Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

by Brian Krebs


View All Available Formats & Editions
Choose Expedited Shipping at checkout for guaranteed delivery by Wednesday, April 15


Now a New York Times bestseller!

There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life.

In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies-and countless viruses, phishing, and spyware attacks-he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.

Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma"-who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords-Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets.

Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can-and do-hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too.

Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime-before it's too late.

"Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals... His track record of scoops...has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." -Bloomberg Businessweek

Product Details

ISBN-13: 9781492603238
Publisher: Sourcebooks
Publication date: 05/01/2015
Pages: 320
Sales rank: 291,748
Product dimensions: 5.50(w) x 8.20(h) x 1.20(d)

About the Author

Brian Krebs is an award-winning journalist, founder of the highly acclaimed cybersecurity blog, and author of the New York Times bestseller, Spam Nation. For 14 years, Krebs was a reporter for The Washington Post, where he authored the acclaimed Security Fix blog. He has appeared on 60 Minutes, CBS This Morning, CNN, NPR, Fox, ABC News, and in the Wall Street Journal, Forbes, USA Today, and more, and has been profiled in the New York Times and Bloomberg's BusinessWeek.

Read an Excerpt

Chapter 1

The navy blue BMW 760 nosed up to the crosswalk at a traffic light in downtown Moscow. A black Porsche Cayenne pulled alongside. It was 2:00 p.m., Sunday, September 2, 2007, and the normally congested streets adjacent to the storied Sukharevskaya Square were devoid of traffic, apart from the tourists and locals strolling the broad sidewalks on either side of the boulevard. The afternoon sun that bathed the streets in warmth throughout the day was beginning to cast long shadows on the street from the historic buildings nearby.

The driver of the BMW, a notorious local scam artist who went by the hacker nickname "Jaks," had just become a father that day, and Jaks and his passenger had toasted the occasion with prodigious amounts of vodka. It was the perfect time and place to settle a simmering rivalry with the Porsche driver over whose ride was faster. Now each driver revved his engine in an unspoken agreement to race the short, straight distance to the big city square directly ahead.

As the signal flashed green, the squeal of rubber peeling off on concrete echoed hundreds of meters down in the main square. Bystanders turned to watch as the high-performance machines lurched from the intersection, each keeping pace with the other and accelerat­ing at breakneck speed.

Roaring past the midpoint of the race at more than 200 kilometers per hour, Jaks suddenly lost control, clipping the Porsche and careen­ing into a huge metal lamp post. In an instant, the competition was over, with neither car the winner. The BMW was sliced in two, the Porsche a smoldering, crumpled wreck close by. The drivers of both cars crawled and limped away from the scene, but the BMW's passenger-a promising twenty-three-year-old Internet entrepreneur named Nikolai McColo-was killed instantly, his almost headless body pinned under the luxury car.

"Kolya," as McColo was known to friends, was a minor celebrity in the cybercriminal underground, the youngest employee of a family-owned Internet hosting business that bore his nickname-McColo Corp. At a time when law-enforcement agencies worldwide were just waking up to the financial and organizational threats from organized cybercrime, McColo Corp. had earned a reputation as a ground zero for it: a place where cybercrooks could reliably set up shop with little worry that their online investments and schemes would be discovered or jeopardized by foreign law-enforcement investigators.

At the time of Kolya's death, his family's hosting provider was home base for the largest businesses on the planet engaged in pumping out junk email or "spam" via robot networks. Called "botnets" for short, these networks are collections of personal computers that have been hacked and seeded with malicious software-or "malware"-that lets the attackers control the systems from afar. Usually, the owners of these computers have no idea their machines have been taken hostage.

Nearly all of the botnets controlled from McColo were built to blast out the unsolicited junk spam advertisements that flood our inboxes and spam filters every day. But the servers at McColo weren't generating and pumping spam themselves; that would attract too much attention from Internet vigilantes and Western law-enforcement agencies. Instead, they were merely used by the botmaster businesses to manipulate millions of PCs scattered around the globe into becoming spam-spewing zombies.

By the time paramedics had cleared the area of Kolya's accident, gruesome images of the carnage were already being uploaded to secre­tive Russian Internet forums frequented by McColo's friends and business clients.... This was a major event in the cybercrime underworld.

Days later, the motley crew of Moscow-based spammers would gather to pay their last respects at his service. The ceremony was held at the same church where Kolya had been baptized less than twenty-three years earlier. Among those in attendance were Igor "Desp" Gusev and Dmitry "SaintD" Stupin, coadministrators of SpamIt and GlavMed, until recently the world's largest sponsors of spam1-and two figures that will play key roles in this book.

Also at the service was Dmitry "Gugle" Nechvolod, then twenty-five years old and a hacker who was closely connected to the Cutwail botnet. Cutwail is a massive crime machine that has infected tens of millions of home computers around the globe and secretly seized control over them for sending spam. To this day, Cutwail remains one of the largest and most active spam botnets-although it is almost undoubtedly run by many different individuals now (more on this in Chapter 7, "Meet the Spammers").

So why is it important to note these three men's presence at such a momentous event for cybercrime? Because their work (as well as Kolya's and hundreds of others) impacts every one of us every day in a strange but seriously significant way: spam email.

Indeed, spam email has become the primary impetus for the devel­opment of malicious software-programs that strike computers like yours and mine every day-and through them, target our identities, our security, our finances, families, and friends. These botnets are virtual parasites that require care and constant feeding to stay one step ahead of antivirus tools and security firms who work to dismantle the networks.

This technological arms race requires the development, production, and distribution of ever-stealthier malware that can evade constantly changing antivirus and anti-spam defenses. Therefore, the hackers at the throttle of these massive botnets also use spam as a form of self-preservation. The same botnets that spew plain old spam typically are used to distribute junk email containing new versions of the malware that helps spread the contagion. In addition, spammers often reinvest their earnings from spamming people in building better, stronger, and sneakier malicious software that can bypass antivirus and anti-spam software and firewalls. The spam ecosystem is a constantly evolving technological and sociological crime machine that feeds on itself.

Given the increasing menace of spam email and related cybersecurity assaults that directly affect consumers and companies (like the major news story I broke to the media in December 2013 about the Target credit-card database breach-a cyberattack that compromised millions of Americans' financial information and forced an even greater number of us to get new credit cards), you may be wondering why governments, law-enforcement officials, and corporations aren't taking a stronger and more significant stance to stop the tidal wave of spam and cybercrime impacting us all.

Part of the reason is that many policymakers and cybercrime experts tend to dismiss spam as a nuisance problem that can be solved or at least mitigated to a manageable degree by the proper mix of technology and law enforcement. For many of the rest of us, spam has become almost the punch line of a joke, thanks to its close association with male penile-enhancement pills and erectile dysfunction medica­tions such as Viagra and Cialis. We assume that if we don't open the emails or don't purchase anything from them, we aren't affected.

Unfortunately, that attitude underscores a popular yet funda­mental miscalculation about the threat that spam poses to every one of us.

Table of Contents

Chapter 1: Parasite
Chapter 2: Bulletproof
Chapter 3: The Pharma Wars
Chapter 4: Meet the Buyers
Chapter 5: Russian Roulette
Chapter 6: Partner(ka)s in (Dis)Organized Crime
Chapter 7: Meet the Spammers
Chapter 8: Old Friends, Bitter Enemies
Chapter 9: Meeting in Moscow
Chapter 10: The Antis
Chapter 11: Takedown
Chapter 12: Endgame
Epilogue: A Spam-Free World: How You Can Protect Yourself from Cybercrime
About the Author

Customer Reviews