OrganisationUS

Krebs on Security

Investigative cybersecurity journalism site run by Brian Krebs; primary source for the Kimwolf arrest reporting.

Last refreshed: 29 May 2026 · Appears in 1 active topic

Key Question

How did Krebs on Security identify the Kimwolf botmaster ahead of the arrest announcement?

Timeline for Krebs on Security

#521 May

Kimwolf botmaster held over record DDoS

Cybersecurity: Threats and Defences

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

Who runs Krebs on Security?: Krebs on Security is run by Brian Krebs, a former Washington Post cybercrime reporter who founded the independent site in 2009 after his own network was compromised.Source: Krebs on Security
How did Krebs on Security report the Kimwolf arrest?: Krebs on Security reported the arrest of Jacob Butler ('Dort') on 21 May 2026, identifying him as the alleged operator of the Kimwolf botnet responsible for a record ~30 Tbps DDoS attack.Source: Krebs on Security
Is Krebs on Security affiliated with any company or government?: No. It is fully independent, funded by reader subscriptions. Krebs has no institutional affiliation and has declined acquisition offers to preserve editorial independence.Source: Krebs on Security
What are the biggest stories Krebs on Security has broken?: Krebs broke the Target payment-card breach (2013), the Adobe credential breach (2013), and multiple attribution stories on Russian cybercriminal gangs. He has reported on botnet operators, ransomware groups, and identity thieves.Source: Krebs on Security

Background

Krebs on Security broke the story of the arrest of Jacob Butler (alias 'Dort'), the alleged operator of the Kimwolf botnet, on 21 May 2026. Butler, 23, of Ottawa, was taken by the Ontario Provincial Police and charged in both the United States and Canada over the operation of a botnet of more than a million enslaved IoT devices that launched a ~30 terabit-per-second DDoS flood against US Department of Defense address ranges. Krebs's reporting drew on law-enforcement records and online-identity research tracing 'Dort' across forums.

Krebs on Security was founded by Brian Krebs, a former Washington Post cybercrime reporter, who launched the site in 2009 after a network intrusion at his home exposed him to the Russian cybercrime underground first-hand. The site has broken numerous landmark stories: the Target breach (2013), the Adobe breach (2013), the OPM hack attribution, and the Identity Theft Resource Center data. Krebs operates independently with no institutional backing; revenue comes from reader subscriptions and occasional consulting. The site's investigative model combines OSINT, dark-web source cultivation, and industry contacts.

Krebs on Security is one of the few independent outlets that can move law-enforcement and government response. FBI and Secret Service have acted on Krebs leads; vendors have patched after his public disclosures. Its outsized influence from a single journalist makes it a defining institution in the cyber-security journalism ecosystem.

Source Material

Brian Krebs – Wikipedia Krebs on Security

How the World Sees Them

Canada

The Butler arrest involved cross-border coordination; Canadian media cited Krebs reporting as the primary narrative source given the OPP's limited initial disclosure.

United States

US law enforcement routinely brief Krebs before public statements; his reporting on Kimwolf accelerated congressional attention on record-scale DDoS threats against DoD networks.

European Union

EU cybersecurity agencies monitor Krebs as an early-warning signal; his IoT-botnet reporting informs ENISA and national CERTs monitoring botnet infrastructure.