This is a tale of spies, a $500m cyber armsheist, accusations of an attempt to manipulate a US presidential election andan increasingly menacing digital war being waged between Russia and the west.
这是一个关于间谍、一次5亿美元的网络武器打劫、对俄罗斯操纵美国总统选举企图的指控、以及一场俄罗斯与西方之间越来越危险的数字化战争的故事。
It begins with a clandestine online groupknown as The Shadow Brokers. There is no evidence that it existed before lastSaturday, when a Twitter account in its name tweeted at a handful of leadingglobal news organisations with an unusual announcement: it was conducting a$500m auction of cyber weapons.
故事始于一个名为“影子经纪人”(The Shadow Brokers)的秘密网络组织。直到8月13日以前,还没有证据显示该组织的存在。而在8月13日,一个该名字的Twitter账号发帖并@了多家顶尖的全球新闻机构,发布了一条不同寻常的声明:该组织正在开展一轮5亿美元的网络武器拍卖。
In a show of faith, the group put aselection of its wares — a 4,000-file, 250MB trove — on public rity analysts have been racing to go through the list but it is alreadyclear that at least some of what has been revealed so far is real.
为显示信誉,该组织挑选所拍卖数据的一部分公开展示,总共有4000个文件,大小为250MB。安全分析师竞相审查这份数据清单,不过目前已弄清楚的是,到目前为止披露的数据中至少部分是真实的。
What is most remarkable, though, is thelikely former owner of the Shadow Brokers’ cyber bounty: an outfit known as theEquation Group. Equation is an elite hacking unit of the US National SecurityAgency. The Shadow Brokers claim that the stolen goods are sophisticated cyberweapons used by the NSA.
然而,最令人吃惊的是影子经纪人这批网络战利品可能的前主人:“方程式组织”(Equation Group)。方程式组织是美国国家安全局(NSA)的一个精英黑客部门。影子经纪人声称,这些其所窃取的数据是NSA所使用的精密网络武器。
The Shadow Brokers’ motivations are notentirely clear. “If this was someone who was financially motivated, this is notwhat you would do,” says Orla Cox, director of security response at Symantec, aleading cyber security company. Cyber weapons are typically sold over the darkweb, notes Ms Cox, or they are used by hackers who want to remain certainly are not advertised to news outlets. And even the best are notpriced in $500m bundles.
影子经纪人的动机目前还不完全清楚。顶尖网络安全公司赛门铁克(Symantec)安全响应总监奥拉•考克斯(Orla Cox)表示:“如果说是出于财务动机,这样的事你是不会去做的。”考克斯指出,网络武器通常是在“暗网(dark web)”上销售,或者由希望保持匿名的黑客使用。它们肯定不会在新闻门户网站上打广告。而且即使是最好的网络武器,也不会打包标5亿美元的价格。
“It’s a false flag. This isn’t about money. It’s a PRexercise,”she says.
她说:“这是一个幌子。这事与钱无关。这是一次公关行动。”
According to three cyber security companiesthat declined to be identified, the Shadow Brokers is mostly likely run byRussian intelligence. “There is no digital smoking gun,”said one analyst.
根据三家拒绝透露身份的网络安全公司的说法,影子经纪人很可能是俄罗斯情报机构运营的。一位分析师表示:“目前还没有确切的数字化证据。”
But the circumstantial evidence iscompelling, analysts say. And the list of other potential nation-state actorswith the capability, wherewithal and motive is short.
不过,分析师表示,相关旁证却很有说服力。此外,其他拥有相应能力、财力和动机,可能参与此事的国家非常少。
“The fact that the Shadow Brokers did notexist before, appeared at this time and are using intelligence that has beensaved up until now suggests this is all part of some deliberate, targetedoperation, put together for a particular purpose,” says Ewan Lawson, a formercyber warfare officer in the UK’s Joint Forces Command and now senior research fellow at RUSI, thethink-tank.
