Spam Nation. Organized cybercrime direct to your inbox and computer


The good news is illegal online pharmacies will mostly be extinct in a few years. The bad news is cybercriminals are now focusing on identity theft and ransomware. For a while, illegitimate online pharmacies were selling drugs, including highly addictive Oxycontin and Viagra, without no prescriptions needed. Sometimes buyers get the real drug (inquiring minds want to know how so many drugs direct from the manufacturer apparently fell off the turnip truck.) However, customers could also get knockoffs made in India, and these drugs at times were highly toxic and poison. There just wasn’t a lot of quality control going on.

Cybercrime is big business, managed by sophisticated crime cartels, and originates in Russia, where law enforcement is lax and easily corrupted. In Spam Nation, security expert Brian Krebs details how these cartels operate and how, at least, online pharmacies have mostly been taken down. Follow the money. Customers pay with credit cards. Even though cartels try to hide to origin of the money by routing it through shell corporations, at some point a credit card company has to approve the transaction. Anti-spam researchers and law enforcement got the breaks they needed when two warring online pharma groups went to war and leaked damaging information about the other. They were eventually able to track individual purchases back to the credit card companies. Visa in particular needed a bit of nudging to enforce their own rules about imposing fines or killing merchant accounts for online pharmacies shipping drugs to the US without a prescription. However, once Visa and MasterCard started imposing $20,000 fines for such offenses, it was mostly game over for illegal online pharmacies. The beauty of this approach is that it did not require the intervention of US law enforcement, which has little power in Russia anyway.

Along with illegally selling drugs, spam cartels sold bootleg software from Microsoft and Adobe. Microsoft in particular is to be commended. They invoked the nuclear option, going after websites, ISPs, domain name registrars, and anyone associated with spam nets. In one case, they got over 200 domain names used by a botnet transferred to them, killing the net in one blow.

Since using credit cards is increasingly not an option for online criminal organizations, they are now branching out into ransomware, which encrypts files on infected computers then demands a ransom be paid via Bitcoin to decrypt. More ominously, their botnets are still sending of billions of spams and infecting websites. Unwary users are tricked into downloading malware which will steal passwords, look for credit card and bank account info, then upload what it finds where it is sold on online forums.

What you need to do:

1) Update all your software constantly. Uninstall software you don’t need.

2) Use secure passwords

3) Use two-factor authentication on important accounts like Gmail. This sends a one-time number to you via text which must be entered along with your password to access the account.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.