There has been a lot of discussion, since the initial Flashback variants were released in late 2011, about Flashback’s actions. Until now, there has been little to no information about who was responsible for Flashback. Today, on the anniversary of Apple’s last XProtect update to guard against Flashback, Brian Krebs has given a thorough account of the identity of the man who claims he is behind one of the most prolific and advanced OS X threats to date.
Flashback’s focus on financial gain by redirecting infected users’ Google searches led Krebs to searching for more clues on underground Search Engine Optimization (SEO) forums. This hunch was a good one, as it turns out one of the founding members of a private Blackhat SEO site seems to be the person behind the pandemonium. His account of how he came to find this man gives a clear view of the sort of interactions that are behind much malware these days. Shadowy underground websites that vet new members by reputation, using skilled programmers as hired guns – it all reads like a nouveau gangster story. Truth is sometimes stranger than fiction.
Krebs has made a name for himself out of naming and shaming online criminals, at significant personal cost. His site is frequently a target of Denial of Service attacks, and recently he was subjected to SWATing at his own home. But as his reports have been incredibly helpful in interfering with cybercriminals, we hope he continues to keep digging – this sort of public identification increases the perceived cost of being a successful attacker.