Krebs can sometimes be ... less than delightful, shall we say. But by god I do trust his due diligence and absolutely love when he brings the receipts to a metaphorical cat fight.
Didn’t he get sued and settle with Ubiquiti because he refused to retract a statement that implied Ubiquiti willingly put in multiple backdoors into their own products and that customer information had been breached? Which was entirely false?
From what i remember Ubiquiti was really hacked and customer information was breached, but it was done by an employee that already had the keys to the kingdom anyway..
The hacker was also the employee assigned to investigate the hack internally..
And here is were Brian comes in, this same person, the hacker\internal investigator, was also Brian source about the event and he was feeding bad information to Brian to make things look way worst for Ubiquiti then they really were..
When this came to light Brian did not immediately retracted the posts, he just made a new post indicating that the hacker was a former employee, that the hacker was being indicted for the it, and that the hacker had contacted the media and leaked fake info about the hack.
But he never made it clear that the hacker was also his own source for all the earlier posts that likely contained wrong information.
So Ubiquiti sued him, they settled out of court, Brian retracted all posts on the hack and issued an apology to Ubiquiti.
He initially refused to retract the initial posts he had made..
He made a later post that said the hacker was a former employee being indicted and that he (the hacker) had contacted the media and leaked fake info about the hack.
Problem is that Brian never made it clear that the hacker was his own source for all the previous posts.
It sounds like the journalist(?) was in a tough spot, because it sounds like he either had to out his source which which journalists don't seem to be keen on doing, or leave it up.
How many future potential sources are going to go to him or avoid him now?
yep.. but i think there is the side of journalist responsibility with the truth to consider as well..
The moment he was aware his source likely provided him with incorrect information he should had, at minimum, retracted his previous posts..
He did not necessarily had to share who the source was, but he could inform that new information came to light that made so he could not trust the information he based his posts on so he was retracting it..
he was a unwitting accomplice to a insider attack at Ubiquiti, which received considerable play here and in other media channels. One of their technically honchos faked a breach, extorted the company, but left fingerprints on audit logs. Krebs ran two stories, from information the breaches gave him - the second which was that Ubiquiti was downplaying the severity of the breaches, which were much worse then being reported to the press and FBI.
That said, he brought receipts on this one, so I think he’s learned from this adventure.
These articles make me wonder - 2 guys make a ton of semi-random websites and make tens of millions of dollars. If I had committed to all of my random almost finished websites and followed through, could I have seen similar revenue? What makes them successful?
