The frozen Moscow River crunched and groaned as it churned beneath the twin engines propelling our sleek, modern icebreaker cruise ship at a steady clip. On the far shore, the formidable and beautiful edifice of the Kremlin towered over the frosted black water. An open door behind me flooded the bracing night air with the cacophony of pulsing Russian pop music, clinking glasses, and the din of flatware on plates.
February is hardly the warmest month for a trip to Russia, but a press tour invitation in 2011 from Russian security firm Kaspersky Lab proved too timely to pass up. I wanted to surprise Vrublevsky—and I wasn't sure he'd be a free man much longer—so I jumped at the invitation.
I'd been studying the Russian language and culture—and its seedy underbelly of cybercrime—for more than five years, and visiting the country had long been a dream of mine. But I let few people know that I was going to visit and told no one my real reason for making the trip: to meet Pavel Vrublevsky in Moscow, and tentatively Igor Gusev on a side trip to Europe (which I never followed through with). I had an idea at the time that their feud would make an interesting story, and I was anxious to meet each man face to face.
I had wanted to meet the infamous cybercrooks then because I believed this might be my one chance to interview them in person without prison guards present. I was preparing to run a series of articles documenting the Pharma Wars between Gusev and Vrublevsky, because between the two of them, they were responsible for probably 75 percent of the spam on the planet. I was certain neither man would want to talk to me much after that series started.
"Brian! Come, the performance is starting," bellowed a broadly grinning and waving Eugene Kaspersky, barely audible over the ship's powerful turbines and the crackling river ice. Following him through the door leading from the stern of the boat into the main hall, I nearly crashed into a troupe of young men in baby blue jumpsuits turning cartwheels and performing a traditional Russian folk dance on the wooden dance floor between the bar and the dinner tables.
The icebreaker cruise with Kaspersky took place the day before I was to depart from Moscow. After dinner was served, Kaspersky and I each enjoyed glasses of ice cold Russian vodka, and he began telling me about his cryptography work for a former Soviet institute in the 1980s that was sponsored by the Russian Ministry of Defense and the KGB (then the Russian equivalent of the U.S. Federal Bureau of Investigation).
It also emerged that we both got interested in computer security after getting hacked. Eugene became obsessed with viruses after finding malware on his computer in 1991. I started learning all I could about computers and Internet security a decade later, when my home network was overrun by the "li0n worm," a contagion unleashed by a now-famous Chinese hacker that locked me out of my systems and trashed several servers.
As I watched the dancers careen from one corner of the ship to the other, my thoughts wandered back to the day I'd arrived in Moscow and immediately sought an audience with Vrublevsky. I hadn't slept a wink since my meeting with the notorious cybercrime figure, and I kept replaying the day's events in my head.
My flight to Moscow was routed through John F. Kennedy International Airport in New York, where I ran into Paul Roberts, a security journalist and analyst who had recently begun working for Kaspersky. Roberts was joining the press tour as well.
I had never been to Russia, but as we approached Sheremetyevo International Airport, I could see that Moscow was up to that point exactly how I'd pictured it: overcast, cold, snowy, and windy.
Waiting for the plane to touch down, I was suddenly struck by how little I had actually done to prepare for my trip, and for the first time, I was a bit scared. Prior to my departure, a family member who'd been in the foreign service had given me some unsolicited advice on ways to ensure my safety while in Moscow. Much of his wisdom was common sense, such as "arrange all meetings in public spaces," "travel nowhere alone," and "avoid getting into cars with unfamiliar people." Nevertheless, I was stunned at how soon after arriving in Moscow I would be forced to ignore all of that advice.
Roberts and I were supposed to have a car waiting at the airport to take us to our hotel, but high winds had delayed the departure of our flight from New York. When we arrived in Russia, the hired car was nowhere to be found.
As we stepped out of the main terminal and onto the slushy sidewalk, we were immediately pegged as Americans and accosted by perhaps a half-dozen men offering us "cheap" cab rides from the airport. Unfortunately, our hotel was about thirty kilometers from the airport, and the trip would be anything but cheap.
Very soon after we walked out of the terminal, I began to feel queasy, enough so that I thought for sure I was going to lose my breakfast all over the cabbies who were constantly in my face and having trouble taking "no" for an answer. I retreated to a snow-covered metal bench to catch my breath and steady myself. The cabbies seemed to sense that they might regret getting too close and mercifully left me alone for a couple of minutes. Presently, Roberts ambled in my direction after scouting the length of the airport curb for any signs of our prearranged pickup.
"I'm not really crazy about the idea either, but it looks like we may have to hire one of these guys," he said, squinting through the driving snowfall.
Five minutes later, we were crammed into the back of a black, compact Russian-made automobile, racing through the soggy streets and swerving around the slower traffic crowding onto Leningradskoye Shosse, the main highway from the airport into central Moscow. I took this opportunity to try out my prepaid wireless Internet service. Because I rarely use unsecured public Wi-Fi and was even less interested in doing so in Moscow, I wanted to avoid being at the mercy of coffee shop or hotel wireless services while in Moscow. So I had arranged to purchase Internet access in advance via a company called XCom Global. The company's service will ship you a USB dongle just prior to your departure, which in theory should allow you to have 3G wireless Internet access more or less anywhere in the city of your choosing.
As I plugged the dongle into my Macbook in the back of the cab, however, I was dismayed to find that it was impossible to keep a signal for more than a few seconds at a time. I thought perhaps this was because we were hurtling down the highway at 120 kilometers per hour, but I later found the service was just as unreliable when seated at a coffee shop near our hotel smack in the middle of downtown Moscow. What few plans I had made in advance of my trip were rapidly falling apart.
Forty-five minutes and the equivalent of $170 later, Roberts and I exited the cab and checked in to the Marriott Grand Hotel on Tverskaya Street, the broad commercial thoroughfare that runs from Red Square through central Moscow. At the front desk, an attractive young woman behind the counter requested my passport. When I produced the passport, she took it, curtly told me I could come by and pick it up later in the day, and then disappeared into a back office.
I didn't much care for the idea of relinquishing my passport, but I also didn't have many other options. My unease soon turned to dread. I had been there all of five hours when I was alarmed by a Google news alert that I'd set up to monitor Internet postings that featured my name. The alert linked to a brief message posted to the Russian blogging service LiveJournal that broadcast my precise location. The posting read: "American cybersecurity blogger Brian Krebs is now in Russia, staying at the Moscow Marriott Grand."
From Spam Nation: The Inside Story of Organized Cybercrime—from Global Epidemic to Your Front Door by Brian Krebs. Copyright 2014 by Brian Krebs. Excerpted by permission of Sourcebooks.