What do you think?
Rate this book
Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door
There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life.
In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies and countless viruses, phishing, and spyware attacks he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.
Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma" who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords, Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets.
Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can—and do—hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too.
Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime, before it's too late.
"Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals. His track record of scoops has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." Bloomberg Businessweek
In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies and countless viruses, phishing, and spyware attacks he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.
Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma" who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords, Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets.
Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can—and do—hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too.
Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime, before it's too late.
"Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals. His track record of scoops has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." Bloomberg Businessweek
256 pages, Hardcover
First published September 1, 2014
334 people are currently reading
3887 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 261 reviews
December 12, 2014
Fascinating subject, less than stellar execution.
This book illustrates just how difficult it is to write a first book, even if the author has a long career as a writer writing short pieces. Krebs has trouble deciding which things require longer explanation and which can be glossed over. For example, at one point he points out the importance of understanding what IP addresses are, but Krebs would have done well to spend much more time going into detail about what an IP address is, why it is important to understand their meaning, how they can be spoofed, and how much time security researchers spend trying to discover the true IP address of a server. I also thought that Krebs would have done well to greatly expand his final chapter in which he describes what one as an individual computer user can do to be safer.
There are other, less important problems, that marred the book. These include:
* trouble using metadiscourse to signal things coming in future chapters or to refer to earlier chapters. Krebs is less than elegant here.
* trouble referring to himself consistently and elegantly.
* trouble referring to published literature. Krebs seems to never be quite sure if his audience is a technical computer science security community or a more general audience.
* related to the last point, I found Krebs endnotes annoying and, at least in my opinion, the book would have been better if Krebs had integrated them into the main text. Part of my problem may have been related to reading the text in ebook format, although it was not that difficult to toggle between footnotes and main text on my kindle paperwhite.
Despite these issues, I did enjoy the book. Krebs is well positioned to inform the world of casual computer issues about a critically important subject. I , for the most part, did enjoy the book.
This book illustrates just how difficult it is to write a first book, even if the author has a long career as a writer writing short pieces. Krebs has trouble deciding which things require longer explanation and which can be glossed over. For example, at one point he points out the importance of understanding what IP addresses are, but Krebs would have done well to spend much more time going into detail about what an IP address is, why it is important to understand their meaning, how they can be spoofed, and how much time security researchers spend trying to discover the true IP address of a server. I also thought that Krebs would have done well to greatly expand his final chapter in which he describes what one as an individual computer user can do to be safer.
There are other, less important problems, that marred the book. These include:
* trouble using metadiscourse to signal things coming in future chapters or to refer to earlier chapters. Krebs is less than elegant here.
* trouble referring to himself consistently and elegantly.
* trouble referring to published literature. Krebs seems to never be quite sure if his audience is a technical computer science security community or a more general audience.
* related to the last point, I found Krebs endnotes annoying and, at least in my opinion, the book would have been better if Krebs had integrated them into the main text. Part of my problem may have been related to reading the text in ebook format, although it was not that difficult to toggle between footnotes and main text on my kindle paperwhite.
Despite these issues, I did enjoy the book. Krebs is well positioned to inform the world of casual computer issues about a critically important subject. I , for the most part, did enjoy the book.
June 20, 2015
Even though we have good filters on our e-mail programs these days and no longer see all the spam, the author maintains it is a critical problem. Krebs claims the crooks are no longer content with standard commercial fraud, e-mail criminals infect millions of computers worldwide with toxic digital parasites, designed to extort our wealth and steal our personal data.
Krebs states that Russia is the key spam Nation with skilled hackers and corrupt police and is now the global epicenter of cyber crime. Krebs says Visa and MasterCard are starting to successfully shut down spammers. The author says Microsoft and other such companies are becoming successful shutting down “botnets.” Krebs tells of the frightening world of cyber criminals and reveals some of the success in fighting it.
The information is interesting but the author had problems staying focused on the main topic. The writing was jerky at times making for a difficult read but the topic was interesting enough to overcome the writing difficulties. I read this as an audiobook downloaded from Audible. I am glad I listened to this book rather than read it because of all the Russian names. I would not know how to pronounce them. Christopher Lane narrated the story.
Krebs states that Russia is the key spam Nation with skilled hackers and corrupt police and is now the global epicenter of cyber crime. Krebs says Visa and MasterCard are starting to successfully shut down spammers. The author says Microsoft and other such companies are becoming successful shutting down “botnets.” Krebs tells of the frightening world of cyber criminals and reveals some of the success in fighting it.
The information is interesting but the author had problems staying focused on the main topic. The writing was jerky at times making for a difficult read but the topic was interesting enough to overcome the writing difficulties. I read this as an audiobook downloaded from Audible. I am glad I listened to this book rather than read it because of all the Russian names. I would not know how to pronounce them. Christopher Lane narrated the story.
May 25, 2015
Executive Summary: Interesting read, but a bit too much of Mr. Kreb's personal story in places. 3.5 Stars.
Audio book: Christopher Lane does a decent job. He has a passable Russian accent, but for some reason he didn't always use it for the Russian characters. I wouldn't have done this in audio except it was on sale. I wouldn't bother with the audio book otherwise, and you'd be better off borrowing this from the library.
Full Review
I continue to be fascinated by computer crime. This is another interesting book in that realm, though not as much as Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground.
This is far from technical, and I think that's fine. Mr. Krebs gives you the basics on botnets and some of the other techniques common for spammers without going into too much detail to scare the layman off.
If I have one real complaint about the book is that Mr. Kreb's spends too much time talking about himself, especially at the start. I understand that he plays a part in the story, but he spent part of an early chapter complaining about how the Washington Post would make him sit on stories for month due to red tape and legal concerns.
I never really knew the main players in the spam game. I still really don't. That isn't Mr. Kreb's fault though. I'm just really bad at names. He does list them out in the front of the book. Most of the people here were interchangeable to me. This likely wasn't helped by the fact that I did this in audio. It would be nice if the list of people came as a pdf for reference.
I still found it interesting. I guess I never realized just how much of spam was driven by online pharmacies. I haven't really had to deal with spam in years. I almost never wander into my spam folder looking for legitimate email.
It's interesting that there is a legitimate market for this stuff. It just goes to show the lengths and risks people will take when they can't afford proper health care and medication.
Overall I'm glad I picked this up, but it probably would have better borrowed than bought.
Audio book: Christopher Lane does a decent job. He has a passable Russian accent, but for some reason he didn't always use it for the Russian characters. I wouldn't have done this in audio except it was on sale. I wouldn't bother with the audio book otherwise, and you'd be better off borrowing this from the library.
Full Review
I continue to be fascinated by computer crime. This is another interesting book in that realm, though not as much as Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground.
This is far from technical, and I think that's fine. Mr. Krebs gives you the basics on botnets and some of the other techniques common for spammers without going into too much detail to scare the layman off.
If I have one real complaint about the book is that Mr. Kreb's spends too much time talking about himself, especially at the start. I understand that he plays a part in the story, but he spent part of an early chapter complaining about how the Washington Post would make him sit on stories for month due to red tape and legal concerns.
I never really knew the main players in the spam game. I still really don't. That isn't Mr. Kreb's fault though. I'm just really bad at names. He does list them out in the front of the book. Most of the people here were interchangeable to me. This likely wasn't helped by the fact that I did this in audio. It would be nice if the list of people came as a pdf for reference.
I still found it interesting. I guess I never realized just how much of spam was driven by online pharmacies. I haven't really had to deal with spam in years. I almost never wander into my spam folder looking for legitimate email.
It's interesting that there is a legitimate market for this stuff. It just goes to show the lengths and risks people will take when they can't afford proper health care and medication.
Overall I'm glad I picked this up, but it probably would have better borrowed than bought.
January 5, 2016
To me, the subject matter of this totally hooked me: what is the source of spam sent worldwide? Why is it profitable for them? Why is spam not nearly the problem it used to be? Fortunately, the author provides plenty of answers to those questions. In addition, he recounts a feud that started between two of the most prominent spammers that ended up with both of them kind of destroying each other and causing significant damage to the spamming industry (not that most of us are sad about that). It's very interesting to know how spammers operate, how they make their money, and how much of the system was taken down.
The writing leaves a little to be desired, particularly towards the beginning where Krebs thrashes around a bit to try to give you a perspective of the whole spamming industry. I expect better writing, even for a journalist, and Michael Lewis is a good example here. Krebs gets onto better ground when he recounts several examples of people he tracked down who purchased things from spam emails and why. The rest would be better if he could tell it like it was a story too. Also, due to some repetition from one chapter to a next, the book has the feel of a series of blog posts or articles that got combined to form one book. It would have been better maybe with some better editing to cut out repetition, or more material written to connect one chapter to another.
Most people won't share this personal connection, but I also enjoyed the large amount of attention paid to UCSD Computer Science & Engineering department professor Stefan Savage and his efforts to identify how spamming works and how to disrupt its economics.
The writing leaves a little to be desired, particularly towards the beginning where Krebs thrashes around a bit to try to give you a perspective of the whole spamming industry. I expect better writing, even for a journalist, and Michael Lewis is a good example here. Krebs gets onto better ground when he recounts several examples of people he tracked down who purchased things from spam emails and why. The rest would be better if he could tell it like it was a story too. Also, due to some repetition from one chapter to a next, the book has the feel of a series of blog posts or articles that got combined to form one book. It would have been better maybe with some better editing to cut out repetition, or more material written to connect one chapter to another.
Most people won't share this personal connection, but I also enjoyed the large amount of attention paid to UCSD Computer Science & Engineering department professor Stefan Savage and his efforts to identify how spamming works and how to disrupt its economics.
July 31, 2015
This book offers a clear, easy to read introduction of spam, the people behind it, and the reason for its rise in prominence.
October 3, 2018
While this book was published in 2014, there’s been plenty of new cybercrime that’s popped up since then. I suggest following Brian Krebs’s blog to keep up to date. Krebs started off as in investigative reporter but left to run his own blog when his articles became too hot to handle for the paper.
The book follows the history of email spam in its heyday. It’s actually been declining in favor of phishing, ransomware, and other scams.
It turns out the vast majority of spam came from Russia from only a handful of people. They viewed spam as legitimate advertising for prescription drugs, porn, and fake antivirus programs (scareware), especially drugs. Enough people buy spammed products for it to be a lucrative business.
Researchers concluded that spam—and all of its attendant ills—will remain a prevalent and pestilent problem because consumer demand for the products most frequently advertised through junk email remains constant.
