book-reviews


Spam Nation

by Brian Krebs

Rating: ★★★

Krebs' account of the Pharma Wars saga -- a spate of infighting between two major online pharmacy affiliate networks -- is important, as he is one of the few people in the West who has a meaningful handle on the struggle, and can speak directly from the documentary evidence leaked as part of the conflict, as well as rare personal access (It was bizarre to read of spamlord Vrublevsky's regular, personal phonecalls to Krebs).

Unfortunately, Krebs does not dazzle on the page, with a few clunky habits that seem to be inherited from his journalism (for instance, sometimes he refers to himself as 'I' and sometimes as 'this author', apparently switching based on whether he's attempting a dramatic scene or not), and a slightly-too-large cast which his presentation makes hard to follow (we're introduced to a lot of sources early on which don't really crop up until much later, and other characters are inelegantly introduced for apparently no reason other than short bridging scenes.).

However, his reporting is solid enough to make up for these flaws, as he goes digging through mountains of emails and forum evidence as well as personal interviews. I think Krebs does a particularly decent job of unpicking the relationship between US drug prices and online cybercrime. It is strange to think that drug price controls in the US could potentially have swept support from under worldwide botnet industries. He also takes pains to point out that vital research about the quality of drugs from online pharmacies is being blocked by government and pharmaceutical interests which are worried that the results might demonstrate that online pharmacies are by-and-large safe.

Krebs uses 'spam' to include a variety of cybercrimes, not all of which really fit the label. Focusing on the affiliate marketing only, though, he has an important point to raise about why it should not be considered irrelevant. The reason spam is important is not because it is making a lot of criminals rich -- he points out that only relatively few spammers made millions from their networks -- but because it is a reliable source of income that keeps the infrastructure for other attacks a viable investment. When company-crippling DDoS attacks are launched, or new malware and phishing attacks distributed, these are sent through the same botnets that are spending much of their time on the bill-paying work of delivering spam. The second-order effects of the crackdowns Krebs describe are thus many. The rise of ransomware is one direct response as the spammers start searching for new means of extracting money from the resources. A slow decline of spam does appear to be another.