Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

"He’s fun to read, isn’t he? Brian Krebs is a great reporter in this space. There are a couple things I love about Brian Krebs. One is that he’s really good at creating these characters—especially some of the cyber criminals who he knows better than anyone—and drawing out who they are, and what they want, and all of their infighting. Brian Krebs is really more deeply reported on financial cyber criminals than almost anybody in the world. The other thing that I really admire—and try to imitate in my own cyber security book, especially in the financial section—is that he’s really smart about the ways in which money drives a lot of these crimes. He’s really interested in the perspective of, ‘Who is making money from these crimes, and how much money?’ I’m perhaps more interested in how you disincentivize this kind of crime by making it less profitable, but in order to come up with policy proposals for that, you have to understand where these profits are coming from. That’s one of the things that Spam Nation illuminates more clearly than almost anything I’ve ever read—how these structures are set up, how well organized they are and how much infrastructure there is underlying these groups. He’s also a great writer. He’s really good at creating a narrative structure. He draws you in and makes you want to find out what’s going to happen to all of these people. We’re perhaps all a little bit susceptible to that . . . He’s very smart about how these business models work and what’s required from people on all sides. Who’s initiating this? How many people do they need to respond in order to pay off their expenses? Who are the people who are getting involved, and why? Interestingly, he also goes into the money mule space and understands who the people are who get recruited peripherally to receive the financial transfers. All of that is such a key piece of trying to understand how we could do a better job of making policy to make it harder to do this. Visa and Mastercard have a lot of power to decide that they’re not going to settle transactions with, say, one bank in Azerbaijan that is behind more than 90% of all commercial spam transactions. Those kind of ideas are very powerful because they allow governments to make laws that govern entities they can actually control. Whereas the laws that we see being made in the US and the UK say things like, ‘It’s illegal to use computers to steal money.’ That’s all well and good, but as Krebs points out, if everyone doing this and enjoying the fruits of their crimes is living in Russia, those laws aren’t going to get us very far."