Spam was seen as more of a nuisance than a threat, even though spammers infect personal computers and use them to send spam. Krebs had an incredibly difficult time getting spam-sold pills tested. Drug companies were also to crack down on spam since some of the drugs were safe enough.
Incredibly, the [University of Alabama at Birmingham] researchers have legal approval from federal regulators and law-enforcement agencies to test and handle highly controlled and illegal substances, such as cocaine, heroin, and a methamphetamine, but they had not yet received permission from the FDA and DEA to test pills ordered through junk email.
Spam rivalry seriously hurt the spam industry, and when the credit card companies got involved, they took a big hit.
So it’s an interesting history and not quite what I expected. I was most interested in who was buying from spam and why. I would have liked to hear more about the anti-spammers and their efforts. The spammers themselves were not that interesting.
Recommended for anyone interested in computers and cybercrime. Editing is pretty well done. There is some strong language in quoted material.
Book Blog
The book follows the history of email spam in its heyday. It’s actually been declining in favor of phishing, ransomware, and other scams.
It turns out the vast majority of spam came from Russia from only a handful of people. They viewed spam as legitimate advertising for prescription drugs, porn, and fake antivirus programs (scareware), especially drugs. Enough people buy spammed products for it to be a lucrative business.
Researchers concluded that spam—and all of its attendant ills—will remain a prevalent and pestilent problem because consumer demand for the products most frequently advertised through junk email remains constant.
Spam was seen as more of a nuisance than a threat, even though spammers infect personal computers and use them to send spam. Krebs had an incredibly difficult time getting spam-sold pills tested. Drug companies were also to crack down on spam since some of the drugs were safe enough.
Incredibly, the [University of Alabama at Birmingham] researchers have legal approval from federal regulators and law-enforcement agencies to test and handle highly controlled and illegal substances, such as cocaine, heroin, and a methamphetamine, but they had not yet received permission from the FDA and DEA to test pills ordered through junk email.
Spam rivalry seriously hurt the spam industry, and when the credit card companies got involved, they took a big hit.
So it’s an interesting history and not quite what I expected. I was most interested in who was buying from spam and why. I would have liked to hear more about the anti-spammers and their efforts. The spammers themselves were not that interesting.
Recommended for anyone interested in computers and cybercrime. Editing is pretty well done. There is some strong language in quoted material.
Book Blog
June 24, 2015
A really well structured and informative book into the underground dealings that are always happening but we are not aware off. The coverage was excellent and thought provoking giving you all the information you need even if you are not intimately informed about spam or cyber crime. It is always motivating that after reading a non fiction book like this that I find myself motivated to research more on the topic since it shows just how well the author captured my attention and allowed me to fill some of the slightly less detailed areas with my own research (this is for obvious reasons as the book would have needed to be extremely long to cover everything in detail).
The style of writing was also really enjoyable with the only reason it didnt get a 5/5 was because remembering some of the character names are kinda hard (they are all russian so its not really the authors fault), this issue is also probably only an issue in the audiobook since its easier to visually recognize some of the names and attach meaning to them , than it is to hear the names and attach meaning.
The style of writing was also really enjoyable with the only reason it didnt get a 5/5 was because remembering some of the character names are kinda hard (they are all russian so its not really the authors fault), this issue is also probably only an issue in the audiobook since its easier to visually recognize some of the names and attach meaning to them , than it is to hear the names and attach meaning.
April 16, 2015
Overall, this was pretty good, 3.5 stars, but I'll round up.
I think it fell a bit into the pitfall that some non-fiction writers fall into in terms of following the narrative of such a small number of people; I would have liked to see more about other folks involved in the spam wars (including anti-spammers), but I understand why the book was structured the way it was.
For the most part, Krebs does a good job of not getting bogged down with technical details, but still explaining technical matters in a way that's correct, but also understandable to non tech sorts.
There was a bit of repetition, and I felt some parts dragged on a bit.
I think it fell a bit into the pitfall that some non-fiction writers fall into in terms of following the narrative of such a small number of people; I would have liked to see more about other folks involved in the spam wars (including anti-spammers), but I understand why the book was structured the way it was.
For the most part, Krebs does a good job of not getting bogged down with technical details, but still explaining technical matters in a way that's correct, but also understandable to non tech sorts.
There was a bit of repetition, and I felt some parts dragged on a bit.
June 3, 2016
Executive Summary
In Spam Nation, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007–2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cyber security journalists in the industry. His relationship with two competitive pharmaceutical spammers—Pavel Vrublevsky and Dimitry Nechvolod—is a big bag of crazy and is the key storyline throughout the book. The competition between Vrublevsky and Nechvolod escalated into something that Krebs calls the Pharma Wars and Krebs gives us a bird’s-eye view into the details of that escalation that eventually destroyed both men and the industry they helped to create. Krebs’s weird symbiotic relationship with Vrublevsky is worth the read by itself. Spam Nation is definitely a cyber security canon candidate, and you should have read this by now.
Introduction
I have been a fan of Brian Krebs for many years. His blog, Krebs on Security, has been a mainstay of my recurring reading list since he started it in 2010 and even before when he was writing for The Washington Post. Since he struck out on his own, he has carved out a new kind of journalism that many reporters are watching to see how they might duplicate it themselves as journalism transitions from dead-tree printing to new media. Krebs’s beat is cyber security, and he is the leading journalistic authority on the underbelly of cyber crime. Spam Nation is a retelling— with more detail and more color—of some of the stories he covered from 2007 until about 2013 on a very specific sub-element of the cyber crime industry called pharmaceutical spam.
Many security practitioners will hear the phrase “pharmaceutical spam” and immediately start to nod off. Of all the problems they encounter on a daily basis, pharmaceutical spam is pretty low on the priority list. While that may be true, this subset of cyber crime is responsible for starting and maturing many of the trappings that we associate with cyber crime in general: botnet engines, fast-flux obfuscation, spamming, underground forums, cyber crime markets, good service as a distinguisher of criminal support services, and bulletproof-hosting providers.
The Story
The story really begins with Krebs’s weird symbiotic relationship with Vrublevsky (a.k.a. RedEye and Despduck). Vrublevsky was a Russian businessman and cofounder and former CEO of ChronoPay, the infamous credit card processing company that initially got started in the rogue anti-virus industry. I think it is safe to say that in his heyday, Vrublevsky was a bit of an extrovert. He followed Krebs’s blog religiously and would instigate long conversations with Krebs on stories that were fantastical, true, and everything in between. Vrublevsky would feed Krebs half-truths about what was going on in the industry and left it to Krebs to sort it out. Vrublevsky’s downfall was his deteriorating relationship with his former partner, Dimitry Nechvolod (a.k.a. Gugle).
Vrublevsky and Nechvolod founded ChronoPay together in 2003, but by 2006, Nechvolod had left the company to pursue his own interests. He started two pharmacy spam operations called GlavMed and SpamIT. Because of the competition between these two men, the situation escalated out of control to something that Krebs calls the Pharma Wars, which ultimately scuttled the entire pharmaceutical spam industry, not just Vrublevsky and Nechvolod’s operations, but everybody else’s too.
Krebs’s main sources of information for this book came from leaked customer and operational databases from these two men. Although Vrublevsky and Nechvolod never admitted it, they both stole the other’s data and leaked it to Krebs. Krebs had many conversations with both Vrublevsky and Nechvolod about their side of the story, and Krebs even traveled to Moscow to interview Vrublevsky personally. From these conversations and other research done by Krebs, we get an inside view of how cyber crime operates in the real world.
Krebs set himself seven research questions:
• Who is buying the stuff advertised in spam and why?
• Are the drugs real or fake?
• Who profits?
• Why does the legitimate pharmaceutical industry seem powerless to stop it?
• Why is it easy to pay for the drugs with credit cards?
• Do customers have their credit card accounts hacked after buying?
• What can consumers, policy makers, and law enforcement do [about this cybercrime]?
For the most part, he answers all these questions. I will not spill the answers here, but I will tell you that I was surprised by every single one. I thought I knew this stuff, but Krebs provides the insight and research to make you re-evaluate what you think you know about illegal pharmaceutical spam operations.
Spam Nation is about the Brian Krebs’s story too. Traditional journalists reading this book are going to hate the fact the he plays a key role in most everything that he talks about in this book. His original reporting on bulletproof-hosting providers operating in the US and elsewhere—the Russian Business Network (RBN), Atrivo, and McColo—became that catalyst that eventually got them shut down. This got him noticed by Vrublevsky and started that weird relationship that ultimately led to Krebs receiving the databases from Vrublevsky and Nechvolod. It also led him to leave The Washington Post and to start his Krebs on Security blog.
In the background, Krebs introduces us to the key players involved in the development and operations of some of the most infamous botnets that have hit the Internet community in recent history:
• Conficker worm (author: Severa; infected 9-15 million computers)
• Cutwail botnet (authors: Dimitry Nechvolod (Gugle) and Igor Vishnevsky; 125,000 infected computers; spewed 16 billion spam messages a day)
• Grum botnet (author: GeRA; spewed 18 billion e-mails a day)
• Festi botnet (operators: Artimovich brothers; delivered one-third of the total amount of worldwide spam)
• Rustock botnet (author: COSMA; infected 150,000 PCs; spewed 30 billion spam messages a day)
• Storm botnet (author: Severa).
• Waledac botnet (author: Severa; spewed 1.5 billion junk e-mails a day)
From my reading, Krebs’s unintentional hero of his story is Microsoft. While Vrublevsky and Nechvolod were tearing each other apart and Krebs was trying to sift through what was true and what was not, Microsoft and other commercial, academic, and government organizations were quietly dismantling the infrastructure that these and other illicit operations depended on:
• June 2009: 15,000 illicit websites go dark at 3FN after the Federal Trade Commission convinced a northern California judge that 3FN was a black-hat service provider. NASA did the forensics work.
• November 2009: FireEye takes down the Mega-D botnet.
• January 2010: Neustar takes control of the Lethic spam botnet.
• March 2010: Microsoft takes down the Waledac botnet.
• October 2010: Armenian authorities take down the Bredolab botnet.
• March 2011: Microsoft takes down the Rustock botnet.
• July 2011: Microsoft offers a $250,000 reward for information leading to the arrest and conviction of the Rustock botmaster.
• July 2012: FireEye and Spamhaus take down the Grum botnet.
• July 2013: Microsoft and the FBI take down 1,400 botnets using the Citadel malware to control infected PCs.
