‘Spam Nation’ Shines a Light on the Dark and Sleazy World of Cybercrime

spam nationSpam is a funny thing. In invades our inboxes and our lives and wreaks havoc on what would otherwise be a pleasant experience, this email thingy. And in response, we find ways to fight it, mostly by ignoring it – that is, identifying it using algorithmic processes and then dumping it somewhere where it won’t be much of a bother. We also write about it, talk about it, gripe about it, and find ways to make light of it. After all, spam is pretty solid as comic fodder, and hiding our pain amid the laughter is another way to obfuscate. But at the end of the day, spam is serious business, and bad business at that, and author Brian Krebs knows all about it.

Krebs writes about computer security. A former reporter for The Washington Post, Krebs has authored more than 1,300 posts for the Security Fix blog, and he fell into tech blogging by accident when, in 2001, his home network was taken over by a Chinese hacking group. Krebs writes that after that he “decided to learn as much as I could about computer and Internet security,” and write he did, to the extent that he just released his book Spam Nation: The Inside Story of Organized Cybercrime –From Global Epidemic to Your Front Door. It’s a hefty title for a hefty topic, and in his book, Krebs shines a light on the sleazy world of cybercrime.

Krebs has no illusions about the nature of the people he exposes. According to Bloomberg Business Week, “In early January, Krebs got a bag of poop in the mail. That was better than the time last summer when he received 13 packets of heroin. Both were way, way better than the day last March when a SWAT team descended on his doorstep, lured by a fake report of a hostage situation. “Having multiple automatic weapons pointed at your head is not my idea of a great time,” Krebs deadpans. “The kind of work I do, I paint a big target on my head.””

If you haven’t heard of Krebs, you’ve certainly heard about the stories he’s broken. Krebs is credited for uncovering the theft of tens of millions of customer financial data from US retailer Target, and he uncovered the hack of Adobe Systems in 2013. He was also the first to report on the existence of the Stuxnet virus, so rest assured that you knew Brian Krebs, even if you didn’t know the name.

And Krebs’ book is a welcome addition to the world of cybersecurity. As TechRepublic points out, “Krebs sheds a much-needed spotlight on the world of cybercrime through solid research, his skills in investigative journalism, and interviews with some actors in Russia. Krebs traveled to Moscow in 2011 to meet these individuals, and also learned Russian in order to decipher and analyze the databases and records certain members of the spamming community made available to him.” Public officials, Krebs told TechRepublic, didn’t see the connection in the underground economy of cybercrime, essentially misjudging the threat.

Krebs began working on Spam Nation after he broke the Stuxnet story in 2010. “I started looking through all the databases…leaked by the people who had hacked these big pharmacy operations. It was so much information, it was overwhelming. It was like a Rosetta Stone of who’s who in this space. And it really helped to show the overlap among players in these various cybercrime operations.” TechRepublic talks about Krebs’ findings when he was in Russia. Interestingly, “[the] spammers often do not see themselves as law breakers; in the case of cheap internet drugs, they saw a market need in the US and went after it.”

Spam Nation, Krebs’ blog explains, “delves deeper than perhaps any other publication into the workings of the cybercrime underground, giving readers unprecedented access to a well-hidden world that few outside of these communities have seen up close.” The scenario is an ongoing turf war between two of spam’s biggest sponsors. “A true-crime tale of political corruption and ill-fated alliances, tragedy, murder and betrayal, this book explains how the conditions that gave rise to this pernicious industry still remain and are grooming a new class of cybercriminals.” The book also examines the role played by cybercrime forums and the communities that comprise a dark underground network, “while protecting scam artists from getting scammed.”

So, if you thought spam was just a cluster of bot herders directing zombies, fear not. There’s enough intrigue in there to make for an interesting movie.