Cyber espionage: A new cold war?
网络间谍活动——新一轮冷战?
广州网络翻译公司:网络组织“影子经纪人”公开拍卖据称美国国安局使用的网络武器,分析认为此举是俄罗斯主使下的一次信号释放。
This is a tale of spies, a $500m cyber arms heist, accusations of an attempt to manipulate a US presidential election and an increasingly menacing digital war being waged between Russia and the west.
这是一个关于间谍、一次5亿美元的网络武器打劫、对俄罗斯操纵美国总统选举企图的指控、以及一场俄罗斯与西方之间越来越危险的数字化战争的故事。广州网络翻译公司。
It begins with a clandestine online group known as The Shadow Brokers. There is no evidence that it existed before last Saturday, when a Twitter account in its name tweeted at a handful of leading global news organisations with an unusual announcement: it was conducting a $500m auction of cyber weapons.
故事始于一个名为“影子经纪人”(The Shadow Brokers)的秘密网络组织。直到8月13日以前,还没有证据显示该组织的存在。而在8月13日,一个该名字的Twitter账号发帖并@了多家顶尖的全球新闻机构,发布了一条不同寻常的声明:该组织正在开展一轮5亿美元的网络武器拍卖。
In a show of faith, the group put a selection of its wares — a 4,000-file, 250MB trove — on public display. Security analysts have been racing to go through the list but it is already clear that at least some of what has been revealed so far is real.
为显示信誉,该组织挑选所拍卖数据的一部分公开展示,总共有4000个文件,大小为250MB。安全分析师竞相审查这份数据清单,不过目前已弄清楚的是,到目前为止披露的数据中至少部分是真实的。广州网络翻译公司。
What is most remarkable, though, is the likely former owner of the Shadow Brokers’ cyber bounty: an outfit known as the Equation Group. Equation is an elite hacking unit of the US National Security Agency. The Shadow Brokers claim that the stolen goods are sophisticated cyber weapons used by the NSA.
然而,最令人吃惊的是影子经纪人这批网络战利品可能的前主人:“方程式组织”(Equation Group)。方程式组织是美国国家安全局(NSA)的一个精英黑客部门。影子经纪人声称,这些其所窃取的数据是NSA所使用的精密网络武器。
The Shadow Brokers’ motivations are not entirely clear. “If this was someone who was financially motivated, this is not what you would do,” says orla Cox, director of security response at Symantec, a leading cyber security company. Cyber weapons are typically sold over the dark web, notes Ms Cox, or they are used by hackers who want to remain anonymous. They certainly are not advertised to news outlets. And even the best are not priced in $500m bundles.
影子经纪人的动机目前还不完全清楚。顶尖网络安全公司赛门铁克(Symantec)安全响应总监奥拉•考克斯(Orla Cox)表示:“如果说是出于财务动机,这样的事你是不会去做的。”考克斯指出,网络武器通常是在“暗网(dark web)”上销售,或者由希望保持匿名的黑客使用。它们肯定不会在新闻门户网站上打广告。而且即使是最好的网络武器,也不会打包标5亿美元的价格。广州网络翻译公司。
“It’s a false flag. This isn’t about money. It’s a PR exercise,” she says.
她说:“这是一个幌子。这事与钱无关。这是一次公关行动。”
According to three cyber security companies that declined to be identified, the Shadow Brokers is mostly likely run by Russian intelligence. “There is no digital smoking gun,” said one analyst.
根据三家拒绝透露身份的网络安全公司的说法,影子经纪人很可能是俄罗斯情报机构运营的。一位分析师表示:“目前还没有确切的数字化证据。”
But the circumstantial evidence is compelling, analysts say. And the list of other potential nation-state actors with the capability, wherewithal and motive is short.
不过,分析师表示,相关旁证却很有说服力。此外,其他拥有相应能力、财力和动机,可能参与此事的国家非常少。
“The fact that the Shadow Brokers did not exist before, appeared at this time and are using intelligence that has been saved up until now suggests this is all part of some deliberate, targeted operation, put together for a particular purpose,” says Ewan Lawson, a former cyber warfare officer in the UK’s Joint Forces Command and now senior research fellow at RUSI, the think-tank.