• December 2013: Microsoft and the FBI take down the ZeroAccess botnet.
• June 2014: The FBI takes down of the Gameover Zeus botnet.
One takedown masterstroke came out of academia. George Mason University, the International Computer Science Institute, the University of California, San Diego, and Microsoft determined that 95 percent of all spam credit card processing was handled by three financial firms: one in Azerbaijan, one in Denmark, and one in Nevis (West Indies). They also pointed out that these financial firms were in violation of Visa’s own Global Brand Protection Program contract that required fines of $25,000 for transactions supporting the sale of Viagra, Cialis, and Levitra. Once Visa started levying fines, the financial firms stopped processing the transactions. The beauty of this takedown was that this was not a legal maneuver through the courts and law enforcement. It merely encouraged Visa to follow its own policy.
Cyber Crime Business Operations
For me, one of the most enjoyable parts of Spam Nation is the insight on how these criminal organizations operate. For example, Krebs highlights why pharmaceutical operations have great customer support: they want to avoid the penalty fees associated with a transaction when a buyer of illicit pills charges them with fraud. These are called chargebacks, and pharmaceutical customer support operations avoid them like the plague. These support operations require teams of software developers and technical support staff to be available 24/7.
Pharmaceutical operations have mature anti-fraud measures—equivalent to any legitimate bank’s anti-fraud measures—because they need to keep law enforcement and security researchers out of their business.
Most spammers do not make a lot of money. The top five do, but not everybody else. Krebs points out that it takes a multibillion dollar security industry to defend against a collection of criminals who are making a living wage.
In terms of botnet management, operators rent out top-earning botnets to other operators who do not have the skill to build a botnet themselves. Renters purchase installs and seed a prearranged number of bots with an additional malicious program that sends spam for the affiliate. They pay the rent by diverting a portion of their commissions on each pill sale from spam. Sometimes, that commission is as high as 50 percent. That is why the small-timers do not make any money.
Operators launder their money in a process called factoring. They map their client transactions into accounts on behalf of previously established shell companies. They tell the banks that the shell companies are the true customers. Then the operators pay the clients out of their own pockets.
Russian law allows FSB agents (Federal Security Service, the successor to the Soviet Union’s KGB), while remaining in the service, to be assigned to work at enterprises and organizations at the consent of their directors. Twenty percent of FSB officers are engaged in this protection business called “Krusha" in Russian, which means “roof” and pharmaceutical spam operations use them as much as possible.
Partnerships, called partnerkas, between spammers and dodgy advertisers that act as an intermediary for potential sponsors are essential. In this way, sponsors keep their distance from the illicit aspects of the spam business and can unplug from one partnerka in favor of another whenever they want. Some refer to this as organized crime (think The Godfather), but it is more like a loosely affiliated network of independent operators.
With all of these best business practices, you can see why the operators do not see themselves as criminals. They are just businesspeople trying to run a business.
The Tech
Cyber crime runs on technology. In the pharmaceutical spam business, some tech is unique, and other tech is shared with other kinds of cyber crime operations. Unique to pharmaceutical spam is a technique called black search engine optimization (Black SEO). Pharmaceutical spammers hack legitimate websites and insert hidden pages (IFrames) with loads of pharmaceutical websites links. The more links that the common search engines like Google and Bing index, the higher the pharmaceutical sites get in the priority list when normal users search for pills online.
Also unique to the pharmaceutical spam business is a good spam ecosystem. It must have the ability to keep track of how many e-mails the system delivered and how many recipients clicked the link. It must scrub e-mail addresses that are no longer active or are obvious decoys and harvest new e-mail addresses for future operations.
Not unique to pharmaceutical spam are the forums. Forums are the glue that allows the loosely affiliated network of independent operators to communicate with each other. Forums are a place that allows newbies an opportunity to establish a reputation and lowers the barriers to entry for a life of cyber crime. There are forums for every language, but most are in English. Members enforce a strict code of ethics so that members who are caught cheating other members are quickly banned. Social networking rankings give members a way to evaluate potential partners. A single negative post may cost an individual thousands of dollars. Because of that, most amicably resolve issues. Sometimes newbies get labeled as a “deer,” members who unintentionally break one of the forum’s rules. More-serious infractions might find a member in the blacklist subforum defending himself or herself from fraud allegations.
New forums start all the time, but some have been in existence for more than a decade, indicating process maturity for self-policing, networking, and rapid information sharing. New forums allow open registration, but mature forums set up various hurdles for membership that are designed to screen out law enforcement and hangers-on. Most have sub-rooms for specialization such as the following:
• Spam
• Cyber banking fraud
• Bank account cash-out schemes
• Malicious software development
• ID theft
• Credit card fraud
• Confidence scams
• Black SEO
Forums have many members (tens of thousands in some), but they exist to make money for the administrators. Admins offer additional services to improve the user experience. They offer escrow services—a small percentage of the transaction cost held until both sides agree that the other held up its end of the bargain—and stickies—ads that stay at the top of their sub-forums that range in price from $100 to $1,000 per month.
Conclusion
In Spam Nation, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007– 2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Cutwail, Grum, Festi, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cyber security journalists in the industry. His story, and the story of two competitive pharmaceutical spammers who eventually destroyed the lucrative moneymaking scheme for all players, is a fascinating read. It is definitely a cyber security canon candidate, and you should have read this by now.
Sources
“Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door,” by Brian Krebs, published by Brilliance Audio, 18 November 2014, last visited 13 November 2014,
https://www.goodreads.com/book/show/2...
References
“Blue Security folds under spammer's wrath,” by Robert Lemos, Security Focus, 17 May 2006, last visited 13 November 2014,
http://www.securityfocus.com/news/11392
“Click Trajectories: End-to-End Analysis of the Spam Value Chain,” by Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, last visited 13 November 2014,
http://cseweb.ucsd.edu/~savage/papers...
“Experts Warn of New Windows Shortcut Flaw,” by Brian Krebs, Krebs on Security, 10 July 2010, last visited 13 November 2014
http://krebsonsecurity.com/2010/07/ex...
“Krebs on Security: In-depth security news and investigation,” by Brian Krebs, last visited 14 November 2014,
http://krebsonsecurity.com/
“PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs,” by Damon McCoy, Andreas Pitsillidis, Grant Jordan, Nicholas Weaver, Christian Kreibich, Brian Krebs, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, Usenix, August 2012, last visited 13 November 2014,
http://www.cs.gmu.edu/~mccoy/papers/p... and https://www.usenix.org/conference/use...
“Russian Business Network Study,” by David Bizeul, 11 November 2007, last visited 12 November 2014,
http://www.bizeul.org/files/RBN_study...
“Shadowy Russian Firm Seen as Conduit for Cybercrime,” by Brian Krebs, The Washington Post, 13 October 2007, last visited 12 November 2014,
http://www.washingtonpost.com/wp-dyn/...
“The Partnerka – What Is It, and Why Should You Care?” by Dmitry Samosseiko, Sophos, Virus Bulletin, September 2009, last visited 13 November 2014,
http://www.sophos.com/medialibrary/PD...
“The Sleazy Life and Nasty Death of Russia’s Spam King,” by Brett Forrest, Wired Magazine, August 2006, last visited 13 November 2014,
http://archive.wired.com/wired/archiv...
“The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns,” by Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna, last visited 13 November 2014,
https://www.iseclab.org/papers/cutwai...
“Top Spam Botnets Exposed,” by Joe Stewart, SecureWorks, 8 April 2008, last visited 13 November 2014,
http://www.secureworks.com/cyber-thre...
In Spam Nation, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007–2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cyber security journalists in the industry. His relationship with two competitive pharmaceutical spammers—Pavel Vrublevsky and Dimitry Nechvolod—is a big bag of crazy and is the key storyline throughout the book. The competition between Vrublevsky and Nechvolod escalated into something that Krebs calls the Pharma Wars and Krebs gives us a bird’s-eye view into the details of that escalation that eventually destroyed both men and the industry they helped to create. Krebs’s weird symbiotic relationship with Vrublevsky is worth the read by itself. Spam Nation is definitely a cyber security canon candidate, and you should have read this by now.
Introduction
I have been a fan of Brian Krebs for many years. His blog, Krebs on Security, has been a mainstay of my recurring reading list since he started it in 2010 and even before when he was writing for The Washington Post. Since he struck out on his own, he has carved out a new kind of journalism that many reporters are watching to see how they might duplicate it themselves as journalism transitions from dead-tree printing to new media. Krebs’s beat is cyber security, and he is the leading journalistic authority on the underbelly of cyber crime. Spam Nation is a retelling— with more detail and more color—of some of the stories he covered from 2007 until about 2013 on a very specific sub-element of the cyber crime industry called pharmaceutical spam.
Many security practitioners will hear the phrase “pharmaceutical spam” and immediately start to nod off. Of all the problems they encounter on a daily basis, pharmaceutical spam is pretty low on the priority list. While that may be true, this subset of cyber crime is responsible for starting and maturing many of the trappings that we associate with cyber crime in general: botnet engines, fast-flux obfuscation, spamming, underground forums, cyber crime markets, good service as a distinguisher of criminal support services, and bulletproof-hosting providers.
The Story
The story really begins with Krebs’s weird symbiotic relationship with Vrublevsky (a.k.a. RedEye and Despduck). Vrublevsky was a Russian businessman and cofounder and former CEO of ChronoPay, the infamous credit card processing company that initially got started in the rogue anti-virus industry. I think it is safe to say that in his heyday, Vrublevsky was a bit of an extrovert. He followed Krebs’s blog religiously and would instigate long conversations with Krebs on stories that were fantastical, true, and everything in between. Vrublevsky would feed Krebs half-truths about what was going on in the industry and left it to Krebs to sort it out. Vrublevsky’s downfall was his deteriorating relationship with his former partner, Dimitry Nechvolod (a.k.a. Gugle).
Vrublevsky and Nechvolod founded ChronoPay together in 2003, but by 2006, Nechvolod had left the company to pursue his own interests. He started two pharmacy spam operations called GlavMed and SpamIT. Because of the competition between these two men, the situation escalated out of control to something that Krebs calls the Pharma Wars, which ultimately scuttled the entire pharmaceutical spam industry, not just Vrublevsky and Nechvolod’s operations, but everybody else’s too.
