27 von 30 Kunden fanden die folgende Rezension hilfreich
- Veröffentlicht auf Amazon.com
Format: Gebundene Ausgabe
Spam is a Russian industry. There are competitors, partnerships, even contests for most responses. Incredibly (to us), spam delivered in Russia actually offers links to spamming services at the bottom of the spam, so that your business too, can benefit. The drug spam industry is financed by American consumers, who want to save money, avoid going to doctors, or even deal prescription drugs to others. The spammers fill a genuine void and satisfy a genuine demand in a twisted healthcare system. This is the story that Brian Krebs reveals, in dramatic, fascinating and fine detail.
The online “pharmacies” contract with fabs in India and China, just like the majors do. Goods are shipped by them directly to the customer. Refunds are easier to obtain than from US firms, because the spammers don’t want their card processors to fine them or cut them off. And better customer service leads to reorders (!). And if they don’t, aggressive outbound telemarketing takes over. They have supply chains, with acquirers of botnets, renters of botnets, pharmacies, affiliate programs and spammers – all getting a cut of the transaction or an upfront fee. So very few get crazy rich. Some had to take legitimate day jobs to make ends meet. Eventually, those legitimate tech jobs became more attractive than the dark ones, so recruiting became a problem. Truly, a parallel universe.
The drug spam segment is in clear decline:
1) The Achilles Heel of the spammers is that they are not totally vertical. They can collect e-mail addresses, they can create botnets, they can accept and fulfill orders. But they can’t process payment. So credit card companies and Microsoft have gone after banks, card processors and transfer agents, making business impossible for the drug spammers. They built their own universe with their own rules, but stopped short. Eventually, it had to collapse.
2) The other weak link is Russia, which harbored them. How long that would last was always questionable, but Russia is so corrupt that spammers bribed officials to investigate and close down their competitors. It was a war of attrition where eventually everyone had to lose. Overall, it was a self-inflicted, two pronged attack – on itself.
And it’s not all a semi-legitimate economy. They also evolved from scareware (your computer is not safe) to ransomware (all your files are now encrypted). And there’s the constant selling of personal information.
Krebs follows a cast of kingpins through their rise and fall. It’s a passion that cost him his career at the Washington Post, which changed “policy” so he could no longer publish his blockbuster stories. (Krebs had been the reason for the crippling and shutdown of major botnets, himself) He has kept going, following through to the end of the kingpins’ rule, and ends the book with tips on not just how, but why you need to protect your accounts. It’s all chilling and gripping, and unfortunately real.
1 von 1 Kunden fanden die folgende Rezension hilfreich
- Veröffentlicht auf Amazon.com
Format: Gebundene Ausgabe
There are really two stories within Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. The first is how Brian Krebs uncovered the Russian cybergangs that sent trillions of spam emails for years. As interesting and compelling as that part of the story is; the second storyline is much more surprising and fascinating.
Along with George V. Hulme and Steve Ragan, Krebs is one of the premier cybersecurity journalists. From 1995 to 2009, he was a reporter for The Washington Post, where he covered Internet security, technology policy, cybercrime and privacy issues. When Krebs presented the Post with his story about the Russian spammers, rather than run with it, the Post lawyers got in the way and were terrified of being sued for libel by the Russians. Many of the stories Krebs ran took months to get approval and many were rejected. It was the extreme reticence by the Post to deal with the issue and their nervous lawyers that led Krebs to leave the paper.
Before Krebs wrote this interesting book and did his groundbreaking research, it was clear that there were bad guys abroad spamming American’s with countless emails for pharmaceuticals which led to a global spam problem.
Much of the story details the doings of two of the major Russian pharmacy spammer factions, Rx-Promotion and GlavMed. In uncovering the story, Krebs had the good fortune that there was significant animosity between Rx-Promotion and GlavMed, which lead to an internal employee leaking a huge amount of emails and documents. Krebs obtained this treasure trove which he used to get a deep look at every significant aspect of these spam organizations. Hackers loyal to the heads of Rx-Promotion and GlavMed leaked this information to law enforcement officials and Krebs in an attempt to sabotage each other.
