2015年4月13日 星期一

中國啟用「網絡大炮」 加強境外互聯網審查

中國啟用「網絡大炮」 加強境外互聯網審查

研究人員稱,「大炮」系統被用來攔截百度網站的流量和廣告流量。百度是中國最大的搜索引擎公司。
Reuters
研究人員稱,「大炮」系統被用來攔截百度網站的流量和廣告流量。百度是中國最大的搜索引擎公司。
舊金山——上個月底,中國開始利用大量網絡流量衝擊美國網站,此舉似乎是為了阻止那些促使中國互聯網用戶可以瀏覽在國內遭到屏蔽的網站的服務。
初步的安全報告顯示,中國利用自己的互聯網過濾系統「防火長城」(Great Firewall),將大量數據流量重新定向到目標網站,進而衝垮網站的服務。如今,加州大學伯克利分校(University of California, Berkeley)和多倫多大學(University of Toronto)的研究人員表示,中國利用的不是「防火長城」,而是一種強大的新武器,他們稱之為「大炮」(Great Cannon)。
  • 檢視大圖比爾·馬爾恰克(右)參與撰寫了一份報告,介紹中國的一件網絡武器。這件新武器頗為強大。旁邊是同在公民實驗室擔任研究人員的同事摩根·馬奎斯-布瓦爾。
    Thor Swift for The New York Times
    比爾·馬爾恰克(右)參與撰寫了一份報告,介紹中國的一件網絡武器。這件新武器頗為強大。旁邊是同在公民實驗室擔任研究人員的同事摩根·馬奎斯-布瓦爾。
研究人員在周五發表報告稱,「大炮」使得中國能夠在外國網絡流量流向中國網站時進行攔截,注入惡意代碼,然後按照北京方面的意圖,將這些流量重新定向實現其他目的。
他們表示,這種系統被用來攔截中國最大的搜索引擎百度的網站流量及廣告流量,然後利用這些流量衝擊GitHub和GreatFire.org,前者是一個廣受程序員歡迎的網站,後者是一家非營利性組織,運營着被中國屏蔽網站的鏡像。研究人員表示,周四,針對這些服務的攻擊仍在持續,儘管兩個網站似乎都在正常運轉。
但研究人員表示,這種系統可能擁有更強大的能力。經過一些調整,「大炮」就可以被用於監視任何一個人,只要他碰巧瀏覽了託管在中國電腦上的內容,甚至是訪問了包含中國廣告的外國網站。
「『大炮』的行動部署代表着國家級的信息控制明顯升級,」研究人員在報告中寫道。他們表示,這是「廣泛、公開地運用攻擊手段來實行審查的常態化」。
之前曾對政府監聽工具開展過大量研究的研究人員發現,儘管基礎設施和代碼與「防火長城」存在相似之處,但相關攻擊來自另外一種設備。該設備不僅具備窺探互聯網流量的能力,還能在所謂的「中間人攻擊」中大規模地操縱互聯網流量,並將其指向任何網站。
報告稱,中國新採用的互聯網武器,與美國國家安全局(National Security Agency,簡稱NSA)與英國對等機構政府通訊總部(Government Communications Headquarters,簡稱GCHQ)共同開發和使用的一個系統類似。美國前情報機構承包商僱員愛德華·J·斯諾登(Edward J. Snowden)泄露的機密文件,對該系統有簡要說明。從發表在「攔截」(The Intercept)網站上的相關文件來看,美國的系統能部署一套程序,可以大規模攔截網絡流量,並將其重定向到自己選定的網站。NSA及其合作夥伴似乎把相關程序用在了定點監視上,而中國則似乎把「大炮」當做一種咄咄逼人的審查手段。
研究人員在報告中稱,程序間的相似之處可能會讓美國官員感到尷尬。「有了這一先例,西方國家的政府可能難以令人信服地抱怨使用類似技術的其他國家,」他們寫道。
儘管如此,這個中國程序說明,北京的官員在審查他們認為是敵對互聯網內容的東西上願意走多遠。 「這是國家主席習近平加強對互聯網的控制、刪除任何挑戰黨的內容之努力的一部分,」華盛頓戰略研究中心網絡安全專家詹姆斯·A·劉易斯(James A. Lewis)說。
習近平為了更嚴密地控制國內的互聯網、打擊公民的網上行動,成立了國家互聯網信息辦公室,在該辦公室的領導下,北京不斷增強網絡的審查力度。中國互聯網主管魯煒在最近的一系列聲明中,敦促國際社會尊重中國的互聯網政策。
莎拉·麥庫恩(Sarah McKune)是多倫多大學蒙克全球事務學院(Munk School of Global Affairs)公民實驗室(Citizen Lab )的高級法律顧問,也是報告和共同作者之一,她說,「中國政府的立場是,為中國境內提供被政府視為敵對內容的服務,是一種敵對和挑釁行為,是對中國政權穩定的威脅,並最終是對國家安全的威脅。」
這些襲擊還顯示,在多大程度上,北京願意以審查的名義犧牲其他國家目標,甚至是經濟方面的目標。百度是中國訪問量最大的網站,據提供網站排名服務的Alexa公司估計,百度在過去30天內接受到來自美國的獨立訪問者達520萬個。
百度發言人郭怡廣說,百度對襲擊不知情,而且百度本身的網站沒有受到攻擊。然而,研究人員和外交政策專家說,北京通過利用可能成為百度訪問者的用戶來進行襲擊,會損害該公司的海外名聲及市場佔有率。
北京最近表示,它打算幫助中國互聯網企業擴大它們在海外的影響力和用戶群。在上個月的全國人民代表大會上,李克強總理宣布了一項名為「互聯網+」的新計劃,以「促進電子商務、工業互聯網和互聯網金融健康發展,引導互聯網企業拓展國際市場」。
不過,最近的審查攻勢可能會成為中國企業尋求海外擴張的一個主要問題。「他們知道他們最大的障礙之一是,人們認為他們是中國政府的工具,」劉易斯說。「這會損害百度成為一家全球性競爭企業的機會。」
研究人員說,他們能夠把「大炮」追朔到中國「防火長城」用的同一個物理網絡連接,並在這兩種措施的源代碼中找到了相似之處,這表明,同一機構既操作「防火長城」,也指揮着這個新的網絡武器。
「由於『大炮』和『防火長城』都在同一個物理連接上操作,我們相信,它們在同一個權力機構下運行,」報告的共同作者比爾·馬爾切克(Bill Marczak)說,他是加州大學伯克利分校計算機科學專業的研究生,也是公民實驗室的研究員。
馬爾切克說,研究人員擔心的是,國家能利用這一新武器,在受攻擊對象不知道的情況下,來攻擊互聯網用戶,尤其是異見者。一旦用戶對中國境內的服務器發出一次請求,甚至如果訪問的是一個非中國網站、但該網站上有一個來自中國服務器的廣告,「大炮」就可能侵入這些用戶的網絡通訊,並侵入那些與他們聯繫者的網絡流量,從而搜集這些人的信息。
研究人員說,最終,互聯網用戶和公司唯一能保護自己的方法是,對自己的互聯網通訊加密,使通訊在到達預定目標之前,無法被攔截和轉移。
研究人員說,「坦白地講,無保護的通訊不只是為間諜提供機會,但且是一個潛在的攻擊向量。」
翻譯:Cindy Hao

