Authors: Brian Krebs
Tags: #Political Science, #Security (National & International), #Business & Economics, #Industries, #Computers & Information Technology, #Pharmaceutical & Biotechnology
Last but not least, I would like to thank the regular readers of my site—
KrebsOnSecurity.com
—for their encouragement, support, and inspiration these past five years. I could not have done this without you.
Thank you for reading
!
At Sourcebooks we are always working on something new and exciting, and we don’t want you to miss out.
So sign up now to receive exclusive offers, bonus content, and always be the first to get the scoop on what’s new!
A November 2008 blog entry by ThreatExpert (now owned by Symantec) was helpful with the research on the car race that killed Kolya McColo, as well as a day-of-the-accident news report from the Russian publication
Rossiyskaya
Gazeta
(ng.ru). I also relied on posts to the Crutop.nu forum, as well as leaked instant message chats between Stupin and Igor Gusev, talking about who was going to attend or was at McColo’s funeral. As for information about Dmitry “Gugle” Nechvolod, I relied on instant message interviews with Igor Vishnevsky.
Much of the background information on RBN came from Russian and Belarusian news sources, including compromat.ru and Transitions Online, and Victor Chamkovsky’s documentary,
Operation Consortium
, the text of which is still available online via web.archive.org/web/20120112081516/http:/www.detektiv.by/komputer. The connection between Alexander Rubatsky and RBN also was supported by a letter to the Russian government by Russian Duma lawmaker Ilya Ponomarev. The section on Petrovsky’s abduction was supported by
news sources and reports including the
Ecommerce Journal
(web.archive.org/web/20120611001710/http://m.ecommerce-journal.com/articles/hild_adult_in_internet_what_are_the_roots) and the Belarusian electronic newspaper,
Diary
. The section about Russian communication provider Eltel’s role in RBN was supported by a 2009 story in
Russian
Newsweek
. Eltel appears to have since been purchased by Beeline, one of Russia’s larger mobile firms.
Data to back up statements about Vrublevsky’s apparent connection to Red & Partners was first published in a July 31, 2009
Washington
Post
article called “Following the Money: Rogue-Antivirus Software,” (voices.washingtonpost.com/securityfix/2009/07/following_the_money_trail_of_r.html). I revisited that story in a May 2010 post on
KrebsOnSecurity.com
, titled “Following the Money, Part II,” (
krebsonsecurity.com/2010/05/following-the-money-part-ii/
).
The public documents obtained from the Netherlands Chamber of Commerce that concern Red & Partners, and show how Igor Gusev (DPNet) and Pavel Vrublevsky (Red & Partners) cofounded ChronoPay back in 2003 and became fifty-fifty shareholders can be viewed online here:
krebsonsecurity.com/wp-content/uploads/2011/02/CP20051.pdf
. (Note: This is a Dutch document that was publicly released.)
Some of the information that makes up this chapter is difficult to source precisely. For example, while it is assumed that Gusev or hackers closely allied with him obtained and released publicly several years’ worth of emails, spreadsheets, and recorded phone calls from ChronoPay, I was not able to confirm this. As stated in this chapter, the information was shared anonymously by a source who used the alias “Boris.” However, ChronoPay’s CEO Vrublevsky did confirm that the documents in question were in fact stolen from ChronoPay. The data regarding GlavMed and SpamIt—including four years of ICQ chat
records between GlavMed-SpamIt administrator Dmitry Stupin and his coworkers and employees (spammers) was paid for and released to this author and to U.S. authorities by Vrublevsky.
This chapter relied almost entirely on interviews with people who purchased drugs from GlavMed-SpamIt and Rx-Promotion. It also featured quotes and perspectives from online interviews with Igor Vishnevsky, the self-described spammer who acknowledged funding and reselling the Cutwail spam botnet. I also relied on information from government sources, including the FDA (www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm229010.htm).
For the opening story about the death of Marcia Bergeron, I relied on a 2007 piece in the
Vancouver
Sun
. For additional background on the Bergeron story, I obtained a copy of Bergeron’s coroner report from authorities in British Columbia.
Several facts in this chapter refer to or cite stories in the
New
York
Times
. The section that details how the anti-acne drug Accutane came under new safety rules by the Food and Drug Administration drew information from an August 2005 story by Gardiner Harris. An April 2013 story by the
New
York
Times
’ Harris and Katie Thomas helped with the research on the role of Indian pharmacies producing the anti-leukemia drug Gleevec at drastically lower prices than Western pharmaceutical companies.
A CNN story by David Goldman was the source for information about the $500 million settlement Google struck with the U.S. Justice Department over illegally allowing online Canadian pharmacies to advertise drugs to U.S. consumers. A discussion of the $2.3 billion
settlement Pfizer agreed to with the Justice Department drew information from a
Wall
Street
Journal
article by Ron Winslow.
This chapter refers to an incident that had been reported recently in the news when I visited the University of Alabama at Birmingham—the case of the so-called “causeway cannibal” who reportedly chewed the face of a homeless man after allegedly ingesting bath salts. At the time, UAB’s lab was testing the chemical composition of a substance that authorities suspected was bath salts. But as CNN and other news outlets later reported, follow-up toxicology tests on the suspect shot by police found not bath salts but marijuana.
