評論
打印
“CYBER” sounds scary. Cyber-criminals can empty your bank account; cyberterrorists are the stuff of Hollywood thrillers. Cyber-espionage involves stealing state secrets or intellectual property. You do not have to understand how computers work to be worried about the damage to you, your work or your country.
“網絡”聽起來很恐怖。網絡罪犯能掏空你的銀行帳戶;網絡恐怖分子是好萊塢驚悚片的???;網絡間諜會盜取國家機密或知識產權。就算你不懂電腦的工作原理,你也得擔心它對你,對你的工作以及你的國家造成的傷害。
Yet businesses seeking to increase their sales, and officials and politicians who want more money and power, love tales of doom and gloom. Trade is booming for what some have dubbed the “cyber-industrial complex”. State agencies demand more power to fend off a dreadful attack by a foreign enemy—a kind of “digital Pearl Harbour”. Companies peddle security advice and software, often with a hefty price tag. The difficulty for the citizen and taxpayer is to decide: are people being too paranoid, or too complacent?
然而,公司企業想要提高銷售額,官員政客渴望增加金錢和權利,所以他們樂意聽到黑暗和毀滅的故事。某些人口中所稱的“網絡工業綜合體”銷售額蒸蒸日上。國家機構需要更多的權力來抵御外來敵人的猛烈攻擊,這算得上一場“數字珍珠港大戰”。各公司紛紛叫賣安全建議和軟件,通常要價不菲。公民和納稅人的難題在于判斷:人民是太過緊張,還是太過安于現狀?
Two new books provide some useful perspective. “A Fierce Domain” is a collection of essays edited by Jason Healey, a former cyber-policy chief in the Obama White House. His main point is that this is not a new problem: the first big cyber-attack dates back to 1986, when a bunch of German hackers in Hanover, working for the KGB, sneaked into American military networks. Named “Cuckoo's Egg”, it was caught only because a sharp-eyed official noted a tiny 75-cent billing error, revealing unauthorised use of a computer network.
兩本新書提供了一些有益的視角?!斗沼蚣稹肥且槐居蓨W巴馬白宮前任網絡政策主管杰森希雷編輯的論文集。他的主要論點在于闡述,這并不是一個新問題:第一場大型網絡攻擊可以追溯到1986年,當時一撥在漢諾威的德國黑客,受命于克伯格,偷潛入美國軍事網絡。行動代號為“杜鵑蛋”,它的敗露僅僅是由于一名眼尖的官員,發現了一個區區75美分的帳目錯誤,因為恰恰是這個錯誤,暴露了曾有人未經授權使用了電腦網絡。
Many more attacks have followed: Moonlight Maze, Solar Sunrise, Titan Rain and Byzantine Hades. None is a household name, though from the gripping accounts in Mr Healey's book many readers will feel they all should be.
更多網絡攻擊接踵而至:“月光迷宮”,“太陽能日出”,“泰坦雨”還有“拜占庭偃角”。沒有一次是家喻戶曉的行動,但是希雷的書引人入勝地娓娓道來,讓眾多讀者感到它們應該變得家喻戶曉。
One especially damaging operation involved the theft of top-secret material from the most classified NATO networks. The attackers had used infected memory sticks, which were left lying around in car parks near sensitive buildings. Careless or thrifty officials picked them up, and some used them to copy material between classified computer networks and those connected to the internet. A clever bit of software then copied, encrypted, compressed and dispatched the material—probably, spooks think, to Moscow.
有一次行動破壞力尤其巨大,它包含從 NATO最高密級的網絡中竊取最頂級的機密材料。黑客們利用已感染病毒的記憶棒,把它們撒放在敏感大樓旁邊的車庫地上。一些粗心或節儉的官員就會把它們揀起來,還有一些會用它們在加密電腦網和互聯網之間拷貝資料。一小塊智能軟件興許就此把資料復制、加密、壓縮然后傳送至莫斯科,想來就令人毛骨悚然。
Mr Healey's main message is to urge policymakers to be less secretive and more humble. Too many past attacks remain classified. Officials continue to burble the same warnings and assurances as they did 20 years ago; the public is left in the dark.
希雷主要是想敦促政策制定者更加公開,更加謙卑。歷史上太多網絡攻擊仍處于保密狀態。而官員還是和20年前一樣,空談著同樣的警告和保證,公眾還是被蒙在鼓里。
Thomas Rid is a German-born academic, now at King's College London. He is one of Britain's leading authorities on, and sceptics about, cyber-warfare. His provocatively titled book attacks the hype and mystique about sabotage, espionage, subversion and other mischief on the internet. He agrees that these present urgent security problems. But he dislikes talk of “warfare” and the militarisation of the debate about dangers in cyberspace. Computer code can do lots of things, but it is not a weapon of war. He criticises the American air force for using a “lobbying gimmick” with talk of “cyber” as a fifth domain of warfare, after land, sea, air and space.
托馬斯瑞德是一名出生于德國學者,現在在倫敦的國王學院。在網絡戰爭方面,他是倫敦首席權威之一,也是懷疑者。他的書名頗具挑釁意味,書中抨擊了關于破壞、間諜、顛覆以及其他網絡惡行的炒作和神秘主義論調。他同意,這些確實代表了社會安全問題。但是他反感談到“戰爭”,反感軍事化地辯論網絡空間里的威脅。電腦編碼確實作用很大,但是它不是一項戰爭武器。他批評美國空軍,因為他們把談及“網絡”的“游說手段”作為繼陸、海、空、太空之后的第五戰爭領域。
However much the military brass may hype up the threat, states are in fact highly unlikely to use cyber-weapons against each other, Mr Rid argues. They are expensive to acquire, unreliable and fiddly. That does not mean they are useless. Malicious code, “malware”, can do shocking damage, destroying machines, starting fires, spewing pollution or jamming communications. Cleverer weapons could be more dangerous still, such as malicious code that adapts to its environment, rewriting itself to evade pursuers. They will be used, but as part of sabotage or terrorism rather than all-out war, he argues.
但是,瑞德稱,不論軍方要員如何炒作網絡威脅,各國政府實際上幾乎不可能使用網絡武器互相攻擊。網絡武器成本高,可靠性低,且因太過精細而難以操作。這并不意味著網絡武器就毫無用處。惡意編碼,惡意軟件的破壞力驚人,它們能夠摧毀機器,點燃火災,噴出污染物,還能阻塞通信。更智能的網絡武器還會更危險,比如能適應環境的惡意編碼,能夠通過自動重新編寫來避過追蹤者。他表示,這些武器自有用處,但是是用在破壞行動和恐怖行動上,而不是用在全面戰爭上。
Both books leave the reader feeling gloomy. People worry too much about the wrong things, and not enough about the real problems. Digital weapons are growing more sophisticated; the response has been self-interested, slow and crude.
讀完兩本書,讀者都會感到沮喪。人們總是在錯誤的事情上操碎了心,對問題的癥結卻不夠關心。數字武器日趨復雜先進,應對之策卻一直緩慢、粗糙且只是為了私利。
