防不胜防的僵尸网络 Where cyber space meets the Wild West【必威betway西汉姆网

时间:2022-02-01 00:13



Four months ago Microsoft scored a cyber coup. Its digital sleuths identified a “botnet”, or fake server, that had installed malware on computers worldwide, and then it worked with the Federal Bureau of Investigation and others to shut it down. To their alarm they discovered that no fewer than 12m — yes 12m — PCs were infected, according to Tom Burt, the company’s deputy general counsel. 4个月前,微软公司(Microsoft)在网络世界获得了一次顺利。该公司的数字化侦察器找到了一个在世界各地许多计算机中充当了恶意软件的“僵尸网络”(也就是假服务器),随后与美国联邦调查局(FBI)及其他方面合作重开了该网络。

微软公司副总法律顾问汤姆伯特(Tom Burt)称之为,让他们担忧的是,他们找到有最少1200万台——到底,就是1200万——个人电脑已被病毒感染。If you are tempted to shout “hooray”, that is understandable. After all, botnets pose a particularly pernicious threat since they are fiendishly hard to find. And cyber attacks in general are increasing explosively, costing global businesses $400bn a year, according to data from Microsoft. 如果你不已大声热卖,是可以解读的。却是,因为“僵尸网络”极为无法被找到,它们包含了极其可怕的威胁。

微软公司数据还表明,总体来看,网络攻击数量呈圆形爆炸式快速增长,每年对全球企业导致4000亿美元的损失。There is a catch, though. Microsoft and the FBI now hope to bring the cyber hackers who created that botnet to court. But since this botnet was not entirely run from US soil — and those 12m infected computers sit everywhere around the world, from China and India to Chile and the US — the saga could be about to plunge into a legal grey zone. 然而,有一个难题。微软公司和FBI现在期望将创立这个“僵尸网络”的网络黑客无视公堂。但是,由于这个“僵尸网络”并不几乎在美国境内运营,同时那1200万台被病毒感染的电脑集中在从中国、印度到智利和美国的世界各地,这件大功接下来可能会陷于法律灰色地带。

“Think of a situation where you have a botnet in Singapore run by hackers in Bulgaria who cause damage to somebody in America,” Mr Burt told a Financial Times conference in Washington this week. “Who has jurisdiction? What laws are used?” Nobody knows. In cyber space, as in the global financial system a decade ago, a plethora of criminal activity is in danger of falling between the cracks because national rules are ill suited to a fast-moving digital world. “比如说这样一个情境——保加利亚的黑客在新加坡运营的‘僵尸网络’对美国某个人造成了伤害,”伯特不久前在英国《金融时报》于华盛顿举行的一场会议上称,“谁享有司法管辖权?限于哪国法律?”没有人告诉。在网络空间,就像10年前的全球金融体系一样,十分多的犯罪活动都可能会脱逃制裁,因为各国法律没有跟上较慢发展的数字化世界。Investors and politicians around the world should take note — and worry. Deeply. In the past couple of years, western governments and businesses have made considerable strides in building defences against cyber crime. This week in Washington, for example, the Department of Homeland Security is launching an “automated information-sharing” program for utility companies. The aim is to ensure that, “when adversaries try something” against one US utility company, everyone else is alerted, according to Suzanne Spaulding, an undersecretary at the department. 世界各地的投资者和政界人士应当注意,并为此深感忧虑——相当严重忧虑。过去几年,西方政府和企业在建构网络犯罪防卫网方面获得了突飞猛进的进展。

例如,不久前在华盛顿,美国国土安全部(DHS)为公用事业企业启动了一项“信息自动共享”计划。DHS副部长苏珊娜斯波尔丁(Suzanne Spaulding)称之为,该计划的目的是保证当有人对一家美国公用事业企业图谋不轨时,每个人都会接到警报。In truth, such information-sharing is still imperfect. John Carlin, assistant attorney-general for national security, admits “the vast majority of companies do not report small intrusions” to each other. But the situation is better than four years ago, when suspicion between business and the security establishment reached such depths that the US Chamber of Commerce dragged its feet about setting up mandatory information-sharing programs. And the fact that nobody has yet conducted a successful hack on a US utility, say, is one reason for comfort. 事实上,这类信息共享计划仍不完备。