英国联合部队司令部(Joint Forces Command)前网络战军官、现任智库英国皇家联合军种研究院(RUSI)高级研究员的尤安•劳森(Ewan Lawson)表示:“影子经纪人此前并不存在,却在现在这个时间点出现,而且在使用一直累积到现在的情报,这意味着这完全是某个精心策划的有目标行动的一部分,是为了特定目的。”
“That purpose looks like it is to highlight perceived US hypocrisy.”Russia, hesays, is the obvious perpetrator.
“这一目的看起来似乎是为了突出美国在外界眼中的虚伪。”他说,俄罗斯是明显的肇事者。
Two senior western intelligence officialssay their assessment was evolving but similar: the Shadow Brokers’ stunt grewout of Russia’s desire to strike back at the US following accusations thatRussian intelligence was behind the hack into the Democratic National Committee’s intrusion, and the subsequent leak of embarrassing emails, has beeninterpreted by some as an attempt by Russia to interfere with the USpresidential election.
两名西方资深情报官员表示,他们的评估还在进行之中,不过也与此类似:影子经纪人的惊人之举,是由于俄罗斯想要还击美国,因为之前美国指责俄罗斯情报机构是美国民主党全国委员会(Democratic National Committee)被黑客攻击的幕后黑手。那次入侵以及随后泄露的令人尴尬的电邮,被部分人解释为俄罗斯试图干预美国总统选举。
The US has yet to respond officially tothat hack, even though they know it to be Russia, according to this narrative.
按照这种说法,尽管美国知道那次黑客攻击是俄罗斯干的,却仍未作出正式回应。
Now, with a piece of Le Carré-esquepublic signalling between spymasters, Russia’s Shadow Brokersgambit has made any such response greatly more complex, the officials suggest.
这两名官员暗示,如今,借助勒卡雷(Le Carré,间谍小说作家——译者注)式的间谍组织首脑之间的公开发信号,俄罗斯影子经纪人的诡计大大提高了任何此类回应的复杂性。
The US and its allies, of course, arehardly innocent of hacking. Regin, a piece of malware used to crack intotelecoms networks, hotels and businesses from Belgium to Saudi Arabia — thoughmainly Russia — is a tool used by the US and the UK, while the Equation Groupis among the most virulent and sophisticated hacking operations around.
当然,美国及其盟友很难说在网络攻击方面是无辜的。恶意软件Regin被用来攻击从比利时到沙特阿拉伯(尽管主要目标是俄罗斯)的电信网络、酒店和企业,它就是美国和英国使用的工具。此外,方程式组织也是最具攻击性和最老练的黑客组织之一。
If the warning to Washington was not beingtelegraphed clearly enough by Moscow, Edward Snowden, the NSAcontractor-turned-whistleblower now living in Russia, spelt it out.
如果说莫斯科向华盛顿发出的这次警告还不够明确的话,前NSA合同工、现居俄罗斯的泄密者爱德华•斯诺登(Edward Snowden)则明确指出了这一点。
“Circumstantial evidence and conventionalwisdom indicates Russian responsibility,” he wrote in a tweet to his 2.3mfollowers. “This leak looks like somebody sending a message that an escalationin the attribution game could get messy fast,” he said in another.
他在Twitter上向230万粉丝发帖道:“相关旁证和常规推理显示俄罗斯对此负有责任。这次爆料看起来像是某人在传递一个消息:这场归罪游戏可能难堪地快速升级。”
In the US intelligence community theassumption is that, at the very least, Mr Snowden is an unwitting agent ofRussian intelligence, if not a tool of it. “It’s all partof the signalling,”says one intelligence official.
美国情报界的推测是,斯诺登就算不是俄罗斯情报机构的工具,至少也是无意间做了他们的特工。一位情报官员表示:“所有这一切都是这次信号传递的一部分。”
“The Russians have had the initiative inthis whole thing starting from even before the DNC break-in,” says Jim Lewis,director of strategic technologies at the CSIS think-tank and a former US statedepartment official. “They have the place of honour when it comes to threats tothe US in cyber space right now. They’ve accelerated —they’re much lessrisk averse and they’re much more aggressive.”