This chapter also references a study by Merck. That study was never officially published; the references are in fact to online intelligence that Merck gathered between 2009 and 2010 and shared at the author’s request.
The section that references a letter from the FDA to Vrublevsky’s alleged partner in Rx-Promotion refers to a letter dated October 8, 2010, and addressed to one “Jorge Smark” at the email address [email protected]. See www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm229010.htm.
The inspiration for this chapter came principally from the seminal paper on partnerka programs “The Partnerka—What Is It, and Why Should You Care,” by Dmitry Samosseiko of SophosLabs Canada. This chapter also relies heavily on data gathered by researchers at the University of California, San Diego, the International Computer Science Institute, and George Mason University.
A section that details the rise of self-described spammer Igor Vishnevsky referenced an August 2006 article in
Wired
, “The Sleazy Life and Nasty Death of Russia’s Spam King,” by Brett Forrest, in which Vishnevsky himself also is interviewed. Some of the information about Vishnevsky’s botnet—Cutwail, a.k.a. “0bulk Psyche Evolution”—comes from a March 2011 paper released at the fourth USENIX symposium by security researchers Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna, and titled “The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns.”
Some of the information about infamous spammer Peter Severa’s connection to convicted spammer Alan Ralsky comes from a forty-page indictment that the Justice Department lodged against Ralsky in its prosecution. Raw data about the spam-sending power of the major spam botnets drew principally from reports published by Dell SecureWorks and by M86 Security.
A discussion about raider attacks on Russian businesses references an April 20, 2009 paper by Brenden Carbonell, Dimitry Foux, Vera Krimnus, Ed Ma, and Lisa Safyan of the 2010 class of Wharton School’s Lauder Institute, University of Pennsylvania, entitled “Hostile Takeovers: Russian Style” (see knowledge.wharton.upenn.edu/article/hostile-takeovers-russian-style/). The segment on Skolkovo, a technology park outside Moscow that Russian leaders envisioned as a Silicon Valley in the East, drew on a March 2012 story by Ingrid Lunden at TechCrunch. This chapter also benefited from an October 2010 story in the
New
York
Times
, “E-Mail Spam Falls after Russian Crackdown.”
A section explaining the likely reason that Russian police raided the Rx-Promotion party alludes to a series of police raids on Moscow gambling dens, which were documented colorfully in February 2011 articles in Russian news outlets Svobodanews, RIA Novosti, and
Rossiyskaya
Gazeta
(rg.ru).
In the beginning of my interview with Vrublevsky, he makes an indirect reference to Said Amirov, the four-time mayor of the capitol city of Dagestan. For background on Amirov’s arrest and ongoing trial for alleged weapons trafficking, I relied on stories in the
Moscow
Times
and Business FM Radio.
Information about the percentage of email that was spam in the latter half of 2013 comes from statistics published by Kaspersky Lab, in a November 2013 posting on its securelist.com blog. The story about the attack on Blue Security draws on my reporting of the incident at the
Washington
Post
. A section on the March 2013 attacks on Spamhaus references
New
York
Times
stories in March and April about Sven Olaf Kamphuis.
A March 2013 story in the
Milwaukee
Journal
Sentinel
was the source of information about the guilty plea deal of convicted spammer Oleg Nikolaenko. Other references to botnet and spammer takedowns in this chapter draw on my own reporting published about these events at
KrebsOnSecurity.com
.
The beginning of this chapter includes information from a September 2013
New
York
Times
article on Igor A. Artimovich, “Online Attack Leads to Peek into Spam Den.” Russian news outlets Vedemosti,
Novaya Gazeta
, and RIA Novosti were indispensable for their accounts of Vrublevsky’s convoluted trial.
According to multiple Russian news outlets, Maksim Permyakov was the only one of the four charged in connection with Vrublevsky’s trial who admitted his role in the scheme, which was hiring the Artimovich brothers at Vrublevsky’s request to launch a DDoS attack against Assist (a company that was competing directly with Vrublevsky’s firm for a lucrative credit card processing contract with Russia’s largest airline).
©
KRISTOF CLERIX
Brian Krebs is the editor of
KrebsOnSecurity.com
, a daily blog dedicated to in-depth cybersecurity news and investigation. For the third year running,
KrebsOnSecurity.com
was voted the Blog That Best Represents the Security Industry by judges at the 2013 RSA Conference, the world’s largest computer security gathering. KrebsOnSecurity also won the Most Educational Security Blog award in 2013 and 2014, and in 2013 Krebs was presented with the Security Bloggers Hall of Fame award, alongside security expert Bruce Schneier.
From 1995 to 2009, Krebs was a reporter for the
Washington
Post
, where he covered Internet security, technology policy, cybercrime, and privacy issues for the newspaper and the website. His stories and investigations have also appeared in
Popular
Mechanics
, Wired.com, the
Guardian
, the
Sydney
Morning
Herald
, and many other publications. Krebs is a 1994 graduate of George Mason University, where he earned a bachelor of arts in international relations.