Chapter 1
PARASITE

The navy blue BMW 760 nosed up to the crosswalk at a traffic light in downtown Moscow. A black Porsche Cayenne pulled alongside. It was 2:00 p.m., Sunday, September 2, 2007, and the normally congested streets adjacent to the storied Sukharevskaya Square were devoid of traffic, apart from the tourists and locals strolling the broad sidewalks on either side of the boulevard. The afternoon sun that bathed the streets in warmth throughout the day was beginning to cast long shadows on the street from the historic buildings nearby.

The driver of the BMW, a notorious local scam artist who went by the hacker nickname "Jaks," had just become a father that day, and Jaks and his passenger had toasted the occasion with prodigious amounts of vodka. It was the perfect time and place to settle a simmering rivalry with the Porsche driver over whose ride was faster. Now each driver revved his engine in an unspoken agreement to race the short, straight distance to the big city square directly ahead.

As the signal flashed green, the squeal of rubber peeling off on concrete echoed hundreds of meters down in the main square. Bystanders turned to watch as the high-performance machines lurched from the intersection, each keeping pace with the other and accelerat­ing at breakneck speed.

Roaring past the midpoint of the race at more than 200 kilometers per hour, Jaks suddenly lost control, clipping the Porsche and careen­ing into a huge metal lamp post. In an instant, the competition was over, with neither car the winner. The BMW was sliced in two, the Porsche a smoldering, crumpled wreck close by. The drivers of both cars crawled and limped away from the scene, but the BMW's passenger-a promising twenty-three-year-old Internet entrepreneur named Nikolai McColo-was killed instantly, his almost headless body pinned under the luxury car.

"Kolya," as McColo was known to friends, was a minor celebrity in the cybercriminal underground, the youngest employee of a family-owned Internet hosting business that bore his nickname-McColo Corp. At a time when law-enforcement agencies worldwide were just waking up to the financial and organizational threats from organized cybercrime, McColo Corp. had earned a reputation as a ground zero for it: a place where cybercrooks could reliably set up shop with little worry that their online investments and schemes would be discovered or jeopardized by foreign law-enforcement investigators.

At the time of Kolya's death, his family's hosting provider was home base for the largest businesses on the planet engaged in pumping out junk email or "spam" via robot networks. Called "botnets" for short, these networks are collections of personal computers that have been hacked and seeded with malicious software-or "malware"-that lets the attackers control the systems from afar. Usually, the owners of these computers have no idea their machines have been taken hostage.

Nearly all of the botnets controlled from McColo were built to blast out the unsolicited junk spam advertisements that flood our inboxes and spam filters every day. But the servers at McColo weren't generating and pumping spam themselves; that would attract too much attention from Internet vigilantes and Western law-enforcement agencies. Instead, they were merely used by the botmaster businesses to manipulate millions of PCs scattered around the globe into becoming spam-spewing zombies.

By the time paramedics had cleared the area of Kolya's accident, gruesome images of the carnage were already being uploaded to secre­tive Russian Internet forums frequented by McColo's friends and business clients.... This was a major event in the cybercrime underworld.

Days later, the motley crew of Moscow-based spammers would gather to pay their last respects at his service. The ceremony was held at the same church where Kolya had been baptized less than twenty-three years earlier. Among those in attendance were Igor "Desp" Gusev and Dmitry "SaintD" Stupin, coadministrators of SpamIt and GlavMed, until recently the world's largest sponsors of spam1-and two figures that will play key roles in this book.

Also at the service was Dmitry "Gugle" Nechvolod, then twenty-five years old and a hacker who was closely connected to the Cutwail botnet. Cutwail is a massive crime machine that has infected tens of millions of home computers around the globe and secretly seized control over them for sending spam. To this day, Cutwail remains one of the largest and most active spam botnets-although it is almost undoubtedly run by many different individuals now (more on this in Chapter 7, "Meet the Spammers").

So why is it important to note these three men's presence at such a momentous event for cybercrime? Because their work (as well as Kolya's and hundreds of others) impacts every one of us every day in a strange but seriously significant way: spam email.

Indeed, spam email has become the primary impetus for the devel­opment of malicious software-programs that strike computers like yours and mine every day-and through them, target our identities, our security, our finances, families, and friends. These botnets are virtual parasites that require care and constant feeding to stay one step ahead of antivirus tools and security firms who work to dismantle the networks.

This technological arms race requires the development, production, and distribution of ever-stealthier malware that can evade constantly changing antivirus and anti-spam defenses. Therefore, the hackers at the throttle of these massive botnets also use spam as a form of self-preservation. The same botnets that spew plain old spam typically are used to distribute junk email containing new versions of the malware that helps spread the contagion. In addition, spammers often reinvest their earnings from spamming people in building better, stronger, and sneakier malicious software that can bypass antivirus and anti-spam software and firewalls. The spam ecosystem is a constantly evolving technological and sociological crime machine that feeds on itself.

Given the increasing menace of spam email and related cybersecurity assaults that directly affect consumers and companies (like the major news story I broke to the media in December 2013 about the Target credit-card database breach-a cyberattack that compromised millions of Americans' financial information and forced an even greater number of us to get new credit cards), you may be wondering why governments, law-enforcement officials, and corporations aren't taking a stronger and more significant stance to stop the tidal wave of spam and cybercrime impacting us all.

Part of the reason is that many policymakers and cybercrime experts tend to dismiss spam as a nuisance problem that can be solved or at least mitigated to a manageable degree by the proper mix of technology and law enforcement. For many of the rest of us, spam has become almost the punch line of a joke, thanks to its close association with male penile-enhancement pills and erectile dysfunction medica­tions such as Viagra and Cialis. We assume that if we don't open the emails or don't purchase anything from them, we aren't affected.

Unfortunately, that attitude underscores a popular yet funda­mental miscalculation about the threat that spam poses to every one of us.