Getty Images

The following is a modified excerpt from CNBC cybersecurity reporter Kate Fazzini's "Kingdom of Lies: Unnerving Adventures in the World of Cybercrime," which is now available wherever books are sold. Bo Chou, now working somewhere else in Asia, says he feels like his past life was boring. He's had no interest, he says, in regaling people with tales of his time as a hacker for China's People's Liberation Army. (Some names, locations and personal details have been changed to protect confidential sources.) The rare few people who actually do know this about him press him for information, but he doesn't budge. It's not just because it's supposed to be secretive. It is. It's because it was boring, utilitarian, cog-in-a-wheel stuff. Now the Russians, that's what Bo wants to talk about. He was always more interested in the Russians, he says, because they are flashier. After his work in the Army, it was Russian hackers he looked to for inspiration. Bad boys.

Tupac and camp

Bo remembers back around 2012, he started following the exploits of a well-known "carder," Valery Romanov. Carders are criminals who steal credit card numbers from those breaches against major retailers that you've heard of. The carder then sells the information on the dark web or uses the number to purchase easy-to-sell commodities like mobile phones, tires or gift cards, which they can convert to cash. The carders are flashy and not averse to posting their success on social media. They post selfies with stacks of cash or next to fancy cars. Valery Romanov poses in one next to a cash counting machine, and throws up a gang sign with his free hand. He posts memes featuring Tupac Shakur lyrics. It's pure camp. Bo is jealous. Valery is fun and ultra-capitalist with a persona much bigger than anyone working in a Chinese hack farm could ever dream of. Bo doesn't want to emulate him. Just enjoy the show. He gets interested in rap music because of Romanov. Then Romanov disappears. Captured on some island by the American FBI. Bo, living in the business center suburbs of Shanghai, gets a job at one of the hotels there, as a doorman. He misses being an engineer. He misses the excitement of his dark web friends. The hotel is exciting, welcoming expats from all over the world for convention after convention after convention. Home improvement, medical devices, housewares, computers, financial firms, non-profits and NGOs. He decides to enter the gig economy. Get a side hustle.

Perfect targets, perfect data

Bo loves data. He's good at data. He likes combing through it, making sense of it. The visitors to the hotel are perfect targets, with perfect data. He uses a commonly available type of malware that can help him get as much information on a company as quickly as possible. He delivers it through USB devices that he scatters around the convention center, making it easy for unwitting professionals to pick up and stick right into their computers, computers with all those spreadsheets and proprietary client lists. He endeavors not to do this in his own hotel. That would be too close to home, and frankly, rude, he says. Bo finds a great, cheap supplier from down south who sells him thousands of USB storage devices for around $100. Then he goes down to the area that sells lots of mass-produced tchotchkes and buys a few beautiful, polished, modern-looking silver bowls. Then Bo loads malware on each device. He creates a very professional looking sign, one that mimics whoever is sponsoring the convention in color and font, and puts the USB devices in the beautiful silver bowl. "Free USB Storage. Welcome guests!" He leaves them, surreptitiously, in the lobbies of the hotels or the convention center cafeteria or, if he can slip in, its press room, where all the media outlets take their breaks and meetings. In the early days of this scheme, convention-goers pick up the devices and use them much more frequently than they do when he tries it months and years later. Many people have learned such freebies might be risky, and Bo is fine with that. Because the ones who pick them up are enough. He isn't greedy. Once the simple malware loaded onto the USB drives is installed onto their computers, Bo grabs as many spreadsheets — just spreadsheets — as he can from their machines. The malware will probably be caught in a routine scan by some corporate technology team when the travelers get back to New York or San Francisco or London or Brisbane, but by then it will be too late. Bo will have everything he needs, including all of the emails and personal details of the individual's business contacts. He particularly likes getting business plans, budgets, future merger ideas. Then, after all this excitement, the denouement.

Big data, little marketplace