Posts Tagged: russian business network

Jul 14

Pre-order Your Copy of ‘Spam Nation’ Now!

Some of you may have noticed that a new element recently debuted in the sidebar: The cover art for my upcoming book, Spam Nation, due to hit bookshelves (physical and virtual) November 18, 2014. Please allow me a few moments to explain what this book is about, and why you should pre-order it today.

The back of Spam Nation.

The back of Spam Nation. Click to enlarge.

Spam Nation delves deeper than perhaps any other publication into the workings of the cybercrime underground, giving readers unprecedented access to a well-hidden world that few outside of these communities have seen up close.

Update, Dec. 9, 2014: Spam Nation has just landed on the New York Times bestseller list!

Original post:

The backdrop of the story is a long-running turf war between two of the largest sponsors of spam. A true-crime tale of political corruption and ill-fated alliances, tragedy, murder and betrayal, this book explains how the conditions that gave rise to this pernicious industry still remain and are grooming a new class of cybercriminals.

But Spam Nation isn’t just about junk email; most of the entrepreneurs building and managing large-scale spam operations are involved in virtually every aspect of cybercrime for which there is a classification, including malware development, denial-of-service attacks, identity theft, credit card fraud, money laundering, commercial data breaches and extortion.

Spam Nation looks at the crucial role played by cybercrime forums, and how these communities simultaneously weave the social fabric of the underground while protecting scam artists from getting scammed.

The book also includes a detailed history of the Russian Business Network (RBN); how it became the virtual boogeyman of the Internet and prefigured an entire industry of “bulletproof” hosting providers.

Along the way, we meet numerous buyers who explain what motivated them to respond to spam and ingest pills ordered from shadowy online marketers. In the chapter “Meet the Spammers,” readers get a closer look at the junk emailers responsible for running the world’s largest botnets.

In addition, Spam Nation includes first-hand accounts of efforts by vigilante groups to dismantle spam and malware operations, and the vicious counterattacks that these campaigns provoked from the spam community.

Now, here’s the important bit: Anyone who pre-orders the book and emails their proof-of-purchase to this address before Nov. 18, 2014 will receive a signed copy. This extends even to those who opt for a digital copy of the book. That’s because the signature will come on a bookplate, which is simply a decorative label that is affixed to the inside front cover. Bookplates allow my publisher Sourcebooks to distribute signed copies of Spam Nation without having to constantly ship me very heavy truckloads of books to sign and then ship back again for reshipment.

The pre-order link for Amazon is here; readers who wish to purchase the book from Barnes & Noble can do so here. Fans of the Washington D.C. literary landmark Politics and Prose can pre-order the book from them at this link. Forward your emailed proof-of-purchase, or a scan/photo of your receipt. Basically anything that says you purchased the book, the quantity purchased, as well as your name and mailing address. Continue reading →

Aug 10

Shunning and Stunning Malicious Networks

McAfee just published the sixth edition of its Security Journal, which includes a lengthy piece I wrote about the pros and cons of taking down Internet service providers and botnets that facilitate cyber criminal activity. The analysis focuses on several historical examples of what I call “shuns” and “stuns,” or taking out rogue networks either by ostracizing them, or by kneecapping their infrastructure in a coordinated surprise attack, respectively.

The theme of this edition of the journal is finding ways to take security on the offense, and it includes articles from noted security researchers Joe Stewart and Felix “FX” Lindner.

Here’s the lead-in from my contribution:

The security technologies most of us rely on every day — from anti-virus software to firewalls and intrusion detection devices — are reactive. That is, they are effective usually only after a new threat has been identified and classified. The trouble is that, meanwhile, an indeterminate number of individuals and corporations become victims of these unidentified stalkers.

Until quite recently, this “bag ’em and tag ’em” approach to dealing with malicious activity online had become so ingrained in the security community that most of the thought leaders on security were content merely to catalog the Internet’s worst offenders and abide the most hostile networks. Exponential increases in the volume and sophistication of new threats unleashed during the past few years — coupled with a pervasive attitude that fighting criminal activity online is the principal job of law enforcement — have helped to reinforce this bunker mentality.

Then, in the fall of 2007, something remarkable happened that seemed to shake the security industry out of its torpor: a series of investigative stories in the mainstream and technology press about concentrations of cybercrime activity at a Web hosting conglomerate in St. Petersburg known as the Russian Business Network (RBN) caused the ISPs serving the infamous provider to pull the plug. The RBN, which had been a vortex of malicious activity for years, was forced to close up shop and, subsequently, scattered its operations.

This was the first of many examples that would demonstrate the strategic (and, arguably, cathartic) value of identifying and isolating significant, consistent sources of hostile — if not criminal — activity online. I will focus on two popular methods of taking the fight to the enemy and will offer a few thoughts on the long-term viability of these approaches.

Copies of the journal are available from this link.

Dec 09

Story-Driven Résumé: My Best Work 2005-2009

I began writing for The Washington Post in 1996, and started covering computer and Internet security in 1999. Below are links to what I believe is some of my best work over the past four years or so. Virtually all of the stories and blog posts listed here were either Washington Post/Security Fix exclusives, or were the result of my investigative reporting and research aimed at shining a light on the Internet’s darkest corners, and educating readers about the importance of security.

Continue reading →