双语阅读|恶意软件成为各国政府网络间谍新工具及武器
IT IS 30 years since William Gibson, an American Canadian author,wrote “Neuromancer”, in which he coined the term “cyberspace” and imagined a future of hackers for hire and giant corporations raiding each other's computer systems in search of secrets. He was right about the direction of travel, but wrong about some of the details. For it is governments,not corporations or anti-social teenagers, who have become the world's best hackers.
30年前,美籍加拿大作家威廉·吉布森在小说《神经漫游者》中提出“cyberspace”(网络空间)一词,勾勒出未来的黑客杀手和大企业相互入侵对方电脑系统窃取机密的场景。他言中了大致的发展方向,不过在细节上有很大的出入。因为成为世上最厉害黑客并非是大企业或反社会青年,而是政府。
The latest example came on November 23rd, when Symantec, an American antivirus firm, announced the discovery of a piece of software called Regin, which it had found lurking on computers in Russia, Saudi Arabia and several other countries, sniffing for secrets. Its sophistication and stealth led Symantec to conclude that it must have been written by a 38 nation-state.
比如,美国杀毒软件公司赛门铁克11 月23 日宣布发现了一种名为“雷金”的病毒软件。该软件潜伏在俄罗斯、沙特阿拉伯和其他国家的电脑上窃取机密。根据复杂性和机密性,西门泰克毒断定,此病毒软件必是由某国政府编写。
The latest example came on November 23rd, when Symantec, an American antivirus firm, announced the discovery of a piece of software called Regin, which it had found lurking on computers in Russia, Saudi Arabia and several other countries, sniffing for secrets. Its sophistication and stealth led Symantec to conclude that it must have been written by a nation-state.
比如,美国杀毒软件公司赛门铁克11 月23 日宣布发现了一种名为“雷金”的病毒软件。该软件潜伏在俄罗斯、沙特阿拉伯和其他国家的电脑上窃取机密。根据复杂性和机密性,西门泰克毒断定,此病毒软件必是由某国政府编写。
Regin (the arbitrarily chosen name comes from a text string found in the bug's innards) is only the latest in a long line of government-sponsored malware (see table). The most famous is Stuxnet, discovered in 2010, which was designed,almost certainly by America and Israel, to hijack industrial-control systems. It was deployed against Iran's nuclear programme, and destroyed centrifuges that were being used to enrich uranium. Unlike the vast surveillance dragnets revealed by Edward Snowden,a former American contractor who leaked thousands of secret documents in 2013, these computerised bugs are tailored and aimed at defined targets.
“雷金”(该名字取自病毒内部的文本字符串)只是由政府资助研发的众多恶意程序的冰山一角。最为人所知的病毒是2010年发现的“震网”。该病毒极有可能由美国和以色列政府编写,针对工业控制系统。“震网”用于攻击伊朗核计划,破坏了用于铀浓缩的离心器。这是针对特定目标发生的有目的性的电脑故障,不同于爱德华·斯诺登揭露的大范围拉网式监控。斯诺登是美国政府的承包商的一名员工,在2013年对外发布了数千份机密文件。
The sort of direct sabotage carried out by Stuxnet is unusual. Most government malware (or at least, most that security researchers know about)seems to be for information-gathering. In 2006, for instance, it emerged that someone had hacked electronic equipment belonging to Vodafone's Greek subsidiary and listened to the mobile-phone conversations of the Greek cabinet. But such attacks can still do damage: Regin's most common targets were individuals and small businesses, but telecoms firms, energy companies and airlines were affected, too.
但像震网这一类能造成直接伤害的恶意软件并不常见。大多数政府支持(或至少,网络安全研究人员知晓的大多数)的恶意软件似乎只是为了收集信息。比如,2006 年出现了沃达丰的希腊子公司电子设备遭入侵事件,希腊内阁成员的电话聊天电话遭窃听。但此类攻击依然具有破坏性:“雷金”的目标大多是个人和小公司,但电信、能源和航空企业也受影响。
Working out who has created a piece of malware is not easy. Computer code has no nationality. Programmers sometimes leave hints, or use suggestive phrases, but these are not proof. The targets can provide clues, as can comparisons with known malware. DarkHotel, which targets corporate executives and other bigwigs by hijacking hotel Wi-Fi systems and which was discovered only weeks before Regin, has been tentatively pinned on South Korea. Korean characters, and a reference to a known South Korean coder, were found in its code. The targets included people from Taiwan,Japan, China—and a few from America, South Korea's most important ally.
要查出恶意程序的制造者并不容易。电脑编码无国界。有时,程序员会留下线索或使用暗示语,但这并不能证明什么。受害目标能够提供一些线索,也可以与已知的恶意程序相比较。比“雷金”早几周发现的“暗黑宾馆”是一款通过黑进旅馆Wi-Fi 系统,攻击企业高管及其他权贵人物的恶意软件。有迹象表明此软件来源于韩国,因为在软件代码中发现了韩文和韩文编码器。此软件的目标包括台湾人、日本人、中国大陆人和少数美国人——尽管美国是韩国的最重要盟友。
There are similar clues in Regin. Symantec says Regin's most frequent targets were computers in Russia, which accounted for 28% of the total,and Saudi Arabia, which made up 24%. But the full list includes countries as diverse as Afghanistan, Ireland and Mexico. One of Regin's modules is called “LEGSPIN”, a cricketing term. And experts say that it seems very similar to malware used in an attack on Belgacom, a Belgian telecoms firm, in which the British are the chief suspects. (Government Communications Headquarters, Britain's electronic-spying agency, refused to comment.)But such clues may be designed to mislead: when the Russians began their computerised espionage, they would often try to make it seem as if the software was Chinese. “They hid behind China's notoriety,” says Mikko Hypponen of F-Secure, a Finnish computer-security firm.
“雷金”也有类似的线索。赛门铁克称,雷金的主要目标是俄罗斯的电脑用户,占到总人数的28%,还有沙特阿拉伯,占24%。但是,攻击清单上也包括阿富汗、爱尔兰和墨西哥。“雷金”的其中一个模块名为“右旋球”(一板球术语)。专家称,该软与攻击比利时电信的恶意软件相似,而在起案件里,英国是最大的嫌疑。(英国的电子间谍机构政府通信总部不承认)但此类线索也许会产生误导:当俄罗斯利用计算机从事间谍活动时,他们可能会伪装,让别人误以为是中国软件。芬兰计算机安全公司芬杀客的米克·席博尼说:“这样一来,中国变得臭名昭著,而他们躲在后面坐享其成。”
Such deniability is one attraction of computerised espionage. Another is that modern software is so complex that it is riddled with security holes, most of which can be exploited from a safe distance. Once one is found, data can easily and cheaply be smuggled out and sent round the world.Such deniability is one attraction of computerised espionage. Another is that modern software is so complex that it is riddled with security holes, most of which can be exploited from a safe distance. Once one is found, data can easily and cheaply be smuggled out and sent round the world.
这种推诿是计算机间谍活动的吸引力之一。另外一个就是,现代软件很复杂,充斥着安全漏洞。这些漏洞大多都可以远程操控,一旦被发现其中一个,数据就会很轻易地泄露出去,并散播到世界各地。
This means that the big powers are not the only cyber-spies. The cutting-edge stuff is done by America, China and Russia, says Mr Hypponen, but F-secure thinks Pakistan, North Korea and some African countries are doing it, too. The low cost means that governments and firms can expect to suffer from more and more of it. Some are already taking drastic measures: Russia has ordered 20 typewriters, reportedly because of the vulnerability of computers. To paraphrase Mr Gibson: it seems that the future is already here, and it is becoming ever more evenly distributed.
这意味着,参与网络间谍的不仅仅是大国。米克·席博尼表示,芬杀客公司认为,除了美国、中国和俄罗斯这些技术领先的大国,巴基斯坦、朝鲜和一些非洲国家也在从事网络间谍活动。低成本意味着政府和公司承担着更多的费用。一些国家采取了严厉的措施:俄罗斯订购了20 台打字机,据说是原因是计算机容易出现漏洞。用吉布森的话来结尾:未来似乎触手可及,且越来越均匀分布。
编译:戴秀平
校对:江虹蕾
编辑:翻吧君
来源:经济学人(2014.11.24)