Posts tagged ‘Pharma Wars’

Krebs on Security: Pre-order Your Copy of ‘Spam Nation’ Now!

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Some of you may have noticed that a new element recently debuted in the sidebar: The cover art for my upcoming book, Spam Nation, due to hit bookshelves (physical and virtual) November 18, 2014. Please allow me a few moments to explain what this book is about, and why you should pre-order it today.

Pre-order your copy today!

Pre-order your copy today!

Spam Nation delves deeper than perhaps any other publication into the workings of the cybercrime underground, giving readers unprecedented access to a well-hidden world that few outside of these communities have seen up close.

The backdrop of the story is a long-running turf war between two of the largest sponsors of spam. A true-crime tale of political corruption and ill-fated alliances, tragedy, murder and betrayal, this book explains how the conditions that gave rise to this pernicious industry still remain and are grooming a new class of cybercriminals.

But Spam Nation isn’t just about junk email; most of the entrepreneurs building and managing large-scale spam operations are involved in virtually every aspect of cybercrime for which there is a classification, including malware development, denial-of-service attacks, identity theft, credit card fraud, money laundering, commercial data breaches and extortion.

Spam Nation looks at the crucial role played by cybercrime forums, and how these communities simultaneously weave the social fabric of the underground while protecting scam artists from getting scammed.

The book also includes a detailed history of the Russian Business Network (RBN); how it became the virtual boogeyman of the Internet and prefigured an entire industry of “bulletproof” hosting providers.

Along the way, we meet numerous buyers who explain what motivated them to respond to spam and ingest pills ordered from shadowy online marketers. In the chapter “Meet the Spammers,” readers get a closer look at the junk emailers responsible for running the world’s largest botnets.

In addition, Spam Nation includes first-hand accounts of efforts by vigilante groups to dismantle spam and malware operations, and the vicious counterattacks that these campaigns provoked from the spam community.

Now, here’s the important bit: Anyone who pre-orders the book and emails their proof-of-purchase to this address before Nov. 18, 2014 will receive a signed copy. This extends even to those who opt for a digital copy of the book. That’s because the signature will come on a bookplate, which is simply a decorative label that is affixed to the inside front cover. Bookplates allow my publisher Sourcebooks to distribute signed copies of Spam Nation without having to constantly ship me very heavy truckloads of books to sign and then ship back again for reshipment.

The pre-order link for Amazon is here; readers who wish to purchase the book from Barnes & Noble can do so here. Fans of the Washington D.C. literary landmark Politics and Prose can pre-order the book from them at this link. Forward your emailed proof-of-purchase, or a scan/photo of your receipt. Basically anything that says you purchased the book, the quantity purchased, as well as your name and mailing address.

Judging from the thousands of longtime subscribers to my email list (no spam there!) and from the community that has built up around this blog, many of you have been faithful readers and contributors since I started this blog after leaving The Washington Post way back in 2009. And that’s about how long I have been working on this book!

If just a fraction of the incredible community here pre-orders the book, Spam Nation should emerge the week of Nov. 18 as a top contender in the non-fiction space. More importantly, readers of this book will almost certainly come away far more worldly and aware of their own crucial role in combating cybercrime.

Whether or not you decide to buy the book, I can’t say this enough: Thank you all for your continued readership, encouragement and support!

Krebs on Security: Ne’er-Do-Well News, Volume I

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

It’s been a while since a new category debuted on this blog, and it occurred to me that I didn’t have a catch-all designation for random ne’er-do-well news. Alas, the inaugural entry for Ne’er-Do-Well News looks at three recent unrelated developments: The availability of remote access iPhone apps written by a programmer perhaps best known for developing crimeware; the return to prison of a young hacker who earned notoriety after simultaneously hacking Paris Hilton’s cell phone and data broker LexisNexis; and the release of Pavel Vrublevsky from a Russian prison more than a year before his sentence was to expire.

ZeusTerm and Zeus Terminal are iPhone/iPad apps designed by the same guy who brought us the Styx-Crypt exploit kit.

ZeusTerm and Zeus Terminal are iPhone/iPad apps designed by the same guy who brought us the Styx-Crypt exploit kit.

A year ago, this blog featured a series of articles that sought to track down the developers of the Styx-Crypt exploit kit, a crimeware package being sold to help bad guys booby-trap compromised Web sites with malware. Earlier this week, I learned that a leading developer of Styx-Crypt — a Ukrainian man named Max Gavryuk — also is selling his own line of remote administration tools curiously called “Zeus Terminal,” available via the Apple iTunes store.

News of the app family came via a Twitter follower who  asked to remain anonymous, but who said two of the apps by this author were recently pulled from Apple’s iTunes store, including Zeus Terminal and Zeus Terminal Lite. It’s unclear why the apps were yanked or by whom, but the developer appears to have two other remote access apps for sale on iTunes, including ZeusTerm and ZeusTerm HD.

Incidentally, the support page listed for these apps – zeus-terminal[dot]com — no longer appears to be active (if, indeed it ever was), but the developer lists as his other home page reality7solutions[dot]com, which as this blog has reported was intricately tied to the Styx-Crypt development team.

This wouldn’t be the first time a crimeware author segued into building apps for the iPhone and iPad: In January 2012, as part of my Pharma Wars series, I wrote about clues that strongly suggested the Srizbi/Reactor spam botnet was developed and sold by a guy who left the spam business to build OOO Gameprom, a company that has developed dozens of games available in the iTunes store.


