2017年11月21日 星期二

網路入侵,真的可以「不戰而屈人之兵」。多國政府用間諜軟件監控異議分子

蘋論:駭客不戰而屈人之兵

2017.11.22

......2012年8月15日,伊朗政府轄下的祕密組織,對全球最大的能源公司「沙烏地阿美石油公司」發動攻擊,武器是電腦病毒。該公司花了兩個星期才恢復正常產能,但已有3╱4的電腦被感染,大約3萬台。整件事的意義是:假如在嚴格的安全環境下營運的全球最大企業,都遭到網路的攻擊,那麼同樣的事情可能發生在任何地方的任何人身上。
駭客的敵意行動包括惡意程式、電腦病毒、蠕蟲、特洛伊木馬、分散式阻斷服務攻擊、網路攻擊。諷刺的是互聯網最初的目的是創造去中心化和分散式的通訊網路,可以在核武攻擊後存活下來;但分散性的結構剛好方便進行新型態的潛在攻擊,造成的損失夭壽大──每年網路攻擊耗費的成本已超過4千億美元,高於全球196國中160國的GDP。 
目前網路攻擊有3種主要型態,分別針對網路的機密性、可用性和完整性發動攻擊。危害網路機密性的攻擊,是企圖以非法或未經核可的方式竊取或洩漏信用卡或社會安全碼等機密資訊。對可用性的攻擊,又被稱為「阻斷服務攻擊」或「分散式阻斷服務攻擊」,是經由發送大量請求癱瘓網路。網攻也可能影響網路的完整性,造成實體的破壞,會改變或破壞電腦編碼,目的在破壞電腦硬體和基本架構或實體系統,以致電腦徹底崩潰只能報廢。
萬物數位化將是未來10年最重要的經濟發展趨勢,但是也很危險。敵方駭客部隊針對我國所有部門的網路入侵,真的可以「不戰而屈人之兵」。



****

多國政府用間諜軟件監控異議分子


本周,華盛頓一年一度的美洲世界情報支持系統展覽(ISS World Americas)上,來自世界各地的執法人員將了解到電腦間諜軟件的最新進展。但他們不會了解到的是,在某些情況下,強權政府使用此類軟件來密切監視政治活動人士。
英國漢普郡的伽馬集團(Gamma Group)以及米蘭的黑客團隊公司(Hacking Team)的高管們本周四將逐一登台介紹他們最新的監控技術。這兩家公司都向政府出售間諜軟件,並稱其將專門用於刑事偵查。但越來越多的證據表明,他們的間諜軟件已經被用來監控異議人士。
今年8月《紐約時報》的一篇文章報道,由伽馬集團出售的間諜軟件被用於監視巴林的活動人士,以及在十多個國家中通過服務器暗中監視民眾。這些國家很多有值得質疑的人權記錄,例如汶萊和土庫曼斯坦。起初,伽馬集團否認其軟件正在以這種形式被使用,隨後又稱其間諜軟件的幾份拷貝被盜竊了。 

摩根·馬奎斯-博伊爾(Morgan Marquis-Boire)是首先從發給巴林活動人士的電子郵件中發現伽馬間諜軟件的安全研究人員之一。周三,他發佈了新的證據,證明黑客團隊銷售的間諜軟件也被用於監控政治活動人士。

這種間諜軟件,將為那些此前不具備電腦監視程序的政府提供一種尖端的、即插即用式的監控技術,可以用來跟蹤公民的位置,記錄下他們的每一次按鍵動作,閱讀他們的電子郵件和社交網絡及即時通訊軟件聊天,甚至在遠程打開設備上的照相機或麥克風來記錄他們的談話。
TeleStrategies公司總裁傑里·盧卡斯(Jerry Lucas)在今年8月告訴《紐約時報》,這種技術的市場“10年前還不存在”,但現在已經發展到營業額50億美元的規模。該公司是世界情報支持系統展覽的主辦方。