Krebs’s main sources of information for this book came from leaked customer and operational databases from these two men. Although Vrublevsky and Nechvolod never admitted it, they both stole the other’s data and leaked it to Krebs. Krebs had many conversations with both Vrublevsky and Nechvolod about their side of the story, and Krebs even traveled to Moscow to interview Vrublevsky personally. From these conversations and other research done by Krebs, we get an inside view of how cyber crime operates in the real world.
Krebs set himself seven research questions:
• Who is buying the stuff advertised in spam and why?
• Are the drugs real or fake?
• Who profits?
• Why does the legitimate pharmaceutical industry seem powerless to stop it?
• Why is it easy to pay for the drugs with credit cards?
• Do customers have their credit card accounts hacked after buying?
• What can consumers, policy makers, and law enforcement do [about this cybercrime]?
For the most part, he answers all these questions. I will not spill the answers here, but I will tell you that I was surprised by every single one. I thought I knew this stuff, but Krebs provides the insight and research to make you re-evaluate what you think you know about illegal pharmaceutical spam operations.
Spam Nation is about the Brian Krebs’s story too. Traditional journalists reading this book are going to hate the fact the he plays a key role in most everything that he talks about in this book. His original reporting on bulletproof-hosting providers operating in the US and elsewhere—the Russian Business Network (RBN), Atrivo, and McColo—became that catalyst that eventually got them shut down. This got him noticed by Vrublevsky and started that weird relationship that ultimately led to Krebs receiving the databases from Vrublevsky and Nechvolod. It also led him to leave The Washington Post and to start his Krebs on Security blog.
In the background, Krebs introduces us to the key players involved in the development and operations of some of the most infamous botnets that have hit the Internet community in recent history:
• Conficker worm (author: Severa; infected 9-15 million computers)
• Cutwail botnet (authors: Dimitry Nechvolod (Gugle) and Igor Vishnevsky; 125,000 infected computers; spewed 16 billion spam messages a day)
• Grum botnet (author: GeRA; spewed 18 billion e-mails a day)
• Festi botnet (operators: Artimovich brothers; delivered one-third of the total amount of worldwide spam)
• Rustock botnet (author: COSMA; infected 150,000 PCs; spewed 30 billion spam messages a day)
• Storm botnet (author: Severa).
• Waledac botnet (author: Severa; spewed 1.5 billion junk e-mails a day)
From my reading, Krebs’s unintentional hero of his story is Microsoft. While Vrublevsky and Nechvolod were tearing each other apart and Krebs was trying to sift through what was true and what was not, Microsoft and other commercial, academic, and government organizations were quietly dismantling the infrastructure that these and other illicit operations depended on:
• June 2009: 15,000 illicit websites go dark at 3FN after the Federal Trade Commission convinced a northern California judge that 3FN was a black-hat service provider. NASA did the forensics work.
• November 2009: FireEye takes down the Mega-D botnet.
• January 2010: Neustar takes control of the Lethic spam botnet.
• March 2010: Microsoft takes down the Waledac botnet.
• October 2010: Armenian authorities take down the Bredolab botnet.
• March 2011: Microsoft takes down the Rustock botnet.
• July 2011: Microsoft offers a $250,000 reward for information leading to the arrest and conviction of the Rustock botmaster.
• July 2012: FireEye and Spamhaus take down the Grum botnet.
• July 2013: Microsoft and the FBI take down 1,400 botnets using the Citadel malware to control infected PCs.
• December 2013: Microsoft and the FBI take down the ZeroAccess botnet.
• June 2014: The FBI takes down of the Gameover Zeus botnet.
One takedown masterstroke came out of academia. George Mason University, the International Computer Science Institute, the University of California, San Diego, and Microsoft determined that 95 percent of all spam credit card processing was handled by three financial firms: one in Azerbaijan, one in Denmark, and one in Nevis (West Indies). They also pointed out that these financial firms were in violation of Visa’s own Global Brand Protection Program contract that required fines of $25,000 for transactions supporting the sale of Viagra, Cialis, and Levitra. Once Visa started levying fines, the financial firms stopped processing the transactions. The beauty of this takedown was that this was not a legal maneuver through the courts and law enforcement. It merely encouraged Visa to follow its own policy.
Cyber Crime Business Operations
For me, one of the most enjoyable parts of Spam Nation is the insight on how these criminal organizations operate. For example, Krebs highlights why pharmaceutical operations have great customer support: they want to avoid the penalty fees associated with a transaction when a buyer of illicit pills charges them with fraud. These are called chargebacks, and pharmaceutical customer support operations avoid them like the plague. These support operations require teams of software developers and technical support staff to be available 24/7.
Pharmaceutical operations have mature anti-fraud measures—equivalent to any legitimate bank’s anti-fraud measures—because they need to keep law enforcement and security researchers out of their business.
Most spammers do not make a lot of money. The top five do, but not everybody else. Krebs points out that it takes a multibillion dollar security industry to defend against a collection of criminals who are making a living wage.
In terms of botnet management, operators rent out top-earning botnets to other operators who do not have the skill to build a botnet themselves. Renters purchase installs and seed a prearranged number of bots with an additional malicious program that sends spam for the affiliate. They pay the rent by diverting a portion of their commissions on each pill sale from spam. Sometimes, that commission is as high as 50 percent. That is why the small-timers do not make any money.
Operators launder their money in a process called factoring. They map their client transactions into accounts on behalf of previously established shell companies. They tell the banks that the shell companies are the true customers. Then the operators pay the clients out of their own pockets.
Russian law allows FSB agents (Federal Security Service, the successor to the Soviet Union’s KGB), while remaining in the service, to be assigned to work at enterprises and organizations at the consent of their directors. Twenty percent of FSB officers are engaged in this protection business called “Krusha" in Russian, which means “roof” and pharmaceutical spam operations use them as much as possible.
Partnerships, called partnerkas, between spammers and dodgy advertisers that act as an intermediary for potential sponsors are essential. In this way, sponsors keep their distance from the illicit aspects of the spam business and can unplug from one partnerka in favor of another whenever they want. Some refer to this as organized crime (think The Godfather), but it is more like a loosely affiliated network of independent operators.
With all of these best business practices, you can see why the operators do not see themselves as criminals. They are just businesspeople trying to run a business.
The Tech
Cyber crime runs on technology. In the pharmaceutical spam business, some tech is unique, and other tech is shared with other kinds of cyber crime operations. Unique to pharmaceutical spam is a technique called black search engine optimization (Black SEO). Pharmaceutical spammers hack legitimate websites and insert hidden pages (IFrames) with loads of pharmaceutical websites links. The more links that the common search engines like Google and Bing index, the higher the pharmaceutical sites get in the priority list when normal users search for pills online.
Also unique to the pharmaceutical spam business is a good spam ecosystem. It must have the ability to keep track of how many e-mails the system delivered and how many recipients clicked the link. It must scrub e-mail addresses that are no longer active or are obvious decoys and harvest new e-mail addresses for future operations.
Not unique to pharmaceutical spam are the forums. Forums are the glue that allows the loosely affiliated network of independent operators to communicate with each other. Forums are a place that allows newbies an opportunity to establish a reputation and lowers the barriers to entry for a life of cyber crime. There are forums for every language, but most are in English. Members enforce a strict code of ethics so that members who are caught cheating other members are quickly banned. Social networking rankings give members a way to evaluate potential partners. A single negative post may cost an individual thousands of dollars. Because of that, most amicably resolve issues. Sometimes newbies get labeled as a “deer,” members who unintentionally break one of the forum’s rules. More-serious infractions might find a member in the blacklist subforum defending himself or herself from fraud allegations.
New forums start all the time, but some have been in existence for more than a decade, indicating process maturity for self-policing, networking, and rapid information sharing. New forums allow open registration, but mature forums set up various hurdles for membership that are designed to screen out law enforcement and hangers-on. Most have sub-rooms for specialization such as the following:
• Spam
• Cyber banking fraud
• Bank account cash-out schemes
• Malicious software development
• ID theft
• Credit card fraud
• Confidence scams
• Black SEO
Forums have many members (tens of thousands in some), but they exist to make money for the administrators. Admins offer additional services to improve the user experience. They offer escrow services—a small percentage of the transaction cost held until both sides agree that the other held up its end of the bargain—and stickies—ads that stay at the top of their sub-forums that range in price from $100 to $1,000 per month.
Conclusion
In Spam Nation, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007– 2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Cutwail, Grum, Festi, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cyber security journalists in the industry. His story, and the story of two competitive pharmaceutical spammers who eventually destroyed the lucrative moneymaking scheme for all players, is a fascinating read. It is definitely a cyber security canon candidate, and you should have read this by now.
Sources
“Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door,” by Brian Krebs, published by Brilliance Audio, 18 November 2014, last visited 13 November 2014,
https://www.goodreads.com/book/show/2...
References
“Blue Security folds under spammer's wrath,” by Robert Lemos, Security Focus, 17 May 2006, last visited 13 November 2014,
http://www.securityfocus.com/news/11392
“Click Trajectories: End-to-End Analysis of the Spam Value Chain,” by Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, last visited 13 November 2014,
http://cseweb.ucsd.edu/~savage/papers...
“Experts Warn of New Windows Shortcut Flaw,” by Brian Krebs, Krebs on Security, 10 July 2010, last visited 13 November 2014
http://krebsonsecurity.com/2010/07/ex...
“Krebs on Security: In-depth security news and investigation,” by Brian Krebs, last visited 14 November 2014,
http://krebsonsecurity.com/
“PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs,” by Damon McCoy, Andreas Pitsillidis, Grant Jordan, Nicholas Weaver, Christian Kreibich, Brian Krebs, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, Usenix, August 2012, last visited 13 November 2014,
http://www.cs.gmu.edu/~mccoy/papers/p... and https://www.usenix.org/conference/use...
“Russian Business Network Study,” by David Bizeul, 11 November 2007, last visited 12 November 2014,
http://www.bizeul.org/files/RBN_study...
“Shadowy Russian Firm Seen as Conduit for Cybercrime,” by Brian Krebs, The Washington Post, 13 October 2007, last visited 12 November 2014,
http://www.washingtonpost.com/wp-dyn/...
“The Partnerka – What Is It, and Why Should You Care?” by Dmitry Samosseiko, Sophos, Virus Bulletin, September 2009, last visited 13 November 2014,
http://www.sophos.com/medialibrary/PD...
“The Sleazy Life and Nasty Death of Russia’s Spam King,” by Brett Forrest, Wired Magazine, August 2006, last visited 13 November 2014,
http://archive.wired.com/wired/archiv...
