“Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door” by Brian Krebs (@briankrebs) is an eye opening dive into the world of Internet spam, pharmaceutical drugs sold online, cyberattacks, malware, the dark web, and corruption within the Russian justice system. It should be required reading (or listening) for anyone working in or interested in the field of information technology today. Here’s my review, which I’m also cross-posting to GoodReads and Amazon. This is the first in a series of book reviews I’m sharing over the Christmas holidays this year.
Should be required reading for anyone studying #CompSci or #Coding: #SpamNation by @briankrebs https://t.co/b1vNvPHeMt #edtech
— Wesley Fryer, Ph.D. ??? (@wfryer) October 27, 2016
Do you know someone who has had their email account hacked? A few years ago I helped a woman in our church whose Yahoo account was hacked not once but several times. After reading “Spam Nation,” I strongly suspect that one of the main reasons she was a victim of email hacking was her online purchase of pharmaceutical drugs for herself and her husband. Before reading Brain’s book I knew online drugs were very prevalent, but his research and analysis helped “connect the dots” for me to better understand this landscape of medical needs and financial opportunities. Many of the same drug manufacturers in India whose products we purchase at corner drugstores in the United States like WalGreens and CVS are also sold by Russian pharma peddlers who have extremely sophisticated networks of malware-infested spam sending computers. Brian’s book was published in 2015 and his stories are a few years old, but they are still very important to understand within the broader security landscape of our twenty-first century communications and media environment.
“Spam Nation” helped me better understand the economics and political environment (especially in Russia) which have created fertile ground for spamming and malware. The high prices of pharmaceutical drugs in the United States, and our ongoing need for comprehensive health care reform, also play an important role in these complex relationships. I certainly have a greater motivation to help members of our family, my school community, our church, and other groups understand the need for and know how to follow better personal digital security practices. See my recent post, “Give the Gift of Digital Security to Your Family,” for more on those topics. That post, along with my ongoing work at school to upgrade our firewall, develop a plan to adopt two-factor authentication for all faculty/staff, and support other secure password and digital security initiatives were all influenced strongly by my reading (actually listening via Audible) to “Spam Nation” by Brian Krebs.
I’m now in the habit of sharing some of my learning via Twitter as I listen to books on Audible, and you can search my Tweet Nest Twitter archive for “briankrebs” to read all those posts going back to October 2016. Here are few highlights.
The large scale cyberattack which took place in October 2016 was powered primarily by a new IoT (Internet of Things) botnet which allows hackers to compromise and exploit home wifi devices like security cameras. The malware, named Mirai, is documented well by WikiPedia. Incidentally, current issues and events like this highlight the value of WikiPedia as an information source. This is something many educators do not yet fully understand or appreciate. When you’re seeking information about a very new topic like the latest botnet cyberattack, however, it becomes clear immediately that archaic forms of information analysis and distribution (like printed books) are far less helpful than crowdsourced digital platforms like WikiPedia and Twitter.
iReading: Source Code for IoT Botnet ‘Mirai’ Released by @briankrebs (this is bad news) #edtechSR #security https://t.co/kzW5lCtu0S
— Wesley Fryer (@wfryer) October 23, 2016
“Scareware” is an important cybersecurity and digital security term which Brian Krebs introduced me to through “Spam Nation.” I personally know several individuals at school and through our church who have been challenged by these kinds of advertisements and software programs. Scareware programs are promoted by website popup advertisements which try to convince users their computer has been compromised by a hacker, and they need to install recommended “security software” to remove the vulnerable malware programs. In some cases these scareware ads are effective, convincing users to install software which is itself malware, and/or part with money to purchase “software protection” which is bogus and not needed.
Part of digital literacy today must include the ongoing development of what Neil Postman termed a “crap detector” in his excellent (and prescient) 1985 book, “Amusing Ourselves to Death: Public Discourse in the Age of Show Business.” As a technology director and digital citizenship advocate at our school, “scareware” is a vocabulary term I’m using now and will continue to use with students, parents, faculty and staff in the months ahead.
Important Internet #security vocabulary term: Scareware https://t.co/ZqKTLr7cep via @briankrebs #malware #digcit
— Wesley Fryer (@wfryer) October 23, 2016
During the 1990s and into the 2000s, Apple / Macintosh computer users were relatively immune from the computer virus and malware attacks which plagued users of Microsoft’s dominant Windows operating systems. In 2016, that’s not the case anymore. According to Krebs, in 2011 scareware and malware developers started large scale efforts to compromise Apple computers. Apple computer systems need to run security software today just as Windows systems do. This is true for school computers or the computers you use at home.
In May 2011, scareware / malware developers started targeting MacOS Apple users by @briankrebs #SpamNation pic.twitter.com/ZAiucMRUoU
— Wesley Fryer (@wfryer) October 25, 2016
The large price disparities between medications sold in the United States and elsewhere in the world create powerful economic incentives for people to purchase drugs online from unknown or shadowy companies. It’s likely we all know people who do this. While the crackdown on credit card processors documented by Krebs in “Spam Nation” had a negative effect on the online pharmaceutical industry, the power of these economic incentives makes it likely to persist. As other authors I cited in a 1993 research paper on drug control in the Americas noted, counter-drug efforts tend to exhibit a “balloon effect” where enforcement in one area pushes traffickers to increase their efforts and drug availability in others. The takeaways here are:
- It’s extremely risky for anyone to purchase drugs from shadowy companies online.
- Purchasers risk their health and the health of loved ones taking medications which are not adequately checked for quality.
- Purchasers also risk compromising the security of their computers, phones, and their connected digital identities if they purchase drugs online from mysterious, foreign companies.
"PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs" via @briankrebs #SpamNation https://t.co/fTbWRxgo1l
— Wesley Fryer (@wfryer) October 26, 2016
I highly recommend reading or listening to “Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door” by Brian Krebs (@briankrebs). As a result of listening to this book, I am not only better educated to understand many of the malicious and damaging dynamics involving spam and malware which affect us within our increasingly digital society, but am also better equipped to help students, educators and parents in our school community navigate these issues as more savvy digital citizens.
“Spam” (CC BY 2.0) by Reynosa Blogs
If you enjoyed this post and found it useful, subscribe to Wes' free newsletter. Check out Wes' video tutorial library, "Playing with Media." Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.
On this day..
- Self-Censorship, Echo Chambers and Civil Political Discourse - 2018
- A Creepy and Troubling Hidden WordPress Hack - 2018
- EdCampVoxer (Dec 23-30) & EdCampOKC (March 5) - 2015
- Play with Sound Using Singing Fingers for iOS - 2014
- Opening Reflections on Tinker, Make and Learn - 2014
- Photos of our Ice Storm in Oklahoma City (Dec 2013) - 2013
- Setting Up a Skype Home Phone - 2012
- The HDR Photo Difference - 2010
- Clever Operation Chokehold Spoof Video - 2009
- Terrorist groups are recruiting online - What about your school, club or organization? - 2009