馬奎斯-博伊爾是多倫多大學蒙克全球事務學院(Munk School of Global Affairs)公民實驗室(Citizen Lab)的一名安全研究員。在最近的研究中,他說已經發現黑客團隊的政府級間諜軟件被放在一個微軟Word格式的附件里,發送給了阿拉伯聯合酋長國一名政治活動人士,還被嵌入了一個發在摩洛哥某新聞網站上的鏈接。

黑客團隊財務部門的一名員工說,他不知道馬奎斯-博伊爾的發現,並說,該公司的高管們在周三不能接受採訪。

阿聯酋一位活躍的博客作者艾哈邁德·曼蘇爾(Ahmed Mansoor)是“阿聯酋五君子”(U.A.E. Five)的成員之一。“阿聯酋五君子”是阿聯酋幾名活動人士組成的小團體,團體成員去年曾因批評政府領導人而被捕。今年7月,當曼蘇爾打開一封可疑電子郵件的微軟Word格式附件時,其中的間諜軟件就安裝在了他的電腦裡面。該軟件可以監控他的每一次按鍵動作,記錄他的密碼,社會網絡和即時通訊軟件的聊天,甚至通過他電腦麥克風的語言談話。曼蘇爾告訴彭博通訊社(Bloomberg),因為這個無心的錯誤——點開了一封惡意電子郵件的附件,他莫名其妙地遭到了一群不明身份的人毆打。

同樣在7月,一條可疑的信息被發佈到Mamkafinch.com的提交頁面上,這是一個摩洛哥新聞網站,一直對摩洛哥政府持批評態度。這條消息由法語發佈,其含義大致為,“請不要提到我的名字或我做的任何事情。我不想要任何惡作劇。”此外還有一個鏈接,如果誰去打開,這個人的設備就會被控制。

馬奎斯-博伊爾說,他已經發現,電子郵件附件和惡意鏈接所隱藏的監控軟件與黑客團隊的示範間諜軟件一致。該公司對這種軟件的宣傳是這樣的,“遠程控制系統(Remote Control System)是一件秘密偵查工具,可用於執法和安保機構的數字化調查。這種竊聽軟件可以隱藏在目標設備中,提供高效的數據監控和過程控制。”

在曼蘇爾的事件中,到今年8月份為止,這個用於竊聽的間諜軟件來自一個服務器,這個服務器註冊在阿布扎比的一個郵政信箱,與一家阿聯酋集團公司皇家集團(Royal Group)的公司總部一致。在Mamkafinch網站的事件中,間諜軟件由摩洛哥首都拉巴特的一個IP地址控制。
記者無法聯繫上皇家集團公司的高管進行採訪。摩洛哥駐紐約領事館的一名代表也沒有回應記者的採訪要求。

馬奎斯-博伊爾的新發現的公布,正好在伽馬集團和黑客團隊的高管們將在世界情報支持系統展覽登台的前一天。周四,伽馬集團董事總經理馬丁·J·明奇(Martin J. Muench)的講話題為《政府信息技術入侵:政府實用黑客技術》(Government I.T. Intrusion: Applied Hacking Techniques Used by Governments)。在他演講後,三名黑客團隊的高管將介紹他們最新的政府級監視技術。

馬奎斯-博伊爾說他發佈此發現的時機是一次巧合。在本周二的一次採訪中他說,“這些公司說,他們只把這種間諜軟件出售給政府和情報及執法機關,但重點在於,‘了解你的客戶’。”
翻譯:林蒙克


Rock Carvings of Ancient Dogs Getting Taught New Tricks

SECTIONS

Six Years After Fukushima, Robots Finally Find Reactors’ Melted Uranium Fuel


Six Years After Fukushima, Robots Finally Find Reactors’ Melted Uranium Fuel

Sweeping Plan Would Overturn Equal Access to the Internet 2017;2015The FCC's Net Neutrality Vote: Here's What You Need To Know



2017.11.21

TOP NEWS

Sweeping Plan Would Overturn Equal Access to the Internet

By CECILIA KANG 2:23 PM ET


The Federal Communications Commission plans to scrap net neutrality rules requiring broadband providers to give consumers equal access to all content on the internet.
A rollback of the regulations would represent a significant victory for broadband and telecom companies like AT&T and Comcast and would amount to a strike against consumers.


















































































































