Sunday, January 20, 2019
Book Review: 'Spam Nation: The Inside Story of Organized Cybercrime―from Global Epidemic to Your Front Door' by Brian Krebs
Spam is a Russian industry. There are competitors, partnerships, even contests for most responses. Incredibly (to us), spam delivered in Russia actually offers links to spamming services at the bottom of the spam, so that your business too, can benefit. The drug spam industry is financed by American consumers, who want to save money, avoid going to doctors, or even deal prescription drugs to others. The spammers fill a genuine void and satisfy a genuine demand in a twisted healthcare system. This is the story that Brian Krebs reveals, in dramatic, fascinating and fine detail.
The online “pharmacies” contract with fabs in India and China, just like the majors do. Goods are shipped by them directly to the customer. Refunds are easier to obtain than from US firms, because the spammers don’t want their card processors to fine them or cut them off. And better customer service leads to reorders (!). And if they don’t, aggressive outbound telemarketing takes over. They have supply chains, with acquirers of botnets, renters of botnets, pharmacies, affiliate programs and spammers – all getting a cut of the transaction or an upfront fee. So very few get crazy rich. Some had to take legitimate day jobs to make ends meet. Eventually, those legitimate tech jobs became more attractive than the dark ones, so recruiting became a problem. Truly, a parallel universe.
The drug spam segment is in clear decline:
1) The Achilles Heel of the spammers is that they are not totally vertical. They can collect e-mail addresses, they can create botnets, they can accept and fulfill orders. But they can’t process payment. So credit card companies and Microsoft have gone after banks, card processors and transfer agents, making business impossible for the drug spammers. They built their own universe with their own rules, but stopped short. Eventually, it had to collapse.
2) The other weak link is Russia, which harbored them. How long that would last was always questionable, but Russia is so corrupt that spammers bribed officials to investigate and close down their competitors. It was a war of attrition where eventually everyone had to lose. Overall, it was a self-inflicted, two pronged attack – on itself.
And it’s not all a semi-legitimate economy. They also evolved from scareware (your computer is not safe) to ransomware (all your files are now encrypted). And there’s the constant selling of personal information.
Krebs follows a cast of kingpins through their rise and fall. It’s a passion that cost him his career at the Washington Post, which changed “policy” so he could no longer publish his blockbuster stories. (Krebs had been the reason for the crippling and shutdown of major botnets, himself) He has kept going, following through to the end of the kingpins’ rule, and ends the book with tips on not just how, but why you need to protect your accounts. It’s all chilling and gripping, and unfortunately real.
Editor's note: This review has been published with the permission of David Wineberg. Like what you read? Subscribe to the SFRB's free daily email notice so you can be up-to-date on our latest articles. Scroll up this page to the sign-up field on your right.