ebook img

Spam nation: the inside story of organized cybercrime—from global epidemic to your front door PDF

322 Pages·2014·6.36 MB·English
Save to my drive
Quick download

Preview Spam nation: the inside story of organized cybercrime—from global epidemic to your front door

SpamNationTP.indd 1 2/25/15 3:29 PM Copyright © 2014 by Brian Krebs Cover and internal design © 2014 by Sourcebooks, Inc. Cover design by The Book Designers Sourcebooks and the colophon are registered trademarks of Sourcebooks, Inc. All rights reserved. No part of this book may be reproduced in any form or by any electronic or mechanical means including information storage and retrieval systems— except in the case of brief quotations embodied in critical articles or reviews— without permission in writing from its publisher, Sourcebooks, Inc. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought.— From a Declaration of Principles Jointly Adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations All brand names and product names used in this book are trademarks, registered trademarks, or trade names of their respective holders. Sourcebooks, Inc., is not associated with any product or vendor in this book. Published by Sourcebooks, Inc. P.O. Box 4410, Naperville, Illinois 60567- 4410 (630) 961-3 900 Fax: (630) 961- 2168 www.sourcebooks.com Library of Congress Cataloging-in-Publication Data Krebs, Brian. : the inside story of organized cybercrime—from global epidemic to your front door / Brian Krebs. pages cm 1. Computer crimes—United States. 2. Internet fraud—United States. 3. Spam (Electronic mail) 4. Phishing. 5. Organized crime—United States. I. Title. HV6773.2.K74 2014 364.16’80973—dc23 2014023007 Printed and bound in the United States of America. VP 10 9 8 7 6 5 4 3 2 1 SpamNationTP.indd 2 2/25/15 3:29 PM For my BizMgr SpamNationTP.indd 3 2/25/15 3:29 PM SpamNationTP.indd 4 2/25/15 3:29 PM CONTENTS Preface vii Chapter 1: Parasite 1 Chapter 2: Bulletproof 17 Chapter 3: The Pharma Wars 47 Chapter 4: Meet the Buyers 67 Chapter 5: Russian Roulette 85 Chapter 6: Partner(ka)s in (Dis)Organized Crime 113 Chapter 7: Meet the Spammers 135 Chapter 8: Old Friends, Bitter Enemies 157 Chapter 9: Meeting in Moscow 189 Chapter 10: The Antis 205 Chapter 11: Takedown 227 Chapter 12: Endgame 255 Epilogue: A Spam- Free World: How You Can Protect Yourself from Cybercrime 279 A Conversation with Brian Krebs 289 Acknowledgments 295 Sources 297 About the Author 305 SpamNationTP.indd 5 2/25/15 3:29 PM WHO’S WHO IN THE CYBERWORLD PAVEL VRUBLEVSKY, a.k.a “RedEye”— Russian Business Network (RBN) in St. Cofounder of ChronoPay, a high-risk card Petersburg, Russia. processor and payment service provider that was closely tied to the rogue EVGENY PETROVSKY, a.k.a. “Pet”— antivirus industry. Cofounder of Rx- Belarusian owner of companies Sunbill Promotion pharmacy affiliate program. and BillCards, credit card processing networks that were deeply involved YURI KABAYENKOV, a.k.a. “Hellman”— in processing payments for child Co-owner of Rx-Promotion along with pornography sites. Pavel Vrublevsky. NIKOLAI McCOLO, a.k.a “Kolya”—The IGOR GUSEV, a.k.a “Desp”—Cofounder young entrepreneur behind McColo of ChronoPay, and co-owner of the Corp., which until its demise in 2008 pharmacy spam partnerships SpamIt was among the most popular Web and GlavMed. hosting providers in the cybercrime underground. DMITRY STUPIN—Co-owner, along with Igor Gusev, of the pharmacy partnerships LEONID KUVAYEV—A convicted spam- SpamIt and GlavMed. mer who ran the RxPartners pharmacy spam affiliate program. Kuvayev is IGOR VISHNEVSKY—A spammer who currently serving a ten-year prison helped develop the “Cutwail” spam sentence in Russia for child molestation botnet, and a onetime business and child pornography. partner of Dmitri “Gugle” Nechvolod, a major spammer. IGOR AND DMITRY ARTIMOVICH, a.k.a. “Engel”—Brothers who allegedly DMITRY NECHVOLOD, a.k.a. “Gugle”— operated the “Festi” spam botnet and One of SpamIt and Rx-Promotion’s most were close allies of Vrublevsky. The successful spammers, Gugle rented out brothers were convicted in 2013 of using his “Cutwail” spam botnet for use by Festi to attack the website of Assist, a many other junk emailers. ChronoPay competitor, although they deny this. GENNADY LOGINOV—A Belarusian man and leader of a militant organized crime COSMA—Spammer for both GlavMed- group known as “The Village.” Partner SpamIt and Rx-Promotion and principal with Alexander Rubatsky and involved author of the massive Rustock botnet. in the kidnapping and ransom of Evgeny “Pet” Petrovsky—a rival businessman. SEVERA—Spammer for both GlavMed- SpamIt and Rx-Promotion and the ALEXANDER RUBATSKY—A Belarusian apparent author of the Waledac and hacker closely tied to the child porno- Storm botnets. graphy industry who later founded the SpamNationTP.indd 6 2/25/15 3:29 PM PREFACE S ince the original hardcover publication of Spam Nation, I’ve spoken at multiple speaking engagements and book signings about the issues of cybercrime and cybersecurity. One ques- tion I’m often asked is, “Why did you choose to include the word ‘spam’ in the title of your book? Nobody likes junk email, so why would they even crack the cover?” Also, readers seem to be curious why—if so many of the cybercrooks that I write about are based in Russia and the former Soviet states—does the book have a picture of the United States on its cover? I chose that title for several reasons. First, like it or not, spam is the primary vehicle for most cybercrime. Most people associate spam with junk email, which is something they don’t feel they need to care about, but the term also encompasses malicious email, including missives that bundle malicious software and disguise it as a legitimate-looking attachment, as well as phish- ing attacks designed to steal your banking credentials and other account information. SpamNationTP.indd 7 2/25/15 3:29 PM vIII | BRIAN KREBS Second, I wanted to express that—at least traditionally— Americans have been the reason for and the target of most spam and cybercrime. Spam would not exist were it not profitable for those that send it, and incredibly millions of American consumers are responding to and buying from spam—thus perpetuating the cycle of fraud and abuse that affects us all. Finally, as described in detail in Chapter 2, the early cybercrime pioneers who built most of the spam industry were able to do so because they operated undeterred for years out of U.S.-based hosting providers that seemed completely oblivious to or willfully ignorant of the reputation of the partners with whom they’d chosen to do business. But recently, it’s become impossible for any of us to ignore these spammers’ and hackers’ actions because they are now hitting us where it hurts most: our wallets. Stephanie Bowen, my gracious and tenacious editor at Sourcebooks, had lobbied for the initial hardcover publication of Spam Nation to include a discussion about the epidemic of credit card breaches over the past year at retailers around the globe, but principally here in the United States. At the time, I didn’t think the topic exactly fit with the flow of the narrative, but she ended up sneaking a mention of the December 2013 breach at Target Corporation into Chapter 1 anyhow. Upon further reflection, I now see that she was right: these card breaches do have much to say about the state of modern organized cybercrime (a major focus of this book). It’s worth noting that the Target breach began with a spam email sent to a heating and air conditioning (HVAC) vendor that worked with Target and had remote access to portions of Target’s network. That spam message SpamNationTP.indd 8 2/25/15 3:29 PM SPAM NATION | Ix contained malicious software disguised as a document related to the company’s business. Once inside the HVAC company’s computers, the attackers were able to abuse that access to break into Target’s network. The rest is history. According to sources interviewed by this author, the malware was sent to the HVAC vendor by a collection of hacked PCs known as the “Cutwail” botnet, the very spam crime machine built by two characters profiled extensively in this book. As I wrote in the final chapter of Spam Nation, cybercrooks at the helm of massive spam engines these days are spending more of their resources churning out malicious spam designed to target consumers’ account infor- mation as opposed to commercial pitches for dodgy products like knockoff pharmaceuticals. I was able to break the Target breach story because the thieves who stole forty million credit and debit card numbers from the retail chain turned around and sold them on open-air bazaars online. I determined that Target was the source of the stolen cards by discovering these and utilizing the same knowledge gaps in the financial industry that the crooks are exploiting to steal data— but I was doing so to help these companies get to the bottom of these cyberattacks. What are those knowledge gaps? Prior to the Target breach discovery, I’d spent a great deal of time building sources at smaller banks, which it would seem would want to invest in cybersecurity to protect their and their customers’ assets. This might be surpris- ing to many readers, but anti-fraud experts at many of these insti- tutions actually tend not to have adequate money or resources to fight fraud, and they generally do not have the best visibility SpamNationTP.indd 9 2/25/15 3:29 PM

See more

Similar Spam nation: the inside story of organized cybercrime—from global epidemic to your front door