I hardly ever read a book twice, in fact except for the Bible (3 times) and the collection of Ian Fleming’s James Bond books, I can’t remember having read another book more than one time. Just too many good books out there, and the unread pile of recent purchases in my office mocks me daily. But Brian Krebs new book Spam Nation has made it to the list of books that I have read again.
Krebs is the security researcher who blew the whistle on the Target Breach in 2013, and I follow his blog “Krebs on Security.” So when I had a chance to preorder this book I did.
When I got the book I was a bit put off by the basic focus on spam. This seemed, of all the security topics out there, to be the tamest of the bunch. But I gave the book a chance, and I am glad I did. If you want to finally understand what his happening in the digital underworld, what motivates cyber-criminals, and the methods and mechanisms they use, then this is the book for you.
As it turns out, spam is the underpinning for everything. Billions of spam to sell everything from pornography, to “Canadian” pharmaceuticals, to worthless security programs. Spam for phishing user credentials and personal information for identity theft and credit card fraud. Spam is the reason millions of computers are infected with malware and organized into spam-spewing botnets.
This book tells the story of a group of Russian cyber-criminals, and in the process reveals the entire operations of the digital underground. In addition to spamming, the book explains how these criminal groups rely on affiliate sales programs, “bulletproof” web hosting services, customer service operations (yes they have customer service) and most importantly, how the money is made, and how credit card processing works in an environment where almost all the transactions are shady or outright illegal.
A fascinating read for anyone who wants to understand at a deeper level what the threats are in cyberspace and how to avoid them. If you wish you can order the book from the link below.
ShareJAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com