Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

2.0 1
by Brian Krebs
     
 

View All Available Formats & Editions

Now a New York Times bestseller!

Winner of a 2015 Prose Award!

There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life.

In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds

See more details below

Overview

Now a New York Times bestseller!

Winner of a 2015 Prose Award!

There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life.

In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies-and countless viruses, phishing, and spyware attacks-he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.

Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma"-who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords-Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets.

Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can-and do-hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too.

Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime-before it's too late.

"Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals... His track record of scoops...has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." -Bloomberg Businessweek

Read More

Editorial Reviews

Publishers Weekly
08/25/2014
In an exposé delving into a dark side of the online world, Krebs, a former Washington Post journalist and cybersecurity expert, pulls back the digital curtain to reveal the secrets behind email spam, botnets, rogue pharmacies, and other Internet threats. Armed with reams of information sent to him by feuding hackers and cybercrooks, Krebs explores just how and why these spammers get away with so much—how they make millions by flooding our email in-boxes with ads for cheap (and often unreliable, dangerous, or illegal) drugs, and how they stay one step ahead of the authorities. He traces many of them back to cabals taking refuge in the relatively laissez-faire former Soviet states, where the so-called Russian Business Network flourishes somewhat openly. Krebs plays the role of fearless crusader and hard-nosed investigative journalist, his crusade costing him his job at the Washington Post and his curiosity taking him to meet Russian spamlords face-to-face. By exposing our digital weaknesses and following the money, he presents a fascinating and entertaining cautionary tale. Krebs’s work is timely, informative, and sadly relevant in our cyber-dependent age. Agent: Jill Marsal, Marsal Lyon Literary Agency. (Nov.)
From the Publisher
"Spam Nation is an excellent look at the technicalities, ethics, economics, global politics, and business of spam and cybercrime, and it is researched and told with enormous care and verve. " - Cory Doctorow, Boing Boing

"A fascinating and somewhat disheartening look why spam is so common...readers of Spam Nation will never look at the spam in their inbox the same way again." - USA Today

"In Spam Nation, journalist Brian Krebs guides readers through the intimidating and technical world of organized cybercrime...Future wars will be waged in part by talented hackers with bot armies at their backs. For now, we have Krebs as a guide, and-thankfully-email filters. " - The Washington Free Beacon

"The book is a strong chronicle of how and why this junk business succeeds..." - Federal Computer Week

"Krebs' guided tour of the cybercriminal underworld is a cautionary tale about menacing cultures of hackers, spammers and duplicitous digital network 'cybercrooks...' an eye-opening, immensely distressing exposé on the current state of organized cyberspammers. " - Kirkus

"Armed with reams of information sent to him by feuding hackers and cybercrooks, Krebs explores just how and why these spammers get away with so much...By exposing our digital weaknesses and following the money, he presents a fascinating and entertaining cautionary tale. Krebs's work is timely, informative, and sadly relevant in our cyber-dependent age." - Publishers Weekly

"Spam Nation does a great job of telling an important aspect of the story, and what small things you can do to make a large difference, such that you won't fall victim to these scammers. At just under 250 pages, Spam Nation is a quick read and an important one at that." - Slashdot

"[A] potent new book...Intricate and superbly documented." - Boston Globe

"Brian Krebs, a well-known security expert, dives deep into the history and culture of the underground world where spam gets made-and along the way touches on that community's participation in online criminal enterprises: identity theft, botnet creation, money laundering, data breaches, and much more." - Before It's News

"Those wishing for a reliable tour of the shadowy world of criminal hacking and cyber thievery need look no further than Spam Nation, a new book by Brian Krebs." - Vending Times

Kirkus Reviews
2014-10-05
How once-harmless Internet advertising developed into the dangerously intrusive inbox enemy it is today. Former Washington Post reporter and current Web security analyst Krebs addresses the threat of email spam as much more than simply an online nuisance; rather, it's the byproduct of fully functioning "virtual pirate coves of the Internet" trafficking illegal goods and services to unsuspecting users. His nuanced detective work uncovered corrupt business practices at rogue pharmaceutical sites (an industry which a large portion of email spam promotes). Digging deeper, he discovered a global conspiracy targeting just about anyone with an email address. Krebs' guided tour of the cybercriminal underworld is a cautionary tale about menacing cultures of hackers, spammers and duplicitous digital network "cybercrooks"—e.g., shifty Russian e-commerce mogul Pavel Vrublevsky, whom the author surprised with a perilous, impromptu in-person meeting at his home in Moscow. Krebs' background in cybersleuthing (he broke the story on the late-2013 Target credit-card database breach) is maximally utilized in chapters covering how "bulletproof hosting networks" and their integrated, parasitic "botnets" disseminate spam across scores of email addresses while frenetic anti-spam groups deploy ingenious counteroffensive tactics. The author analyzes how and why spammers become lucrative by tracing e-payment brokers directly to the illegal online pharmacy websites they contract with and expanding outward to the covert spamming networks like the notorious Russian Business Network and other underground factions based in the former Soviet states. Krebs admits it was his vigilante investigations into these types of criminals that sabotaged his 14-year tenure with the Post. For lay readers, an effectively revealing closing chapter offers tips on how anyone can safeguard their personal online information from hacker infiltration. An eye-opening, immensely distressing exposé on the current state of organized cyberspammers.

Read More

Product Details

ISBN-13:
9781402295614
Publisher:
Sourcebooks
Publication date:
11/18/2014
Pages:
256
Sales rank:
242,172
Product dimensions:
6.00(w) x 9.10(h) x 1.20(d)

Read an Excerpt

Chapter 1
PARASITE

The navy blue BMW 760 nosed up to the crosswalk at a traffic light in downtown Moscow. A black Porsche Cayenne pulled alongside. It was 2:00 p.m., Sunday, September 2, 2007, and the normally congested streets adjacent to the storied Sukharevskaya Square were devoid of traffic, apart from the tourists and locals strolling the broad sidewalks on either side of the boulevard. The afternoon sun that bathed the streets in warmth throughout the day was beginning to cast long shadows on the street from the historic buildings nearby.

