Become a fan of Slashdot on Facebook


Forgot your password?

Submission Book review: Spam Nation 1

benrothke writes: Title:Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

Author: Brian Krebs

Pages: 256

Publisher: Sourcebooks

Rating: 10/10

Reviewer: Ben Rothke

ISBN: 978-1402295614

Summary: Excellent expose on why cybercrime pays and what you can do about it

There are really two stories within Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. The first is how Brian Krebs uncovered the Russian cybergangs that sent trillions of spam emails for years. As interesting and compelling as that part of the story is; the second storyline is much more surprising and fascinating.

Brian Krebs is one of the premier cybersecurity journalists. From 1995 to 2009, he was a reporter for The Washington Post, where he covered Internet security, technology policy, cybercrime and privacy issues. When Krebs presented the Post with his story about the Russian spammers, rather than run with it, the Post lawyers got in the way and were terrified of being sued for libel by the Russians. Many of the stories Krebs ran took months to get approval and many were rejected. It was the extreme reticence by the Post to deal with the issue that ultimately led Krebs to leave the paper.

Before Krebs wrote this interesting book and did his groundbreaking research, it was clear that there were bad guys abroad spamming American's with countless emails for pharmaceuticals which led to a global spam problem.

Much of the story details the doings of two of the major Russian pharmacy spammer factions, Rx-Promotion and GlavMed. In uncovering the story, Krebs had the good fortune that there was significant animosity between Rx-Promotion and GlavMed, which lead to an internal employee leaking a huge amount of emails and documents. Krebs obtained this treasure trove which he used to get a deep look at every significant aspect of these spam organizations. Hackers loyal to the heads of Rx-Promotion and GlavMed leaked this information to law enforcement officials and Krebs in an attempt to sabotage each other.

Krebs writes that the databases offered an unvarnished look at the hidden but burgeoning demand for cheap prescription drugs; a demand that appears driven in large part by Americans seeking more affordable and discreetly available medications.

Like many, I had thought that much of the pharmaceutical spam it was simply an issue of clueless end-users clicking on spam and getting scammed. This is where the second storyline comes in. Krebs notes that the argument goes that if people simply stopped buying from sites advertised via the spam that floods our inboxes, the problem would for the most part go away. It's not that the spam is a technology issue; it's that the products fill an economic need and void.

Krebs shows that most people who buy from the spammers are not idiots, clueless or crazy. The majority of them are performing rational, if not potentially risky choices based on a number of legitimate motivations. Krebs lists 4 primary motivations as: price and affordability, confidentiality, convenience & recreation or dependence.

Most of the purchasers from the Russian spammers are based in the US, which has the highest prescription drug prices in the world. The price and affordability that the spammers offer is a tremendous lure to these US consumers, many of whom are uninsured or underinsured.

Krebs then addresses the obvious question that this begs: if the spammers are selling huge amounts of bogus pharmaceuticals to unsuspecting Americans, why doesn't the extremely powerful and well-to-do pharmaceutical industry do something about it. Krebs writes that the pharmaceutical industry is in fact keenly aware of the issue but scared to do anything about it. Should the reality be that the unauthorized pharmaceuticals are effective, then the pharmaceutical industry would be placed in a quandary. They have therefore decided to take a passive approach and do nothing.

The book quotes John Horton, founder and president of LegitScript, a verification and monitoring service for online pharmacies. Horton observed that only 1% of online pharmacies are legitimate. But worse than that, he believes that the single biggest reason neither the FDA nor the pharmaceutical industry has put much effort into testing, is that they are worried that such tests may show that the drugs being sold by many so-called rogue pharmacies are by and large chemically indistinguishable from those sold by approved pharmacies.

So while the Russian spammers may be annoying for many, they have found an economic incentive that is driving many people to become repeat customers.

As to the efficacy of these pharmaceuticals being shipped from India, Turkey and other countries, it would seem pretty straightforward to perform laboratory tests. Yet the university labs that could perform these tests have found their hands-tied. In order to test the pharmaceuticals, they would have to order them, which is likely an illegal act. Also, the vast amount of factories making these pharmaceuticals makes it difficult to get a consistent set of findings.

As to getting paid for the products, Krebs writes how the thing the spammers relied on most was the ability to process credit card payments. What they feared the most were chargebacks; which is when the merchant has to forcibly refund the customer. If the chargeback rate goes over a certain threshold, then the vendor is forced to pay higher fees to the credit card company or many find their merchant agreement cancelled. The spammers were therefore extremely receptive to customer complaints and would do anything to make a basic refund than a chargeback. This was yet another economic incentive that motivated the spammers.

As to the main storyline, the book does a great job of detailing how the spam operations worked and how powerful they became. The spammers became so powerful, that even with all the work firms like Blue Security Inc. did, and organizations such as Spamhaus tried to do, they were almost impossible to stop.

Krebs writes how spammers now have moved into new areas such as scareware and ransomware. The victims are told to pay the ransom by purchasing a prepaid debit card and then to send the attackers the card number to they can redeem it for cash.

The book concludes with Krebs's 3 Rules for Online Safetynamely: if you didn't go looking for it, don't install it; if you installed it, update it and if you no longer need it, remove it.

The scammers and online attackers are inherent forces in the world of e-commerce and it's foolhardy to think any technology or regulation can make them go away. Spam Nationdoes a great job of telling an important aspect of the story, and what small things you can do to make a large difference, such that you won't fall victim to these scammers. At just under 250 pages, Spam Nationis a quick read and a most important one at that.