“甚至从美国民主党全国委员会服务器被攻击之前,俄罗斯人就在整件事情里掌握了主动,”前美国国务院官员、智库战略与国际研究中心(CSIS)战略技术总监吉姆•刘易斯(Jim Lewis)说,“目前美国面临的网络威胁中,俄罗斯占据了前列。他们已经加快了步伐——变得趋于冒险和富于攻击性得多。”
Attribution problems
归罪难题
“Attributing”cyber attacks —or identifying their source —is a thorny issue.
网络攻击的“归罪”——或者说指认攻击源头——是一个棘手的问题。
For cyber super powers, insiders say, it israrely technical limitations that prevent governments from castigatingattackers. The problem, an age-old one for spycraft, is that in disclosing whatthey know, officials may give away how they got it.
熟悉内情的人士表示,对于网络超级大国而言,阻止政府谴责攻击者的极少是技术方面的限制。其中的难题对间谍事务也是由来已久,那就是如果官员们公开所知信息,他们可能会泄露出他们是如何得到这些信息的。
For agencies like the NSA and UK’s GCHQthere is a deeply ingrained culture of secrecy surrounding their cybersurveillance work that stretches back to the origins of signals intelligenceduring the second world war. US intelligence knew very quickly that the Chinesewere behind the hack of the Office of Personnel Management, announced in Junelast year, which targeted the records of millions of Americans. But it tooktime to decide what the appropriate response should be and what kind of effectthey wanted from it.
NSA和英国政府通信总部(GCHQ)等机构的网络监听工作有一种根深蒂固的秘密文化,可以溯源至二战时期的信号情报工作。关于去年6月公布的美国人事管理局(Office of Personnel Management)遭黑客攻击的事件,美国情报机构其实很快就知晓这起针对数百万美国人的人事记录的攻击是中国黑客所为,但他们花费了一些时间来决定该做出何种回应,又想要从中取得何种效果。
Outside the inner circles of the spy world,there is a growing sense that more public attribution is needed to try and putthe brakes on a cyber cold war that is spiralling out of control.
在间谍世界的核心圈子之外,有一种越来越强的认知——需要尝试更多地公开指认网络攻击者,给正在逐渐失控的网络冷战踩踩刹车。
“Up to now there has been a degree of approachingcyber defence one day at a time,” says RUSI’s Mr Lawson. “But now it’s reacheda momentum where people are starting to say we need to start calling peopleout, making more of an issue about these attacks, because otherwise, how are weever going to establish any sort of global norms about it,”
“到现在为止,网络防务在某种程度上是得过且过,”英国皇家联合军种研究院的劳森说,“但现在已经达到了一种势头,人们开始说,我们需要开始点一些人的名,更多地引起有关这些攻击的争论,因为如果不这样,我们该如何建立任何有关网络攻击的全球性准则呢?”
Publicly identifying attackers can bepowerful. Chinese activity against US companies decreased markedly after USauthorities publicly indicted five senior Chinese military officials last year,proving to Beijing that they knew exactly what its hackers were up to —and wouldrespond even more harshly if they continued. But the power of attribution alsodepends on the adversary. Unlike China, Russia does not depend economically onthe US.
公开指认攻击者可以产生强大的效果。在美国当局去年公开起诉5名中国高级军官后,中国针对美国企业的黑客行为显著减少了。美国当局通过此举向北京方面展示,他们清楚地知道中国黑客在干什么,如果这些黑客继续行动,美国方面会报以更加严厉的回应。但指认攻击者的效果也取决于对手。与中国不同,俄罗斯在经济上对美国没有依赖。
The Kremlin’s hackers are also farstealthier. A particular trend in Russia’s hacking operations in the past 18months, says a senior British cyber security official, has been towards such“false flagging”, where attacks are hidden behind proxies. The official pointsto an attack on the French broadcaster TV5Monde in April last year. The websitewas defaced with pro-Isis imagery, but it was the Russians who wereresponsible, he says.