*****




Net neutrality isn't just important for small businesses. It's also fundamental for freedom of expression:
The FCC voted today to adopt net neutrality rules to "protect the open internet." If you're still not quite sure what that means, we got your back: http://n.pr/1AwMW8v

The Federal Communications Commission is set to vote on whether to...
WWW.NPR.ORG


By a 3-2 vote, the FCC votes to adopt net neutrality rules to "protect the open Internet." Our original post continues:
Here's a guide to what all of this means.
— What does net neutrality mean?
Here's the Cliffs Notes version from NPR's Elise Hu:
"Net neutrality is the concept that your Internet provider should be a neutral gateway to everything on the Internet, not a gatekeeper deciding to load some sites slower than others or impose fees for faster service."
In other words, it's a concept in which Internet service providers (ISPs) don't discriminate when it comes to Internet traffic.
Without net neutrality rules, ISPs could theoretically take money from companies like Netflix or Amazon to speed up traffic to their sites.
"More than 30 percent of Internet traffic at peak times comes from Netflix, according to studies. So Verizon might say, 'Netflix, you need to pay us more.' Or maybe Verizon strikes a deal with Amazon and says your prime video service can get speedier delivery to the home and we're going to slow down Netflix."
— What is the FCC voting on?
The Federal Communications Commission is voting on whether to reclassify broadband access as a "telecommunications service under Title II."
In layman's terms, the FCC is looking to reclassify broadband as a utility, which would give the commission more regulatory power over Internet providers.
— What prompted this FCC vote?
Back in 2010, the FCC actually passed rules to keep the Internet neutral. But those rules were challenged by Verizon and in January of 2014, the U.S. Court of Appeals for the D.C. Circuit ruled that the FCC did not have the regulatory power over broadband to issue those rules.
The court, however, said that the FCC could reclassify broadband and that would give it broad regulatory powers.
FCC Chairman Tom Wheeler decided to go that direction in February.
Earlier this week, Republicans in Congress dropped opposition to the proposed rules, saying they were not going to pass a bill without any Democratic support.
— What would the proposed rules do?
The proposed rules are pretty lengthy, but from an FCC fact sheet, here are the three things that the rules would ban that matter most to consumers:
"No Blocking: broadband providers may not block access to legal content, applications, services, or non-harmful devices.
"No Throttling: broadband providers may not impair or degrade lawful Internet traffic on the basis of content, applications, services, or non-harmful devices.
"No Paid Prioritization: broadband providers may not favor some lawful Internet traffic over other lawful traffic in exchange for consideration — in other words, no 'fast lanes.' This rule also bans ISPs from prioritizing content and services of their affiliates."
— What does John Oliver have to do with all this?
The comedian John Oliver brought this issue to the forefront when he dedicated 14 minutes on his program to explain why net neutrality is so important.
He called on his viewers to write to the FCC to encourage them to adopt new rules. His call — and the enormous response — broke the commission's website.
A bunch of big Internet sites — Netflix, Etsy and Foursquare among them — joined the chorus in September when they took part in "Internet Slowdown Day," presenting their users with symbolic loading icons "to remind everyone what an Internet without net neutrality would look like."
— When is the FCC voting?
The FCC is voting during an open meeting at 10:30 a.m. ET. The commission isproviding a live stream of its meeting here.
2009.9.22
Net Neutrality Speech Draws Strong Reactions
FCC Chairman Julius Genachowski announced proposed net-neutrality rules to a standing-room-only crowd of telecom geeks, giddy consumer advocates and glum industry lobbyists Monday.




standing-room
n.
Space in which to stand, as in a public place where all seats are filled.
standingroom stand'ing-room' (stăn'dĭng-rūm', -rʊm'adj.