“The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns,” by Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna, last visited 13 November 2014,
https://www.iseclab.org/papers/cutwai...
“Top Spam Botnets Exposed,” by Joe Stewart, SecureWorks, 8 April 2008, last visited 13 November 2014,
http://www.secureworks.com/cyber-thre...
December 31, 2014
I was turned on to this book after reading the author's blog at http://www.krebsonsecurity.com and becoming intrigued to learn about the sources of and reasons for the torrent of spam that we are hit with in our inboxes each and every day. The author is obviously well-versed on this topic, and his story about the competing cybercrime factions made for a compelling story. There is some technical jargon sprinkled throughout this book, but the author made the topic approachable for any reader by providing clear explanations of most if not all technical terms and concepts. Overall, the book is very readable for any audience that is fascinated by this topic or those just wanting to become more informed. Unfortunately, I could only give the book 3 stars because the material, while well researched and thorough, could probably have been presented in a more organized and concise manner to get the point across more effectively. At times the book reads like a collection of independent blog posts, and some information is presented repeatedly. The cast of characters was also hard to follow and needed to be better managed. Still a recommended read in these times when we spend a good part of our lives online and the risk of hacking threats grows higher every day.
December 26, 2014
Very interesting story about two spam kingpins destroying each other. Definitely shows you another side of spam that I don't think most people know or understand. The story was captivating, but the author struggled with sounding egotistical, though I don't think he is, having read his blog for a while now. I think he made a good attempt at making the story exciting. Had he simply retold information, it would have been boring, but he didn't find the right balance between telling an excting story that he plays a major roll in and sounding self-aggrandizing.
Definitely worth a read if you're interested in cyber security or the internet underworld.
Definitely worth a read if you're interested in cyber security or the internet underworld.
June 1, 2022
Interesting, if somewhat dated account of the Russian hacking industry circa 2010. The business models described in the book were fairly complicated and the many unfamiliar Russian names made it even more difficult for me to follow. I probably should have created some charts to follow the tale.
The author is a former Washington Post reporter who managed to get in the middle of a "war" between two of the top Russian cybercriminals of that time. He received tons of leaked communications and had access to the individual criminals that gave him an insider's view. I recommend his website KrebsonSecurity.com if you have an interest in the subject.
The author is a former Washington Post reporter who managed to get in the middle of a "war" between two of the top Russian cybercriminals of that time. He received tons of leaked communications and had access to the individual criminals that gave him an insider's view. I recommend his website KrebsonSecurity.com if you have an interest in the subject.
December 10, 2014
It's a very good and mostly in-depth look into the world of spammers, especially the ones that deal with selling drugs. It concentrates mostly on some Russians, but still paints a petty good picture of most of the business, and the advice in the end seems good enough for beginners and most people.
The parts on why people buy from spammers were really interesting, which point to why most of the big pharma companies don't really want to investigate them, as it mostly seems that they sell the same stuff, just cheaper.
The parts on why people buy from spammers were really interesting, which point to why most of the big pharma companies don't really want to investigate them, as it mostly seems that they sell the same stuff, just cheaper.
September 18, 2015
Brian Krebs's favorite word is miscreant. >.>
An interesting, richly detailed account of the cyber crime ecosystem. I must admit I was slightly bemused by the fact that the author doesn't know that Livejournal was an American company sold to a Russian one, not the other way around (at one point he says that Russian Livejournal bought Six Apart and I was like ORLY? Also remember when having a MovableType install as a blogger was like buying a BMW? *sigh*) ... but this is just olds on the internet talk.
An interesting, richly detailed account of the cyber crime ecosystem. I must admit I was slightly bemused by the fact that the author doesn't know that Livejournal was an American company sold to a Russian one, not the other way around (at one point he says that Russian Livejournal bought Six Apart and I was like ORLY? Also remember when having a MovableType install as a blogger was like buying a BMW? *sigh*) ... but this is just olds on the internet talk.
January 7, 2015
Interesting behind the scenes at the largest spam operators until recently. The intrigue between the competing companies led to their downfall. The money involved led to the organizations coordinating the spam to fight and prove the consequence of Mutually Assured Destruction. Anyone interested in the global effects of what most of us consider nothing more than an annoyance should give this a read.
January 2, 2015
Brian Krebs has spent much time and money looking into both spam and security. I've learned a lot reading his blog so I picked up his book. Aside from epilogue on how to protect yourself, this isn't an actionable book. It's about what happened. Still interesting though to see what he went through and learned. I'm glad he has a "who's who" at the beginning was helpful to keep track of all the names.
December 3, 2016
Um livro um tanto ultrapassado (muito por obra do autor) contanto como começou e como foi o auge do spam de medicamentos por e-mail. Um assunto um tanto específico, mas bem contado e escrito por alguém que realmente entende sobre o que está falando.
Legal para quem quiser entender um pouco do cenário de cybercriminals russos, botnets, spam e quais são as demandas de mercado que geram spam de medicamentos. Vulgo, o preço dos remédios nos EUA.
Legal para quem quiser entender um pouco do cenário de cybercriminals russos, botnets, spam e quais são as demandas de mercado que geram spam de medicamentos. Vulgo, o preço dos remédios nos EUA.
December 24, 2016
Great story. It feels like great detective tv show, but about hackers and spammers.
Brain Krebs did an incredible work. This book it 'untold' story of global web.
Brain Krebs did an incredible work. This book it 'untold' story of global web.
December 22, 2016
“Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door” by Brian Krebs (@briankrebs) is an eye opening dive into the world of Internet spam, pharmaceutical drugs sold online, cyberattacks, malware, the dark web, and corruption within the Russian justice system. It should be required reading (or listening) for anyone working in or interested in the field of information technology today.
Do you know someone who has had their email account hacked? A few years ago I helped a woman in our church whose Yahoo account was hacked not once but several times. After reading "Spam Nation," I strongly suspect that one of the main reasons she was a victim of email hacking was her online purchase of pharmaceutical drugs for herself and her husband. Before reading Brain's book I knew online drugs were very prevalent, but his research and analysis helped "connect the dots" for me to better understand this landscape of medical needs and financial opportunities. Many of the same drug manufacturers in India whose products we purchase at corner drugstores in the United States like WalGreens and CVS are also sold by Russian pharma peddlers who have extremely sophisticated networks of malware-infested spam sending computers. Brian's book was published in 2015 and his stories are a few years old, but they are still very important to understand within the broader security landscape of our twenty-first century communications and media environment.
"Spam Nation" helped me better understand the economics and political environment (especially in Russia) which have created fertile ground for spamming and malware. The high prices of pharmaceutical drugs in the United States, and our ongoing need for comprehensive health care reform, also play an important role in these complex relationships. I certainly have a greater motivation to help members of our family, my school community, our church, and other groups understand the need for and know how to follow better personal digital security practices. See my recent post, "Give the Gift of Digital Security to Your Family," for more on those topics. That post, along with my ongoing work at school to upgrade our firewall, develop a plan to adopt two-factor authentication for all faculty/staff, and support other secure password and digital security initiatives were all influenced strongly by my reading (actually listening via Audible) to "Spam Nation" by Brian Krebs.
The large scale cyberattack which took place in October 2016 was powered primarily by a new IoT (Internet of Things) botnet which allows hackers to compromise and exploit home wifi devices like security cameras. The malware, named Mirai, is documented well by WikiPedia. Incidentally, current issues and events like this highlight the value of WikiPedia as an information source. This is something many educators do not yet fully understand or appreciate. When you're seeking information about a very new topic like the latest botnet cyberattack, however, it becomes clear immediately that archaic forms of information analysis and distribution (like printed books) are far less helpful than crowdsourced digital platforms like WikiPedia and Twitter.
"Scareware" is an important cybersecurity and digital security term which Brian Krebs introduced me to through "Spam Nation." I personally know several individuals at school and through our church who have been challenged by these kinds of advertisements and software programs. Scareware programs are promoted by website popup advertisements which try to convince users their computer has been compromised by a hacker, and they need to install recommended "security software" to remove the vulnerable malware programs. In some cases these scareware ads are effective, convincing users to install software which is itself malware, and/or part with money to purchase "software protection" which is bogus and not needed.
Part of digital literacy today must include the ongoing development of what Neil Postman termed a "crap detector" in his excellent (and prescient) 1985 book, "Amusing Ourselves to Death: Public Discourse in the Age of Show Business." As a technology director and digital citizenship advocate at our school, "scareware" is a vocabulary term I'm using now and will continue to use with students, parents, faculty and staff in the months ahead.
During the 1990s and into the 2000s, Apple / Macintosh computer users were relatively immune from the computer virus and malware attacks which plagued users of Microsoft's dominant Windows operating systems. In 2016, that's not the case anymore. According to Krebs, in 2011 scareware and malware developers started large scale efforts to compromise Apple computers. Apple computer systems need to run security software today just as Windows systems do. This is true for school computers or the computers you use at home.
The large price disparities between medications sold in the United States and elsewhere in the world create powerful economic incentives for people to purchase drugs online from unknown or shadowy companies. It's likely we all know people who do this. While the crackdown on credit card processors documented by Krebs in "Spam Nation" had a negative effect on the online pharmaceutical industry, the power of these economic incentives makes it likely to persist. As other authors I cited in a 1993 research paper on drug control in the Americas noted, counter-drug efforts tend to exhibit a "balloon effect" where enforcement in one area pushes traffickers to increase their efforts and drug availability in others. The takeaways here are:
1- It's extremely risky for anyone to purchase drugs from shadowy companies online.
2- Purchasers risk their health and the health of loved ones taking medications which are not adequately checked for quality.
3- Purchasers also risk compromising the security of their computers, phones, and their connected digital identities if they purchase drugs online from mysterious, foreign companies.
I highly recommend reading or listening to "Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door" by Brian Krebs (@briankrebs). As a result of listening to this book, I am not only better educated to understand many of the malicious and damaging dynamics involving spam and malware which affect us within our increasingly digital society, but am also better equipped to help students, educators and parents in our school community navigate these issues as more savvy digital citizens.
Do you know someone who has had their email account hacked? A few years ago I helped a woman in our church whose Yahoo account was hacked not once but several times. After reading "Spam Nation," I strongly suspect that one of the main reasons she was a victim of email hacking was her online purchase of pharmaceutical drugs for herself and her husband. Before reading Brain's book I knew online drugs were very prevalent, but his research and analysis helped "connect the dots" for me to better understand this landscape of medical needs and financial opportunities. Many of the same drug manufacturers in India whose products we purchase at corner drugstores in the United States like WalGreens and CVS are also sold by Russian pharma peddlers who have extremely sophisticated networks of malware-infested spam sending computers. Brian's book was published in 2015 and his stories are a few years old, but they are still very important to understand within the broader security landscape of our twenty-first century communications and media environment.
