本帖最后由 沧海渺渺 于 2011-12-5 22:18 编辑
【中文标题】奥巴马援用冷战法律以揭穿中国电信间谍软件的面目 【原文标题】Obama Invokes Cold-War Law to Unmask Chinese TelecomSpyware 【登载媒体】彭博商业周刊2011.12.01 【来源地址】 http://www.businessweek.com/news/2011-12-01/obama-invokes-cold-war-law-to-unmask-chinese-telecom-spyware.html / 【译 者】沧海渺渺 【翻译方式】人工 【声 明】欢迎转载,请务必注明译者和出处 bbs.m4.cn。 【译 文】 美国援用冷战时期的国家安全权力,迫使AT&T和Verizon等通信公司透露有关他们的网络机密资料,以便搜寻中国的网络间谍活动。 Dec. 1 (Bloomberg)-- The U.S. is invoking Cold War-era national-security powers to forcetelecommunication companies including AT&T Inc. and Verizon CommunicationsInc. to divulge confidential information about their networks in a hunt forChinese cyber-spying. In a surveydistributed in April, the U.S. Commerce Department asked for a detailedaccounting of foreign-made hardware and software on the companies’ networks. Italso asked about security-related incidents such as the discovery of“unauthorized electronic hardware” or suspicious equipment that can duplicateor redirect data, according to a copy of the survey reviewed by Bloomberg News. 据彭博新闻报道,在四月的一份调查中,被调查的电信公司须向美国商务部提供一份详尽的外国产硬件和软件的记录、一些涉及安全的事务比如:未授权电子硬件的发现、可复制或改变数据的可疑设备等。 The surveyrepresents “very high-level” concern that China and other countries may beusing their growing export sectors to develop built-in spying capabilities inU.S. networks, said a senior U.S. intelligence official who asked not to benamed because he wasn’t authorized to speak on the matter. 这项调查表明美国“高层”担忧中国和其他国家可能利用逐渐增长的出口优势来提高他们在美国网络中的“嵌入式”间谍侦察能力,一位美国高级情报官员说道。他因未被官方授权谈论此事而拒绝透露姓名。 “This is beyondvague suspicions,” said Richard Falkenrath, a senior fellow in the Council onForeign Relations Cyberconflict and Cybersecurity Initiative. “Congress is nowlooking at this as well, and they’re doing so based on very specific materialprovided them in a classified setting” by the National Security Agency, hesaid. “这不是随便猜测,”Richard Falkenrath说道。他是美国“对外关系网络冲突和网络安全顾问委员会(Council on Foreign Relations Cyberconflict and Cybersecurity Initiative)”的的一名高级会员。“国会也在关注此事,他们这么做的依据是国家安全局提供给他们的一份绝密的材料。” Dozens of Companies The survey went todozens of telecommunications companies, software makers andinformation-security companies, including some foreign firms, according toJames Lewis, a cyber-security expert at the Center for Strategic andInternational Studies, or CSIS, in Washington. Lewis said AT&T and VerizonCommunications were among the companies that received it. 一些公司 据James Lewis说,这项调查的调查对象包括众多的电信公司、软件公司和信息安全公司(一些外企也包括在内)。James Lewis是华盛顿“战略与国际研究中心”(CSIS)的一名网络安全专家,他还说道:AT&T和Verizon都在调查范围之内。 Several of the companieswere hesitant to cooperate because they had learned the Commerce Departmentunit handling the survey had itself been hacked by the Chinese in 2006,creating the possibility that company data provided might become known to theChinese, according to a former government official familiar with thediscussions. 据一位了解内幕的前政府官员说,一些公司不愿接受调查,因为他们得知执行调查的商务部有关部门曾于2006年被中国黑客攻击过,如接受调查那么公司数据很可能会泄露到中国。 The CommerceDepartment refused a request by the companies for specific protocols to protectthe data, according to the former official, who declined to be identifiedbecause the discussions were confidential. 商务部拒绝了一些公司要求采取特别措施防止数据泄露的要求,一位不愿透露姓名的政府前官员透露。 Security Issues Mark Siegel, aspokesman for Dallas-based AT&T, declined to comment on security issues.Edward McFadden, a spokesman for New York-based Verizon, said the company hadreceived the survey and declined to comment further. Eugene Cottilli, aCommerce Department spokesman in Washington, had no immediate comment on thesurvey. 安全问题 AT&T达拉斯分公司的发言人Mark Siegel拒绝评论此事,而Verizon纽约分公司的发言人Edward Mcfadden说,他们公司已接到了调查但不做进一步评论。华盛顿商务部发言人Eugene Cottilli也没有立即对该调查发表评论。 So-called spywareimplanted in hardware or hidden in millions of lines of code could interceptsensitive information while being almost impossible to detect, according toJoshua Pennell, president of IOActive Inc., a Seattle-based cyber securityfirm. 西雅图网络安全公司IOActive的Joshua Pennell说,所谓的间谍软件被植入到硬件或被隐藏在纷杂的代码中,可以截取敏感信息而难以被发现。 Spyware in criticalU.S. networks that carry much of the country’s data would make industrialespionage or the interception of politically sensitive information almosteffortless. China now targets such information via focused cyber attacks,according to a November report by the Office of the NationalCounterintelligence Executive. 据“国家反情报执行部门”(Office of the National Counterintelligence Executive)11月发布的报告。间谍软件被嵌入到包含了大量国家数据的美国关键网络中,就能轻易地从事工业信息和政治敏感信息的侦查活动。 