© 2024
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

How A Feud Between Two Russian Companies Fueled A 'Spam Nation'

Don't install software from the Web unless it's directly from the company that made it. If you do install software, make sure you update it. And whatever you do, don't open attachments emailed to you by spammers.

These are just a few warnings from Brian Krebs, an investigative journalist and cybersecurity expert.

Krebs learned the ins and outs of how the spam industry works when he was given documents in the aftermath of a feud between two Russian companies — two of the largest sponsors of pharmaceutical spam.

The feud "would forever change the course of the spam industry," Krebs tells Fresh Air's Terry Gross. He writes about the feud and more in his new book Spam Nation.

About 10 years ago two Russian men — who previously worked together before having a falling out — incentivized the selling of products through spam, according to Krebs. In doing so they employed "probably most of the biggest virus writers out there, and the biggest spammers."

At some point, Krebs says, the men decided the "world isn't big enough for both of them," so they set out to shut each other down.

"Both of them pay hackers to break into each other's networks and steal huge amounts of information about their operation, including years' worth of emails, chat records, banking records — all these things that show how these organizations were set up," Krebs says. "They leak that to law enforcement here in the United States and in Europe, and they leaked it to me."

Ultimately, the companies destroyed each other: One company was shut down; the other guy went to jail.

Despite the crackdown, Krebs says, spam is just as prevalent today.

Interview Highlights

On how partnerships between spammers and companies work

The way the partnership works is you have the spam affiliate program, and this is just an organization that takes care of all the back-office stuff. They handle customer orders, they handle customer service, they handle getting the product from suppliers and they handle the shipping ... and then there are the spammers, and these folks, their only job is to drive traffic to the websites that are selling whatever that partnership is selling. So if it's male enhancement drugs or if its software or knock-off handbags or whatever, that's their job, is to get eyeballs to those sites. That's the partnership in a nutshell. ...

I think having gone to Russia and really taken in the scene there — people who have never really spent any time there have a hard time conceptualizing this — but you walk into a store that sells magazines, you might find dozens of magazines dedicated to hacking — criminal hacking.

It's based on commission, so if I'm a spammer and I have a whole bunch of websites that belong to me, which is usually the case, I blast out a lot of spam. If somebody comes to one of these sites in response to a spam email I sent out and makes a purchase, I get about 30 to 50 percent of whatever their purchase price was.

On why people buy from spammers

Almost invariably what I found in talking to these folks was that they bought it for cost reasons. ... In the United States, it's not uncommon for people to pay three to four to five times as much as you would, say, in Europe or anywhere else in the world where they have socialized medicine [and where] the government says you can't charge any more than this for this drug. That's sort of the arbitrage game that these guys [the spammers and partnerships] are exploiting.

So when I went to interview folks: "What motivated you to buy and ingest pills that you ordered from dubious marketers?" Price invariably was the reason. I talked to a lot of folks who were out of work, they didn't have insurance, insurance didn't cover the drugs they were prescribed, and at the end of the day, it was a math issue for them.

On what happens after you order from spammers

Every buyer that I talked to reported the same experience after ordering from spam, which was that they got ... more spam after giving away their email address to spammers — no surprise there. They also got a lot of phone calls about a week or two after the drugs arrived in their mailbox. They started getting peppered with calls from India, people asking, "Hey, you want to renew your prescription? It's almost time to renew your prescription." They would get these calls every day. One woman ... had to change her phone number.

Brian Krebs, a former <em>Washington Post</em> reporter, runs the website Krebs on Security.
/ Courtesy of Kristoff Clerix
Courtesy of Kristoff Clerix
Brian Krebs, a former Washington Post reporter, runs the website Krebs on Security.

On why hacking and spamming is so prevalent in Russia

Russia is a very hospitable place for spam for all kinds of cybercrime. A lot of this has to do with the way the former Soviet Union and Russia educated folks, [with a] very strong emphasis on math, science and technology. And these sorts of things actually lend themselves very well to a career in computing, so there's a strong community there that grew up around technology and computers. And cybercrime brings in a tremendous amount of money to the country, and the government there has nurtured this industry to some degree.

I think having gone to Russia and really taken in the scene there — people who have never really spent any time there have a hard time conceptualizing this — but you walk into a store that sells magazines, you might find dozens of magazines dedicated to hacking — criminal hacking. You just wouldn't see that here; it's just a different culture.

On ransomware, the most dangerous kind of spam

The most dangerous spam is going to be an attachment, a malicious, booby-trapped attachment. It's going to be something that basically takes over your computer, steals your passwords, and if you're really unlucky, it will hold your computer for ransom and so this is probably the most diabolical and fastest growing spam out there, it's called ransomware.

Essentially what ransomware does is it gets on your system and it sits there very quietly and goes through all of your documents, your mp3 files, your pictures, everything that you might actually value on that system and it encrypts it with a very, very strong encryption [that] probably not even the NSA could break.

Once it's done with that process, it pops up a little note that says, "Hey, sorry for the interruption, your friendly neighborhood cybercriminal here, just want to let you know that we've gone ahead and encrypted all of your files and if you want them back you have to pay us $700 (or $300 or whatever the arbitrary amount is). And, oh by the way, you have 72 hours." And this little countdown clock starts.

The frustrating part about this is many people don't take this seriously. The first thing they do is try to remove the threat. And this type of malware is actually not difficult at all to remove, but your files are still encrypted. By the way, if you remove it, you remove the actual file that you need to actually get your files back. If you want to get your files back you have to pay a ransom, but you can't just pull out a credit card and pay it, for obvious reasons, so you have to pay with a virtual currency like Bitcoin.

On how to protect yourself from malware

If you didn't go looking for it, don't install it. If you're browsing the Web and cruising around and somebody says you need to install software, don't do that. ... If you do need it, get it from the place that made it. Don't just accept a file that some site says you need to run. ... The second rule is maybe even more important. If you did install it, update it.

... Even more dangerous is all the stuff that plugs into your browser so Adobe Flash, Java, Adobe Reader, Microsoft Silverlight ... and increasingly the fraudsters are attacking these programs because, No. 1, they know everybody has them installed, and No. 2 the companies that make them ship security updates for them at least once a month and it's really easy to fall behind on these things. ...

The reason that's important is you browse to a website that's hacked, the first thing these guys do is install automated tools that look for the presence of outdated programs in your browser. And if they find them, you'll silently get served malware and then your computer doesn't belong to you anymore.

Copyright 2023 Fresh Air. To see more, visit Fresh Air.