The driver of the BMW, a notorious local scam artist who went by the hacker nickname "Jaks," had just become a father that day, and Jaks and his passenger had toasted the occasion with prodigious amounts of vodka. It was the perfect time and place to settle a simmering rivalry with the Porsche driver over whose ride was faster. Now each driver revved his engine in an unspoken agreement to race the short, straight distance to the big city square directly ahead.

As the signal flashed green, the squeal of rubber peeling off on concrete echoed hundreds of meters down in the main square. Bystanders turned to watch as the high-performance machines lurched from the intersection, each keeping pace with the other and accelerat­ing at breakneck speed.

Roaring past the midpoint of the race at more than 200 kilometers per hour, Jaks suddenly lost control, clipping the Porsche and careen­ing into a huge metal lamp post. In an instant, the competition was over, with neither car the winner. The BMW was sliced in two, the Porsche a smoldering, crumpled wreck close by. The drivers of both cars crawled and limped away from the scene, but the BMW's passenger-a promising twenty-three-year-old Internet entrepreneur named Nikolai McColo-was killed instantly, his almost headless body pinned under the luxury car.

"Kolya," as McColo was known to friends, was a minor celebrity in the cybercriminal underground, the youngest employee of a family-owned Internet hosting business that bore his nickname-McColo Corp. At a time when law-enforcement agencies worldwide were just waking up to the financial and organizational threats from organized cybercrime, McColo Corp. had earned a reputation as a ground zero for it: a place where cybercrooks could reliably set up shop with little worry that their online investments and schemes would be discovered or jeopardized by foreign law-enforcement investigators.

At the time of Kolya's death, his family's hosting provider was home base for the largest businesses on the planet engaged in pumping out junk email or "spam" via robot networks. Called "botnets" for short, these networks are collections of personal computers that have been hacked and seeded with malicious software-or "malware"-that lets the attackers control the systems from afar. Usually, the owners of these computers have no idea their machines have been taken hostage.

Nearly all of the botnets controlled from McColo were built to blast out the unsolicited junk spam advertisements that flood our inboxes and spam filters every day. But the servers at McColo weren't generating and pumping spam themselves; that would attract too much attention from Internet vigilantes and Western law-enforcement agencies. Instead, they were merely used by the botmaster businesses to manipulate millions of PCs scattered around the globe into becoming spam-spewing zombies.

By the time paramedics had cleared the area of Kolya's accident, gruesome images of the carnage were already being uploaded to secre­tive Russian Internet forums frequented by McColo's friends and business clients.... This was a major event in the cybercrime underworld.

Days later, the motley crew of Moscow-based spammers would gather to pay their last respects at his service. The ceremony was held at the same church where Kolya had been baptized less than twenty-three years earlier. Among those in attendance were Igor "Desp" Gusev and Dmitry "SaintD" Stupin, coadministrators of SpamIt and GlavMed, until recently the world's largest sponsors of spam1-and two figures that will play key roles in this book.

Also at the service was Dmitry "Gugle" Nechvolod, then twenty-five years old and a hacker who was closely connected to the Cutwail botnet. Cutwail is a massive crime machine that has infected tens of millions of home computers around the globe and secretly seized control over them for sending spam. To this day, Cutwail remains one of the largest and most active spam botnets-although it is almost undoubtedly run by many different individuals now (more on this in Chapter 7, "Meet the Spammers").

So why is it important to note these three men's presence at such a momentous event for cybercrime? Because their work (as well as Kolya's and hundreds of others) impacts every one of us every day in a strange but seriously significant way: spam email.

Indeed, spam email has become the primary impetus for the devel­opment of malicious software-programs that strike computers like yours and mine every day-and through them, target our identities, our security, our finances, families, and friends. These botnets are virtual parasites that require care and constant feeding to stay one step ahead of antivirus tools and security firms who work to dismantle the networks.

This technological arms race requires the development, production, and distribution of ever-stealthier malware that can evade constantly changing antivirus and anti-spam defenses. Therefore, the hackers at the throttle of these massive botnets also use spam as a form of self-preservation. The same botnets that spew plain old spam typically are used to distribute junk email containing new versions of the malware that helps spread the contagion. In addition, spammers often reinvest their earnings from spamming people in building better, stronger, and sneakier malicious software that can bypass antivirus and anti-spam software and firewalls. The spam ecosystem is a constantly evolving technological and sociological crime machine that feeds on itself.

Given the increasing menace of spam email and related cybersecurity assaults that directly affect consumers and companies (like the major news story I broke to the media in December 2013 about the Target credit-card database breach-a cyberattack that compromised millions of Americans' financial information and forced an even greater number of us to get new credit cards), you may be wondering why governments, law-enforcement officials, and corporations aren't taking a stronger and more significant stance to stop the tidal wave of spam and cybercrime impacting us all.

Part of the reason is that many policymakers and cybercrime experts tend to dismiss spam as a nuisance problem that can be solved or at least mitigated to a manageable degree by the proper mix of technology and law enforcement. For many of the rest of us, spam has become almost the punch line of a joke, thanks to its close association with male penile-enhancement pills and erectile dysfunction medica­tions such as Viagra and Cialis. We assume that if we don't open the emails or don't purchase anything from them, we aren't affected.

Unfortunately, that attitude underscores a popular yet funda­mental miscalculation about the threat that spam poses to every one of us.

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >