¾¼ÃѧÈËË«Óï°æ:¼ÆËã»ú¼äµý»î¶¯ ÎÒ±»¼äµý¸øºÚÁË
Computerised espionage
¼ÆËã»ú¼äµý»î¶¯
The spy who hacked me
ÎÒ±»¼äµý¸øºÚÁË
Malicious computer code is making the spook's job easier than ever
¶ñÒâ¼ÆËã»ú±àÂëʹ¼äµý»î¶¯±ÈÒÔǰ¸üÈÝÒ×
IT IS 30 years since William Gibson, an American-Canadian author, wrote “Neuromancer”, in which he coined the term “cyberspace” and imagined a future of hackers for hire and giant corporations raiding each other's computer systems in search of secrets. He was right about the direction of travel, but wrong about some of the details. For it is governments, not corporations or anti-social teenagers, who have become the world's best hackers.
ÃÀ¼®¼ÓÄôó×÷¼ÒÍþÁ®•¼ª²¼ÉµÄÖø×÷¡¶Éñ¾ÂþÓÎÕß¡·µÄÎÊÊÀ¾à½ñÒÑÓÐ30Äê¡£ÔÚ´ËÊéÖУ¬ÍþÁ®Ìá³ö“ÍøÂç¿Õ¼ä”Ò»´Ê£¬²¢¹´ÀÕ³öδÀ´´óÐ͹«Ë¾¹ÍÓ¶ºÚ¿ÍDZÈ뾺Õù¶ÔÊֵĵçÄÔϵͳÇÔÈ¡»úÃܵij¡¾°¡£µ«ËûÖ»Ô¤ÑÔÖÐÁË´óÖµķ½Ïò£¬Ï¸½ÚÉÏÓкܴóµÄ³öÈë¡£Èç½ñ£¬Õþ¸®³ÉΪÊÀÉÏ×îÀ÷º¦µÄºÚ¿Í£¬¶ø·Ç´óÐ͹«Ë¾»ò·´Éç»áÇàÄê¡£
The latest example came on November 23rd, when Symantec, an American antivirus firm, announced the discovery of a piece of software called Regin, which it had found lurking on computers in Russia, Saudi Arabia and several other countries, sniffing for secrets. Its sophistication and stealth led Symantec to conclude that it must have been written by a nation-state.
±ÈÈ磬ÃÀ¹úɱ¶¾Èí¼þ¹«Ë¾---ŵ¶Ùɱ¶¾ÓÚ11ÔÂ23ÈÕÐû²¼·¢ÏÖÁËÒ»ÖÖÃûΪ“À×½ð”µÄ²¡¶¾Èí¼þ¡£¸ÃÈí¼þDZ·üÔÚ¶íÂÞ˹¡¢É³Ìذ¢À²®ºÍÆäËû¹ú¼ÒµÄµçÄÔÉÏÇÔÈ¡»úÃÜ¡£¸ù¾ÝÆä¸´ÔÓÐԺͻúÃÜÐÔ£¬Åµ¶Ùɱ¶¾¶Ï¶¨£¬´Ë²¡¶¾Èí¼þÒ»¶¨ÊÇÓÉij¹úÕþ¸®±àд¡£
Regin (the arbitrarily chosen name comes from a text string found in the bug's innards) is only the latest in a long line of government-sponsored malware (see table). The most famous is Stuxnet, discovered in 2010, which was designed, almost certainly by America and Israel, to hijack industrial-control systems. It was deployed against Iran's nuclear programme, and destroyed centrifuges that were being used to enrich uranium. Unlike the vast surveillance dragnets revealed by Edward Snowden, a former American contractor who leaked thousands of secret documents in 2013, these computerised bugs are tailored and aimed at defined targets.
