Internet criminals will stop at nothing to frustrate journalist Brian Krebs' efforts to uncover or expose them.
Earlier this year, an aggravated prankster signed him up to countless email newsletters that flooded his email inbox, rendering it useless.
"I think at its height it was more than 100,000 emails an hour," Mr Krebs, who was a keynote speaker at the recent McAfee MPOWER cybersecurity summit in Las Vegas, tells Fairfax Media.
"I actually had to upgrade my email's storage because I could either sit there for a week deleting all these emails myself or I could just suck it up and buy more storage space."
But that wasn't the worst he's encountered. He's also had his website bombarded by what was at the time one of the largest denial-of-service attacks in history. The attack saw "junk" traffic from hacker-controlled computers lobbed at his website, pushing it offline.
"I also had someone deliver a giant bag of shit to my house," Mr Krebs, 45, says. He means it literally.
"Apparently there is a service — or several services — where you can select the type of shit."
An investigative journalist who writes about computer security on his website KrebsOnSecurity, Mr Krebs is often having to put up barriers to protect himself due to his sensational ability to identify cyber criminals, often before law-enforcement authorities are able to.
To date, Mr Krebs has uncovered some of the largest data heists in history, including at Adobe and Target. The Target breach exposed 40 million US customer debit and credit card accounts, which led to banks having to re-issue cards to those who were affected. The Adobe breach affected 38 million users and encrypted customer credit card records belonging to 3 million. Source code (programming code that makes software) of some of Adobe's products was also stolen.
Mr Krebs is also notorious for identifying the authors of malicious software, and the creators of spam lists, who often live in Eastern Europe, and make billions of dollars from their activities.
While his ability to penetrate the underbelly of the internet has earned him much respect from his journalist peers and computer security experts, who see him as doing what he does for the greater good, the hackers he's unmasked don't always see it this way.
Take, for instance, the time he was "SWATted", which involves deceiving an emergency service (such as Triple-Zero) into sending an emergency service response team to another person's address based on the false reporting of a serious emergency, such as a bomb threat.
In Mr Kreb's case, 19-year-old American Eric Taylor, better known by his hacker alias "Cosmo the God", was among several men involved in making a false report to Mr Kreb's local police department in 2013 about a supposed hostage situation at Mr Kreb's home in the US.
The police pointed semi-automatic guns at Mr Kreb and handcuffed him before realising it was a hoax, even though he had warned them that it was likely to occur at some point.
Taylor was later sentenced to three year's probation.
On a separate occasion, Sergey Vovnenko — aka "Fly", "Flycracker", and "MUXACC1" — hatched a plot to have heroin sent to Mr Kreb's home and to have one of his other hacker friends call the police when the drugs arrived. Fortunately for Mr Krebs, he foiled Fly's plot to get him arrested for drug possession after he secretly gained access to the exclusive online forum the hacker ran, where he learned of the heroin plot and told law enforcement in advance.
Mr Vovnenko was sentenced to 41 months in prison for unrelated cybercrime charges.
Already, Mr Krebs has had to move house once.
"I spend a lot of money getting off the grid," he says.
"In the US it means basically buying a house in cash under somebody else's name, putting all the utilities in someone else's name, and paying everything in cash. It's a big pain in the ass.
"Location privacy in the US is extremely expensive."
He adds: "I feel for the people who actually occupy [my former] residence. I didn't tell the criminals where I moved to. Maybe they think I still live there?"
Rather than securing their systems, Mr Krebs complains that companies tend to look at breaches as a public relations problem with no long-term bearing on their reputation. This is partly to do with consumers not voting with their feet when breaches occur to companies they use, he says.
"We should be afraid of all these entities that hold all this sensitive data and yet don't answer to the people whose data they hold," he says. "Because they have almost no incentive to do security."
Asked whether uncovering criminals was worth it at the end of the day, particularly when he has to deal with the constant pranks, Mr Krebs replied that he believed it was.
"The more I can do to keep people from wasting my time, the more time I have to focus on the work that I want to do that generates the results that I am looking for," he says.
His advice for consumers to stay safe online?
1) If you didn't go looking for it, don't install it.
2) If you installed it, update it.
3) If you don't need it, get rid of it.
"These are the three rules I try to teach my friends and families about security and it is the most basic way I know to communicate how to spend less time up-keeping your computer and more time doing the things you want to do," Mr Krebs says.
The author flew to Las Vegas as a guest of McAfee.
Fairfax Media, the publisher of this article, has previously published Brian Krebs' work.