For a long time, we’ve known that spammers are spreading their filthy stuff for reasons other than boredom and curiosity. They’re not in it because their doctors told them to get out and bother people 24/7. No, they’re in it for the money. And we’ve known that there’s lots of money to be had. But up until now, much of the theory of spam – the people behind it, and how the spammers make money – has been largely speculation with relatively little empirical evidence from which to draw useful data. Now, however, we’ve got a glimpse into the dark, sleazy world of spam, as well as a spambot that’s been the talk of the security community for a while now, and it’s all thanks to a cyber attack.
In Russia, there’s a fairly nondescript man who lives with his wife in a three bedroom apartment in St. Petersburg. Flying under the radar for the most part, the man surfed the chat rooms using the handle Engel, and beyond that, not much was known about this individual. But a court trial this summer has uncovered some revealing facts about the man known as Engel, and it’s opened up a whole can of worms that is the world of email spam.
Engel, whose real name is Igor A. Artimovich, lived a pleasant existence, according to The New York Times, but everything changed when Artimovich and three of his associates were linked to perhaps the most pernicious spambot known to the technical community, Festi. Responsible at times for up to one third of the world’s spam messages, Festi was known as Topol-Mailer in Russia, a tip of the hat to the Topol-M ballistic missile, and the acknowledgement is appropriate. Along with the most notorious of spambots, Cutwail, Festi had researchers pulling their hair out for a while now.
According to the NYT, the court ruling in Moscow “provided a peek into the shrouded world of the Viagra-spam industry, a multimillion-dollar illegal enterprise with tentacles stretching from Russia to India.” The prosecutors in the case said that Artimovich was one of two programmers who controlled Festi, and the group “included a former signals intelligence officer in the Federal Security Service, or F.S.B., the successor agency to the K.G.B.”
The technical details and the business model are well-known, of course, and always have been. Computers are infected, unbeknownst to the users, and the little soldiers march on in a massive mailfest that pushes out all sorts of goods and services, including the founder of the feast, Viagra. But now we have a glimpse at the characters behind the drama, and the cyberattack that got them noticed. The court didn’t specifically convict these criminals for their spamming habits, but rather a distributed denial of service (DDoS) attack on Aeroflot in 2010, the crime for which these criminals were pinched, but Festi was actually used last year to “crash opposition Web sites during the presidential election,” according to the NYT. “The Festi network was the tool of choice in a prominent denial of service attack on LiveJournal, one of the blog-hosting services used by the Russian dissident and blogger Aleksei Navalny, according to Hacker, a Russian magazine focused on cybersecurity issues.”
The four men identified in the case were “Pavel Vrublevsky, the owner of an online payment settlement business called ChronoPay, who for years has denied accusations of ties to Viagra spam schemes; Maksim Permakov, an employee of Mr. Vrublevsky and a former F.S.B. agent; Igor Artimovich, a former employee of Sun Microsystems in Russia; and his brother Dmitry Artimovich, a freelance programmer.” Prosecutors charge that Amitrovich was the principal architect of Festi, and that he was paid by a firm called ChronoPay to crash Aeroflot’s site because ChronoPay was displeased that they lost a tender with the airline. Of course, all the players deny their guilt, but at this point the case seems like a slamdunk for the Russian government.
The business model itself is fairly straightforward. Professor Stefan Savage of the University of California at San Diego, conducted research on Festi by partaking in its offers, and purchasing Viagra through the infamous Canadian Pharmacy site, which of course, was located in Russia. Gas chromatography and mass spectrometry of the little pills uncovered a drug that was “close enough chemically to real Viagra that they most likely functioned safely, and as intended,” states the NYT article. According to Dr. Savage, sales of the pill, manufactured in India, comprised about one-fifth of the $300 million in sales of fake online drugs.