Reviewed by Ben Rothke

Submission How One Man Changed the Ecology of the Great Lakes with Salmon

An anonymous reader writes: During the sixties the Great Lakes were facing an ecological disaster due to invasive species and over fishing. Biologist Howard Tanner's solution to the problem was to bring in another non-native species, the Pacific salmon. Fishing boomed for many years but with the recent salmon crash in Lake Huron many wonder if the salmon were a band-aid on a ecological wound that's too big to fix. From the article: "Tanner's goal wasn't to just alter the species composition of the lakes; he wanted to change the public's relationship with the lakes themselves. Beyond pier fishing for perch and smallmouth bass, fishing in the lakes primarily had been the domain of relatively few commercial fishing crews using big boats and nets to harvest lake trout, perch, whitefish and chubs for restaurants and stores. But because these commercially fished native species had been so destroyed by overfishing and the lamprey and alewife infestations, Tanner inherited something of a blank slate — almost like a freshly filled reservoir in the West. He had little interest in trying to repaint the same old picture, but wanted instead to turn the waters over to large numbers of sportsmen who fished as much for thrill as fillet."

Submission Are Gamma Ray Bursts Keeping Life From Developing In The Universe? 2

rossgneumann writes: The universe might be a radiation-scorched, lifeless place after all. Just as soon as a planet, save for a relative handful of well-sheltered rocks, becomes life-harboring and friendly, it gets nuked back to a barren wasteland. This is one conclusion of a new paper examining the likely prevalence of gamma-ray burst (GRB) events throughout the Milky Way and universe at-large, particularly of the sort—long gamma-ray bursts or LGRBs—that could strip away a planet's protective ozone layer and blast its inhabitants with very high-energy photons.

Submission Attacking and Defending the Tor Network->

Trailrunner7 writes: In a talk at the USENIX LEET workshop Tuesday, Nick Mathewson of the Tor Project discussed the group's recent challenges in responding to suppression efforts by governments in Egypt, China and elsewhere. What the Tor members have learned in these recent incidents is that while governments are becoming more up front about their willingness to shut off Internet access altogether or censor content, users are also becoming more resourceful.
Mathewson said that the group is working on methods for alleviating the problems that national-level restrictions cause for Tor users. One method involves moving to a modular transport method in order to get around some of the throttling that ISPs perform on encrypted traffic in order to make Tor usage more difficult.
In a separate talk at LEET, Stevens LeBlond of INRIA in France presented research on methods for tracing Tor users back to their IP address. One of the attacks, which LeBlond and his co-authors titled "Bad Apple," used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses.

Link to Original Source
The Almighty Buck

Submission Warren Buffett: Social Networks are 'Overpriced'->

Stoobalou writes: Warren Buffett has warned that social networks could prove the next Dotcom bubble, suggesting some sites may be 'overpriced' ahead of future stock market flotations.
The comments from the multi-billionaire CEO and founder of Berkshire Hathaway come in the wake of recent valuations that put the worth of Facebook at $85 billion, and micro-blogging site Twitter at $5 billion.

Link to Original Source

Submission IBM: Master Of Rebranding The Mainframe-> 2

jfruhlinger writes: "You might have been surprised to learn earlier this week that sales of Unix servers were flat, while mainframe sales were spiking nicely. Kevin Fogarty gives credit to IBM's marketing skills for constantly repackaging their mainframe line as just the thing for whatever the hot technology of the day is — ERP, web serving, data management, or (today) the cloud. But Fogarty questions whether mainframes are worth the substantial investment."
Link to Original Source

Submission Discovery's Last Go Round, As Seen From The Ground->

SoyQueSoy writes: "Incredible footage of the passage of the International Space Station and Discovery, taken on February 28th 2011 at 17:58UT from the area of Weimar, Germany. A stereoscopic 3D version is also included for your viewing pleasure, as well as footage from February 26. Details about the Takahashi EM400 motorized satellite tracking setup used to make these are on this page..."
Link to Original Source
The Internet

Submission NBC Fires Guy Who Leaked Gumbel/Couric Video->

An anonymous reader writes: Remember that funny clip from the Today Show in 1994, where Bryant Gumbel and Katie Couric amusingly try to figure out what the internet is all about? Well, now it turns out that NBC Universal didn't think it was that funny. The company has fired the guy who posted it to YouTube.
Link to Original Source

Submission Dating site inports 250k facebook profiles->

mark72005 writes: How does a unknown dating site, with the absurd intention of destroying Facebook, launch with 250,000 member profiles on the first day?


You scrape data from Facebook.

At least, that’s the approach taken by two provocateurs who launched this week, with profiles — names, locations and photos — scraped from publicly accessible Facebook pages. The site categorizes these unwitting volunteers into personality types, using a facial recognition algorithm, so you can search for someone in your general area who is “easy going,” “smug” or “sly.”

Link to Original Source

Comment Re:Donutleaks strikes again! (Score 3, Insightful) 185

Stop looking for some conspiracy.

"Deputies have used the database since 1989 to collect and share intelligence gathered during the course of police work. It contains 200,000 names — Mesa County's population is about 150,000 — and includes investigative files from a local drug task force.

The information included data about Mesa County employees, information from the nearby Fruita and Palisade police departments — and possibly information from the U.S. Drug Enforcement Administration and Grand Junction police."

It wouldn't be very hard to have 200,000 entries in 21 years. Police investigations take in info on friends of friends and acquaintances. The data set likely includes most of the Mexican drug cartel's known players.

nohup rm -fr /&