San Francisco, Feb. 18, 2014 – With an intense passion and impressive self-taught technical skill, investigative journalist Brian Krebs has persistently and courageously shed a rare light on the dark underbelly of the Internet that has resulted in the disruption or shutdown of innumerable cybercrime operations. Recognizing the importance of this new breed of journalism and its role in protecting the online community, Krebs was honored by the Messaging, Malware and Mobile Anti-Abuse Working Group as the recipient of its M³AAWG Mary Litynski Award at the organization’s meeting Tuesday in San Francisco.

Writing on his KrebsOnSecurity.com blog, Krebs has extensively tracked and been the first to report on major exploits and security threats affecting the industry.  He is credited with uncovering major retail and credit bureau cyber break-ins including the 2013 Target holiday shopping intrusion, exposing hidden malware threats and identifying clandestine activities of online criminals.

Responding to the award, Krebs noted that he often works on stories with security professionals who are also passionate about protecting their end-users.  However, from his journalistic vantage point, he pointed out that the industry as a whole needs to be more willing to share vital abuse information within the vetted community to help identify and block cybercrime as it develops.

“Unfortunately, the crooks are doing a better job than the security industry of sharing information right now.  They also have gotten better at not putting all their eggs in one basket and spreading around their parasitical behavior, making it harder to detect.

“We need a better way to gauge the reputation of various online enterprises in the ecosystem.  We need to develop a self-defense immune system that can provide feedback when a hosting provider or network operator starts showing it is inflected with a high concentration of parasites,” Krebs said.

Among the breaking stories Krebs has researched and reported over the years:

• He discovered and alerted retailers of recent financial data theft at Neiman Marcus, arts and crafts store Michaels and Target.
• He identified recent data theft at Marriot, Hilton, Sheraton and Westin hotels.
• He exposed the sale of personal data from a major credit reporting service to an underground identity theft service.
• He exposed the availability of personal identity information taken from the three major credit reporting services, including social security numbers and birth dates, on a site that sold inexpensive credit reports directly to the public.
• Through elaborate research and detailed tracking, Krebs identified the McColo hosting provider as one of the largest sources of spam at the time, leading to the shutdown of the service.

“Brian Krebs has created a whole new world of journalism, proving it is possible for a dedicated reporter to make a good living by pursuing in depth investigative reporting that has a noteworthy impact on society.  He quite often focuses on the narratives no one else wants to cover, yet these turn out to be the stories that no one can stop talking about once they hit the street,” said M³AAWG Co-Chairman Chris Roosenraad.

The 2014 award was announced at the M³AAWG 30^th General Meeting, February 17-21, in San Francisco with 40 sessions covering mobile security, malware identification and mitigation, Web security, public policy and other issues.  The Voice and Telephony Anti-Abuse Workshop held during the meeting with industry, government and academia professionals identified key threats and actions to help reduce telephone services exploitation.  The M³AAWG 31^st General Meeting will be in Brussels, June 9-12, 2014.

The annual M³AAWG Mary Litynski Award recognizes the lifetime achievements of a person who has significantly contributed to making the Internet safer for all.  It seeks to acknowledge individuals driven for the greater good.  As with the 2014 award, submissions for the 2015 award are open to the public at /events/maawg-mary-litynski-award.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; Mailchimp; Oracle/Eloqua; Orange (NYSE and Euronext: ORA); PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; CloudFlare; Dynamic Network Services Inc.; Experian Marketing Services; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); LinkedIn; McAfee Inc.; Message Bus; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at http://www.m3aawg.org/about/roster.