英国联合部队司令部(Joint Forces Command)前网络战军官、现任智库英国皇家联合军种研究院(RUSI)高级研究员的尤安•劳森(Ewan Lawson)表示:“影子经纪人此前并不存在,却在现在这个时间点出现,而且在使用一直累积到现在的情报,这意味着这完全是某个精心策划的有目标行动的一部分,是为了特定目的。” 广州网络翻译公司。
“That purpose looks like it is to highlight perceived US hypocrisy.” Russia, he says, is the obvious perpetrator.
“这一目的看起来似乎是为了突出美国在外界眼中的虚伪。”他说,俄罗斯是明显的肇事者。
Two senior western intelligence officials say their assessment was evolving but similar: the Shadow Brokers’ stunt grew out of Russia’s desire to strike back at the US following accusations that Russian intelligence was behind the hack into the Democratic National Committee’s servers. That intrusion, and the subsequent leak of embarrassing emails, has been interpreted by some as an attempt by Russia to interfere with the US presidential election.
两名西方资深情报官员表示,他们的评估还在进行之中,不过也与此类似:影子经纪人的惊人之举,是由于俄罗斯想要还击美国,因为之前美国指责俄罗斯情报机构是美国民主党全国委员会(Democratic National Committee)被黑客攻击的幕后黑手。那次入侵以及随后泄露的令人尴尬的电邮,被部分人解释为俄罗斯试图干预美国总统选举。
The US has yet to respond officially to that hack, even though they know it to be Russia, according to this narrative.
按照这种说法,尽管美国知道那次黑客攻击是俄罗斯干的,却仍未作出正式回应。广州网络翻译公司。
Now, with a piece of Le Carré-esque public signalling between spymasters, Russia’s Shadow Brokers gambit has made any such response greatly more complex, the officials suggest.
这两名官员暗示,如今,借助勒卡雷(Le Carré,间谍小说作家——译者注)式的间谍组织首脑之间的公开发信号,俄罗斯影子经纪人的诡计大大提高了任何此类回应的复杂性。
The US and its allies, of course, are hardly innocent of hacking. Regin, a piece of malware used to crack into telecoms networks, hotels and businesses from Belgium to Saudi Arabia — though mainly Russia — is a tool used by the US and the UK, while the Equation Group is among the most virulent and sophisticated hacking operations around.
当然,美国及其盟友很难说在网络攻击方面是无辜的。恶意软件Regin被用来攻击从比利时到沙特阿拉伯(尽管主要目标是俄罗斯)的电信网络、酒店和企业,它就是美国和英国使用的工具。此外,方程式组织也是最具攻击性和最老练的黑客组织之一。
If the warning to Washington was not being telegraphed clearly enough by Moscow, Edward Snowden, the NSA contractor-turned-whistleblower now living in Russia, spelt it out.
如果说莫斯科向华盛顿发出的这次警告还不够明确的话,前NSA合同工、现居俄罗斯的泄密者爱德华•斯诺登(Edward Snowden)则明确指出了这一点。广州网络翻译公司。
“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” he wrote in a tweet to his 2.3m followers. “This leak looks like somebody sending a message that an escalation in the attribution game could get messy fast,” he said in another.
他在Twitter上向230万粉丝发帖道:“相关旁证和常规推理显示俄罗斯对此负有责任。这次爆料看起来像是某人在传递一个消息:这场归罪游戏可能难堪地快速升级。”
In the US intelligence community the assumption is that, at the very least, Mr Snowden is an unwitting agent of Russian intelligence, if not a tool of it. “It’s all part of the signalling,” says one intelligence official.
