NSA的秘密武器:通过无线电获取信息

N.S.A. Devises Radio Pathway Into Computers

By DAVID E. SANGER and THOM SHANKER January 15, 2014

NSA的秘密武器:通过无线电获取信息

DAVID E. SANGER, THOM SHANKER 2014年01月15日

WASHINGTON — The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

华盛顿——美国国家安全局(National Security Agency,简称NSA)已在全球近10万台计算机上植入了间谍软件,因此该机构不仅可以在这些设备上开展监控行动,还可以创建一条发动网络攻击的数字通道。

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials. The technology, which has been used by the agency since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

从NSA的文件、计算机专家和美国官员的说法来看,虽然大部分软件是通过访问计算机网络的方式植入的,但NSA已经越来越多地采用一项秘密技术来进入计算机并修改数据,即使这些设备没有连接到互联网上。NSA至少从2008年就已经开始使用这项技术:把可以传输无线电波的微型电路板和USB卡偷偷安插到计算机里,然后依靠无线电波的一条隐蔽信道获取信息。在某些情况下,无线电波被传输到一个公文包大小的中继站上。情报机构可以在离目标数英里之外的地方设置这种中继站。

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

这种无线射频技术帮助美国情报机构解决了多年来面临的最大问题之一:入侵对网络刺探或攻击采取了防范措施的敌方及某些合作伙伴的计算机。在多数情况下,这种射频硬件必须由间谍、生产商或不知情的用户亲手插入计算机。

位于马里兰州米德堡的NSA总部。“我们没有利用对外情报能力来窃取外国公司的商业机密,”一名NSA官员表示。

Jim Lo Scalzo/European Pressphoto Agency

位于马里兰州米德堡的NSA总部。“我们没有利用对外情报能力来窃取外国公司的商业机密,”一名NSA官员表示。

The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.

NSA称,这种活动是面对外国网络攻击的一种“主动防御”手段,而不是发起进攻的工具。但是,当中国攻击者把同类软件植入到美国公司或政府机构的计算机系统上时,美国官员却会提出抗议,而且往往是总统级别的抗议。

Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”

美国网络战司令部(United States Cyber Command)是NSA在五角大楼的合作伙伴。这两家机构最常针对的目标中包括中国军队。美国指责中国,常规性地对美国工业和军事目标发起数字刺探和攻击活动,通常是为了窃取情报或知识产权。此外,从美国官员的说法和NSA的一张地图来看,这个代号为“量子”(Quantum)的计划也已经成功地把软件植入到俄罗斯军事网络、墨西哥警方与贩毒集团使用的系统、欧盟贸易机构,以及沙特阿拉伯、印度和巴基斯坦等反恐合作伙伴的系统中。该地图显示了NSA的“计算机网络利用”站点。

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”

“这里的新情况是,NSA入侵计算机和网络的规模及精密度,以前没有人办到过,”华盛顿国际战略研究中心(Center for Strategic and International Studies)的网络安全专家詹姆斯·安德鲁·刘易斯(James Andrew Lewis)说。“其中一些能力并不是新近获得的,但学习如何渗透到系统中以便植入软件,以及学习如何使用无线射频技术获取信息,这两者结合起来,就给美国提供了一个前所未有的窗口。”

No Domestic Use Seen

没有针对美国境内的迹象

There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.

没有任何证据表明,NSA在美国境内植入过相关软件,或者使用过无线射频技术。NSA拒绝对“量子”计划的规模予以置评,但表示自己的行动跟中国的没有可比性。

“N.S.A.’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”

“NSA的行动具体集中在打击——并且仅仅打击——外国情报目标以满足情报需要上,”NSA的女发言人范妮·瓦因斯(Vanee Vines)在一份声明中说。“我们没有为了美国企业来利用对外情报能力窃取外国公司的商业机密,也没有把我们收集到的情报提供给美国企业,以便提高它们的国际竞争力或盈利水平。”

Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaperpublished the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.’s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.

过去两个月里,NSA前承包商雇员爱德华·J·斯诺登(Edward J. Snowden)泄露的文件已经曝光了该计划的部分内容。一份荷兰报纸刊登了标明美国植入的间谍软件覆盖地区的地图。NSA有时与地方当局合作植入的这种软件,但往往都是秘密进行的。德国新闻杂志《明镜》(Der Spiegel)刊登了NSA的一份硬件产品手册。这些设备可以秘密发送并接收计算机的数字信号,其所属项目名为ANT。《纽约时报》于2012年夏天报道美国对伊朗展开的网络攻击时,曾在美国情报官员的要求下,隐瞒了一些这类细节。

President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.