"Spam Nation" helped me better understand the economics and political environment (especially in Russia) which have created fertile ground for spamming and malware. The high prices of pharmaceutical drugs in the United States, and our ongoing need for comprehensive health care reform, also play an important role in these complex relationships. I certainly have a greater motivation to help members of our family, my school community, our church, and other groups understand the need for and know how to follow better personal digital security practices. See my recent post, "Give the Gift of Digital Security to Your Family," for more on those topics. That post, along with my ongoing work at school to upgrade our firewall, develop a plan to adopt two-factor authentication for all faculty/staff, and support other secure password and digital security initiatives were all influenced strongly by my reading (actually listening via Audible) to "Spam Nation" by Brian Krebs.
The large scale cyberattack which took place in October 2016 was powered primarily by a new IoT (Internet of Things) botnet which allows hackers to compromise and exploit home wifi devices like security cameras. The malware, named Mirai, is documented well by WikiPedia. Incidentally, current issues and events like this highlight the value of WikiPedia as an information source. This is something many educators do not yet fully understand or appreciate. When you're seeking information about a very new topic like the latest botnet cyberattack, however, it becomes clear immediately that archaic forms of information analysis and distribution (like printed books) are far less helpful than crowdsourced digital platforms like WikiPedia and Twitter.
"Scareware" is an important cybersecurity and digital security term which Brian Krebs introduced me to through "Spam Nation." I personally know several individuals at school and through our church who have been challenged by these kinds of advertisements and software programs. Scareware programs are promoted by website popup advertisements which try to convince users their computer has been compromised by a hacker, and they need to install recommended "security software" to remove the vulnerable malware programs. In some cases these scareware ads are effective, convincing users to install software which is itself malware, and/or part with money to purchase "software protection" which is bogus and not needed.
Part of digital literacy today must include the ongoing development of what Neil Postman termed a "crap detector" in his excellent (and prescient) 1985 book, "Amusing Ourselves to Death: Public Discourse in the Age of Show Business." As a technology director and digital citizenship advocate at our school, "scareware" is a vocabulary term I'm using now and will continue to use with students, parents, faculty and staff in the months ahead.
During the 1990s and into the 2000s, Apple / Macintosh computer users were relatively immune from the computer virus and malware attacks which plagued users of Microsoft's dominant Windows operating systems. In 2016, that's not the case anymore. According to Krebs, in 2011 scareware and malware developers started large scale efforts to compromise Apple computers. Apple computer systems need to run security software today just as Windows systems do. This is true for school computers or the computers you use at home.
The large price disparities between medications sold in the United States and elsewhere in the world create powerful economic incentives for people to purchase drugs online from unknown or shadowy companies. It's likely we all know people who do this. While the crackdown on credit card processors documented by Krebs in "Spam Nation" had a negative effect on the online pharmaceutical industry, the power of these economic incentives makes it likely to persist. As other authors I cited in a 1993 research paper on drug control in the Americas noted, counter-drug efforts tend to exhibit a "balloon effect" where enforcement in one area pushes traffickers to increase their efforts and drug availability in others. The takeaways here are:
1- It's extremely risky for anyone to purchase drugs from shadowy companies online.
2- Purchasers risk their health and the health of loved ones taking medications which are not adequately checked for quality.
3- Purchasers also risk compromising the security of their computers, phones, and their connected digital identities if they purchase drugs online from mysterious, foreign companies.
I highly recommend reading or listening to "Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door" by Brian Krebs (@briankrebs). As a result of listening to this book, I am not only better educated to understand many of the malicious and damaging dynamics involving spam and malware which affect us within our increasingly digital society, but am also better equipped to help students, educators and parents in our school community navigate these issues as more savvy digital citizens.
February 18, 2018
Interesting view on the people who worked with spam emails. Slightly outdated advice at the end, as it was published in 2014, but still worthwhile to listen to the epilog. Most people know, or SHOULD know that advice by now, but it is still important to follow. 2 factor login is much more common nowadays than then.
Specifically for the audible version: big parts were spoken with a to my ears Russian accent, a nice touch to indicate the words of the Russian people involved.
Specifically for the audible version: big parts were spoken with a to my ears Russian accent, a nice touch to indicate the words of the Russian people involved.
January 21, 2022
A pretty satisfying read: from a tech standpoint, most books that 'dabble' in tech are littered with mistakes. Krebs knows his subject and explains it well. His prose isn't magical - sometimes the scene-setting and phrasing will lack grace, but it's never bad enough to overpower the well-constructed plotline and good background research.
September 25, 2017
Interesting read, but too biographical for a supposedly technical non-fiction book. Still, I learned a great deal from it.
December 7, 2025
(3.5 stars)
October 11, 2015
I love 'Mr. Robot''s Elliot - he is right in everything he thinks, and wrong in everything he does! ‘Mr. Robot’ (U.S. TV series) tells the story of disillusioned hackers trying to change the injustices of the world - one hack at a time - and getting played by criminals unknowingly. Part of the problem is how much of us is on the internet - i.e. ID, banking / medical records, personal photographs, family, friends, likes and dislikes - the more in control we think we are, the more vulnerable we actually are.
I just finished reading ‘Spam Nation’ by Brian Krebs (2014; NYT bestseller) that focusses primarily on Krebs own investigation into cyber crime world that creates ‘botnets’ i.e. hacking ordinary citizens’ PCs and infecting them in such a way that when the criminal / hacker sends an email (spam) no one can link it back to the originator of the email = you may have a zombie computer without knowing it! And it may be is being used to spread spam mail of all sorts all over the world - cheap drugs (life-saving and pleasure-seeking), porn, child pornography, etc. For example, one spammer referred to his botnet as ‘Topol Mailer’ and that single botnet once delivered a third of all spam to inboxes around the globe, principally to Americans! And hacking your PC is not even that tough!
According to the book, ‘anti-virus companies combat an average of 82,000 new malicious software variants attacking computers every day - and a large %age of these strains are designed to turn infected computers into spam zombies that can be made to do the attacker’s bidding remotely. Security giant McAfee said it detected more than 25 million new pieces of malware in fourth quarter of 2014.’
The hackers / spammers in the book (like the TV series Mr. Robot) have cool Super-hero / Dr. Evil names like ‘Hellman’, ‘Red Eye’, ‘Gugle’, ‘Pet’, ‘Engel’, ‘Kolya’. And they have their own discussion forums! (‘Spamdot.biz’ etc.) and enemies: competitors and ‘Antis’ (anti-spam vigilantes).
The interesting thing about the book is the expanse of the networks (a guy sitting in China or Russia is sending spam via zombie computer in Africa to someone sitting in America/ Canada) and the universal need for cheap drugs - for e.g. most Americans who check spam and order prescription drugs through links given in spam get the same quality prescription drug as the expensive American version - the cheap version having been made in India and delivered to the consumer’s doorstep in America! The risk of course is that the drug maybe adulterated and result in deadly side effects and because it was a spam dealer, you have no recourse under law against it.
The disturbing bit is that the spammers helped the growth of child abuse business.
Krebs' book is focussed on his own limited investigative experience - Russian cyber criminals - but it made me wonder about terrorism and how botnets may exist to serve a terror objective (put information in an account, thus implicating the guy; or deleting crucial information of a bank; or arms purchase). In Pakistan, it has been used for digital identity theft (ATM passwords) - what else? I don’t know.
I had an unusual experience just the other week: I routinely get photocopies and print outs from a shop in F-7, Islamabad and when I tried to print out a doc from my Yahoo account using a PC there - Well, my email account wouldn’t open in spite of repeated attempts. I go back home and check the account and Yahoo has sent me an email: “Hi noor, On Mon, Sep 28, 2015 8:48 AM GMT+3, we noticed an attempt to sign in to your Yahoo account ********* from an unrecognized device in Romania. If this was you, please sign in from your regularly used device. If you haven't recently signed in from an unrecognized device and believe someone may have accessed your account, please visit this link to change your password and update your account recovery information. Thanks for taking these additional steps to keep your account safe. Yahoo”
So the shop in F-7 actually is a spambot! For what? Only hackers know!
I just finished reading ‘Spam Nation’ by Brian Krebs (2014; NYT bestseller) that focusses primarily on Krebs own investigation into cyber crime world that creates ‘botnets’ i.e. hacking ordinary citizens’ PCs and infecting them in such a way that when the criminal / hacker sends an email (spam) no one can link it back to the originator of the email = you may have a zombie computer without knowing it! And it may be is being used to spread spam mail of all sorts all over the world - cheap drugs (life-saving and pleasure-seeking), porn, child pornography, etc. For example, one spammer referred to his botnet as ‘Topol Mailer’ and that single botnet once delivered a third of all spam to inboxes around the globe, principally to Americans! And hacking your PC is not even that tough!
According to the book, ‘anti-virus companies combat an average of 82,000 new malicious software variants attacking computers every day - and a large %age of these strains are designed to turn infected computers into spam zombies that can be made to do the attacker’s bidding remotely. Security giant McAfee said it detected more than 25 million new pieces of malware in fourth quarter of 2014.’
The hackers / spammers in the book (like the TV series Mr. Robot) have cool Super-hero / Dr. Evil names like ‘Hellman’, ‘Red Eye’, ‘Gugle’, ‘Pet’, ‘Engel’, ‘Kolya’. And they have their own discussion forums! (‘Spamdot.biz’ etc.) and enemies: competitors and ‘Antis’ (anti-spam vigilantes).
The interesting thing about the book is the expanse of the networks (a guy sitting in China or Russia is sending spam via zombie computer in Africa to someone sitting in America/ Canada) and the universal need for cheap drugs - for e.g. most Americans who check spam and order prescription drugs through links given in spam get the same quality prescription drug as the expensive American version - the cheap version having been made in India and delivered to the consumer’s doorstep in America! The risk of course is that the drug maybe adulterated and result in deadly side effects and because it was a spam dealer, you have no recourse under law against it.
The disturbing bit is that the spammers helped the growth of child abuse business.
