Bilingual News

首页 |  双语新闻 |  双语读物 |  双语名著 | 
[英文] [中文] [双语对照] [双语交替]    []        

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks

来源:纽约时报    2019-05-07 07:23

        Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.        一家领先的网络安全公司发现,中国情报机构获得了美国国家安全局(NSA)的黑客工具,并在2016年将其转用于攻击美国盟友以及欧洲和亚洲的私营企业。这起事件是美国对其网络安全武库关键部分失去控制的最新证据。
        Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.        基于攻击的时间和计算机代码中的线索,赛门铁克(Symantec)公司的研究人员认为,中国人并没有窃取代码,而是从一次NSA对他们的计算机发起的攻击中捕获的——就像一个枪手抓起敌人的步枪开始射击。
        The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries’ infrastructure.        中国的行动显示出,网络冲突的激增正在创造一个几乎没有规则或确定性的数字蛮荒西部,而美国很难保证用于侵入外国网络、攻击对手基础设施的恶意软件不外流。
        The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key.        这些损失在情报界内引发了一场辩论,即如果美国无法妥善保管这些世界上最高科技、最隐秘的网络武器,那么是否还要继续去开发它们。
        The Chinese hacking group that co-opted the N.S.A.’s tools is considered by the agency’s analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers.        根据《纽约时报》看到的一份政府部门机密备忘录,该部门分析师认为,这个挪用NSA工具的中国黑客小组,在他们所追踪的中国政府雇佣组织中属于最危险的一个。该组织对美国境内一些最敏感的国防目标发起了多次攻击,包括太空、卫星和核动力推进技术制造商。
        Now, Symantec’s discovery, unveiled on Monday, suggests that the same Chinese hackers the agency has trailed for more than a decade have turned the tables on the agency.        赛门铁克周一公布的发现表明,NSA追踪了10多年的中国黑客,如今已扭转形势占据上风。
        Some of the same N.S.A. hacking tools acquired by the Chinese were later dumped on the internet by a still-unidentified group that calls itself the Shadow Brokers and used by Russia and North Korea in devastating global attacks, although there appears to be no connection between China’s acquisition of the American cyberweapons and the Shadow Brokers’ later revelations.        一个至今身份不详、自称为影子中间人(Shadow Brokers)的组织,后来把跟中国人所获一样的NSA黑客工具放到了网上,俄罗斯和朝鲜用它们发起了造成重大破坏的全球攻击;不过中国获取美国的网络武器与影子中间人后来将其泄露出去这两件事似乎不存在联系。
        But Symantec’s discovery provides the first evidence that Chinese state-sponsored hackers acquired some of the tools months before the Shadow Brokers first appeared on the internet in August 2016.        但赛门铁克的发现第一次提供了证据,表明中国政府资助的黑客在影子中间人于2016年8月首次在网上出现之前的几个月,就已经获得了其中一些工具。
        Repeatedly over the past decade, American intelligence agencies have had their hacking tools and details about highly classified cybersecurity programs resurface in the hands of other nations or criminal groups.        在过去的十年里,美国情报机构的黑客工具和高度机密的网络安全项目细节屡屡遭到泄露,落入其他国家或犯罪组织手中。
        The N.S.A. used sophisticated malware to destroy Iran’s nuclear centrifuges — and then saw the same code proliferate around the world, doing damage to random targets, including American business giants like Chevron. Details of secret American cybersecurity programs were disclosed to journalists by Edward J. Snowden, a former N.S.A. contractor now living in exile in Moscow. A collection of C.I.A. cyberweapons, allegedly leaked by an insider, was posted on WikiLeaks.        NSA利用复杂恶意软件摧毁了伊朗的核离心机,然后同样的代码在世界各地扩散,任何目标都有可能遭到破坏,包括雪佛龙(Chevron)这样的美国商业巨头。目前流亡莫斯科的前NSA雇员爱德华·J·斯诺登(Edward J. Snowden)向记者披露了美国秘密网络安全项目的细节。众多中情局的网络武器据说被内部人士泄露后贴到了维基解密(WikiLeaks)上。
        “We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec.        赛门铁克安全主管艾里克·钱(Eric Chien)说:“我们已经知道,你并不能保证你的工具不被泄露,不会被用来对付你和你的盟友。”
        Now that nation-state cyberweapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyberweapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.        艾里克·钱接着说,如今国家的网络武器已经被美国的敌人泄露、劫持和改造,是时候让各国“将其纳入”对网络武器使用风险所做的分析了,而且它们很有可能被重新组装并用来回击美国或其盟友。
        In the latest case, Symantec researchers are not certain exactly how the Chinese obtained the American-developed code. But they know that Chinese intelligence contractors used the repurposed American tools to carry out cyberintrusions in at least five countries: Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong. The targets included scientific research organizations, educational institutions and the computer networks of at least one American government ally.        在这起最新的案例中,赛门铁克的研究人员并不确定中国人是如何得到美国开发的代码的。但他们知道,中国的情报雇佣组织利用经过改造的美国工具,在比利时、卢森堡、越南、菲律宾和香港等至少五个国家实施了网络入侵。攻击目标包括至少一个美国政府盟友的科研机构、教育机构和计算机网络。
