“Spam Nation” is an account of the various internet scams and the story behind the major players in this mostly Russian based crime arena. The time period Brian Krebs covers is from the late nineties through the first half of 2014. At the end of the book is a summary of the state of internet crime in 2014 and steps that individuals can take to mitigate theirs risks of becoming victims. The types of scams he goes into include: spam, internet pharmacies, scareware (bogus threats pretending to be from law enforcement to intimidate users into paying ransom to get their computers unlocked), fake anti-malware (intended to bait users into downloading and thereby introducing a virus into their system that can take over their machine), identity and password theft. He doesn’t include hacking by governments and hacking aimed at corporations.
Several interesting points came up as I was reading this. The first is that so much, perhaps most of the cybercrime is based in Russia and some of the former Soviet countries like Belarus and the Ukraine. There are historical reasons he gives for this. Another interesting point is the subject of “Botnets” and how individual computers can be subverted to spam other machines without the owner even realizing it. Armies of these machines are commandeered and sold in the underground market for perpetrating attacks and other nefarious purposes. The most interesting section of the book to me was about internet pharmacies. Many of these sites pose as “Canadian pharmacies” and are actually based in Russia and source their drugs anywhere in the world they can find the cheapest price at that given moment. One impediment to stopping them has been that the pharmaceutical industry and the US government have resisted having samples analyzed because 99.9% of the time they are chemically identical to the medications that we pay so much for in the US. The problem for customers is that using them for long periods of time increases the chance of getting a bad drug. Some customers have purchased drugs with lead or uranium in them, for example, and suffered severe consequences. Also interesting to note is that in Europe and other countries where medications aren’t as expensive or are covered, the greater number of sales tend to be for recreational purposes such as opioid pain killers and Viagra. In the US where legitimate medications are unaffordable for many people, the greatest sales are for drugs to treat serious illnesses such as diabetes and heart disease. There are a few licensed pharmacies online, but they are vastly outnumbered by the fraudulent ones. It is illegal for Americans to have drugs shipped to the US from foreign sources even if purchased through a licensed foreign pharmacy with a prescription.
Brian Krebs is an investigative journalist specializing in internet security. His research for this book even included going to Russia and meeting with some of the cybercriminals in person (at some risk to himself). The subject of cybercrime and cybersecurity is a rapidly evolving one and Brian Krebs maintains a website for the latest information; at http://krebsonsecurity.com/. He also does frequent speaking and media appearances. A final thought occurred to me while reading this book: how could so many revelations about cybercrime be uncovered by an individual reporter while eluding so many government agencies and internet corporations who have a stake in security?