Full Circle Magazine FR

SPAM NATION by Brian Krebs Sourcebooks Inc. 306 Pages Paperback ISBN: 978-1492603238 The epidemic we call spam is the topic of Spam Nation by Brian Krebs. It is a bit unusual in the computer technical genre to focus so sharply on one issue, and specifically one that might be considered to be the scourge of our existence. We understandably want to keep our virtual fingertips away from the less palatable portion of the Internet lest we get them dirty. But knowledge of the people, personalities and ploys can make us more capable of predicting or recognizing the next criminal paradigm – or at least we hope. Spam Nation is most obviously a history of spam and the organized crime accompanying it, but equally important is the perseverance and courage exhibited by its writer. When the newspaper he worked for didn't have the backbone to weather a possible, albeit questionable, legal retaliation for his writings on the subject, Krebs started his own now famous blog: Krebs on Security (KrebsOnSecurity.com). Along the way he was swatted enough times to make it seem routine. (Swat teams were surreptitiously directed to his home to intentionally endanger his family and neighbors by the very cyber-criminals he wrote about.) Illegal drugs were also delivered to his door and the authorities notified, all unbeknownst to him. Eventually he even made what might have seemed a foolish decision to go directly to the source and he traveled to Moscow, the center of the trade that had become the gateway to online pharmacies. But after all, he is an investigative reporter and that is what they do. Two major trade spam partnerships, GlavMed and Rx-Promotion, would become the major players, becoming so significant they could advertise their services.

Although not the original type, it's the email version of SPAM that we all love to hate. It may seem like the deluge of spam has ended but that is more likely just a temporary lull. While spammers email is not yet flawless, it's getting more and more difficult for automated systems to recognize the bogus variety and distressingly difficult for mere flesh and blood readers. That is because, for cyber-badguys in the spam trade, like all cyber-crime, the only way to remain relevant is to get better faster than the good guys. They remain on the cutting edge, and thus everyone must remain vigilant. In phase two, their current status is like many start-up internet companies; they have a good idea but monetizing is the problem. The bottleneck in the Spam enterprise had become the payment system which, unfortunately for them, has recently been subject to much greater scrutiny, and they have not fared well. But you can be sure that, if there is a way to move money around, they will get their hands on it. And another good bet is that you will read about it in a future story in the Krebs on Security blog. The spamming industry may have started with disorganized individual efforts but eventually crystallized into an organized industry which necessarily had to address the quality issue. This had less to do with honor among thieves and more to do with business practices that allow growth and continuing profits. By now it seems that every email account on the planet has received hundreds of Viagra ads, mostly filtered out. For drugs that might have been of an embarrassing nature such as erectile dysfunction, it would make a limited business. But it blossomed such that online pharmaceuticals would cover all needs, although it would be curtailed in countries wanting to protect their citizens/industries via more vigilant policing. To remain viable the focus had to be on price, confidentiality, convenience and dependency. That required an organization.

One example is “Steve,” having gotten gonorrhea from the woman, by then ex-girlfriend, who kindly let him know the drug she was prescribed. With no co-pay, and clearly less expensive on the Internet, the purchase was a no-brainer for Steve because he had also recently been let go from his job. His experience may have been typical; sales operations persist because of satisfied repeat customers. Purchasers of low volume, very expensive drugs may not always have had a positive experience. But there was never a guarantee, the delivered items may have been the legitimate drug, a pill with no active ingredients, or even a toxic substance, all of which might be sold in what looked like the real blister-pack. Legal authorities were always quick to point out the bad and lethal cases even though the phrase “buyer beware” is relevant for any purchase. Given most drugs are made in China and India, legitimate or counterfeit, it's hard to tell what is a real item. The above mentioned organizations would thus look upon such activities harshly if it reflected poorly on their operations, and take appropriate actions. This book has elements of a crime thriller, a how-to guide and a dissatisfied customer who tells all. You immediately know there is a Russian connection because he starts with a list of 15 significant players in the Spam cyber-world along with short descriptions of their activities. It doesn’t take much convincing to decide they are not individuals you want to meet, assuming they are alive and not in free, very secure government housing. Most of them didn't get the money and high end lifestyle by being nice guys, but you could have guessed that part. There are payoffs to government officials, double-crosses and organized crime style retaliations. While business enterprises (that bring money into the country but don't harm its citizens) are sometimes tolerated, eventually the country in question can’t deny any knowledge and must turn up the heat on the miscreants.

Setting aside the business part, it's the technical wizardry that necessarily defines the mostly unseen programmers that keep the web sites running. Their redundancy and secure record-keeping gets put to the test. They have to be not just world class but able to circumvent the best efforts of countries trying to shut them down, and sometimes their competition. (Governments and corporations could learn a thing or two from these guys.) But, like many a murder mystery, their Achilles heel was and remains the money. Credit card processing networks like ChronoPay, with laundering schemes and various flavors of virtual money like BitCoin, were avenues taken, but too often for the bad guys, they would eventually become undependable. Spam Nation is a book about the rise and fall of one part of organized crime. There were real companies and brands like Pfizer and Vista affected. It took the concerted effort of many government offices/countries to bring it down. There is a lot to learn in this book for both sides, but it can't be over. History has shown that, legal or not, whenever there is a demand for products and services, a more sophisticated, stealthy venture can emerge and circumvent the current business controls. Spam Nation is a book about that process.