俄羅斯間諜利用Twitter掩護網絡入侵

Russian hackers are using Twitter as an ultra-stealthy way of concealing their intrusions into sensitive Western government computer systems — a new surveillance technique that blends cutting edge digital engineering with old-fashioned spy tradecraft.

俄羅斯黑客正把Twitter用作一種超級隱祕的方式，隱藏其入侵西方政府敏感電腦系統的行爲，這種新的監視技術將先進的數字工程技術與老式的諜報技術結合在一起。

The hackers use images uploaded to the social media site to send messages and directions to malware — or malicious software — with which they have infected target computers.

黑客利用上傳至Twitter的圖片向植入到目標電腦中的惡意程序傳遞信息和指令。

The value of using Twitter as a means to control the malware — which may direct computers to steal files or other unintended operations — is that it is virtually invisible to most detection systems, appearing instead like myriad other visits users make to the social networking site.

把Twitter用作控制這種惡意程序的方法，其好處在於，多數偵測系統幾乎無法察覺，看上去像是用戶在大量訪問這家社交網站。這種惡意軟件可能會命令電腦盜取文件或進行其他意想不到的任務。

A new report from the cyber security firm FireEye released on Wednesday identifies the new malware for the first time publicly, which it has nicknamed “Hammertoss”.

網絡安全機構FireEye週三發佈的一份最新報告首次公開確認了這種新的惡意程序，綽號爲“Hammertoss”。

FireEye says it has “high confidence” that Russian agents are behind the project.

FireEye表示，“高度懷疑”俄羅斯特工是該計劃的支持者。

“It’s really an example of how innovative and thoughtful threat groups are becoming,” said Jen Weedon, manager at FireEye’s threat intelligence group. “They are leveraging all of these credentials and services. It’s artistry. This is clearly not malware that is being built without thought.”

“這確實表明這些組織變成了多麼創新且經過精心設計的威脅，”FireEye威脅情報組織經理詹威登(Jen Weedon)表示，“他們正利用所有這些資歷和服務。這需要高超的技巧。這顯然不是沒有經過思考就建立起來的。”

For all its digital sophistication, the principles behind Hammertoss are reminiscent of the low-tech spy signals of the Cold War — chalk marks on trees or dead-letter boxes. In essence, the social media site allows Russia’s cyber warriors to communicate with their agents in plain sight and under the noses of those on the look out for unusual behaviour or communications.

儘管Hammertoss需要複雜的數字技巧，但其背後的原則讓人想起冷戰(Cold War)時期科技含量較低的間諜信號：樹上的粉筆記號或者廢棄的信箱。大體而言，Twitter使得俄羅斯網絡間諜得以在光天化日之下與他們的特工聯繫，而且就在那些監視不尋常行爲或信息交流的機構的眼皮底下。

The malware, once embedded, performs a daily check for a specific Twitter account, the unique name of which is generated on each occasion by an inbuilt secret algorithm.

一旦植入這種惡意程序，它將每日查看具體某個Twitter賬號，內置的祕密算法會每次生成獨一無二的名字。

Hammertoss’s controllers, by possessing an identical algorithm, are able to know the name of the Twitter account the malware will look for each day. If they wish to issue a command to Hammertoss, they set up the account and post a tweet.

Hammertoss的控制者通過處理同樣的算法，就能知曉這種惡意軟件將每天尋找的Twitter賬號的名字。如果他們想向Hammertoss發佈命令，他們就建立一個賬號，發佈消息。

The tweet may look innocuous, but it will contain a link to an image. The image has a secret message for Hammertoss encoded within it — another Cold War technique known as steganography.

這些消息可能看上去毫無惡意，但將在圖片中隱藏一個鏈接。圖片中含有加密的祕密信息，這是冷戰中的另一種諜報技術：“隱寫術”。

Another Russian malware family, known as MiniDuke also used Twitter for certain command and control operations, but unlike Hammertoss, was limited to communications with a limited number of specific, pre-established accounts.

俄羅斯的另一個惡意程序家族名爲MiniDuke，它也利用Twitter傳遞特定命令和控制任務，但與Hammertoss不同的是，它限於與有限數量的提前設置的特定賬戶的信息溝通。