FCC Proposes 'Net Neutrality' Rules
The FCC's chairman said wireless carriers shouldn't be allowed to block certain types of Internet traffic flowing over their networks. (Remarks)

中國啟用「網絡大炮」 加強境外互聯網審查2015.4;「中國互聯網守門人」魯煒被調查2017.11

簡訊

「中國互聯網守門人」魯煒被調查

中共宣傳部副部長魯煒。
魯煒曾任互聯網信息辦主任,被稱為「中國互聯網守門人」,落馬前任中宣部副部長。在他的監管下,中國網路審查制度日益升級。

 魯煒,中國互聯網的守門人

中國啟用「網絡大炮」 加強境外互聯網審查

研究人員稱,「大炮」系統被用來攔截百度網站的流量和廣告流量。百度是中國最大的搜索引擎公司。
Reuters
研究人員稱,「大炮」系統被用來攔截百度網站的流量和廣告流量。百度是中國最大的搜索引擎公司。
舊金山——上個月底,中國開始利用大量網絡流量衝擊美國網站,此舉似乎是為了阻止那些促使中國互聯網用戶可以瀏覽在國內遭到屏蔽的網站的服務。
初步的安全報告顯示,中國利用自己的互聯網過濾系統「防火長城」(Great Firewall),將大量數據流量重新定向到目標網站,進而衝垮網站的服務。如今,加州大學伯克利分校(University of California, Berkeley)和多倫多大學(University of Toronto)的研究人員表示,中國利用的不是「防火長城」,而是一種強大的新武器,他們稱之為「大炮」(Great Cannon)。
  • 檢視大圖比爾·馬爾恰克(右)參與撰寫了一份報告,介紹中國的一件網絡武器。這件新武器頗為強大。旁邊是同在公民實驗室擔任研究人員的同事摩根·馬奎斯-布瓦爾。
    Thor Swift for The New York Times
    比爾·馬爾恰克(右)參與撰寫了一份報告,介紹中國的一件網絡武器。這件新武器頗為強大。旁邊是同在公民實驗室擔任研究人員的同事摩根·馬奎斯-布瓦爾。
研究人員在周五發表報告稱,「大炮」使得中國能夠在外國網絡流量流向中國網站時進行攔截,注入惡意代碼,然後按照北京方面的意圖,將這些流量重新定向實現其他目的。
他們表示,這種系統被用來攔截中國最大的搜索引擎百度的網站流量及廣告流量,然後利用這些流量衝擊GitHub和GreatFire.org,前者是一個廣受程序員歡迎的網站,後者是一家非營利性組織,運營着被中國屏蔽網站的鏡像。研究人員表示,周四,針對這些服務的攻擊仍在持續,儘管兩個網站似乎都在正常運轉。
但研究人員表示,這種系統可能擁有更強大的能力。經過一些調整,「大炮」就可以被用於監視任何一個人,只要他碰巧瀏覽了託管在中國電腦上的內容,甚至是訪問了包含中國廣告的外國網站。
「『大炮』的行動部署代表着國家級的信息控制明顯升級,」研究人員在報告中寫道。他們表示,這是「廣泛、公開地運用攻擊手段來實行審查的常態化」。
之前曾對政府監聽工具開展過大量研究的研究人員發現,儘管基礎設施和代碼與「防火長城」存在相似之處,但相關攻擊來自另外一種設備。該設備不僅具備窺探互聯網流量的能力,還能在所謂的「中間人攻擊」中大規模地操縱互聯網流量,並將其指向任何網站。
