Krebs outs Flashback author

Krebs is adept at scouring underground forums, picking up hints and clues until he has enough information to expose cyber criminals and gangs. He is so good at this that his website is often subject to DoS attacks; and three weeks ago he was personally ‘swatted’ in a likely revenge attack. ‘Swatting’ involves false telephone calls to the police purporting to be from the home of the victim. The intent is to send an armed response team to the victim’s home. "As soon as I open the front door, I hear this guy yelling at me, behind a squad car, pointing a pistol at me saying: 'Don't move. Put your hands up,'" Krebs later told Ars Technica.

“The caller posed as Krebs and said he was hiding in a closet after Russian thieves had broken into his home and shot his wife. They were now stealing jewelry, the caller reported,” explained Ars.

But it hasn’t stopped Krebs. Yesterday he published details of the underground hints and clues that have led him to the person he believes is behind the Flashback trojan – a Russian by the name of Maxim Dmitrievich Selihanovich.

Flashback made money for its author by redirecting Google searches to third-party advertisers – potentially earning up to $10,000 per day – but according to Symantec actually earning $14,000 in one particular 3 week period. “It is worth mentioning,” added Symantec, “that earning the money is only one part of the puzzle – actually collecting that money is another, often more difficult, job.”

Krebs started his search for the Flashback author by monitoring a forum frequented by hackers involved in search engine optimization, and eventually came across ‘Mavook’. Mavook was looking for a sponsor to help him join Darkode.com, a site where membership is based on reputation and recommendation. To boost his reputation, Mavook took responsibility as the “creator of the Flashback botnet for Macs,” adding, “I specialize in finding exploits and creating bots.” Starting with this handle, Krebs followed the clues until eventually arriving at the name of Maxim Selihanovich.

It has to be said that Krebs’ trail to Selihanovich started from a claim that could have been false; so there is no actual proof that Selihanovich authored Flashback. And it may indeed be purely co-incidence that at the time of writing this report, this journalist had intermittent problems in accessing krebsonsecurity.com.

What’s Hot on Infosecurity Magazine?