• United States




‘Spam Nation’: Brian Krebs’ must-read security exposé

Jan 13, 20154 mins
CybercrimeData and Information SecuritySecurity

In 'Spam Nation,' Brian Krebs explains the inner workings of the world's largest cyber crime operations, with rare courage and scrupulous reporting

Award-winning cyber crime author Brian Krebs has always written well-researched and engaging stories. His best-selling first book “Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door” cranks the shocking reality of spam-related cyber crime to 11. 

I’ve been a fan of Brian Krebs since his previous professional life at the Washington Post. Early on, Brian established himself as a leading authority on computer crime, displaying an innate need to discover and report the evidence. He has unparalleled access to sources throughout the world, including law enforcement and the cyber crooks he writes about and helps takes down. No journalist has been as personally involved in catching the people that slow down the world’s computers and fill them with malware.

Krebs is probably the most hated person in the world by spammers and online con artists. His website has been attacked so many times by massive DDoS attacks that he doesn’t blink an eye. They’ve physically attacked him and tried to ruin his life more than once. They’ve sent teams of SWAT police to his house after calling in a bogus hostage situation. They’ve sent him illegal drugs and fake currency, then tipped off the authorities to those packages arriving on his doorstep. Still, he prevails — and we are the better for it. 

“Spam Nation” begins by explaining that Krebs’ departure from the Washington Post was due to his continued, detailed unmasking of the world’s leading cyber criminals. His success created legal concerns that slowed him down and threatened to neuter his own reporting. Management asked him to stop, but he couldn’t. Krebs realized he could be far more hard hitting by striking out on his own.

When Krebs was first let go by the Washington Post, hackers celebrated. They shouldn’t have. His exit from the Post unleashed a lion.

“Spam Nation” gives you an inside look at the world’s leading, nearly untouchable spam conglomerate. You want to know how much spammers make today? Read his book. Want to know how many people buy the products advertised by spammers and why? It’s all in “Spam Nation,” along with the real reasons why we can’t stop the perpetrators.

With nearly three decades of experience in the same field, I should have been prepared for what I read, but I was shocked to my core by some of the biggest revelations. When you learn who is guarding the henhouse and why the world’s largest companies don’t want you know about the hackers, it’s hard to not be stunned and angry.

Brian follows the money and determines why many companies you’d think would have a vested interest in stopping spammers don’t do their best. Those who fight the good fight are stymied at every turn, including by the powers that be. I thought regular politics was bad.

One of the best measures of Krebs’ overall success is a new phase coined by his followers: the “Krebs cycle.” Krebs often knows about many of the world’s biggest data breaches days before the victims do; the Krebs cycle is the length of time between when Brian tells the world about the latest hack and when the victimized company publicly admits to it.

“Spam Nation” is both a fun and scrupulously researched read. Krebs gives names, dates, and places, checking the facts behind each assertion using multiple sources. He takes you on a journey through the streets of Russia and into leading universities that research and fight cyber crime. You meet new heroes and put names to the villains who have cost the world tens of billions of dollars in wasted time and expense.

Krebs lends continuity to what I thought were unconnected dots. His description of what happened to the notorious Russian Business Network, for example, makes particularly compelling reading. Moreover, I think you’ll be as stunned as I was to learn which politicians and political offices are on the spammers’ payroll. Throughout, these tales are told in lively prose that refuses to rely on jargon, so you can easily cite the book to explain to family and friends why cyber crime is so hard to stop. 

I know this book review is essentially a Brian Krebs love fest. Sorry, I can’t help myself. As a security pro, it’s my occupation to find flaws, but I can’t find one in this book. At a time when courageous journalists around the world are under threat, investigative journalism of this quality and boldness deserves to be rewarded.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author