報告稱,中國新採用的互聯網武器,與美國國家安全局(National Security Agency,簡稱NSA)與英國對等機構政府通訊總部(Government Communications Headquarters,簡稱GCHQ)共同開發和使用的一個系統類似。美國前情報機構承包商僱員愛德華·J·斯諾登(Edward J. Snowden)泄露的機密文件,對該系統有簡要說明。從發表在「攔截」(The Intercept)網站上的相關文件來看,美國的系統能部署一套程序,可以大規模攔截網絡流量,並將其重定向到自己選定的網站。NSA及其合作夥伴似乎把相關程序用在了定點監視上,而中國則似乎把「大炮」當做一種咄咄逼人的審查手段。
研究人員在報告中稱,程序間的相似之處可能會讓美國官員感到尷尬。「有了這一先例,西方國家的政府可能難以令人信服地抱怨使用類似技術的其他國家,」他們寫道。
儘管如此,這個中國程序說明,北京的官員在審查他們認為是敵對互聯網內容的東西上願意走多遠。 「這是國家主席習近平加強對互聯網的控制、刪除任何挑戰黨的內容之努力的一部分,」華盛頓戰略研究中心網絡安全專家詹姆斯·A·劉易斯(James A. Lewis)說。
習近平為了更嚴密地控制國內的互聯網、打擊公民的網上行動,成立了國家互聯網信息辦公室,在該辦公室的領導下,北京不斷增強網絡的審查力度。中國互聯網主管魯煒在最近的一系列聲明中,敦促國際社會尊重中國的互聯網政策。
莎拉·麥庫恩(Sarah McKune)是多倫多大學蒙克全球事務學院(Munk School of Global Affairs)公民實驗室(Citizen Lab )的高級法律顧問,也是報告和共同作者之一,她說,「中國政府的立場是,為中國境內提供被政府視為敵對內容的服務,是一種敵對和挑釁行為,是對中國政權穩定的威脅,並最終是對國家安全的威脅。」
這些襲擊還顯示,在多大程度上,北京願意以審查的名義犧牲其他國家目標,甚至是經濟方面的目標。百度是中國訪問量最大的網站,據提供網站排名服務的Alexa公司估計,百度在過去30天內接受到來自美國的獨立訪問者達520萬個。
百度發言人郭怡廣說,百度對襲擊不知情,而且百度本身的網站沒有受到攻擊。然而,研究人員和外交政策專家說,北京通過利用可能成為百度訪問者的用戶來進行襲擊,會損害該公司的海外名聲及市場佔有率。
北京最近表示,它打算幫助中國互聯網企業擴大它們在海外的影響力和用戶群。在上個月的全國人民代表大會上,李克強總理宣布了一項名為「互聯網+」的新計劃,以「促進電子商務、工業互聯網和互聯網金融健康發展,引導互聯網企業拓展國際市場」。
不過,最近的審查攻勢可能會成為中國企業尋求海外擴張的一個主要問題。「他們知道他們最大的障礙之一是,人們認為他們是中國政府的工具,」劉易斯說。「這會損害百度成為一家全球性競爭企業的機會。」
研究人員說,他們能夠把「大炮」追朔到中國「防火長城」用的同一個物理網絡連接,並在這兩種措施的源代碼中找到了相似之處,這表明,同一機構既操作「防火長城」,也指揮着這個新的網絡武器。
「由於『大炮』和『防火長城』都在同一個物理連接上操作,我們相信,它們在同一個權力機構下運行,」報告的共同作者比爾·馬爾切克(Bill Marczak)說,他是加州大學伯克利分校計算機科學專業的研究生,也是公民實驗室的研究員。
馬爾切克說,研究人員擔心的是,國家能利用這一新武器,在受攻擊對象不知道的情況下,來攻擊互聯網用戶,尤其是異見者。一旦用戶對中國境內的服務器發出一次請求,甚至如果訪問的是一個非中國網站、但該網站上有一個來自中國服務器的廣告,「大炮」就可能侵入這些用戶的網絡通訊,並侵入那些與他們聯繫者的網絡流量,從而搜集這些人的信息。
研究人員說,最終,互聯網用戶和公司唯一能保護自己的方法是,對自己的互聯網通訊加密,使通訊在到達預定目標之前,無法被攔截和轉移。
研究人員說,「坦白地講,無保護的通訊不只是為間諜提供機會,但且是一個潛在的攻擊向量。」
翻譯:Cindy Hao

