers especially it seems to me, the further from the US they are the flimsier the standard of “evidence” seems to be

— ???? (@nscrutables) July 18, 2020

Krebs’ schedule seems to largely consist of doxing teenagers then very publicly blogging about it https://t.co/M1YF7FZ7UM

— Jake Davis (@DoubleJake) July 18, 2020