Krebs' book is focussed on his own limited investigative experience - Russian cyber criminals - but it made me wonder about terrorism and how botnets may exist to serve a terror objective (put information in an account, thus implicating the guy; or deleting crucial information of a bank; or arms purchase). In Pakistan, it has been used for digital identity theft (ATM passwords) - what else? I don’t know.
I had an unusual experience just the other week: I routinely get photocopies and print outs from a shop in F-7, Islamabad and when I tried to print out a doc from my Yahoo account using a PC there - Well, my email account wouldn’t open in spite of repeated attempts. I go back home and check the account and Yahoo has sent me an email: “Hi noor, On Mon, Sep 28, 2015 8:48 AM GMT+3, we noticed an attempt to sign in to your Yahoo account ********* from an unrecognized device in Romania. If this was you, please sign in from your regularly used device. If you haven't recently signed in from an unrecognized device and believe someone may have accessed your account, please visit this link to change your password and update your account recovery information. Thanks for taking these additional steps to keep your account safe. Yahoo”
So the shop in F-7 actually is a spambot! For what? Only hackers know!
February 12, 2016
I borrowed this book, as an eBook, from the local library. I had only 14 days to read it. and I did so.
I've often wondered just how profitable it is to spam people. I mean, if it wasn't profitable people wouldn't be doing it. The vast majority of us despise spam and we go to great lengths to avoid it. We set up elaborate spam filters on our email, or we pointedly choose email providers that will do that for us.
As with so many things, the different components of it are outsourced to different groups. One group runs a credit card payment processing system. Another group runs a "bulletproof" web hosting system, which won't shut you down when everyone gripes about you. Another group actually arranges shipments of drugs, ordered by people after it was advertised by spam.
Many of the drugs delivered as a result of these orders are perfectly legitimate. They have the correct active ingredients, in the correct concentrations and appropriate packaging. The reality is that major pharmaceutical companies outsource the actual mixing and production of their prescription drugs to a variety of factories in India and China. It isn't difficult to have the same companies produce a few extra above and beyond the contracted orders. Once you have those, it's just a matter of getting orders and fulfilling them.
Who is ordering prescription drugs from these groups? People who don't have health insurance and are paying out of pocket for prescription drugs. People who do have insurance, but the copays on the prescriptions are so high that they can buy it cheaper, out of pocket through these channels. People who are self medicating and don't actually have a prescription for this.
These pharmaceutical supply companies, responding to orders from spam advertising, are motivated to ship quality products in a timely fashion. Failing that, they are motivated to refund your money to your credit card with very few hassles. Why are they so motivated? If you contact your credit card company and issue a fraud statement, that raises all kinds of red flags. Credit cards are the lifeblood of these companies. The absolute last thing they want to happen is to get fraud charges. If the credit card companies think they are committing fraud, they will stop processing orders for the suppliers. So they're motivated to do a good job, look totally legitimate and work hard for your repeat business.
Some of the measures they go to, both to get the email out to the wider world and to host the websites which collect the orders, are quite ingenious. Most of it involves creating a botnet, a network of machines which have been compromised by viruses and various malware, and pressed into service for the spammers. The actual owners of the machines, frequently, have no idea that their computers are working for someone else.
Why weren't the major pharmaceutical companies fighting these guys? It would take some research to figure out whether the drugs were legitimate or not. Certain pharmaceutical companies were willing to fund such research if it showed that the spammers were delivering inferior products. However, if they were delivering legitimate products, they absolutely did NOT want word getting out. Better to leave it a grey area and let people SUSPECT that inferior products were being delivered than to actually publish research that might indicate legitimate sales.
In the end, it was greed, hubris and personal vendettas that brought the major spam organizations down. Along with the fact the credit card companies refused to process payments for things that were illegal (shipping a prescription to someone in the USA, without a confirmed prescription, is illegal). And they made it very easy to report illegal activity. Finally, spammers were priced out of the market for programmer talent in Russia. When a talented programmer could get a legitimate job and get paid better than the spammers could pay, it was the beginning of the end.
I've often wondered just how profitable it is to spam people. I mean, if it wasn't profitable people wouldn't be doing it. The vast majority of us despise spam and we go to great lengths to avoid it. We set up elaborate spam filters on our email, or we pointedly choose email providers that will do that for us.
As with so many things, the different components of it are outsourced to different groups. One group runs a credit card payment processing system. Another group runs a "bulletproof" web hosting system, which won't shut you down when everyone gripes about you. Another group actually arranges shipments of drugs, ordered by people after it was advertised by spam.
Many of the drugs delivered as a result of these orders are perfectly legitimate. They have the correct active ingredients, in the correct concentrations and appropriate packaging. The reality is that major pharmaceutical companies outsource the actual mixing and production of their prescription drugs to a variety of factories in India and China. It isn't difficult to have the same companies produce a few extra above and beyond the contracted orders. Once you have those, it's just a matter of getting orders and fulfilling them.
Who is ordering prescription drugs from these groups? People who don't have health insurance and are paying out of pocket for prescription drugs. People who do have insurance, but the copays on the prescriptions are so high that they can buy it cheaper, out of pocket through these channels. People who are self medicating and don't actually have a prescription for this.
These pharmaceutical supply companies, responding to orders from spam advertising, are motivated to ship quality products in a timely fashion. Failing that, they are motivated to refund your money to your credit card with very few hassles. Why are they so motivated? If you contact your credit card company and issue a fraud statement, that raises all kinds of red flags. Credit cards are the lifeblood of these companies. The absolute last thing they want to happen is to get fraud charges. If the credit card companies think they are committing fraud, they will stop processing orders for the suppliers. So they're motivated to do a good job, look totally legitimate and work hard for your repeat business.
Some of the measures they go to, both to get the email out to the wider world and to host the websites which collect the orders, are quite ingenious. Most of it involves creating a botnet, a network of machines which have been compromised by viruses and various malware, and pressed into service for the spammers. The actual owners of the machines, frequently, have no idea that their computers are working for someone else.
Why weren't the major pharmaceutical companies fighting these guys? It would take some research to figure out whether the drugs were legitimate or not. Certain pharmaceutical companies were willing to fund such research if it showed that the spammers were delivering inferior products. However, if they were delivering legitimate products, they absolutely did NOT want word getting out. Better to leave it a grey area and let people SUSPECT that inferior products were being delivered than to actually publish research that might indicate legitimate sales.
In the end, it was greed, hubris and personal vendettas that brought the major spam organizations down. Along with the fact the credit card companies refused to process payments for things that were illegal (shipping a prescription to someone in the USA, without a confirmed prescription, is illegal). And they made it very easy to report illegal activity. Finally, spammers were priced out of the market for programmer talent in Russia. When a talented programmer could get a legitimate job and get paid better than the spammers could pay, it was the beginning of the end.
January 21, 2015
This review originally published in Looking For a Good Book. Rated 3.25 of 5
You probably wouldn't be reading this blog, or this review as posted on-line, if you didn't know what 'spam' is, or if you only thought it was a canned meat-like food. And if you know what spam is, you probably find it annoying -- a clutter filling your email in-box -- but not necessarily dangerous. You would be wrong.
Brian Krebs, the cybersecurity expert who first reported the infamous security breach at Target®, is a journalist and blogger who has devoted himself to investigating and reporting on cyber security. In Spam Nation, he details the rise and fall of the world's leading spammers. Perhaps it's not too surprising (especially to anyone who has actually read through some spam) that the leading spammers are from the Russian Federation and neighboring states. What is surprising (at least to me) is how much of the spam is fueled by so few people; how a personal feud between the top two leading spammers brought about their own downfall; and how much money these criminals actually make.
For an example of the latter... Krebs reports that one leading cyber-criminal had his very expensive import car stolen and decided that because it was a vehicle that was considered to be highly valuable property he decided to by a different car (a BMW, I believe it was) rather than try to get the car returned. I can't imagine having the kind of money where you just buy a new vehicle (and a BMW or Mercedes) instead of trying to recover a stolen vehicle.
The book is incredibly interesting, but also more than a little technical. It likely wouldn't have mass appeal because too many people may find the computer jargon difficult to follow. On top of that, because of the nature of who the criminals are, it also reads a bit like Dostoevsky with a great many East Slavic language names. Keeping them straight was often a challenge, made more difficult by the fact that they often were referred to by their on-line nicknames, which sometimes changed.
Krebs, on the one hand, occasionally came across as arrogant and boastful -- making sure we know how much the spammers kept an eye on him because of what he could do -- but on the other hand, as we read through the book we learn that much of what he presents was gifted to him by insider sources, likely because of the feud.
The presentation of material felt a bit scattered, as though Krebs had so much he wanted to share but didn't know what to give us first. He is a good blogger and journalist, but putting information in a book-length format requires a different sort of thinking and planning. It might have been just as successful if he had simply published a collection of his blog posts.
Even so, I learned some things from this book, which is often more than I can hope for from a non-fiction title. I was more thana little shocked to learn that at one point in 2013, "nearly 70 percent of all email sent daily was unsolicited bulk email relayed via spam botnets" and that the cyber-jerks sending spam were sending approximately 85 BILLION junk/spam messages every DAY. Ouch.
I've come away with new knowledge and perhaps even a way to make myself a little better, and that's definitely worth something.
Looking for a good book? Spam Nation gives you a look inside the belly of the cyber-spamming beast, and you might not like what you see inside but the knowledge is a good thing to have.
You probably wouldn't be reading this blog, or this review as posted on-line, if you didn't know what 'spam' is, or if you only thought it was a canned meat-like food. And if you know what spam is, you probably find it annoying -- a clutter filling your email in-box -- but not necessarily dangerous. You would be wrong.
Brian Krebs, the cybersecurity expert who first reported the infamous security breach at Target®, is a journalist and blogger who has devoted himself to investigating and reporting on cyber security. In Spam Nation, he details the rise and fall of the world's leading spammers. Perhaps it's not too surprising (especially to anyone who has actually read through some spam) that the leading spammers are from the Russian Federation and neighboring states. What is surprising (at least to me) is how much of the spam is fueled by so few people; how a personal feud between the top two leading spammers brought about their own downfall; and how much money these criminals actually make.
For an example of the latter... Krebs reports that one leading cyber-criminal had his very expensive import car stolen and decided that because it was a vehicle that was considered to be highly valuable property he decided to by a different car (a BMW, I believe it was) rather than try to get the car returned. I can't imagine having the kind of money where you just buy a new vehicle (and a BMW or Mercedes) instead of trying to recover a stolen vehicle.