        One attack on a major telecommunications network may have given Chinese intelligence officers access to hundreds of thousands or millions of private communications, Symantec said.        赛门铁克说,对一个主要电信网络发动一次攻击,就可能让中国情报官员获得数十万或数百万条私人通信。
        Symantec did not explicitly name China in its research. Instead, it identified the attackers as the Buckeye group, Symantec’s own term for hackers that the Department of Justice and several other cybersecurity firms have identified as a Chinese Ministry of State Security contractor operating out of Guangzhou.        赛门铁克在其研究中没有明确提到中国,倒是指认袭击者是一个叫鹿眼(Buckeye)的组织,这是赛门铁克自己对司法部和其他几家网络安全公司已确定在广州的一家中国国家安全部承包商的称呼。
        Because cybersecurity companies operate globally, they often concoct their own nicknames for government intelligence agencies to avoid offending any government; Symantec and other firms refer to N.S.A. hackers as the Equation group. Buckeye is also referred to as APT3, for Advanced Persistent Threat, and other names.        由于网络安全公司的业务遍及全球,它们经常为政府的情报部门起各种绰号,以免得罪它们;赛门铁克及其他一些公司将国家安全局的黑客称为方程式(Equation)。鹿眼的其他称呼还包括APT3——这是高级持续性威胁(Advanced Persistent Threat)的缩写。
        In 2017, the Justice Department announced the indictment of three Chinese hackers in the group Symantec calls Buckeye. While prosecutors did not assert that the three were working on behalf of the Chinese government, independent researchers and the classified N.S.A. memo that was reviewed by The Times made clear the group contracted with the Ministry of State Security and had carried out sophisticated attacks on the United States.        2017年,司法部公布了针对三名中国黑客的起诉书,他们属于赛门铁克称为鹿眼的团体。尽管检察官没有宣称三人是效力于中国政府,但从独立研究人员以及时报查阅过的NSA保密备忘录可明确得知,该团体与国家安全部签有合同,且对美国实施过精密的黑客攻击。
        A Pentagon report about Chinese military competition, issued last week, describes Beijing as among the most skilled and persistent players in military, intelligence and commercial cyberoperations, seeking “to degrade core U.S. operational and technological advantages.”        五角大楼上周公布了一份有关中国军事竞赛的报告,其中称在军事、情报和商业网络间谍活动方面,北京属技术最高超之列,并在寻求“降低美国在行动与技术上的核心优势”。
        In this case, however, the Chinese simply seem to have spotted an American cyberintrusion and snatched the code, often developed at huge expense to American taxpayers.        而在本案例中,中方似乎是发现了美国的网络入侵,并获取了代码,这些工具往往是耗费美国纳税人巨额资金研制的。
        Symantec discovered that as early as March 2016, the Chinese hackers were using tweaked versions of two N.S.A. tools, called Eternal Synergy and Double Pulsar, in their attacks. Months later, in August 2016, the Shadow Brokers released their first samples of stolen N.S.A. tools, followed by their April 2017 internet dump of its entire collection of N.S.A. exploits.        赛门铁克发现,早在2016年3月,中国黑客便已在他们的攻击中使用两个改版的NSA工具:“永久协作”(Eternal Synergy)和“脉冲双星”(Double Pulsar)。在数月后的2016年8月,影子中间人公布了他们的首批NSA被盗工具样本,2017年4月又在网上泄露了NSA的全套攻击程序。
        Symantec researchers noted that there were many previous instances in which malware discovered by cybersecurity researchers was released publicly on the internet and subsequently grabbed by spy agencies or criminals and used for attacks. But they did not know of a precedent for the Chinese actions in this case — covertly capturing computer code used in an attack, then co-opting it and turning it against new targets.        赛门铁克的研究人员指出,此前网络安全研究人员曾多次发现恶意软件被公布在网上,后被间谍机构或犯罪分子攫取并用以实施攻击。但他们不清楚中国在这方面——暗中捕获攻击中所使用的计算机代码,然后从中借鉴,并用其攻击新的目标——是否有过先例。
        “This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Mr. Chien said.        “这是我们第一次实际看到——早就有人提出过理论上的可能——一个团体回收了针对他们的未知漏洞和利用,然后转而使用这些漏洞利用去攻击他人,”艾里克·钱说。
        The Chinese appear not to have turned the weapons back against the United States, for two possible reasons, Symantec researchers said. They might assume Americans have developed defenses against their own weapons, and they might not want to reveal to the United States that they had stolen American tools.        中方似乎尚未将这些武器的矛头反转指向美国,赛门铁克的研究人员表示,原因可能有两个。他们可能假定美方已经研制出了针对自身武器的防御系统,并且他们可能不想让美国知道,他们偷取了美国的工具。