Krebs writes that the databases offered an unvarnished look at the hidden but burgeoning demand for cheap prescription drugs; a demand that appears driven in large part by Americans seeking more affordable and discreetly available medications.
Like many, I had thought that much of the pharmaceutical spam it was simply an issue of clueless end-users clicking on spam and getting scammed. This is where the second storyline comes in. Krebs notes that the argument goes that if people simply stopped buying from sites advertised via the spam that floods our inboxes, the problem would for the most part go away. It’s not that the spam is a technology issue; it’s that the products fill an economic need and void.
Krebs shows that most people who buy from the spammers are not idiots, clueless or crazy. The majority of them are performing rational, if not potentially risky choices based on a number of legitimate motivations. Krebs lists 4 primary motivations as: price and affordability, confidentiality, convenience & recreation or dependence.
Most of the purchasers from the Russian spammers are based in the US, which has the highest prescription drug prices in the world. The price and affordability that the spammers offer is a tremendous lure to these US consumers, many of whom are uninsured or underinsured.
Krebs then addresses the obvious question that this begs: if the spammers are selling huge amounts of bogus pharmaceuticals to unsuspecting Americans, why doesn’t the extremely powerful and well-to-do pharmaceutical industry do something about it. Krebs writes that the pharmaceutical industry is in fact keenly aware of the issue but scared to do anything about it. Should the reality be that the unauthorized pharmaceuticals are effective, then the pharmaceutical industry would be placed in a quandary. They have therefore decided to take a passive approach and do nothing.
The book quotes John Horton, founder and president of LegitScript, a verification and monitoring service for online pharmacies. It’s the only service recognized by the National Association of Boards of Pharmacy as adhering to its standards.
Horton observed that only 1% of online pharmacies are legitimate. But worse than that, he believes that the single biggest reason neither the FDA nor the pharmaceutical industry has put much effort into testing, is that they are worried that such tests may show that the drugs being sold by many so-called rogue pharmacies are by and large chemically indistinguishable from those sold by approved pharmacies.
So while the Russian spammers may be annoying for many, they have found an economic incentive that is driving many people to become repeat customers.
As to the efficacy of these pharmaceuticals being shipped from India, Turkey and other countries, it would seem pretty straightforward to perform laboratory tests. Yet the university labs that could perform these tests have found their hands-tied. In order to test the pharmaceuticals, they would have to order them, which is likely an illegal act. Also, the vast amount of factories making these pharmaceuticals makes it difficult to get a consistent set of findings.
As to getting paid for the products, Krebs writes how the thing the spammers relied on most was the ability to process credit card payments. What they feared the most were chargebacks; which is when the merchant has to forcibly refund the customer. If the chargeback rate goes over a certain threshold, then the vendor is forced to pay higher fees to the credit card company or many find their merchant agreement cancelled. The spammers were therefore extremely receptive to customer complaints and would do anything to make a basic refund than a chargeback. This was yet another economic incentive that motivated the spammers.
As to the main storyline, the book does a great job of detailing how the spam operations worked and how powerful they became. The spammers became so powerful, that even with all the work firms like Blue Security Inc. did, and organizations such as Spamhaus tried to do, they were almost impossible to stop.
Krebs writes how spammers now have moved into new areas such as scareware and ransomware. The victims are told to pay the ransom by purchasing a prepaid debit card and then to send the attackers the card number to they can redeem it for cash.
The book concludes with Krebs’s 3 Rules for Online Safety namely: if you didn’t go looking for it, don’t install it; if you installed it, update it and if you no longer need it, remove it.
The scammers and online attackers are inherent forces in the world of e-commerce and it’s foolhardy to think any technology or regulation can make them go away. Spam Nation does a great job of telling an important aspect of the story, and what small things you can do to make a large difference, such that you won’t fall victim to these scammers. At just under 250 pages, Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door is a quick read and a most important one at that.