It’s hard to imagine a set of stories that I had more fun reporting and writing while working for The Washington Post than the series I wrote in 2005 and 2006 about the young men who broke into socialite Paris Hilton’s cell phone. I spent several months chatting with members of this hacker collective of misfits, nearly all of whom were practically raised on AOL’s network. They called themselves the “Defonic Team Screen Name Club,” and spent most of their time trying to social engineer information, money or food out of just about everyone they ran into — online or in the real world.

That reporting led to a Washington Post Magazine cover story about a kid in the midwestern United States (nickname: “0×80″) who was running a large botnet and getting paid thousands of dollars each month by some of the largest advertisers in the nation to install adware and spyware on victim PCs. That piece features an example of the above-mentioned social engineering that was encouraged among the group’s members:

“He and his hacker friends are part of a generation raised on the Internet, where everything from software to digital music to a reliable income can be had at little cost or effort. Some of them routinely go out of their way to avoid paying for anything. During a recent conference call with half a dozen of 0×80′s buddies using an 800-number conferencing system they had hacked, one guy suggests ordering food for delivery. Nah, one of his friends says, ‘let’s social it.’ The hackers take turns explaining how they ‘social’ free food from pizza joints by counterfeiting coupons or impersonating customer service managers.”

“‘Dude, the best part is when you walk in, you hand them the coupon or whatever, they give you your [pizza], and you walk out,’ one of them enthuses. ‘Then, it’s like, yes, I am . . . the coolest man alive.’”

“‘Dude, that’s so true,’ echoes a 16-year-old hacker. “‘Free pizza tastes so much better than pay pizza any day.’”

The 16-year-old in that case (not the subject of the Post Magazine piece) was a very bright and charismatic kid named Cameron LaCroix. I would later learn that, in addition to plundering Paris Hilton’s cell phone, LaCroix and his crew had also broken into LexisNexis, making off with some 310,000 personal records, including hundreds of records on other Hollywood celebrities.

Cameron "cam0" LaCroix, with Playboy model Ashley Alexxis, in a Rhode Island nightclub.

Cameron “cam0″ LaCroix, with Playboy model Ashley Alexiss, in a Rhode Island nightclub.

LaCroix and others involved in those capers later pleaded guilty to their crimes. Most of the gang either got probation, or less than a year in the pokey. LaCroix, 17 at the time, spent 11 months in a juvenile detention facility. A few months after his release (and then 18 years old), he was jailed for nine months after allegedly violating the terms of his parole.

Now 25, LaCroix is again facing prison time; According to Ars Technica, this month he agreed to plead guilty to two counts of computer intrusion and one count of access device fraud. Federal investigators say LaCroix repeatedly broke into dozens of law enforcement computer services containing sensitive information, including police and intelligence reports, arrest warrants, and sex offender information. LaCroix also admitted to hacking into his community college so that he could change his grades and those of two other students.

LaCroix declined to comment for this story, citing his sentencing hearing coming up later this year and the likelihood of other, unrelated hacking charges being levied against him. But his experience is an all-too-familiar one among young cybercrime offenders; a tendency to recidivism and re-incarceration. LaCroix’s story tracks closely that of at least two other repeat offenders that I’ve been keeping in touch with on instant message and who are facing several years in jail after their second or third strike for hacking-related offenses.


Readers of this blog — particularly fans of my Pharma Wars series on the epic battle of attrition between two men allegedly responsible for running the largest pharmacy spam affiliate programs — are no doubt familiar with the name Pavel Vrublevsky, a 35-year-old Russian man who co-founded and ran Russian payments firm ChronoPay. That is, until his arrest, trial and incarceration last year on charges of paying a botmaster to attack the Web site of a rival payments firm.

Russian Vice Premier Sergei Ivanov and ChronoPay co-founder at a Russian Basketball League game.

Russian Vice Premier Sergei Ivanov and ChronoPay co-founder at a Russian Basketball League game.

Vrublevsky and the men he allegedly hired were all sentenced to 2.5 years in a Russian penal colony. But just the other day – not even a year into his sentence — Vrublevsky was inexplicably released and allowed to return to his home in Moscow. The characteristically garrulous Vrublevsky had surprisingly little to say about the reason for his early release, merely confirming the news with a terse post on his personal blog with the statement, “Glad to be back…”

But Irek Murtazin, a reporter and blogger who covered Vrublevsky’s trial for the Russian newspaper Novaya Gazeta, cites sources saying that Vrublevsky was released as part of a deal to help build out the National Payment System (NPS), a new domestic payments network called for in a law recently signed by Russian President Vladimir Putin.

Vrublevsky could not be immediately reached for comment. But nobody should be surprised if Murtazin’s sources turn out to be correct. In 2008, Vrublevsky was appointed a key member of the anti-spam working group of the Russian Ministry of Telecom and Mass Communication, a group that was tasked with proposing new laws to fight junk email.

Vrublevsky steadfastly denies that he’s guilty of hiring botmasters to attack his rivals, or having anything to do with spammers other than trying to stop them. However, when I went to visit him in Moscow in 2011, he did acknowledge that his company ChronoPay was the principal payments processing firm for Rx-Promotion, a rogue pharmacy affiliate program that paid millions of dollars to some of the world’s most notorious spammers and botmasters.

Most of the interview with Vrublevsky in Moscow is in my upcoming book that will be published Nov. 18, 2014 by Sourcebooks, called Spam Nation: The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door. Anyone interested in pre-ordering the book may do so at this link.