美国情报界的推测是,斯诺登就算不是俄罗斯情报机构的工具,至少也是无意间做了他们的特工。一位情报官员表示:“所有这一切都是这次信号传递的一部分。”
“The Russians have had the initiative in this whole thing starting from even before the DNC break-in,” says Jim Lewis, director of strategic technologies at the CSIS think-tank and a former US state department official. “They have the place of honour when it comes to threats to the US in cyber space right now. They’ve accelerated — they’re much less risk averse and they’re much more aggressive.”
“甚至从美国民主党全国委员会服务器被攻击之前,俄罗斯人就在整件事情里掌握了主动,”前美国国务院官员、智库战略与国际研究中心(CSIS)战略技术总监吉姆•刘易斯(Jim Lewis)说,“目前美国面临的网络威胁中,俄罗斯占据了前列。他们已经加快了步伐——变得趋于冒险和富于攻击性得多。”
Attribution problems
归罪难题
“Attributing” cyber attacks — or identifying their source — is a thorny issue.
网络攻击的“归罪”——或者说指认攻击源头——是一个棘手的问题。
For cyber super powers, insiders say, it is rarely technical limitations that prevent governments from castigating attackers. The problem, an age-old one for spycraft, is that in disclosing what they know, officials may give away how they got it.
熟悉内情的人士表示,对于网络超级大国而言,阻止政府谴责攻击者的极少是技术方面的限制。其中的难题对间谍事务也是由来已久,那就是如果官员们公开所知信息,他们可能会泄露出他们是如何得到这些信息的。
For agencies like the NSA and UK’s GCHQ there is a deeply ingrained culture of secrecy surrounding their cyber surveillance work that stretches back to the origins of signals intelligence during the second world war. US intelligence knew very quickly that the Chinese were behind the hack of the Office of Personnel Management, announced in June last year, which targeted the records of millions of Americans. But it took time to decide what the appropriate response should be and what kind of effect they wanted from it.
NSA和英国政府通信总部(GCHQ)等机构的网络监听工作有一种根深蒂固的秘密文化,可以溯源至二战时期的信号情报工作。关于去年6月公布的美国人事管理局(Office of Personnel Management)遭黑客攻击的事件,美国情报机构其实很快就知晓这起针对数百万美国人的人事记录的攻击是中国黑客所为,但他们花费了一些时间来决定该做出何种回应,又想要从中取得何种效果。广州网络翻译公司。
Outside the inner circles of the spy world, there is a growing sense that more public attribution is needed to try and put the brakes on a cyber cold war that is spiralling out of control.
在间谍世界的核心圈子之外,有一种越来越强的认知——需要尝试更多地公开指认网络攻击者,给正在逐渐失控的网络冷战踩踩刹车。
“Up to now there has been a degree of approaching cyber defence one day at a time,” says RUSI’s Mr Lawson. “But now it’s reached a momentum where people are starting to say we need to start calling people out, making more of an issue about these attacks, because otherwise, how are we ever going to establish any sort of global norms about it,”
“到现在为止,网络防务在某种程度上是得过且过,”英国皇家联合军种研究院的劳森说,“但现在已经达到了一种势头,人们开始说,我们需要开始点一些人的名,更多地引起有关这些攻击的争论,因为如果不这样,我们该如何建立任何有关网络攻击的全球性准则呢?”
Publicly identifying attackers can be powerful. Chinese activity against US companies decreased markedly after US authorities publicly indicted five senior Chinese military officials last year, proving to Beijing that they knew exactly what its hackers were up to — and would respond even more harshly if they continued. But the power of attribution also depends on the adversary. Unlike China, Russia does not depend economically on the US.
公开指认攻击者可以产生强大的效果。在美国当局去年公开起诉5名中国高级军官后,中国针对美国企业的黑客行为显著减少了。美国当局通过此举向北京方面展示,他们清楚地知道中国黑客在干什么,如果这些黑客继续行动,美国方面会报以更加严厉的回应。但指认攻击者的效果也取决于对手。与中国不同,俄罗斯在经济上对美国没有依赖。广州网络翻译公司。
The Kremlin’s hackers are also far stealthier. A particular trend in Russia’s hacking operations in the past 18 months, says a senior British cyber security official, has been towards such “false flagging”, where attacks are hidden behind proxies. The official points to an attack on the French broadcaster TV5Monde in April last year. The website was defaced with pro-Isis imagery, but it was the Russians who were responsible, he says.
克里姆林宫的黑客们也要隐秘得多。一名英国高级网络安全官员说,过去18个月俄罗斯的黑客行动一直倾向于“立幌子”——在代理的掩护下进行攻击。这名官员提到去年4月法国广播电视公司TV5Monde所受的一次攻击。他说,该公司的网站被换上了亲“伊拉克和黎凡特伊斯兰国”(ISIS)的图像,但真正该为此事负责的是俄罗斯黑客。
Russia has become much more aggressive in blurring other boundaries too: their cyber operations do not just exfiltrate information, they also sometimes weaponise it. Outright acts of destruction are on the table, too, as was the case when Russia took down the Ukrainian power grid in January.
俄罗斯在模糊其他界线方面也变得积极得多:他们的网络黑客行动不再仅仅窃取信息,他们有时也把这些信息化为武器。直接进行破坏的行为也公开化了,比如俄罗斯在今年1月攻陷乌克兰电网的例子。
If the tools are new, the techniques may not be. Philip Agee, a former CIA agent, sprang to prominence in the 1970s for publishing a series of salacious books and pamphlets claiming to expose the activities and agents of his former paymasters. He said he was a whistleblower and became a feted figure of the left in the west.
就算工具是新的,这些手法可能也不是。上世纪70年代,前美国中央情报局(CIA)特工菲利普•阿吉(Philip Agee)因为出版了一系列声称揭露中情局活动和下属特工的色情书籍和小册子而一跃成名。他自称是个揭秘者,并受到了西方左翼人士的热烈追捧。广州网络翻译公司。
But in reality he was carefully directed by the KGB, the Soviet spy agency. Under the Russians’ guidance, his output blended genuine US intelligence leaks with outright disinformation concocted by Moscow to suit its own ends. Hundreds of CIA agents were exposed by his activities.
但事实上,他的行动受到了苏联特工机构克格勃(KGB)的精心指导。在苏联人的指导下,他的书籍混合了真实的美国情报泄密和莫斯科方面炮制的虚假信息,以服务苏联的目的。数百名中情局特工因为他的行为而暴露。
The KGB’s use of Agee was both an act of disruption and one of manipulation. It boxed in the CIA and affected their decision-making. Moscow ensured genuine agents’ names were publicised at times to suit their ends.
克格勃对阿吉的利用既是一种扰乱,也是一种操纵。此举让中情局陷入困境,影响了他们的决策。莫斯科还不时公开特工的真实姓名,以服务自身目的。
The Shadow Brokers may be the same trick adapted to the 21st century.
影子经纪人或许只是同一花招的21世纪版本。
Both are textbook examples of what Soviet strategists called reflexive control — a concept that has become resurgent in Russian military planning today. Reflexive control is the practice of shaping an adversary’s perceptions. A state might convince an opponent not to retaliate for interfering in an election, for example, by raising the possibility of releasing information about its own tactics.
这二者都是苏联战略家所称“反身控制”的经典教科书案例。“反身控制”的概念在今天的俄罗斯军事规划中再度兴起。反身控制是一种塑造对手认知的做法。比如,一个国家可能通过提高泄露对手策略信息的可能性,来说服对手不要报复其对选举的干扰。广州网络翻译公司。
“These are old tactics,” says CSIS’ Mr Lewis. “The Russians have always been better at this kind of thing than us. But now, they’re just able to wield them so much more effectively. They have taken tremendous advantage of the internet. Information is a weapon.”
“这些都是老的战术,”智库战略与国际研究中心的刘易斯说,“在这种事情上,俄罗斯人一直比我们更擅长。但现在,他们能够有效得多地使用这种战术。他们极大地利用了互联网。信息是一种武器。”
广州网络翻译公司