China Is Said to Use Powerful New Weapon to Censor Internet

SAN FRANCISCO — Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.
Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.
  • 查看大图Bill Marczak, right, a co-author of the report on a powerful new Chinese cyberweapon, with Morgan Marquis-Boire, a fellow Citizen Lab researcher.
    Thor Swift for The New York Times
    Bill Marczak, right, a co-author of the report on a powerful new Chinese cyberweapon, with Morgan Marquis-Boire, a fellow Citizen Lab researcher.
The Great Cannon, the researchers said in a report published Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.
The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.
But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report. It is, they said, “the normalization of widespread and public use of an attack tool to enforce censorship.”
The researchers, who have previously done extensive research into government surveillance tools, found that while the infrastructure and code for the attacks bear similarities to the Great Firewall, the attacks came from a separate device. The device has the ability not only to snoop on Internet traffic but also to alter the traffic and direct it — on a giant scale — to any website, in what is called a “man in the middle attack.”
China’s new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor. The American system, according to the documents, which were published by The Intercept, can deploy a system of programs that can intercept web traffic on a mass scale and redirect it to a site of their choosing. The N.S.A. and its partners appear to use the programs for targeted surveillance, whereas China appears to use the Great Cannon for an aggressive form of censorship.
The similarities of the programs may put American officials on awkward footing, the researchers argue in their report. “This precedent will make it difficult for Western governments to credibly complain about others utilizing similar techniques,” they write.
Still, the Chinese program illustrates how far officials in Beijing are willing to go to censor Internet content they deem hostile. “This is just one part of President Xi Jinping’s push to gain tighter control over the Internet and remove any challenges to the party,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington.
Beijing continues to increase its censorship efforts under its State Internet Information Office, an office created under Mr. Xi to gain tighter control over the Internet within the country and to clamp down on online activism. In a series of recent statements, Lu Wei, China’s Internet czar, has called on the international community to respect China’s Internet policies.
Sarah McKune, a senior legal adviser at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and a co-author of the report, said, “The position of the Chinese government is that efforts to serve what it views as hostile content inside China’s borders is a hostile and provocative act that is a threat to its regime stability and ultimately its national security.”
The attacks also show the extent to which Beijing is willing to sacrifice other national goals, even economic ones, in the name of censorship. Baidu is China’s most visited site, receiving an estimated 5.2 million unique visitors from the United States in the past 30 days, according to Alexa, a web ranking service.
Kaiser Kuo, a Baidu spokesman, said that Baidu was not complicit in the attacks and that its own networks had not been breached. But by sweeping up Baidu’s would-be visitors in its attacks, researchers and foreign policy experts say, Beijing could harm the company’s reputation and market share overseas.
Beijing has recently said that it plans to help Chinese Internet companies extend their influence and customer base abroad. At a meeting of the National People’s Congress in China last month, Premier Li Keqiang announced a new “Internet Plus” action plan to “encourage the healthy development of e-commerce, industrial networks and Internet banking and to guide Internet-based companies to increase their presence in the international market.”
Yet the latest censorship offensive could become a major problem for Chinese companies looking to expand overseas. “They know one of their biggest obstacles is the perception that they are tools of the Chinese government,” Mr. Lewis said. “This is going to hurt Baidu’s chances of becoming a global competitor.”
Researchers say they were able to trace the Great Cannon to the same physical Internet link as China’s Great Firewall and found similarities in the source code of the two initiatives, suggesting that the same authority that operates the Great Firewall is also behind the new cyberweapon.
“Because both the Great Cannon and Great Firewall are operating on the same physical link, we believe they are both being run under the same authority,” said Bill Marczak, a co-author of the report who is a computer science graduate student at the University of California, Berkeley, and a research fellow at Citizen Lab.
Mr. Marczak said researchers’ fear is that the state could use its new weapon to attack Internet users, particularly dissidents, without their knowledge. If s they make a single request to a server inside China or even visit a non-Chinese website that contains an ad from a Chinese server, the Great Cannon could infect their web communications and those of everyone they communicate with and spy on them.
Ultimately, researchers say, the only way for Internet users and companies to protect themselves will be to encrypt their Internet traffic so that it cannot be intercepted and diverted as it travels to its intended target.
“Put bluntly,” the researchers said, “unprotected traffic is not just an opportunity for espionage but a potential attack vector.”