Cyber security expert Brian Krebs of the blog Krebs on Security has had a rough year so far at the hands of his online adversaries. Back in March, he described how his website suffered a denial-of-service attack at the same time as a "swatting," when armed police officers surrounded his home in Annandale, Virginia, in response to a false, anonymous emergency call claiming Krebs' wife had been shot. But more recently, Krebs reports he was the victim of "the most elaborate" attempt yet by someone online to "embarrass and fluster" him. "Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police," Krebs explained this morning on his blog.

As Krebs recounts his latest ordeal, it all began on July 14. That's when the alleged administrator of an Russian-language forum on ID theft and fraud, someone under the username "Fly" or "Flycracker", published a post asking for Bitcoin donations to purchase heroin from the legally indiscriminate online marketplace Silk Road, and then have it mailed to Krebs. Apparently unbeknownst to Flycracker, Krebs had already infiltrated the forum and was monitoring the entire situation from the start. Krebs observed as Flycracker raised $200-worth of Bitcoins and purchased 1 gram, or 12 baggies, of heroin on Silk Road under the name username "briankrebs7."

Krebs was able to track the payment to Silk Road because despite the conception that Bitcoins are anonymous, several university researchers have managed to identify Bitcoin addresses for Silk Road curators (they have a paper on this work due out in October). At this point, Krebs said he reported the scheme to local police and the FBI. A package containing 13 baggies of white powder arrived on Kreb's doorstep Monday, and he called police, who came and seized it. But before they did, Krebs said he put on a face mask and opened one of the bags to have a look inside (seen in the photo above). Reached by The Verge, a Fairfax County police spokesperson declined to comment on the case, citing Virginia privacy laws that forbid police identification of crime victims.

"Without actually having the substance tested at a lab, I can’t say for certain whether this is talcum powder or the real thing," Krebs concludes, "Nevertheless, if I receive any testing results from the local police, I’ll update this blog post." The security blogger, who made a name of himself outing online scammers at his previous job at The Washington Post, also said he would reveal more about the identity of Flycracker in later post.