駭客服務業

Anyone who doubts that internet commerce faces serious threats from online criminals should consider this: Criminal hacking has spawned a full-blown service economy– one that supports growing legions of relatively lower-skilled but fulsomely larcenous hackers.

In the past year, entrepreneurs, many of them based in Russia, have begun to create criminal hacking enterprises aimed not at stealing but at providing services to help others steal. Business has quickly taken off. Per unit of risk – of apprehension, prosecution, and incarceration – enabling online crime pays better than perpetrating it directly. Criminal services entrepreneurs are netting millions of dollars a month. Some experts estimate that, all told, they earned $1.5 billion in 2007.

網路交易是否面臨線上罪犯的嚴重威脅？如果你還不確定，不妨看看這個事實：駭客犯罪已然孕育出一種成熟的服務業，為愈來愈多有志當駭客、但技術不夠好的人提供支援。

過去這一年來設立的駭客犯罪企業，本身並不偷竊，而是提供服務協助他人偷竊；這類企業多以俄羅斯為基地。他們的業務量直線上升，而且被逮到、起訴與監禁的風險相對較低，因此報酬率優於直接犯罪。有些犯罪服務業者每月淨賺數百萬美元，據一些專家估計，2007年他們總共賺了15億美元。

Last year, two Russians created a subscriptionbased identity theft service. Rather than steal personal credentials themselves, the two hacked into PCs and then charged clients $1, 000 per compromised machine for 30 days of unfettered access.

The clients are betting that during the 30-day period（ one billing cycle） victims will bank or otherwise submit personal data online.

去年有兩名俄羅斯人以接受客戶訂閱的方式，提供竊取身分的服務。他們並不是偷取個人證件，而是入侵個人電腦，供客戶無限制進入，每部電腦三十天收費1000美元。這些客戶打的如意算盤是，被害人在三十天內（一個收費週期）應會利用電腦與銀行往來，或是線上輸入個人資料。

To offer their subscription service, the hackers contracted with yet another service provider to obtain a sophisticated distribution system for the illicit code, called a bot, that they would use to infect the PCs. That distributor enticed website owners to hide its bot on their sites by promising weekly payments based on the volume of traffic, much the way newspapers are paid by advertisers according to the number of visitors to their websites. Other service businesses aggregate large networks of compromised computers, called botnets, and rent out portions of their networks for whatever task the client has,perhaps to distribute spam, disable a competitor’s website, or infiltrate a firm’s network in order to steal intellectual property.

為提供這項訂閱服務，駭客還與另一種服務提供者合作，透過後者提供的複雜系統來傳輸非法程式，稱為傀儡程式（bot），透過這個程式來入侵個人電腦。

傳輸服務提供者慫恿網站主人把傀儡程式藏在網站上，承諾每週按瀏覽人數付款，就像廣告主根據造訪公司網站人數支付報紙廣告費。另一些服務業者匯集一大群遭駭客侵入的電腦網路，就是所謂的傀儡網路（ botnets），並把部分網路出租給客戶，供他們任意使用，像是寄發垃圾郵件、癱瘓競爭對手的網站，或是滲透到某些公司的網路以竊取智慧財產。

As with any service business, customers wil ling to pay ex tra can obtain premium offerings. The two hackers behind the subscription service will “clean up” your data – get rid of low-value information and genera te helpful reports item izi ng what you’ve stolen. The botnet rental operations offer anc- illary consulting to maximize the effectiveness of your attack,some guarantee specifi ed service levels or your money back.

和其他服務業一樣，願意多付錢的顧客可獲得超值服務。例如，那兩名提供訂閱服務的駭客會「清理」顧客的資料，也就是刪除沒價值的資訊，並提供對顧客有用的報告，上面會逐項列出顧客竊取到的資料。傀儡網路租用業務也提供額外諮詢，讓你的攻擊能收到最大成效；有些則保證一定的服務水準，否則可以退費。

The biggest factor driving the emergence of this new service economy is the obvious one: an explosion of online banking and shopping, coupled with consumers’ increasing willingness to disclose personal information over the internet. For those with the technical skills, opportunities for exploitation are richer than ever before.

But something else is happening, too. Those gifted hackers are now enabling the far larger market of wannabes whose deficient skills would otherwise shut them out of the cybercriminal enterprise system.

By creating services for those people, hackers can generate huge profits without actually committing fraud. Gold prospectors may or may not strike it rich, but folks selling pans and pickaxes make a heck of a living either way.

促使這種新型服務業出現的最主要因素，其實相當明顯：網路銀行與網路購物的交易暴增，而且消費者也愈來愈願意在網路上透露個人資料。對某些網路高手來說，可乘之機比先前大增。

不過，另外還有一個現象值得注意。在駭客高手的支援下，眾多有心從事網路犯罪卻技術不夠者，現在實力大增。駭客為這些人提供服務，不必親身涉險即可獲取暴利。淘金客未必個個發財，但販賣淘金工具的商人鐵定荷包滿滿。

What surprises some experts about this new service economy is just how innovative and vibrant it has become. The hackers code at a PhD level. Their solutions to problems are creative and effi cient. They respond to market conditions with agility. Their focus on customer service is intense. If this loose collective of criminal hackers were a company, it would be a celebrated case study of success.

Cybercrime services are so sophisticated and powerful that they make one pine for the days of simple website defacements and e-mail viruses with cute embedded messages. The new breed don’t just disrupt business, they threaten it by frightening customers and undermining commercial confi dence. As the victims of online crime pile up, more and more of them will look for someone to hold responsible.

And it won’t be the hackers, it will be the brands that customers trusted to protect them.

這一新興服務業的創新與活力，連專家都感到驚訝。駭客撰寫的程式碼是博士級水準，問題的解決方案既富創意又有效率，加上對市場狀況反應靈活，也極為注重客戶服務。如果這個由不法駭客組成的鬆散集合體是一家公司，必然是極具研究價值的成功個案。網路犯罪服務如此複雜又威力十足，不禁令人懷念起過去簡單的網站破壞技倆與電子郵件病毒，裡面通常附有可愛的訊息。這類新型犯罪不僅干擾企業經營，甚至威脅到企業的生存，因為會驚嚇到顧客，讓人們對電子商務失去信心。隨著網路犯罪日益猖獗，會有愈來愈多受害者想找出該為此負責的人，只不過他們的矛頭不會指向駭客，而是他們原本相信能保護顧客權益的企業。