The book is incredibly interesting, but also more than a little technical. It likely wouldn't have mass appeal because too many people may find the computer jargon difficult to follow. On top of that, because of the nature of who the criminals are, it also reads a bit like Dostoevsky with a great many East Slavic language names. Keeping them straight was often a challenge, made more difficult by the fact that they often were referred to by their on-line nicknames, which sometimes changed.
Krebs, on the one hand, occasionally came across as arrogant and boastful -- making sure we know how much the spammers kept an eye on him because of what he could do -- but on the other hand, as we read through the book we learn that much of what he presents was gifted to him by insider sources, likely because of the feud.
The presentation of material felt a bit scattered, as though Krebs had so much he wanted to share but didn't know what to give us first. He is a good blogger and journalist, but putting information in a book-length format requires a different sort of thinking and planning. It might have been just as successful if he had simply published a collection of his blog posts.
Even so, I learned some things from this book, which is often more than I can hope for from a non-fiction title. I was more thana little shocked to learn that at one point in 2013, "nearly 70 percent of all email sent daily was unsolicited bulk email relayed via spam botnets" and that the cyber-jerks sending spam were sending approximately 85 BILLION junk/spam messages every DAY. Ouch.
I've come away with new knowledge and perhaps even a way to make myself a little better, and that's definitely worth something.
Looking for a good book? Spam Nation gives you a look inside the belly of the cyber-spamming beast, and you might not like what you see inside but the knowledge is a good thing to have.
October 23, 2017
WARNING: Parental guidance should be observed because of the adult subject matter. It is R rated.
For those who in IT Security (as I am) or curious about spam industry and history this is an excellent book. The narrator does an A+ job and even talks in Russian and New York accents when recounting discussions. You will get a chuckle at times at the absurdity of various conversations Krebs had with cyber criminals.
I think in one sense the cyber criminals come off as humanized and everyday citizens in the book. However, that is not the case. These people are criminals and engaged in larger criminal enterprises than sending you emails you don't want or didn't ask for. People die from the drugs that are fake. Children are harmed from the child pornography that is produced and sold. These are evil people and I don't think Krebs does a good enough job making that point.
That said, Krebs does an excellent job investigating and uncovering cyber criminals. I have enjoyed reading his blog for years. You will not find better reporting on cyber criminal activity than his blog.
For those who in IT Security (as I am) or curious about spam industry and history this is an excellent book. The narrator does an A+ job and even talks in Russian and New York accents when recounting discussions. You will get a chuckle at times at the absurdity of various conversations Krebs had with cyber criminals.
I think in one sense the cyber criminals come off as humanized and everyday citizens in the book. However, that is not the case. These people are criminals and engaged in larger criminal enterprises than sending you emails you don't want or didn't ask for. People die from the drugs that are fake. Children are harmed from the child pornography that is produced and sold. These are evil people and I don't think Krebs does a good enough job making that point.
That said, Krebs does an excellent job investigating and uncovering cyber criminals. I have enjoyed reading his blog for years. You will not find better reporting on cyber criminal activity than his blog.
May 27, 2016
This book is focused on the evolution, decline, re-emergence and ongoing transformation of loosely-connected Russian cybercrime networks (called Partnerka) whose business is stealing from average citizens around the world.
The Partnerka harvests millions of email addresses (with a special focus on the US) and spams them relentlessly through armies of botnets (networks of infected computers) in an attempt to sell everything from unregulated drugs to illegally copied software to child porn. The Partnerka constantly troll for new computers to press into their botnets - using scareware, fake anti-virus programs, and other infected software downloads. Once in your computer they may monitor your keystrokes, steal email accounts, harvest passwords, and collect financial data, all with the express intent of robbing you (and your friends, and their friends) -- or selling your information to someone who will. The strategies constantly evolve. One of the more recent is Ransomware -- malware which encrypts everything on your computer and demands a ransom (generally in bitcoins) for unlocking it again. Bottom line -- these are serious, well-organized criminals, based in a country where they can operate as fairly large enterprises as long as they bribe the right FSB agents and politicians.
This is a scary, incredibly well-researched book, filled with hard-won information, gathered by an author courageous enough to interview and challenge some very dangerous people. However, it has a few flaws (the only reason I gave this a 4 instead of a 5):
1) No index (the book contains a lot of well researched information that would be valuable to other researchers. An index would help them find it.)
2) The relevant time-line is difficult to tease out. The dates are somewhat skewed toward activities of the author. I would like to see a timeline focused on the evolution of the criminal activity.
3) Insufficient footnotes (esp in the last 2/3rds of the book.) There is a section called "Sources", where the sources are outlined in prose but not the more traditional set of notes.
That said, this book is definitely worth reading cover to cover. The beginning of the book covers the evolution of this cybercrime business and makes it clear how serious these people are. The middle covers the internecine conflicts which led to the downfall of some of the biggest players. The last part brings us up-to-date and provides a clearer picture on the complex work governments, corporations and the FBI, Interpol and other agencies are doing to fight these criminals. The book closes with ways to protect yourself, as well as ways to be a more responsible cyber-citizen.
The Partnerka harvests millions of email addresses (with a special focus on the US) and spams them relentlessly through armies of botnets (networks of infected computers) in an attempt to sell everything from unregulated drugs to illegally copied software to child porn. The Partnerka constantly troll for new computers to press into their botnets - using scareware, fake anti-virus programs, and other infected software downloads. Once in your computer they may monitor your keystrokes, steal email accounts, harvest passwords, and collect financial data, all with the express intent of robbing you (and your friends, and their friends) -- or selling your information to someone who will. The strategies constantly evolve. One of the more recent is Ransomware -- malware which encrypts everything on your computer and demands a ransom (generally in bitcoins) for unlocking it again. Bottom line -- these are serious, well-organized criminals, based in a country where they can operate as fairly large enterprises as long as they bribe the right FSB agents and politicians.
This is a scary, incredibly well-researched book, filled with hard-won information, gathered by an author courageous enough to interview and challenge some very dangerous people. However, it has a few flaws (the only reason I gave this a 4 instead of a 5):
1) No index (the book contains a lot of well researched information that would be valuable to other researchers. An index would help them find it.)
2) The relevant time-line is difficult to tease out. The dates are somewhat skewed toward activities of the author. I would like to see a timeline focused on the evolution of the criminal activity.
3) Insufficient footnotes (esp in the last 2/3rds of the book.) There is a section called "Sources", where the sources are outlined in prose but not the more traditional set of notes.
That said, this book is definitely worth reading cover to cover. The beginning of the book covers the evolution of this cybercrime business and makes it clear how serious these people are. The middle covers the internecine conflicts which led to the downfall of some of the biggest players. The last part brings us up-to-date and provides a clearer picture on the complex work governments, corporations and the FBI, Interpol and other agencies are doing to fight these criminals. The book closes with ways to protect yourself, as well as ways to be a more responsible cyber-citizen.
June 3, 2018
Krebs' account of the Pharma Wars saga -- a spate of infighting between two major online pharmacy affiliate networks -- is important, as he is one of the few people in the West who has a meaningful handle on the struggle, and can speak directly from the documentary evidence leaked as part of the conflict, as well as rare personal access (It was bizarre to read of spamlord Vrublevsky's regular, personal phonecalls to Krebs).
Unfortunately, Krebs does not dazzle on the page, with a few clunky habits that seem to be inherited from his journalism (for instance, sometimes he refers to himself as 'I' and sometimes as 'this author', apparently switching based on whether he's attempting a dramatic scene or not), and a slightly-too-large cast which his presentation makes hard to follow (we're introduced to a lot of sources early on which don't really crop up until much later, and other characters are inelegantly introduced for apparently no reason other than short bridging scenes.).
However, his reporting is solid enough to make up for these flaws, as he goes digging through mountains of emails and forum evidence as well as personal interviews. I think Krebs does a particularly decent job of unpicking the relationship between US drug prices and online cybercrime. It is strange to think that drug price controls in the US could potentially have swept support from under worldwide botnet industries. He also takes pains to point out that vital research about the quality of drugs from online pharmacies is being blocked by government and pharmaceutical interests which are worried that the results might demonstrate that online pharmacies are by-and-large safe.
Krebs uses 'spam' to include a variety of cybercrimes, not all of which really fit the label. Focusing on the affiliate marketing only, though, he has an important point to raise about why it should not be considered irrelevant. The reason spam is important is not because it is making a lot of criminals rich -- he points out that only relatively few spammers made millions from their networks -- but because it is a reliable source of income that keeps the infrastructure for other attacks a viable investment. When company-crippling DDoS attacks are launched, or new malware and phishing attacks distributed, these are sent through the same botnets that are spending much of their time on the bill-paying work of delivering spam. The second-order effects of the crackdowns Krebs describe are thus many. The rise of ransomware is one direct response as the spammers start searching for new means of extracting money from the resources. A slow decline of spam does appear to be another.
Unfortunately, Krebs does not dazzle on the page, with a few clunky habits that seem to be inherited from his journalism (for instance, sometimes he refers to himself as 'I' and sometimes as 'this author', apparently switching based on whether he's attempting a dramatic scene or not), and a slightly-too-large cast which his presentation makes hard to follow (we're introduced to a lot of sources early on which don't really crop up until much later, and other characters are inelegantly introduced for apparently no reason other than short bridging scenes.).
However, his reporting is solid enough to make up for these flaws, as he goes digging through mountains of emails and forum evidence as well as personal interviews. I think Krebs does a particularly decent job of unpicking the relationship between US drug prices and online cybercrime. It is strange to think that drug price controls in the US could potentially have swept support from under worldwide botnet industries. He also takes pains to point out that vital research about the quality of drugs from online pharmacies is being blocked by government and pharmaceutical interests which are worried that the results might demonstrate that online pharmacies are by-and-large safe.
Krebs uses 'spam' to include a variety of cybercrimes, not all of which really fit the label. Focusing on the affiliate marketing only, though, he has an important point to raise about why it should not be considered irrelevant. The reason spam is important is not because it is making a lot of criminals rich -- he points out that only relatively few spammers made millions from their networks -- but because it is a reliable source of income that keeps the infrastructure for other attacks a viable investment. When company-crippling DDoS attacks are launched, or new malware and phishing attacks distributed, these are sent through the same botnets that are spending much of their time on the bill-paying work of delivering spam. The second-order effects of the crackdowns Krebs describe are thus many. The rise of ransomware is one direct response as the spammers start searching for new means of extracting money from the resources. A slow decline of spam does appear to be another.
Displaying 1 - 30 of 261 reviews