“À׽𔣨¸ÃÃû×ÖÀ´Ô´ÓÚ²¡¶¾ÄÚ²¿µÄÎı¾×Ö·û´®£©Ö»ÊÇÓÉÕþ¸®ÔÞÖúµÄ¶ñÒâ³ÌÐòµÄ±ùɽһ½Ç¡£×îÓÐÃûµÄ²¡¶¾ÊÇ2001Äê·¢ÏÖµÄÕðÍø£¬¸Ã²¡¶¾¼«ÓпÉÄÜÓÉÃÀ¹úºÍÒÔÉ«ÁÐÕþ¸®±àд£¬Õë¶Ô¹¤Òµ¿ØÖÆÏµÍ³£¬¹¥»÷ÒÁÀʺ˼ƻ®£¬ÆÆ»µÓÃÓÚÓËŨËõµÄÀëÐÄÆ÷¡£2003Ä꣬һÃûÃÀ¹ú³Ð°üÉÌй¶ÁËÉÏǧ·Ý»úÃÜÎļþ£¬ÕâÊÇÕë¶ÔÌØ¶¨Ä¿±ê·¢ÉúµÄÓÐÄ¿µÄÐԵĵçÄÔ¹ÊÕÏ£¬²»Í¬ÓÚ°®µÂ»ª•˹ŵµÇ½Ò¶µÄ´ó·¶Î§ÀÍøÊ½¼à¿Ø¡£
The sort of direct sabotage carried out by Stuxnet is unusual. Most government malware (or at least, most that security researchers know about) seems to be for information-gathering. In 2006, for instance, it emerged that someone had hacked electronic equipment belonging to Vodafone's Greek subsidiary and listened to the mobile-phone conversations of the Greek cabinet. But such attacks can still do damage: Regin's most common targets were individuals and small businesses, but telecoms firms, energy companies and airlines were affected, too.
µ«ÏñÕðÍøÒ»ÑùÄÜÔì³ÉÖ±½ÓÉ˺¦µÄ¶ñÒâÈí¼þ²¢²»³£¼û¡£´ó¶àÊýÕþ¸®Ö§³Ö£¨»òÖÁÉÙ£¬´ó¶àÊý°²È«Ñо¿Ô±ÖªÏþ£©µÄ¶ñÒâÈí¼þËÆºõÖ»ÊÇΪÁËÇÔÈ¡ÐÅÏ¢¡£±ÈÈ磬2006Ä꣬ÓÐÈ˺ÚÁËÎÖ´ï·áÏ£À°×Ó¹«Ë¾µÄµç×ÓÉ豸£¬²¢ÇÔÌýµç»°Í¨»°¡£µ«´ËÀ๥»÷ÒÀÈ»¾ßÓÐÆÆ»µÐÔ£ºÀ×½ðµÄÄ¿±ê´ó¶àÊǸöÈ˺ÍС¹«Ë¾£¬µ«µçÐŹ«Ë¾¡¢ÄÜÔ´¹«Ë¾ºÍº½¿Õ¹«Ë¾Ò²Ç£³¶ÆäÖС£
Working out who has created a piece of malware is not easy. Computer code has no nationality. Programmers sometimes leave hints, or use suggestive phrases, but these are not proof. The targets can provide clues, as can comparisons with known malware. DarkHotel, which targets corporate executives and other bigwigs by hijacking hotel Wi-Fi systems and which was discovered only weeks before Regin, has been tentatively pinned on South Korea. Korean characters, and a reference to a known South Korean coder, were found in its code. The targets included people from Taiwan, Japan, China—and a few from America, South Korea's most important ally.
Òª²é³ö¶ñÒâ³ÌÐòµÄÖÆÔìÕ߿ɲ»ÊÇÒ»¼þÈÝÒ×ʶù¡£µçÄÔ±àÂëÎÞ¹ú½ç¡£ÓÐʱ£¬³ÌÐòÔ±»áÁôÏÂÏßË÷»òʹÓðµÊ¾Óµ«Õâ²¢²»ÄÜÖ¤Ã÷ʲô¡£Êܺ¦Ä¿±êÄܹ»ÌṩÏßË÷£¬Ò²¿ÉÒÔÓëÒÑÖªµÄ¶ñÒâ³ÌÐòÏà±È½Ï¡£±ÈÀ×½ðÔ缸ÖÜ·¢Ïֵē°µºÚ±ö¹Ý”ÊÇÒ»¿îͨ¹ýºÚ½øÂùÝWi-Fiϵͳ£¬¹¥»÷¹«Ë¾¸ß¹Ü¼°ÆäËûȨ¹óÈËÎïµÄ¶ñÒâÈí¼þ¡£Óм£Ïó±íÃ÷´ËÈí¼þÀ´Ô´ÓÚº«¹ú£¬ÒòΪÔÚÈí¼þ´úÂëÖз¢ÏÖÁ˺«Îĺͺ«ÎıàÂëÆ÷¡£´ËÈí¼þµÄÄ¿±ê°üÀ¨Ì¨ÍåÈË¡¢ÈÕ±¾ÈË¡¢ÖйúÈ˺ÍÉÙÊýÃÀ¹úÈË£¬¾¡¹ÜÃÀ¹úÊǺ«¹úµÄ×îÖØÒªÃËÓÑ¡£
There are similar clues in Regin. Symantec says Regin's most frequent targets were computers in Russia, which accounted for 28% of the total, and Saudi Arabia, which made up 24%. But the full list includes countries as diverse as Afghanistan, Ireland and Mexico. One of Regin's modules is called “LEGSPIN”, a cricketing term. And experts say that it seems very similar to malware used in an attack on Belgacom, a Belgian telecoms firm, in which the British are the chief suspects. (Government Communications Headquarters, Britain's electronic-spying agency, refused to comment.) But such clues may be designed to mislead: when the Russians began their computerised espionage, they would often try to make it seem as if the software was Chinese. “They hid behind China's notoriety,” says Mikko Hypponen of F-Secure, a Finnish computer-security firm.
À×½ðÒ²ÊÇÈç´Ë¡£ÈüÃÅÌú¿Ë¹«Ë¾³Æ£¬À×½ðµÄÖ÷ҪĿ±êÊǶíÂÞ˹µÄµçÄÔÓû§£¬Õ¼×ÜÊýµÄ28%£¬»¹ÓÐÉ³ÌØ°¢À²®£¬Õ¼×ÜÊýµÄ24%¡£µ«Êǹ¥»÷Çåµ¥ÉÏÒ²°üÀ¨°¢¸»º¹¡¢°®¶ûÀ¼ºÍÄ«Î÷¸ç¡£À×½ðµÄÆäÖÐÒ»¸öÄ£¿éÃûΪÓÒÐýÇò£¨°åÇòÊõÓ¡£×¨¼Ò³Æ£¬¹¥»÷±ÈÀûʱµçÐŹ«Ë¾µÄ¶ñÒâÈí¼þÒ²ÀàËÆÈç´Ë£¬¶øÓ¢¹úÊÇ×î´óµÄÏÓÒÉ¡£µ«Ó¢¹úµç×Ó¼äµý»ú¹¹—Õþ¸®Í¨ÐÅ×ܲ¿¾Ü¾ø³ÐÈÏ¡£µ«´ËÀàÏßË÷Ò²Ðí»á²úÉúÎóµ¼£ºµ±¶íÂÞ˹ÀûÓüÆËã»ú½øÐмäµý»î¶¯Ê±£¬ËûÃÇ¿ÉÄÜ»áαװ£¬ÈñðÈËÎóÒÔΪÊÇÖйúÈí¼þ¡£·ÒÀ¼¼ÆËã»ú°²È«¹«Ë¾·Òɱ¿ÍµÄÃ׿˕ϯ²©Äá˵£¬“ÕâÑùÒ»À´£¬Öйú±äµÃ³ôÃûÕÑÖø£¬¶øËûÃǶãÔÚºóÃæ×øÏíÆä³É¡£”
Such deniability is one attraction of computerised espionage. Another is that modern software is so complex that it is riddled with security holes, most of which can be exploited from a safe distance. Once one is found, data can easily and cheaply be smuggled out and sent round the world.
ÕâÖÖÍÆÚÃÊǼÆËã»ú¼äµý»î¶¯µÄÎüÒýÁ¦Ö®Ò»¡£ÁíÍâÒ»¸ö¾ÍÊÇ£¬ÏÖ´úÈí¼þºÜ¸´ÔÓ£¬ÇÒ³ä³â×Ű²È«Â©¶´¡£¶øÕâЩ©¶´´ó¶à¶¼¿ÉÒÔÔ¶³Ì²Ù¿Ø£¬Ò»µ©±»·¢ÏÖÆäÖÐÒ»¸ö£¬Êý¾Ý¾Í»áºÜÇáÒ×µØÐ¹Â¶³öÈ¥£¬²¢É¢²¥µ½ÊÀ½ç¸÷µØ¡£
This means that the big powers are not the only cyber-spies. The cutting-edge stuff is done by America, China and Russia, says Mr. Hypponen, but F-secure thinks Pakistan, North Korea and some African countries are doing it, too. The low cost means that governments and firms can expect to suffer from more and more of it. Some are already taking drastic measures: Russia has ordered 20 typewriters, reportedly because of the vulnerability of computers. To paraphrase Mr. Gibson: it seems that the future is already here, and it is becoming ever more evenly distributed.
ÕâÒâζ×Å£¬²ÎÓëÍøÂç¼äµýµÄ²»½ö½öÊÇ´ó¹ú¡£Ã׿˕ϯ²©Äá˵£¬·Òɱ¿Í¹«Ë¾ÈÏΪ£¬³ýÁËÃÀ¹ú¡¢ÖйúºÍ¶íÂÞ˹ÕâЩ¼â¶Ë¼¼Êõ´ó¹ú£¬°Í»ù˹̹¡¢³¯ÏʺÍһЩ·ÇÖÞ¹ú¼ÒÔÚ½øÐÐÍøÂç¼äµý»î¶¯¡£µÍ³É±¾Òâζ×ÅÕþ¸®ºÍ¹«Ë¾³Ðµ£×Ÿü¶àµÄ·ÑÓá£Ò»Ð©¹ú¼ÒÒѾ²ÉÈ¡ÁËÑÏÀ÷µÄ´ëÊ©£º¶íÂÞ˹¶©¹ºÁË20̨´ò×Ö»ú£¬¾Ý˵ÊÇÒòΪ¼ÆËã»úÈÝÒ׳öÏÖ©¶´¡£Óüª²¼ÉÏÈÉúµÄ»°À´½áβ£ºÎ´À´Ëƺõ´¥Êֿɼ°£¬ÇÒÔ½À´Ô½¾ùÔÈ·Ö²¼¡£ÒëÕߣº´÷ÐãÆ½ У¶Ô£º½ºçÀÙ £¨ÒëÎÄÊôÒëÉúÒëÊÀ£©
´Ê»ã½âÎö£º
1. espionage
N-UNCOUNT Espionage is the activity of finding out the political, military, or industrial secrets of your enemies or rivals by using spies. ¼äµý»î¶¯
The authorities have arrested several people suspected of espionage.
µ±¾ÖÒѾ´þ²¶Á˼¸¸öÉæÏÓ´Óʼäµý»î¶¯µÄÈË¡£
2. antivirus n. ·´²¡¶¾³ÌÐò£»¿¹²¡¶¾ËØ
3. surveillance
N-UNCOUNT Surveillance is the careful watching of someone, especially by an organization such as the police or the army. ¼àÊÓ
He was arrested after being kept under constant surveillance.
ËûÔÚ±»Á¬Ðø¼àÊÓÖ®ºó¸ø´þ²¶ÁË¡£
Police swooped on the home after a two-week surveillance operation.
¾¯·½¾¹ýÁ½ÖܵļàÊÓÐж¯ºóÍ»»÷ËѲéÁ˸Ãסլ¡£
4. riddled
1£©. ADJ If something ¡¾is riddled with¡¿ bullets or bullet holes, it is full of bullet holes. ²¼Âú (ǹÑÛ) µÄ
The bodies of four people were found riddled with bullets.
4¸öÈ˵ÄʬÌå±»·¢ÏÖʱ²¼ÂúÁËǹÑÛ¡£
2£©. ADJ If something ¡¾is riddled with¡¿ undesirable qualities or features, it is full of them. ³äÂú (²»ºÃµÄÌØÖÊ»òÌØÕ÷) µÄ
They were the principal shareholders in a bank riddled with corruption.
ËûÃÇÊÇÒ»¼Ò¸¯°Ü³É·çµÄÒøÐеÄÖ÷Òª¹É¶«¡£