Did this journalist just reveal the identity of a notorious hacker?
Brian Krebs had an eventful Thursday. In the early afternoon, his blog was hit with a massive denial-of-service attack that brought it to its knees. As technicians struggled to bring it back online, heavily armed policemen were assembling outside his house. Hackers were upset that Krebs had exposed their favorite online marketplace for stolen social security numbers and credit reports. They'd spoofed a 911 call from his house. Hence the SWAT team.
Kreb wasn't amused. He followed tips and dug up dirt on the crew that attacked him. He probably never guessed it would lead him to the alleged identity of the ringleader of one of the most notorious hacks last year—"Phobia," who along with an accomplice, commandeered and destroyed the "entire digital life" of Wired reporter Mat Honan in the span of one hour in June.
Two people who knew about the attack pointed Krebs to a hacker named Phobia. One, an anonymous tipster, pinned the hack on an Xbox live-gaming clan called Team Hype. The four-person team used social engineering techniques to steal the Xbox gamertags of Microsoft employees, then sell them off to the highest bidder. They made YouTube videos chronicling their exploits. One of the members was named Phobia.
"They hack/social engineer Gamertags off Microsoft employees by using SSNs,” the anonymous tipster told Krebs. “I didn’t DDoS your site and I didn’t SWAT you, Phobia has been telling everyone he did."
At some point in Phobia's murky online life, he'd made enemies of the wrong person. Krebs' anonymous source directed him to a "dox"—hacker speak for identifying information—that revealed Phobia's identity, his home address, and his home phone number. Krebs called it. A 20-year-old named Ryan Stevenson picked up. They chatted while Stevenson's nervous father listened in.
Here's a snippet of their conversation:
[Brian Krebs]: I’m looking at a story in Wired magazine from Mat Honan about how his Apple iCloud account was hacked. Do you know this guy?
[Ryan Stevenson]: Yeah, I used to.
BK: Uh huh. And is Honan referring to you in this article?
RS: Uh huh.
BK: So, this was your doing with the Mat Honan hack, but you say you would never use a site like a stresser or…
RS: Yeah, I would never do that. That’s stupid.
BK: …or hack a reporter’s account or launch a denial of service attack against a reporter, or SWAT his house….
RS: <extended silence>
BK: So what’s the point of hacking a reporter’s iCloud account? Why’d you do that?
RS: Just to prove a point that, like…the security is breachable.
Anderson denied having anything to do with the DDOS attack on Krebs. "I didn’t even know who you were until someone tweeted your site. I just went to it to see what it was about," Stevenson told him.
That's when things got weird.
At this point, Ryan’s dad grabs the phone and tries to tell me that his son didn’t really say that he hacked Mat Honan’s iCloud account, but that what he really said was he only knew the guy who hacked Honan’s account. Ryan’s dad goes on to explain that his son is basically a good kid who fell in with the wrong crowd, and that his son wouldn’t stoop to hacking other people, and certainly not to sending SWAT teams or any of that nonsense.
Krebs could hear someone typing away in away in the background. After their conversation, the Team Hype videos disappeared from YouTube. Krebs promises to keep digging into the group. Be sure to read his full account here.
Photo via Phobia/Twitter