奥巴马总统计划在周五宣布,他将采纳顾问小组给他提供的关于改变NSA做法的哪些建议。该小组同意硅谷高管的看法,认为NSA用来查找计算机系统漏洞的某些技术,在世界范围内削弱了对美国制造的一系列IT产品的信心,比如笔记本电脑和云服务。

Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.

该小组听取了硅谷对NSA的批评,建议禁止NSA利用常用软件中的缺陷来协助监控和网络攻击活动,极端情况除外。它还呼吁政府停止削弱公众可以获取的加密系统,并称政府永远都不应当开发入侵计算机系统并对之加以利用的秘密途径,这有时也包括软件植入。

Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”

曾在克林顿政府和布什政府中供职的查德·A·克拉克(Richard A. Clarke)是这个五人顾问小组的成员之一。他上周在一封邮件中对顾问小组的论述做出了解释,称“保卫自己比进攻他人更重要”。

“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”

“对我们而言,加密软件中的漏洞更多的是一种风险,而不是好处,”他说。“如果我们能找到可乘之机,其他人也能。保护我们自己的电网比入侵中国的电网更重要。”

From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.’s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.

从互联网时代的早期开始,NSA在监控网络活动这一点上就几乎没遇到过什么困难,因为绝大部分讯息和搜索都要经过设在美国领土上的服务器。随着互联网的扩张,NSA了解网络的努力也随之加强。一个名为“藏宝图”(Treasure Map)的计划试图对网络的每一个节点和角落加以辨识,这样一旦任何电脑或移动设备接入网络,便能确定它们的方位。

A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.

斯诺登收集到了一幅2008年的地图。图上标出了20个意在进入大型光纤电缆的项目,地图上称这些电缆为“隐蔽、秘密或合作性的大型接入点”。这些项目涉及的地方不仅有美国,还有香港、印尼和中东等地。这幅地图还表明,美国已经实施了“5万多次全球范围的植入”,而且一份时间更靠后的预算文件称,到去年年底,这一数字将增加到大约8.5万。一名要求匿名的高官称,实际数字极有可能接近10万。

That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.

这幅地图表明,美国是如何在全球范围内针对自己最想监控或破坏的计算机快速植入恶意软件,赶在它们被用来进行网络攻击之前。

A Focus on Defense

防御为主

In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.

在采访中,一些官员和专家表示,这种植入绝大部分只是为了监控,或是作为早期报警系统,对象是指向美国的网络攻击。

“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.

“你如何确保网络战司令部的人”能够看到“那些正在攻击我们的人呢?”一名高官在几个月前接受采访时说。这名高官将之比作潜艇战。

“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”

“这就是潜水艇一直在做的,”要求匿名介绍相关政策的这名官员说,“它们会追踪敌方潜艇。”他说,在网络空间里,美国试图“在对手试图偷偷追踪自己时悄悄追踪对方”。

If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.

如果说追踪潜艇是冷战时期与苏联进行的猫捉老鼠的游戏,那么追踪恶意软件这场角逐最主要的对手则是中国。

The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.

在一项旨在探究那些正在筹备中的攻击的行动中,美国锁定了61398部队。据信,驻扎在上海的这支中国部队应为美国遭受的许多大型网络攻击负责。NSA的一份文件显示,在澳大利亚的帮助下,美国还把目光集中在了中国另外一支部队上。

Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers.

斯诺登获得的文件显示,美国还在中国设立了两个数据中心——或许是通过挂名公司成立的,来把恶意软件植入到电脑里。

When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.

当中国把监控软件植入到美国计算机系统——他们已经在五角大楼和《纽约时报》的计算机系统上植入了相关软件,美国往往认为这是一种含有潜在敌意的行为,可能是攻击的前奏。去年6月,奥巴马在加州与中国主席习近平举行了首脑会谈,并在一次长时间会晤期间向习近平表达了美国对这些做法的不满。

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.

在那次会谈期间,奥巴马试图把为了国家安全进行监控——美国声称这种做法是合法的——和为了窃取知识产权进行监控区别开来。

“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.

