Thugs who sent Brian Krebs heroin and a SWAT team sentenced


It’s been a few years since Sony picked up the movie rights to the New York Times profile “Reporting From the Web’s Underbelly,” about the very real-to-life, eminently scriptable run-ins with cyber crooks experienced by security journalist Brian Krebs.

No word on when we’ll see the movie, but the plot points keep coming.

Last week, two of the cybercriminals who’ve persecuted Krebs – a Ukrainian man who tried to frame Krebs by sending heroin to his house and one of the men who SWATted him in 2013 – were sentenced.

As Krebs reported on Friday, the Ukrainian, Sergei Vovnenko, also known as Fly, Flycracker and other aliases, was arrested in Italy in June 2014 under suspicion of trafficking in stolen credit cards as well as plotting to send the heroin.

Vovnenko pled guilty in January 2016 to operating a botnet of more than 13000 hacked computers that he used to harvest credit card numbers and other sensitive information.

The heroin scheme was retaliatory: Krebs had surreptitiously gained access to Vovnenko’s forum the year before. He discovered that “Fly” was raising funds to buy heroin on the then-popular dark market Silk Road, have it shipped to Krebs’s house, and then spoof a call from one of his neighbors to tip off the local police when the drugs arrived.

Krebs nipped the plan in the bud by giving a heads-up to local police and the FBI.

He did so in the nick of time: three days after Krebs contacted local police, a package arrived. Krebs turned the envelope over to police, who analyzed its contents as being packets of almost pure heroin.

Vovnenko was not pleased when Krebs wrote up a story about the foiled plot in an article titled Mail from the (Velvet) Cybercrime Underground.

In fact, the hacker was embarrassed in front of forum members who’d contributed about two Bitcoins each to the heroin plan.

Vovnenko’s next stunt was to send a funereal floral arrangement, in the shape of an oversized cross, to Krebs’s home, along with a menacing message addressed to his wife and signed “Velvet Crabs.”

By contesting his extradition from Italy, Vovnenko wound up spending about 15 months in what he himself described as Italy’s worst prison. He seems to have had a change of heart while he was in jail, given that he sent what Krebs interprets as a genuinely contrite and sincere apology in a letter… that Krebs had tested for dangerous substances before opening it, understandably enough.

A New Jersey judge on Thursday sentenced Vovnenko to 41 months in prison. He was also sentenced to three years of supervised release and ordered to pay restitution of $83,368.

As far as Krebs’s SWATting tormentors go, one of them – a teenager named Eric Taylor – was handed a sentence of three years probation on Wednesday.

Taylor, 19, was one of several men who ganged up on Krebs in 2013 by spoofing an emergency call to make it appear that it had come from his phone. The result was a dinner party delayed by a SWAT team training guns on the journalist and ordering him to “Put your hands in the air!”

For his hacking, Taylor used the less-than-modest handle “CosmotheGod.” As Krebs reports, CosmoTheGod attained his internet 15 minutes of fame in 2013 when he and a number of other hackers set up a website that “doxed” dozens of public officials and celebrities by publishing the address, Social Security numbers and other personal information on the former First Lady Michelle Obama, the then-director of the FBI and the US attorney general, among others. They also SWATted many of those they doxed.

Another of Taylor’s gang, Mir Islam, was sentenced in July to two years in prison for one bomb threat and for SWATting and doxing at least 50 public figures and celebrities, including members of Congress, a federal prosecutor, National Rifle Association President Wayne LaPierre, First Lady Michelle Obama, then-FBI director Robert Mueller, then Central Intelligence Agency Director John Brennan, and Brian Krebs.

Krebs reports that, given nearly a year of detention served prior to sentencing, Islam had been expected to spend only about a year in prison, although it looks like he was released even earlier.

Taylor and his co-conspirators pulled it off by hacking a Russian identity theft service which had pulled in compromised user accounts from LexisNexis. Cracking open the data broker giant gave crooks access to the personal and financial data on millions of Americans.

Taylor, like Vovnenko, has also expressed remorse.

Krebs reports that Taylor reached out to him within hours of sentencing to apologize, saying that he’s trying to turn his life around and has even started a cybersecurity consultancy.

Krebs quoted him:

I live in New York City now, have a baby on the way and am really trying to get my [s***] together finally.

The journalist didn’t say whether he’d forgiven him.

Would you forgive him? Please share your thoughts in the comments section below.

Image of SWAT Team members prepare for the exercise by Oregon Department of Transportation, under Creative Commons license