
Krebs on Security
Investigative cybersecurity journalism site run by Brian Krebs; primary source for the Kimwolf arrest reporting.
Last refreshed: 29 May 2026 · Appears in 1 active topic
How did Krebs on Security identify the Kimwolf botmaster ahead of the arrest announcement?
Timeline for Krebs on Security
Kimwolf botmaster held over record DDoS
Cybersecurity: Threats and DefencesWho runs Krebs on Security?
How did Krebs on Security report the Kimwolf arrest?
Is Krebs on Security affiliated with any company or government?
Background
Krebs on Security broke the story of the arrest of Jacob Butler (alias 'Dort'), the alleged operator of the Kimwolf botnet, on 21 May 2026. Butler, 23, of Ottawa, was taken by the Ontario Provincial Police and charged in both the United States and Canada over the operation of a botnet of more than a million enslaved IoT devices that launched a ~30 terabit-per-second DDoS flood against US Department of Defense address ranges. Krebs's reporting drew on law-enforcement records and online-identity research tracing 'Dort' across forums.
Krebs on Security was founded by Brian Krebs, a former Washington Post cybercrime reporter, who launched the site in 2009 after a network intrusion at his home exposed him to the Russian cybercrime underground first-hand. The site has broken numerous landmark stories: the Target breach (2013), the Adobe breach (2013), the OPM hack attribution, and the Identity Theft Resource Center data. Krebs operates independently with no institutional backing; revenue comes from reader subscriptions and occasional consulting. The site's investigative model combines OSINT, dark-web source cultivation, and industry contacts.
Krebs on Security is one of the few independent outlets that can move law-enforcement and government response. FBI and Secret Service have acted on Krebs leads; vendors have patched after his public disclosures. Its outsized influence from a single journalist makes it a defining institution in the cyber-security journalism ecosystem.