Brian Krebs's "Spam Nation"
In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.
Krebs enjoys an odd position in the Russian pharma spam underground, which accounts for a great majority of the spam, botnet, and crooked payment-processing in the cybercrime ecosystem. As a dogged investigator of the business, he is notorious and often hated by the spammers -- who include some very unsavory characters -- but he's also something of a father confessor to some of the most senior members of the industry.
As Krebs tells it, he would frequently get early-morning phone calls from spam kingpins who would call to boast, rage, rant and taunt as they unwound at their desks in Moscow after a long day's hard graft. These calls were supplemented by emails, some from different identities that Krebs has good reason to believe are all fronts for one person, that were by turns threatening and bragging.
But Krebs's access to the inner workings of the spam underground was massively expanded when the two largest spam-bosses went to war against one another, paying corrupt Russian cops to investigate and incarcerate one another. Part of this war involved rival hackers breaking into one another's internal networks and grabbing enormous troves of emails, chat-logs, and message-board databases that were fired off to law enforcement -- and Krebs.
From these insider resources, Krebs pieces together a gripping -- and even, at times, thrilling -- story about the strange business of pharmaceutical spam, an industry that is bizarre, sprawling, dysfunctional and contradictory. Fuelled by world-beatingly high price of pharmaceuticals in the USA, the pharma-spam business uses millions of hacked PCs to send out come-ons advertising all manner of drugs, from anti-depression meds to fertility meds to powerful, controlled painkillers -- and, of course, erectile dysfunction medication.
The "affiliates" who run the titanic botnets that send out all this spam make their money on commissions for successful sales, and live in terror of "chargebacks" from disgruntled customers, which endangers the whole system's relationship with the few payment processors willing to handle its transactions.
The pharma orders are handed off to Indian and Chinese suppliers, who bid in realtime for the business, with the lowest bidder getting orders as they're placed. Oftentimes, the drugs arrive just as described, having been produced by reputable pharmaceutical factories who supply the domestic markets. But with no controls on quality, there are worrying exceptions to this: sometimes customers receive expired drugs, and, in a few fatal incidences, drugs contaminated with heavy metals and even uranium.
For all this industry, the overall sums involved are rather modest, eroded by the cost of payment processing, paying for hackers to beat anti-virus software to keep their botnets alive, and the rest of the supply-chain. Although the spam industry has made millionaires of a few people at the top, the total revenues -- to say nothing of the net profits -- are much smaller than the total costs the industry inflicts on the Internet as a whole in the form of anti-spam, security, and other costs.
Meanwhile, the spam industry and the anti-spam vigilantes who make war on it have converged on tactics. In a fascinating chapter, Krebs relays how Russian spammer message-boards rage with discussion about the need for anti-spam tools that keep the low-level, ankle-biter spammers out of their victims' inboxes, without which their own pharma spam would never be able to rise above the noise-floor. And as for the anti-spammers, one of their most effective tactics has been to stage denial-of-service attacks on the ordering systems, placing thousands of bogus orders for drugs that overwhelm the system's ability to process them.
The story of the spam wars -- which culminates in the high-tech gang war that resulted in much of Krebs's source materials falling into his hands -- is by turns hilarious (many of the characters in the Russian cybercrime underground are colorful and awfully funny) and awful (much of the payment processing in the spam underground is also used to process payments for rape- and child-porn). Krebs has organized the whole baroque tale into something that's clearer and more interesting than it has any right to be, and it's a great read for people trying to get a grip on why their inboxes bulge with spam.
Which is not to say that the book is perfect. Some of the evidentiary trials that Krebs strings together to show why he believes so-and-so is involved in such-and-such are described in eye-watering detail that could just as easily have been put in a footnote rather than bogging down the story. And there is a very disturbing passage in which Krebs starts cold-calling customers for pharma-spammers (he gets their numbers from a leaked database) to ask them about their participation in the spam economy. This is an important subject to investigate, but it is fraught with serious ethical problems, as he has become privy to the private medical details of his subjects through a criminal hack, and in some cases, he comprimises their privacy by discussing their orders with whomever answers the phone when he calls.
But taken as a whole, Spam Nation is an excellent look at the technicalities, ethics, economics, global politics, and business of spam and cybercrime, and it is researched and told with enormous care and verve.
Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door
Chicago's Volante (previously) bills itself as "streetwear for superheroes," and I love their clothes. They've just released an addition to their existing canon of Star Trek-themed, cosplay-adjacent clothes: the Picard Sweater, a stretchy knit tribute to Jean-Luc himself, the perfect thing to wear while you're watching Wil Wheaton host "The Ready Room," which airs after […]
Last year, McMansion Hell (previously) inaugurated its annual gingerbread McMansion competition, inviting America's bakers to challenge themselves to build the largest, most ostentatious, most ill-conceived McMansion in gingerbread form.
Nathaniel Stern writes, "The World After Us: Imaging techno-aesthetic futures (Flickr set) is an art exhibition that asks, 'What will — and what can — happen to our gadgets over geological time?' For the last few years, I have been working scientists to artificially age phones and computers in different ways, growing plants and fungi […]
Photoshop is one of the most widely used photo editing tools out there, to the point that it’s the default program designers think of whenever they need work done. Small wonder, too: The flagship software in Adobe’s creative suite is very powerful — if you know how to use it. There is a lot to […]
Bamboo fiber is a relatively new thing in luxury fabrics, but it’s no surprise it’s this snuggly. After all, pandas eat bamboo, and they constantly look comfortable. But seriously: To understand the benefits of real bamboo sheets, you have to spend a night on them. This 4-Piece Luxury 100% Rayon Bamboo Sheet Set is a […]
No chef’s arsenal is complete without a good set of knives. In fact, it’s the first big sign that you’re ready to start cooking meals as opposed to just warming them up. Here are 20 knife sets that any chef would be proud to own, from visually stunning old-world metallurgy to sleek modern cutlery. Mini […]