As the saying loosely goes, “If you mess with the bull, you get the horns.”
That’s a lesson that security blogger Brian Krebs was dealt this week when he was hit with a DDoS attack on his website and a simultaneous “SWATting” attack where a phony emergency at his home was reported. His house, surrounded by Fairfax County police, was raided by a heavily-armed team. They trained their guns on him and had him handcuffed before he could explain that the call, which said, “Russians had broken into the home and shot my wife,” was part of an elaborate hoax.
Krebs assumes that the events were both related to an article he posted earlier in the week outing a website that allegedly sells Social Security numbers and another site responsible for listing credit reports of celebrities like Michelle Obama and Jay-Z.
Ars Technica was also hit by a DDoS on Friday for covering the event.
In a blog post titled The World Has No Room For Cowards, Krebs said, “I have seen many young hackers discussing SWATing attacks as equivalent to calling in a bomb threat to get out of taking exams in high school or college. Unfortunately, calling in a bomb threat is nowhere near as dangerous as sending a SWAT team or some equivalent force to raid someone’s residence.”
As the war against cybercrime escalates with journalists, security companies, and governments participating in finding perpetrators of various illegal online activities, the biggest challenge they face is the anonymity of the internet. On one side, there is a distinct need for privacy and security functions that allow for the free flow of information and communication on the internet. On the other side, there is a risk that the laws and protocols used to protect people’s individual privacy on online rights can make finding cybercriminals nearly impossible.