美国司法部负责管理国家安全性事务的副部长约翰卡林(John Carlin)否认,“绝大多数企业并不互相通报自己受到的小规模侵略”。但是如今的情况要好于4年前,当时企业和安全性机构互相抱着有极深的戒心,以至于美国商会(US Chamber of Commerce)在创建强迫信息共享计划时也拖拖拉拉。目前还没任何针对比如一家美国公用事业企业的黑客攻击出手过,这是有一点难过的地方。But, as business and government strengthen their defences, the big missing piece of this campaign is punishment. As any parent or regulator knows, it is hard to deter wrongdoing without a system for imposing discipline. And, right now, remarkably few cyber criminals have been brought to trial relative to the scale of the current $400bn heist. 但是,随着企业和政府强化防卫,这一行动一大块缺陷的部分也突显了出来,那就是:惩罚。

正如任何父母或监管机构都告诉的那样,没一个强迫产生管教的机制,就很难制止失当不道德。比起现在每年4000亿美元的损失规模,目前被告上法庭的网络罪犯数量少之又少。That partly reflects the difficulty of identifying and apprehending perpetrators, particularly in places such as Russia and China. The other big problem is the one faced by Microsoft: the legal framework across borders is a mess. 这部分体现出有证实犯罪者身份和产生被捕的可玩性,特别是在俄罗斯和中国等地区。

另外一个大麻烦是微软公司面临的问题:跨国法律框架一片恐慌。In a rational world, this would suggest a multilateral body, such as the UN, urgently needs to create some common laws or at least promote more mutual recognition. In the real world, sensible collaboration is hard to organise now; indeed, events such as the Edward Snowden affair — where revelations by a former US National Security Agency contractor about the extent of American internet surveillance fuelled transatlantic rows over privacy — are making this debate even harder. “Walls are going up,” says Mr Burt. 在理性的世界中,这意味著一家多边机构(比如联合国)迫切需要制订一些标准化法律,或者推展各国强化法律互认。而在现实世界里,理性的合作眼下很难组织起来;事实上,爱德华斯诺登(Edward Snowden)等事件于是以使得涉及辩论更为无法展开。斯诺登是前美国国家安全局(NSA)合同工,他关于美国互联网监控强度的爆料,引起欧美关于隐私问题的争吵。

“高墙正在举起,”伯特称之为。So in the interim, US officials are using whatever homegrown tools they have. Mr Carlin, for example, says Washington security officials recently managed to extradite from Malaysia a suspected hacker who had created a cyber attack against a US retailer that spearheaded a bigger Islamist plot. 因此,在现阶段,美国官员正在利用一切本土手段。

例如,卡林称之为,华盛顿方面的安全性官员最近顺利从马来西亚遣返了一名黑客嫌疑犯,此人对美国一家零售商发动了一场网络攻击,为一个更大的伊斯兰主义阴谋做到先期打算。But strong-arm US legal action is not an effective long-term solution; not least because such unilateral measures risk sparking a backlash. And many western companies are in effect stuck: they can build defences against cyber crime but cannot effectively retaliate. 但是,美国强硬态度的法律行动从长年来看并非有效地的解决方案;特别是在是因为此类单边措施可能会引起反作用。

很多西方企业实质上都被吞噬:它们可以建构针对网络犯罪的防卫网,但是无法有效地反攻。So when people describe cyber space as the new Wild West, they are only half correct. This is a place where baddies have an endless supply of cheap guns but ordinary citizens have only barricades. This looks unlikely to change soon — unless and until companies such as Microsoft find a way to put those botnet creators behind bars. That would be an even more remarkable coup. 所以,当人们把网络空间形容为新的“狂野西部”(Wild West)时,他们只说对了一半。