China Is Said to Use Powerful New Weapon to Censor Internet

SAN FRANCISCO — Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.
Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.
  • 查看大图Bill Marczak, right, a co-author of the report on a powerful new Chinese cyberweapon, with Morgan Marquis-Boire, a fellow Citizen Lab researcher.
    Thor Swift for The New York Times
    Bill Marczak, right, a co-author of the report on a powerful new Chinese cyberweapon, with Morgan Marquis-Boire, a fellow Citizen Lab researcher.
The Great Cannon, the researchers said in a report published Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.
The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.
But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report. It is, they said, “the normalization of widespread and public use of an attack tool to enforce censorship.”
The researchers, who have previously done extensive research into government surveillance tools, found that while the infrastructure and code for the attacks bear similarities to the Great Firewall, the attacks came from a separate device. The device has the ability not only to snoop on Internet traffic but also to alter the traffic and direct it — on a giant scale — to any website, in what is called a “man in the middle attack.”
China’s new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor. The American system, according to the documents, which were published by The Intercept, can deploy a system of programs that can intercept web traffic on a mass scale and redirect it to a site of their choosing. The N.S.A. and its partners appear to use the programs for targeted surveillance, whereas China appears to use the Great Cannon for an aggressive form of censorship.
The similarities of the programs may put American officials on awkward footing, the researchers argue in their report. “This precedent will make it difficult for Western governments to credibly complain about others utilizing similar techniques,” they write.
Still, the Chinese program illustrates how far officials in Beijing are willing to go to censor Internet content they deem hostile. “This is just one part of President Xi Jinping’s push to gain tighter control over the Internet and remove any challenges to the party,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington.
Beijing continues to increase its censorship efforts under its State Internet Information Office, an office created under Mr. Xi to gain tighter control over the Internet within the country and to clamp down on online activism. In a series of recent statements, Lu Wei, China’s Internet czar, has called on the international community to respect China’s Internet policies.
Sarah McKune, a senior legal adviser at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and a co-author of the report, said, “The position of the Chinese government is that efforts to serve what it views as hostile content inside China’s borders is a hostile and provocative act that is a threat to its regime stability and ultimately its national security.”
The attacks also show the extent to which Beijing is willing to sacrifice other national goals, even economic ones, in the name of censorship. Baidu is China’s most visited site, receiving an estimated 5.2 million unique visitors from the United States in the past 30 days, according to Alexa, a web ranking service.
Kaiser Kuo, a Baidu spokesman, said that Baidu was not complicit in the attacks and that its own networks had not been breached. But by sweeping up Baidu’s would-be visitors in its attacks, researchers and foreign policy experts say, Beijing could harm the company’s reputation and market share overseas.
Beijing has recently said that it plans to help Chinese Internet companies extend their influence and customer base abroad. At a meeting of the National People’s Congress in China last month, Premier Li Keqiang announced a new “Internet Plus” action plan to “encourage the healthy development of e-commerce, industrial networks and Internet banking and to guide Internet-based companies to increase their presence in the international market.”
Yet the latest censorship offensive could become a major problem for Chinese companies looking to expand overseas. “They know one of their biggest obstacles is the perception that they are tools of the Chinese government,” Mr. Lewis said. “This is going to hurt Baidu’s chances of becoming a global competitor.”
Researchers say they were able to trace the Great Cannon to the same physical Internet link as China’s Great Firewall and found similarities in the source code of the two initiatives, suggesting that the same authority that operates the Great Firewall is also behind the new cyberweapon.
“Because both the Great Cannon and Great Firewall are operating on the same physical link, we believe they are both being run under the same authority,” said Bill Marczak, a co-author of the report who is a computer science graduate student at the University of California, Berkeley, and a research fellow at Citizen Lab.
Mr. Marczak said researchers’ fear is that the state could use its new weapon to attack Internet users, particularly dissidents, without their knowledge. If s they make a single request to a server inside China or even visit a non-Chinese website that contains an ad from a Chinese server, the Great Cannon could infect their web communications and those of everyone they communicate with and spy on them.
Ultimately, researchers say, the only way for Internet users and companies to protect themselves will be to encrypt their Internet traffic so that it cannot be intercepted and diverted as it travels to its intended target.
“Put bluntly,” the researchers said, “unprotected traffic is not just an opportunity for espionage but a potential attack vector.”

沒有留言: