Twenty years ago, investigating the origins and business model of spam was mostly harmless: you made a few phone calls to Sanford Wallace (a.k.a. the "Spam King") in Pennsylvania and marvelled at the thought that people actually responded to ads for penis pills, weight-loss assistants, and 409 scams.
Toss in some thoughts about legislation and greater technical activism by ISPs (and a few quotes from libertarians who believed any interference with their mail feed was an outrageous intrusion on freedom of speech), and you were done.
In 2005, for his book Spam Kings, author Brian McWilliams had to do a good bit more work to investigate several spammers' careers, to understand how lucrative the business really was. He wound up showing that the people trying to stop spam were as obsessive as the spammers themselves.
But he didn't have to visit Russia or put his personal safety in danger. Cue Brian Krebs, who did both in writing Spam Nation: The Inside Story of Organized Cybercrime - From Global Epidemic to Your Front Door.
The penis pill ads look the same, but behind the scenes the actors have changed. Now, instead of antisocial idiots they are criminals who rent botnets, have adapted to social media, and leverage stolen personal information. Today's spam is highly crafted, served up by top specialists in fields such as email address harvesting and botnet programming.
Krebs, who spent 14 years at the The Washington Post, finds himself breaking all his own security and safety rules while chasing feuding interviewees in Russia. Anything for the story - including cold-calling pharma spam customers appearing in a hacked database that falls into Krebs' hands.
And it's not a small story. In Spam Nation, Krebs tells the tale of the 'Pharma wars', in which duelling Russian spam kings squabble over territory, hack each other's systems, and pay police to investigate each other.
The even larger story is the economic conditions that fuel all this. Who clicks on these ads? To a large extent, it's Americans, driven by the wildly expensive cost of prescription drugs in the US. As Krebs outlines, the results are a crapshoot: most of the time you'll get the real drug you ordered, packaged and sent by a subcontracted Indian or Chinese supplier. Other times you get filler, if you're lucky. If you're unlucky, you get poison.
Krebs concludes with an account of ongoing research by Stefan Savage and others into the workings of the spam ecosystem. As in many professions, a few very capable spammers at the top make a lot of money, but most struggle to show a profit.
The story and characters are certainly good enough for a Hollywood thriller, and the book - except, unfortunately, for the first chapter - recounts it clearly enough.
If you don't need to read it to understand the state of the criminal underground circa 2014, read it for entertainment. And then marvel at all the myriad people whose work went into creating the Cialis ad you carelessly delete from your inbox the second it arrives.
Read more about spam
- Bah humbug: Stop sending Seasons Greetings spam
- Botnets in 2014: ZeuS surge, lax policies place Web users at risk
- ITU, Internet Society sign deal to fight spam