        For American intelligence agencies, Symantec’s discovery presents a kind of worst-case scenario that United States officials have said they try to avoid using a White House program known as the Vulnerabilities Equities Process.        对美国情报机构而言,赛门铁克的发现所呈现的,是一种最糟的情况,美国官员表示,他们使用的一个名为漏洞裁决程序(Vulnerability Equities Process)的白宫项目就是想要避免这种情况。
        Under that process, started in the Obama administration, a White House cybersecurity coordinator and representatives from various government agencies weigh the trade-offs of keeping the American stockpile of undisclosed vulnerabilities secret. Representatives debate the stockpiling of those vulnerabilities for intelligence gathering or military use against the very real risk that they could be discovered by an adversary like the Chinese and used to hack Americans.        通过这个从奥巴马政府开始的程序,来自政府各部门的白宫网络安全协调员和代表会对所储存的未公开漏洞是否要保密进行权衡取舍。代表们认为储存这些情报收集或军事用途方面的漏洞,反而有很大可能会导致它们被中国这样的对手发现,从而用以攻击美国。
        The Shadow Brokers’ release of the N.S.A.’s most highly coveted hacking tools in 2016 and 2017 forced the agency to turn over its arsenal of software vulnerabilities to Microsoft for patching and to shut down some of the N.S.A.’s most sensitive counterterrorism operations, two former N.S.A. employees said.        据两名前NSA雇员透露,影子中间人2016年和2017年公布了NSA最炙手可热的黑客工具之后,该机构被迫将其软件漏洞资源库移交给微软公司进行修补,并终止了NSA的一些最敏感的反恐行动。
        The N.S.A.’s tools were picked up by North Korean and Russian hackers and used for attacks that crippled the British health care system, shut down operations at the shipping corporation Maersk and cut short critical supplies of a vaccine manufactured by Merck. In Ukraine, the Russian attacks paralyzed critical Ukrainian services, including the airport, Postal Service, gas stations and A.T.M.s.        NSA的工具遂被朝鲜和俄罗斯黑客获取,用以实施了多项攻击,曾致使英国医疗系统陷入瘫痪、船运集团马士基(Maersk)停运,并造成默克公司(Merck)生产的疫苗出现危急的短缺。在乌克兰,俄罗斯的黑客攻击曾导致包括机场、邮政、加油站和自动取款机等乌克兰关键服务项目的瘫痪。
        “None of the decisions that go into the process are risk free. That’s just not the nature of how these things work,” said Michael Daniel, the president of the Cyber Threat Alliance, who previously was cybersecurity coordinator for the Obama administration. “But this clearly reinforces the need to have a thoughtful process that involves lots of different equities and is updated frequently.”        “程序所涉及的决定都是有风险的。这类事情从根本上就是如此,”网络威胁联盟(Cyber Threat Alliance)主席迈克尔·丹尼尔(Michael Daniel)说,他此前曾任奥巴马政府的网络安全协调员。“但这显然会增强一种需求,即要有一个纳入许多不同的利害权衡的谨慎程序,且要频繁更新。”
        Beyond the nation’s intelligence services, the process involves agencies like the Department of Health and Human Services and the Treasury Department that want to ensure N.S.A. vulnerabilities will not be discovered by adversaries or criminals and turned back on American infrastructure, like hospitals and banks, or interests abroad.        在国家情报机构之外,这一程序涉及卫生和公众服务部(Department of Health and Human Services)和财政部等部门,它们需要确保NSA的漏洞不会被敌手或犯罪分子发现,并转而用以攻击医院和银行等美国基础设施或海外利益。
        That is exactly what appears to have happened in Symantec’s recent discovery, Mr. Chien said. In the future, he said, American officials will need to factor in the real likelihood that their own tools will boomerang back on American targets or allies. An N.S.A. spokeswoman said the agency had no immediate comment on the Symantec report.        艾里克·钱说,这恰恰是赛门铁克近期的发现中似乎发生了的事情。他表示,将来美国官员将需要把这种真切的可能性纳入考虑,即他们自己的工具会被用于回击美国的目标或盟友。NSA发言人表示对赛门铁克的报告暂时不予置评。
        One other element of Symantec’s discovery troubled Mr. Chien. He noted that even though the Buckeye group went dark after the Justice Department indictment of three of its members in 2017, the N.S.A.’s repurposed tools continued to be used in attacks in Europe and Asia through last September.        赛门铁克的发现还有一个令艾里克·钱担忧的地方。他指出,尽管2017年三名成员遭司法部起诉后,鹿眼组织已关闭,但NSA工具的改装版直到去年九月仍在被用于欧洲和亚洲的多项攻击。
        “Is it still Buckeye?” Mr. Chien asked. “Or did they give these tools to another group to use? That is a mystery. People come and go. Clearly the tools live on.”        “这还是鹿眼吗?”艾里克·钱问道。“或者他们是否把这些工具给了其他组织使用?这是个谜。人员会流转。但这些工具显然一直都会在。”

OK阅读网 版权所有(C)2017 | 联系我们