A security reporter has identified a 20-year-old hacker as the person who sent a SWAT team to his house.
Members of a SWAT team and the Border Guards participate in a drill at a military training ground outside of Zamosc, near the Ukrainian border, March 15, 2012. (Credit: Reuters)
Brian Krebs was preparing his home in Northern Virginia for an intimate dinner party at 5pm last Thursday evening. Little did he know that a swarm of heavily-armed police officers were surrounding his house as his vacuumed the final pieces of dust from his carpet.
Remembering there was a small piece of tape still clinging to the entrance to his home from last Christmas' lights, he moved towards the front door to get rid of it before his guests arrived.
As he opened the door he was greeted with an officer screaming at him to put his hands in the air, pointing a pistol at his head from behind a squad car. As Krebs surveyed the situation and saw at least a dozen pistols, shotguns and rifles pointed in his direction, his first reaction was: "You've got to be kidding me."
The police officers were there under the impression that Krebs' home was under attack from Russian criminals who had broken into the house and shot his wife. The police received a phone call from Krebs' home saying he was hiding in the closet and that the criminals were stealing jewellery.
The call had not come from Krebs at all, but from someone posing as Kreb who was carrying out an attack known as "SWATting" which involves using computers or special phone equipment to trick the emergency services into thinking a call is coming from the target's home.
Why was Krebs a target?
The 40-year-old is a world renowned and hugely respected security reporter and has been involved in uncovering and shutting down numerous cyber-criminal organisations and operations.
As well as facing a physical attack in the shape of a dozen or more armed police officers, Krebs also came under cyber-attack with his website suffering a massive denial of service attack on Thursday afternoon.
Both these attacks were not a major surprise to Krebs. Indeed in August 2012 Krebs warned the Fairfax County Police this exact scenario might happen to him, after he received non-specific threats relating to an article he wrote about a service that can be hired to knock web sites offline.
After clearing everything up with the police, Krebs turned his attention to trying to identify the attacker.
The starting point was a story Krebs posted earlier last week about a website selling credit report information on high profile public figures in the US. In the story Krebs listed an internal database for booter.tw, a fee-for-service site which allows you to knock others offline, be that competitor websites or the person killing you in online Call of Duty.
The leaked database showed that the denial-of-service attack on Krebs website was paid for by a user with the account name "countonme" and an email address firstname.lastname@example.org. However having spoken to the owner of booter.tw, Krebs was told that account had been hacked by someone called "Phobia."
Separately Krebs received an email from a person who claimed to have direct knowledge of the attack. This individual said the person responsible was part of a four-man Xbox Live gamer team called Team Hype.
The source told Krebs that the group targeted Microsoft employees attempting to hijack their gamer tags to sell to other Xbox users. The Team Hype group even had a YouTube channel (all videos now deleted) which posted videos of the group hijacking these accounts.
Krebs learned that Phobia's real name, address and telephone number had been 'doxed' or released publically and posted online some time ago.
Having convinced himself Phobia (or Ryan Stevenson as he is known to everyone else) was the person responsible for SWATting him, Krebs decided to give him a call.
During the phone call, 20-year-old Stevenson admitted being a member of Team Hype, but said he hadn't had any contact with them for six months. However as recently as February 2013 a user called 'Phobia' posted videos to the YouTube channel showing him taking part in account hijacking.
It was at this stage that Krebs remembered a fellow journalist, Wired's Mat Honan, who was also targeted by a hacker named Phobia. When Krebs put this to Stevenson, the 20-year-old admitted he was behind the attack on the Wired journalist.
Stevenson's father at this stage interrupts the phone call, trying to clarify the situation, claiming his son never admitted to attacking Honan, but that he simply knew the person who did.
Stevenson's father concludes that his son simply "fell in with the wrong crowd, and that [he] wouldn't stoop to hacking other people, and certainly not to sending SWAT teams or any of that nonsense."
Team Hype's YouTube videos were deleted soon after the phone conversation took place.
Krebs remains convinced Stevenson is involved in the attack on him, adding: "While the clues I've uncovered thus far point to the role of a single individual, this person is likely part of a larger group involved in hacking and SWATing activity."
To contact the editor, e-mail: