Online Attack Leads to Peek Into Russian Den of Spam
揭露俄國垃圾郵件巢穴真面目
By Andrew E. Kramer

MOSCOW – For years, Igor A. Artimovich had been living in a three-room apartment he shared with his wife in St. Petersburg, sitting for long hours in front of his Lenovo laptop in his pajamas, drinking sugary coffee.
許多年來，阿迪莫維茨一直與妻子住在聖彼得堡市一個有三個房間的公寓裡，經常穿著睡衣長時間坐在他的聯想牌筆記型電腦前，喝著加了糖的咖啡。

If he were known at all to Western security analysts who track the origins of spam, and in particular the ubiquitous subset of spam e-mails that promote male sexual enhancement products, it was only by the handle he used in Russian chat rooms, Engel.
對於那些追蹤垃圾郵件，尤其是無所不在的各種男性壯陽產品宣傳郵件的西方安全分析師而言，就算他們知道有阿迪莫維茨這麼個人物存在，他們知道的也不是他的本名，而是他在俄羅斯各聊天室裡用的Engel這個名號。

His pleasant existence changed this summer when a court in Moscow linked Mr. Artimovich and three others with one of the world’s most prolific spambots, or illegal networks of virus-infected computers that send spam.
今年夏天，莫斯科一所法院裁決，阿迪莫維茨與另外三人與操作寄件量舉世數一數二的垃圾郵件程式（spambot）有關，也就是藉由許多被病毒入侵的電腦所共同構成的非法網絡去發送垃圾郵件。（編按：垃圾郵件程式spambot是一種自動抓取網頁中郵件地址的程式，會抓取符合郵件地址規範的郵件地址，並瘋狂發送垃圾郵件）。阿迪莫維茨的愜意生活從此改變。

The ruling provided a peek into the shrouded world of the Viagra-spam industry, a multimillion-dollar illegal enterprise stretching from Russia to India. The court put names and faces to a shadowy global network of infected computers known outside Russia as Festi and inside the country as Topol-Mailer, named after an intercontinental ballistic missile, the Topol-M. It was powerful enough to generate, at times, up to a third of all spam e-mail messages circulating globally.
此一裁決使外界得以窺見所謂威而鋼垃圾郵件產業的世界。這種涉及數百上千萬美元的非法行當遍及俄國以至印度等地區。在俄國以外的地區，這種由被入侵電腦共同構成的暗處全球網絡名為Festi，在俄國則名為托波爾寄件程式（以俄國洲際彈道飛彈托波爾-M為名）。它的威力大到可以製造全球流通垃圾郵件訊息的三分之一。

Prosecutors say Mr. Artimovich was one of two principal programmers who controlled the network in a group that included a former signals intelligence officer in the Federal Security Service, or F.S.B., the successor agency to the K.G.B.
檢方表示，阿迪莫維茨與另一名首要的程式設計好手控制這個網絡，其他同謀還包括俄國聯邦安全局（FSB）的一名前信號情報官。FSB的前身是國家安全委員會（KGB）。

Once they control the virus-infected computers, they use software embedded on home and business computers to send spam. The owner of an infected computer usually does not know the PC has been compromised.
一旦控制遭病毒入侵的電腦，他們就會透過植入居家與企業電腦的軟體發出垃圾郵件。而個人電腦如果遭到病毒入侵，電腦的所有人通常渾然不知。

More often than not, those infected computers are in India, Brazil and other developing countries where users cannot afford virus protection. But the high-end programming of viruses often takes place in Russia.
這些被病毒入侵的電腦往往集中於使用者負擔不起病毒隔絕措施的印度、巴西與其他開發中國家。不過，高檔的病毒程式設計通常發生在俄國。

A Court in Moscow convicted two people of designing and controlling the Festi botnet, and two others of paying for its services, but none of them specifically of distributing spam. Instead, the court convicted the group of using the Festi network in 2010 to turn thousands of browsers simultaneously to the Web page of the online payment system of Aeroflot, the Russian national airline, crashing it in what is known as a distributed denial of service attack.
莫斯科法院裁定二名嫌犯設計並控制Festi，另外二名被告付費購買它的服務罪名成立，但未明確地將他們之中任何一人定以散發垃圾郵件之罪。法官說，被告2010年利用Festi網絡，同步將數千個瀏覽器轉到俄國國營航空公司的網路付費系統網頁，進而使它癱瘓，形成所謂的分散式阻絕服務攻擊。

The spambot problem has vexed Western law enforcement officials, who complain the Russians ignore losses to global businesses that pay about $6 billion annually for spam filters, and to companies like Pfizer for sales lost to counterfeit pills.
垃圾郵件程式的問題使西方國家的執法官員極為煩惱。他們聲稱，全球大小企業每年大約得花上60億美元來屏擋過濾垃圾郵件，輝瑞藥廠等企業則因假藥氾濫而蒙受損失，俄國當局對此卻都視而不見。

Why Russian authorities allowed Festi to function for years is unclear, but it was used last year inside Russia to crash opposition Web sites during the presidential election. The Festi network was the tool of choice in a prominent denial of service attack on LiveJournal, one of the blog-hosting services used by the Russian dissident and blogger Aleksei Navalny, according to Hacker, a Russian cybersecurity magazine.
俄國當局任由Festi逍遙多年原因不得而知。在去年的俄國總統大選期間，它曾經被用於癱瘓俄國反對派的網站。俄國異議部落客納瓦尼曾經使用LiveJournal提供的部落格服務。電腦安全雜誌「駭客」指出，Festi是駭客用於對它發起一次阻絕服務攻擊的工具。

The Russian court case singled out four men: Pavel Vrublevsky, the owner of an online payment settlement business called ChronoPay; Maksim Permakov, an employee of Mr. Vrublevsky and a former F.S.B. agent; Mr. Artimovich, a former employee of Sun Microsystems in Russia; and his brother Dmitry Artimovich, a freelance programmer.
莫斯科法院審理此案的四名嫌犯分別是，網路付費清算系統ChronoPay的經營者伏魯布雷夫斯基；曾任FSB特工的伏魯布雷夫斯基手下波馬科夫；曾在俄國昇陽公司工作的阿迪莫維茨，以及他擔任獨立程式設計師的兄弟迪米特里‧阿迪莫維茨。

All denied the charges and have said they intend to appeal the sentences, which range from two to two and a half years in prison, except for Mr. Permakov, who cooperated with investigators in exchange for a suspended sentence. But computer security experts say that spamming they have since observed suggests that either the wrong men were convicted or the controlling codes were passed to somebody else.
被告一概否認指控，同時揚言上訴。除了波馬科夫因為配合調查而換得緩刑之外，其他被告獲判的刑期介於兩年到兩年半之間。不過電腦安全專家表示，他們此後觀察到的垃圾郵件發送情況顯示，若不是法庭冤枉無辜，就是控制碼已經轉到其他人的手裡。

Prosecutors argued that Igor Artimovich designed Festi. They say the executives at ChronoPay hired him to crash the Aeroflot site because they were angry at losing a tender for Aeroflot’s business. The police say the executives asked Mr. Artimovich to settle the score.
檢方強調，Festi確是阿迪莫維茨親手設計，ChronoPay主管雇用他癱瘓俄航的網站，以洩未能標到俄航一筆標案之恨。警方說，這些主管要求阿迪莫維茨代他們算這筆帳。

In an interview, Mr. Artimovich said he was working on code under contract with ChronoPay, but for an antivirus program, not a virus. He said the police planted evidence on his laptop hard drive after his arrest.
阿迪莫維茨接受訪問時說，他當時依約為ChronoPay設計程式，但撰寫的是防毒程式而不是病毒。他又說，警方逮捕他之後，把所謂的證據植入他的筆電硬碟。

Russian authorities deny creating or turning a blind eye to botnets used to attack the Web sites of dissidents, or banks and government institutions in neighboring countries like Estonia or Georgia.
對於用以攻擊異議分子或愛沙尼亞、喬治亞等鄰國銀行、政府機構網站的殭屍電腦網路，俄國當局表示既非他們所設，亦未對此視若無睹。

But computer security exports have long been intrigued by the possibility that the Russian government has turned to so-called black hat hackers for political tasks in exchange for offering protection from prosecution. Any direct evidence has been lacking, but the Festi case adds to the circumstantial evidence.
然而電腦安全專家早就懷疑，俄國政府可能授意所謂的黑帽駭客執行政治性的攻擊任務，換取他們免於遭到起訴的保護。直接的證據始終付之闕如，然而Festi一案已提供更多的間接證據。

原文參照：
http://www.nytimes.com/2013/09/03/business/global/online-attack-leads-to-peek-into-spam-den.html

2013-09-17聯合報/G9版/UNITEDDAILYNEWS 陳世欽譯 原文參見紐時週報七版上