Oregon Public Broadcasting

We’ve all received email spam that was either annoying, totally gross, or a healthy combination of both.  In fact, a recent study found Oregonians rank third in the nation in terms of the sheer volume of spam we receive. 

And while you might never consider buying anything you were told about via spam, other people aren’t so careful.  In fact, spam generates millions of dollars a year.

And as Pete Springer found, much of that money goes to organized crime in Russia.

The main computer servers at Portland State University are housed behind security doors in a climate controlled room.

But that’s not what keeps out the Russian mobsters.

Craig Schiller “You know, in the old days, we used to talk about a virus.  And a computer got infected.”

Craig Schiller is the chief information security officer for PSU.

Craig Schiller: “And even the ones that spread very quickly, you know the ‘I love you’ virus, the ‘melissa’ virus, and what not, they spread very quickly and that was part of their intent as the author wanted to gain fame and recognition.  These guys don’t want fame and recognition.”

The guys Schiller mentions are generally not hackers.  They’re part of organized crime networks mostly based in St. Petersburg, Russia.

This information surfaced publicly in an investigative series by the Washington Post earlier this year.

Craig Schiller: “You have a worldwide media and you have the funding of organized crime to really turn this into big business instead of just a small onesy and twosy operation.”

Schiller says the current spam campaigns are so elaborate they were likely planned out and developed by experts following an elaborate business model. 

In fact, one of the most prolific cyber-crime operations is run by the Russian Business Network or RBN.

The RBN offers internet hosting and registration services.

But  it also uses what are known as bot-herders. Those control hijacked computers infected with templates that send out spam.

Schiller says it all comes down to economies of scale—around seventy thousand compromised computers can send out more than a billion messages a day.

Craig Schiller “They don’t have to be extremely efficient, they just have to pump out lots and lots of emails, that’s why the spam volume is so huge.”

In other words, even if less than one-percent of that spam generates some revenue, the mobsters make money.  Not bad for a completely automated, and virtually untraceable, operation.

But people don’t really fall for the offers in spam, do they?

Again, it’s economies of scale.  Schiller manages over thirty thousand email accounts at PSU. 

A couple times a year, those accounts get a blast of spam that looks like it’s from PSU, but it’s not.

Craig Schiller “Our users will look at it and say, ‘Oh, the help desk team here wants my password so here it is’.  And they send thousands, we get half a dozen or so -- everytime -- that will give up the user ID and password, that’s all it takes.”

Once a computer is compromised like this, it starts sending out its own spam, usually without the owner knowing.

Another popular spam is a variation on the Nigerian letter scam.

Someone will place a “roommate wanted” ad on Craigslist. Someone from another country will reply and offer to send a check for more than the amount of rent.  Then they’ll then request a refund of the remaining money.

According to the state Attorney General’s office, more than eight hundred people in Oregon fell victim last year to a variation of this scheme.

Jan Margosian is with the state Attorney General's office.

Jan Margosian: “If you wire money, it is gone if you don’t have somebody at the other end with the magic code, it is gone.  Law enforcement cannot find that money for you.”

In fact, there were zero prosecutions last year in Oregon for this crime.

But Margosian says prevention is easy.

Jan Margosian: “Most of the time, you just delete, delete, delete, delete.  And if you don’t know exactly what it is, you delete it.”

Okay, so if you delete spam and don’t give out personal information on the web, you don’t have to worry, right?

Not necessarily, says PSU’s Craig Schiller.

Another internet scheme involves storing stolen intellectual property -- like  movies, music -- on an unsuspecting computer.

Craig Schiller: “They hide underneath the recycle bin and use a virtual FTP server so that the bad guys can retrieve it from wherever it is in the world without the person who is downloading it knowing where it’s coming from.”

Schiller  recommends keeping your anti-virus software subscription up to date, updating your computer with security patches as soon as they are available, and using email filtering programs.

But even those measures may not protect you from the future of spam.

That’s likely to target cell phones, instant messages and online gaming consoles.