Book Review: "Spam Nation"



"Spam Nation: The Inside Story of Organized Cybercrime from Global Epidemic to Your Front Door", by Brian Krebs, is the epic story of one "anti" standing up to the spam epidemic and unraveling a twisted network of fake pharmaceuticals and botnets along the way. It's a great story because it's so surreal it seems like fiction, but is authored by one of the greatest technical journalists, covering the hacking scene, of this decade. Brian Krebs covers the story of how he got into writing on hacking, fired from the The Washington Post, started Krebs on Security,  and pursued one of the most prolific cyber crime empires to date, covering the 'Pharma Wars'. The book can be acquired easily from $5-19, which is great for a 252 page book on fairly original research. I listened to the story on Audible which was enjoyable at 8 hours, 46 minutes and read by Christopher Lane (who also read "Red Team"). Overall, I give it 7 out of 10 stars, because despite being fascinating and fact filled, the story itself seemed dull, lacking technical details, and difficult to differentiate the major players. I'de recommend it to those interested in Internet history, spam, botnets, or anything internet security related, as the interweaving stories of spam and botnets is fascinating and revealing.

Krebs makes an interesting point in that the modern spam machine heavily relies on a deep network of illegally acquired botnets. So much so, that the book runs into many of the massive botnets of recent, such as Cutwail, Festi, Waladec and Storm. This part was super fascinating to me. The book also servers as a great tour of the major Russian cybercrime players, shedding light on many individuals and operations similar to those described in "Kingpin". Despite the similarities with the cyber underground, "Spam Nation" wasn't as entertaining as either "Kingpin" or "Ghost in the Wires", nor was it as technical as "Countdown to Zero Day", which is a large reason why I gave it lesser rating. That said it was an incredible book on a largely ignored subject, making it that much more important. The following is the list of chapters, in my typical style, to give the reader a better sense of the book's contents:

Chapter 1: Parasite
Chapter 2: Bulletproof
Chapter 3: The Pharma Wars
Chapter 4: Meet the Buyers
Chapter 5: Russian Roulette
Chapter 6: Partner(ka)s in (Dis)Organized Crime
Chapter 7: Meet the Spammers
Chapter 8: Old Friends, Bitter Enemies
Chapter 9: Meeting in Moscow
Chapter 10: The Antis
Chapter 11: Takedown
Chapter 12: Endgame
Epilogue: A Spam-Free World: How You Can Protect Yourself from CyberCrime
Acknowledgments
Sources
About the Author

I personally purchased the book, but I noticed when looking on the web that the same groups Krebs talks about in the book have made a point of circulating the book to bypass Krebs monetization of it.  I think it's really interesting that Krebs also spends some time interviewing the actual victims that fall for the spam and fake pharmaceuticals. It was interesting to hear that the quality of the goods was fairly decent, however once the victims acknowledged the spam they were often continuously harassed and pressed for more time or money. I also really enjoyed the Epilogue, which has great advice such as enable two-factor authentication (to help prevent simple social engineering attacks), choose strong passwords, change your passwords often / post breach, and keep your software up to date. The following is a short bit with Krebs discussing the book and a bunch of his philosophies on computer security: