Top hacking reporter took unauthorized ‘peek’ at Washington Post payroll

Walking the walk. 

 

Patrick Howell O'Neill

Internet Culture

Published Feb 17, 2014   Updated May 31, 2021, 6:07 pm CDT

Brian Krebs, one of the top hacking reporters in the world, is so deeply entrenched in the world of cybercrime that he’s done a bit of illegal hacking himself.

Featured Video Hide

The reporter, who worked at the Washington Post until 2009, hacked into the Washington Post’s payroll system to see how much his colleagues were making, a New York Times profile of Krebs revealed.

Advertisement Hide

Krebs, who spends his days reading Russian hacker forums “while jogging on his treadmill and who blogs with a 12-gauge shotgun by his side,” has made a living shining a bright light on enormous cybercrimes. With a global network of sources and a singular understanding of the subject matter, Krebs’ signature is posting detailed accounts of hacks that anyone can understand.

But when it came to his own cybercrime, he kept the details tantalizingly scant.

Judging from the timeline in the Times’ article, the hack took place sometime after 2006 and before his 2009 departure from the paper, which was unrelated the unauthorized “peek.” There’s no word on whether or not Krebs was caught by the Post, but this is the first time the public is hearing about it.

After he left the paper, Krebs launched KrebsOnSecurity.com. The website just surpassed 850,000 visitors in December after the reporter broke the story of hackers stealing 40 million debit and credit card numbers from Target over the holidays.

He now makes more money blogging now than he did at the Post, he admitted, but didn’t say if he’s making more than his old co-workers.

Advertisement Hide

Update: Brian Krebs contacted the Daily Dot via email with the following clarification: “The story makes it sound like I hacked my way into the Post’s payroll system. But in truth it was far less interesting/glamorous than that. Basically, the guy in charge of Windows share security at WP.com had for some oddball reason undone all that security, so all local shares on the network were more or less browsable by anyone who had network credentials. In short, I was able to see the salaries.xls file without even using my keyboard. Just open Windows Explorer, click…Finance….click…Accounting….click…Payroll… The only reason I didn’t lose my job over that discovery was that I brought it to the attention of the Post’s security team immediately. They fired the guy responsible for undoing all the security that very day.” 

H/T New York Times | Photo via Pete Huys/Flickr (CC BY-SA 2.0)

Share this article
*First Published: Feb 17, 2014, 2:04 pm CST