“这个理由不起作用,”布鲁金斯学会(Brookings Institution)的彼得·W·辛格(Peter W. Singer)说。与人合著了《网络安全与网络战》(Cybersecurity and Cyberwar)一书的他说,“在中国看来,获取经济优势是国家安全的一部分。而且,斯诺登的泄密缓解了”中国的“很多压力”。不过,美国依然禁止中国大型生产厂家华为向美国出售计算机服务器,因为担心它们可能包含渗入美国网络的技术。

An Old Technology

古老的技术

The N.S.A.’s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.

为了努力触及未联网的电脑,NSA一直依靠的是一项存在了一个世纪之久的技术,并将其改头换面以适应时代的需求。这项技术就是:无线电传输。

In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.

斯诺登在欧洲公布的文件中,有一份NSA制作的手册,列有数不胜数的设备,其中采用的技术会让给詹姆斯·邦德(James Bond)提供技术的Q博士喜笑颜开。

One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.

有一款代号为“棉口蛇1代”(Cottonmouth I)的设备,外形像普通的U盘,内里却藏有微型无线电收发机。按照手册的描述,它能“通过秘密频道”传送从电脑中搜集的信息,从而让“数据悄然进出”。另一项类似的技术则涉及微型电路板。它可以被安插到笔记本电脑中——无论是现场完成,还是在生产商运送电脑的途中——从而向NSA传输信息,即便用户错误地认为,不联网意味着得到了真正的保护。

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.

与这种电路板联络的是代号为“床头柜”(Nightstand)的中继站。它能装进大号手提箱,而且“在理想环境条件下”系统可以“从远至八英里外的地方”攻击电脑。它还能在毫秒级的时间内植入大量的数据包,这就意味着,伪装的信息或程序可比正常数据更快地抵达目标计算机。类似的中继站让目标计算机与NSA之间连接起来,虽然计算机器本身并未联上互联网。

Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

电脑并非唯一的目标。“遗失吉普”(Dropoutjeep)软件能攻击iPhone。还有其他一些软硬件的设计用途是感染大型网络服务器,包括中国制造的服务器。

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.

一些专家透露,上述代号与产品中,多数在至少五年前就已出现,并得到了更新,目的是让美国更少地依赖于将硬件植入对方的计算机系统中。

The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.

NSA拒绝对包含这些描述的文件发表评论,尽管文件本身已在欧洲公之于众。

“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.

“持续并有选择性地公布NSA用来追踪正当外国情报目标的特定技术与工具的做法,有损于美国及盟友的安全,”NSA的女发言人瓦因斯表示。

But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.’s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.

不过,伊朗等国数年前已察觉了其中的部分技术。NSA手册列举的硬件在针对伊朗核设施的黑客攻击中起到了关键作用。此轮攻击代号“奥运会”(Olympic Games),始于2008年前后,延续到2010年的夏天,也就是一项技术故障暴露了其中的攻击软件的时候。这款软件后来被称为“震网”(Stuxnet)。此次事件是相关技术首次经受重大考验。

One feature of the Stuxnet attack was that the technology the United States slipped into the Natanz plant was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.

“震网”攻击的一个特征是,美国悄然植入纳坦兹工厂的技术能够描绘该厂的运作方式,并将细节“传回大本营”。后来,这款设备被用于植入病毒,从而摧毁了近1000台离心机,让伊朗核计划遭受了暂时的挫折。

But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.

然而,“震网”攻击看来并非是相关技术最后一次用于伊朗。2012年,伊斯兰革命卫队(Islamic Revolutionary Guards Corps)的一个小组在福尔多地下铀浓缩厂附近移动了一块石头。引爆后,石头喷出了毁坏的电路板。伊朗新闻媒体称,这是“能从工厂电脑中截获数据的设备的残余部分”。设备的来源一直未被确定。

On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.

周日,伊朗半官方的法尔斯通讯社(Fars)称,该国石油部针对黑客攻击的可能性又发出了警告,并且描述了自身正在打造的一系列防御措施。警告中并未提及,伊朗本身被外界怀疑,要对沙特阿拉伯最大的石油生产商遭受的攻击负责。

Copyright © 2013 The New York Times Company. All rights reserved.

翻译:土土、陈亦亭、黄铮

本文内容版权归纽约时报公司所有,任何单位及个人未经许可,不得擅自转载或翻译。

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s