克里姆林宫的黑客们也要隐秘得多。一名英国高级网络安全官员说,过去18个月俄罗斯的黑客行动一直倾向于“立幌子”——在代理的掩护下进行攻击。这名官员提到去年4月法国广播电视公司TV5Monde所受的一次攻击。他说,该公司的网站被换上了亲“伊拉克和黎凡特伊斯兰国”(ISIS)的图像,但真正该为此事负责的是俄罗斯黑客。
Russia has become much more aggressive inblurring other boundaries too: their cyber operations do not just exfiltrateinformation, they also sometimes weaponise it. Outright acts of destruction areon the table, too, as was the case when Russia took down the Ukrainian powergrid in January.
俄罗斯在模糊其他界线方面也变得积极得多:他们的网络黑客行动不再仅仅窃取信息,他们有时也把这些信息化为武器。直接进行破坏的行为也公开化了,比如俄罗斯在今年1月攻陷乌克兰电网的例子。
If the tools are new, the techniques maynot be. Philip Agee, a former CIA agent, sprang to prominence in the 1970s forpublishing a series of salacious books and pamphlets claiming to expose theactivities and agents of his former paymasters. He said he was a whistleblowerand became a feted figure of the left in the west.
就算工具是新的,这些手法可能也不是。上世纪70年代,前美国中央情报局(CIA)特工菲利普•阿吉(Philip Agee)因为出版了一系列声称揭露中情局活动和下属特工的色情书籍和小册子而一跃成名。他自称是个揭秘者,并受到了西方左翼人士的热烈追捧。
But in reality he was carefully directed bythe KGB, the Soviet spy agency. Under the Russians’ guidance, his outputblended genuine US intelligence leaks with outright disinformation concocted byMoscow to suit its own ends. Hundreds of CIA agents were exposed by hisactivities.
但事实上,他的行动受到了苏联特工机构克格勃(KGB)的精心指导。在苏联人的指导下,他的书籍混合了真实的美国情报泄密和莫斯科方面炮制的虚假信息,以服务苏联的目的。数百名中情局特工因为他的行为而暴露。
The KGB’s use of Agee wasboth an act of disruption and one of manipulation. It boxed in the CIA andaffected their decision-making. Moscow ensured genuine agents’names werepublicised at times to suit their ends.
克格勃对阿吉的利用既是一种扰乱,也是一种操纵。此举让中情局陷入困境,影响了他们的决策。莫斯科还不时公开特工的真实姓名,以服务自身目的。
The Shadow Brokers may be the same trickadapted to the 21st century.
影子经纪人或许只是同一花招的21世纪版本。
Both are textbook examples of what Sovietstrategists called reflexive control — a concept that has become resurgent inRussian military planning today. Reflexive control is the practice of shapingan adversary’s perceptions. A state might convince an opponent not to retaliatefor interfering in an election, for example, by raising the possibility ofreleasing information about its own tactics.
这二者都是苏联战略家所称“反身控制”的经典教科书案例。“反身控制”的概念在今天的俄罗斯军事规划中再度兴起。反身控制是一种塑造对手认知的做法。比如,一个国家可能通过提高泄露对手策略信息的可能性,来说服对手不要报复其对选举的干扰。
“These are old tactics,” says CSIS’ MrLewis. “The Russians have always been better at this kind of thing than us. Butnow, they’re just able to wield them so much more effectively. They have takentremendous advantage of the internet. Information is a weapon.”
“这些都是老的战术,”智库战略与国际研究中心的刘易斯说,“在这种事情上,俄罗斯人一直比我们更擅长。但现在,他们能够有效得多地使用这种战术。他们极大地利用了互联网。信息是一种武器。”