Sophos Cloud Optix
Until the Brian Krebs movie hits the theaters, we’ll have to make do with the arrest of a Ukrainian man suspected of being behind a plot to frame the award-winning security journalist for dealing heroin.
Krebs’ exploits scarcely need to be scripted; they’re already Hollywood popcorn-crunching seat-of-your pants, as you can glean from New York Times reporter Nicole Perlroth’s February 2014 profile:
In the last year, Eastern European cybercriminals have stolen Brian Krebs's identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.
Police in Naples, Italy arrested the man believed to be behind the 2013 heroin con, the BBC reported on Thursday.
Sergei Vovnenko, known as Fly, was arrested under suspicion of trafficking in stolen credit cards as well as plotting to send heroin to Krebs.
As Krebs wrote on his blog on Tuesday, he foiled the plan last summer after surreptitiously gaining access to Fly’s forum, where he discovered the plan to buy heroin on the Silk Road, have it shipped to Krebs’ house, and then spoof a call from one of his neighbors to tip off the local police when the drugs arrived.
Krebs alerted the law.
He suspected that Vovnenko had been arrested when forum administrators began removing Fly’s account and postings from the forum last week – typical procedure when a member is suspected of having been arrested, Krebs writes.
A government source told Krebs that Vovnenko was arrested earlier this month following a joint investigation by Italian and US law enforcement.
He is reportedly being held in an Italian jail waiting to be extradited to the US, although he may stand trial in Italy first, Krebs says.
Vovnenko was in the habit of buying Italian credit card dumps and cashing out the stolen cards through high-end Italian stores. He reportedly owns a variety of equipment for embossing and printing credit cards.
But Fly tripped up in one crucial way: he installed a keylogger on his wife’s computer.
Then, he got sloppy with the revealing content it captured.
Krebs, working with a Russian computer forensics company, found that on several occasions, Fly’s wife typed in her Gmail address, which included her real first and last name – Irina Gumenyuk.
The emails also mentioned her husband by name, identifying him as 28-year-old “Sergei Vovnenko” as well as containing payment information that placed the couple and their son in Naples.
So much for operational security, Krebs notes – a hard thing to do well consistently.
If you’re going to spy on your wife, he suggests, “it’s probably best to delete the messages once you’ve read them.”
Image of narcotics courtesy of Shutterstock.