“Spam Nation,” a portrait of 2014 cybercrime

For those interested in cybersecurity, journalist Brian Krebs is a more or less standard reference. Krebs, who used to cover cybercrime cases for the Washington Post, left his position in the newsroom and set up his own blog to continue investigating what is behind some of the most notorious cases or the most common crimes.

In his first (and so far only) book, “Spam Nation,” Krebs tells us about the so-called “Pharmaceutical Wars” between the leaders of two criminal “families”, who between 2007 and 2013 competed for the market of spamming and selling counterfeit drugs.

The two spammers, Pavel Vrublevsky and Dimitry Nechvolod, escalated their rivalry by leaking information about each other, bribing authorities, competing on price and, finally, even ordering the assault and physical elimination of their rivals. All in a six-year “war” that ended with the defeat of both.

Krebs, who tells in first person his inquiries about this rivalry, even learned Russian and traveled to the Russian Federation to interview them in person and, along the way, gives us a portrait of how the mafias that use the Internet for their purposes act and organize themselves.

Thus, we will learn how some of the most powerful spam networks of the time arise, are maintained and operate, some of which are still active today, or are heirs of these. And how, at the same time, the services of these networks are rented for sending mass mailings. Which, in the case of the book, were advertisements of fake pharmacies selling copies or counterfeit drugs.

Much more than Viagra

Incredible as it may seem, this business was (and still is) particularly profitable. In countries like the United States, where it is sadly common for millions of people to be unable to afford their drugs, many desperate people turn to fake “Canadian pharmacies” to purchase what they believe to be their treatments.

Contrary to what one might think, this is where the bulk of the business of these mafias comes from and not from the over-the-counter sale of “recreational” drugs such as the famous Viagra (from Pfizer Laboratories) and Cialis (from Lily). What they get in return can be either perfect counterfeits or adulterated products that seriously endanger their health. The book details some cases in which the use of these drugs causes serious injuries and even death to their users.

In the Spanish case, where medical treatments are subject to control and financed by the authorities, what predominates are, according to data from the Civil Guard, the illegal sale of steroids and recreational drugs.

Crime as a service

Between anecdote and anecdote, Krebs also details how is the structure of “outsourcing” or “Crime as a service”, in which the mafias hire third parties for their activities. Thus, the owners of “Canadian pharmacies” pay the owners of spam networks or “botnets” to advertise, on the other hand they host their servers in opaque service providers, which do not respond to requests from the authorities to provide the identity of the owners of a domain, or to close it.

They also ally themselves with banks and online payment providers that do not ask where the money comes from and, finally, they turn to Indian and Chinese laboratories for the manufacture of drugs, which can range from perfect replicas made without a license, to mixtures of amphetamines, cement and rat poison mixed in a cement mixer.

The costs of subcontracting mean that the mafias make large profit margins. And, contrary to what you might expect from a crime syndicate, they do not hesitate to make returns or reshipments, preferring a satisfied customer to someone who, in anger, might complain to the authorities and draw attention to their activities.

“Public-Private Partnership”

Meanwhile, in the Russian Federation, where Vrublesky’s and Nechvolod’s organizations were based, the organization responsible for prosecuting cybercrime, the Federal Security Service or FSB, either turned a blind eye or else functioned as private security for them, in exchange for money, of course. And in many cases they raided the facilities of their rivals for payment. The FSB, a direct heir to the Soviet KGB, according to Krebs, is in the habit of not preventing the operations of cybercriminals unless they are a nuisance to the government.

The U.S. authorities, described by Krebs as disoriented at the time, soon gave up on dealing with criminal networks on the Internet and did not act until Microsoft, Krebs himself and a university professor served them the solution on a platter.

Years later the book is still very interesting and offers us clues and trends in cybercrime that may still have validity. And as for the protagonists, you may want to search for some of the names that appear.

You will discover that there are more than one running pizzerias in Marbella and… computer stores.

See also in: