|
Computer spying 计算机侦测 Attack of the cybermen 网络攻击 Sophisticated viruses will be the workhorses of 21st-century spying. But there should be rules 复杂的病毒将成为21世纪情报侦测利器。但是,要订立一些规矩 Nov 29th 2014 | From the print edition of The Economist 译者:crazybull IF ASKED why they spied on the computers of their rivals (and allies), the authors of Regin, a sophisticated computer virus that seems to have been designed by a Western government, would presumably echo the proverbial bank robber, and reply “because that’s where the secrets are”. 如果要问他们为什么窥探了对手(或者盟友)的计算机, Regin病毒的作者可能会像银行劫匪一样给出众所周知的回答:“因为那里有秘密呗。” ”Regin”病毒极可能是某个西方政府设计的,极其复杂。 As the world has gone digital, spying has, too. Regin is just the latest in a trend that first came to public notice in 2010, when a piece of American and Israeli software called Stuxnet was revealed to have been responsible for sabotaging part of Iran’s nuclear programme. Since then have come Flame, Red October, DarkHotel and others (see article); more surely lurk undiscovered in the world’s networks. But unlike the indiscriminate surveillance revealed by Edward Snowden, these chunks of malware seem, like traditional spying, to be targeted at specific governments or even individuals. 这个世界已经数字化,侦测活动亦然。Regin 只不过是这大趋势中最新的一个,同系列最早引起公众注意的一个是在2010年,一个叫做”Stuxnet”(震网病毒)的软件被公诸于众,它是美国或者以色列的作品,Stuxnet破坏了部分伊朗核计划。(据说,Stuxnet让伊朗的离心机转速变慢)其后又出现了“火焰”、“红十月”、“黑暗旅馆”…著名的病毒软件。(见另文)肯定还有很多未被发现的病毒潜伏在网络世界中。但是不同于爱德华.斯诺登所披露的不加选择的监控,大部分恶意软件看起来更像传统意义上的间谍活动,它们以特定的政府甚至个人为目标。 For spies, such digital espionage has advantages over the shoe-leather sort. Computers are stuffed with data that can be copied and beamed around the world in seconds—so much easier than fiddling with microdots or smuggling sensitive documents past guards. The more complicated computer operating systems get, the more riddled they are with unnoticed security holes. Staying safe means plugging them all; an attacker need only keep trying until a single one gives way. 对间谍来说,这种数字间谍活动明显比那种老式的“把情报藏在皮鞋里”要有优势。计算机充斥着数据,这些数据可以被复制并在瞬间发送至全球,这可要比把情报藏在微缩胶卷里或者携带敏感文件通过安检要容易得多。计算机系统越复杂,千疮百孔的安全漏洞就越多。除非把这些漏洞全堵上,才有安全可言。一个网络攻击者只需要不停地试探,直到找到其中一个即可(攻破)。 Computer espionage is usefully deniable, too: if programmers are careful it is hard to know who is behind an attack. (There are hints that Regin might be British—not least that one of its modules seems to be called “LEGSPIN”, a cricketing term. British spooks refuse to comment.) And it can be conducted from comfortable armchairs thousands of miles from the target, with no need to put human agents in harm’s way. 只要需要,网罗间谍活动也可以被否认。如果编程者谨慎,网络攻击的发起人很难被发现。(有迹象表明Regin可能出自英国政府。尤其是这款病毒的一个模块叫做”LEGSPIN”这是一个板球术语。英国军情5处拒绝予以评论。)这类间谍活动可以在距离目标千里之外的舒适的扶手椅上展开,没必要致特工人员于险境。 But cyber-spying raises two tricky issues. One is that the low cost of gathering information this way may encourage more of it, and a Hobbesian world of spiralling espionage would be bad for everybody. What’s more, since there is no sharp distinction between digital spying tools and weapons—Stuxnet, for instance, damaged systems as well as stealing secrets—there is a danger that the greater ease of attacking an enemy’s digital assets means that governments will make war on each other with greater abandon. There is a close parallel with drone warfare, which is similarly cheaper and less risky than its flesh-and-blood counterpart. 但是网络侦测活动引起了两个棘手的问题。第一,这种活动收集情报成本低廉,很可能大行其道。出于相信“性本恶” ,监控在这个世界上日渐猖獗,对每个人都不是好事。更糟糕的是,数字侦测工具和数字武器没有明显的区别,例如Stuxnet(震网病毒),它在窃取数据的同时还损害网络系统。于是就可能有这样的危险:攻击敌方的数字资产越容易,政府间发起数字战争会越发肆无忌惮。这和使用无人机作为战斗武器有异曲同工之妙,同样成本低廉又没有血肉横飞的危险。 This is an argument for governments to be selective about how they use cyber-weapons not to withdraw them. Although cyber-weapons may lower the threshold for attacks, they don’t (yet) kill or maim people. If the choice is between a missile and a cyber-weapon, the latter is preferable. 关于政府有选择的使用网络武器还是禁止使用网络武器是有争论的。尽管网络武器可以降低实施攻击的门槛,还不会造成人员伤亡(目前为止)。如果必须在导弹和网络武器之间做出选择,后者是更可取的。 Working for Main Street, not M 网络服务于大众,而不是... The other problem with cyber-weapons is that they encourage economic spying of a sort that has less to do with national security than corporate profits. The West has long complained that the Chinese and Russians help themselves to industrial secrets. But it is not clear that the West’s record is spotless: files leaked by Mr Snowden also suggest that American spies were keenly interested in Petrobras, Brazil’s state-controlled oil firm. 关于网络武器的另一个问题,网络武器鼓励了经济间谍活动,这类间谍活动和国家安全关系不大却事关企业利润。西方国家长期以来抱怨中国和俄罗斯刺探工业机密。但是,西方国家自己的记录也并非洁白无瑕。据斯诺登谢露出来的文件,美国情报机构对巴西石油公司很感兴趣。巴西石油是一个国营石油公司。 Here, the question is one of motives. It would be surprising if the West were not spying on Gazprom, for instance, which acts as an arm of the Russian state. But spying on foreign firms to help your own is merely another way of ignoring the intellectual property rules that underlie technological prosperity. Governments should not do it. 网络监控的动机之一也存在疑问。例如,西方国家侦测俄罗斯天然气工业公司肯定没什么大惊小怪的,因为这家公司是俄罗斯政府的一条臂膀。但是,侦测外国公司来帮助自己的公司实际上是无视知识产权规则,而这些规则是科技进步的基石。政府不应该这样做。 Cyber-warfare is an unruly business, where rules will be flouted. But it needs them. Cyber-warriors should remember that what they do to others will be done in turn to them. 网络战场上没有规矩,蔑视规矩。但是,网络需要规矩。网络勇士们要记住:出来混,迟早要还的。 From the print edition: Leaders |
|
|