Detailed Outline The survey requiredcompanies to provide a detailed outline of who made equipment includingoptical-transmission components, transceivers and base-station controllers. Theresults, which according to the survey were to be shared with the DefenseDepartment, give U.S. authorities a map of who made which parts of the nation’snetworks, said Mischel Kwon, a former cyber- security official in PresidentBarack Obama’s administration. 详尽记录 奥巴马总统的一位前网络安全官员Mischel Kwon说,该调查要求这些公司提供一份设备制造商的详尽记录,包括光传输零件、传送器和基站的制造商。调查结果将报告给国防部,最终为美国政府提供一幅美国网络设备提供者的地图。 Companies thatrefused to respond could face criminal penalties under the Defense ProductionAct, a 1950 law allowing the government to manage the wartime economy,according to the survey. The law was invoked sporadically during the Cold War,said Lewis, the computer security expert. 根据美国国防制品法(Defense Production Act),拒绝配合调查的公司可能面临犯罪指控。该法律发布于1950年,允许政府接管战时经济事务。网络安全专家Lewis说,冷战时期该项法律曾几次被援用过。 The possibilitythat foreign companies could be seeding equipment with “backdoors” to interceptdata crossing U.S. networks could have implications for a global economy inwhich China plays a growing role as a component supplier. 外企被卷入是因为它们有可能在设备中开“后门”以截取美国网络数据,这可能是针对中国的,因为在全球经济中,中国的零件供应商发挥着越来越重要的作用。 “What we don’t wantto say is that we can’t have technology coded or processed in another country,”said Kwon, who has advised some of the companies sent the survey. “This isbeing read by some as very restrictive.” “我们不想说,我们的技术被另一个国家解码或处理,”Kwon说道。他劝告被调查公司发回调查。“调查结果仅特定人员审阅。” House Committee Citing close linksbetween China’s military and the network equipment giant Huawei TechnologiesCo., the U.S. House Permanent Select Committee on Intelligence on Nov. 18 saidit would investigate potential security threats posed by some foreigncompanies. 11月18日,美国众议院常设委员会情报部门(U.S. House Permanent Select Committee on Intelligence)引用中国网络设备巨头华为公司和中国军方的密切关系作为例子说道,调查将评估某些外国公司给美国带来的潜在安全威胁。 The committee’schairman, Representative Mike Rogers, a Michigan Republican, said China hasincreased cyber espionage in the U.S. He cited connections between Huawei’spresident, Ren Zhengfei, and the People’s Liberation Army. Ren once worked as amilitary technologist. 该委员会主席众议院代表也是密歇根共和党人的Mike Rogers说道,中国已经加强了对美国的网络间谍活动。他例举了华为董事长任正非和解放军的关系。任正非曾是一名解放军中的技术人员。 “That’s what wewould call a clue,” said Rogers, a former agent at the Federal Bureau ofInvestigation. “这就是一条线索,”Rogers说道。他也是联邦调查局的一名前工作人员。 William Plummer, aspokesman for Shenzhen-based Huawei, said this month that the company welcomedan investigation. 深圳华为的发言人William Plummer说道,这个月他们公司欢迎美国的调查。 “Huawei conductsits businesses according to normal business practices just like everybody inthis industry,” Plummer said this week in a phone interview. “Huawei is anindependent company that is not directed, owned or influenced by anygovernment, including the Chinese government.” 在一个电话采访中,Plummer说道,“华为和其他同行一样,正当开展业务,华为是一家独立的公司,不受任何政府包括中国政府的指导、影响。” ClassifiedInformation The Obamaadministration has said little publicly about the matter, and much of theevidence fueling lawmakers’ concerns remains classified. 机密信息 奥巴马政府几乎没有公开谈论此事,而让立法者更加担忧的大量证据也是保密的。 The CommerceDepartment survey also illustrates the intelligence community’s concern thatmanufacturers may insert spyware after equipment is installed, through eithermaintenance or automatic software updates. It asks companies to detailprocedures they use to test software patches or updates to insure they aresafe. 商务部的调查还包括情报部门的另一种担忧:设备安装完毕后,制造商可能会在设备维护或软件自动升级过程中嵌入间谍软件。调查要求被调查公司详述软件补丁测试或升级的流程,以确保他们的安全。 “It’s the updatefunction that is the core of the concern,” said Lewis of the CSIS. “Huawei hasoffered to let people examine their source code to see if it is clean,” hesaid. “Of course it’s clean, but that’s not the delivery vehicle, assumingthere is one.” “关注的焦点在于升级功能,”Lewis说道。“华为主动让人们检测源代码以证其没有问题,”他说。“当然不会有问题,假如真有问题,源代码不会是间谍软件的载体。” The survey alsoasks about incidents in which companies “detected undocumented functionality”in network hardware and software. The survey gave as examples the duplicationand manipulation of data or redirection of transmissions. 调查还询问了这样一些事情:被调查公司是否曾在网络软硬件中“发现未备案的功能”,比如复制和操控数据,或改变传输方向等。 Encrypted Data Recipients wererequired to send an encrypted version of their responses by June 10 to theCommerce Department’s Bureau of Industry and Security, according to the survey.That deadline was extended after companies expressed concern about how thedata, much of which is proprietary, were to be handled, according to PortiaKrebs, a spokeswoman for the U.S. Telecom Association, a Washington-based tradegroup. 加密的数据 该调查要求被调查者于6月10日之前向商务部的工业和安全局(CommerceDepartment’s Bureau of Industry and Security)发送加密的调查回复。后来,截止日期被延长了,因为被调查的公司担心他们的数据(绝大部分是专利数据)会怎样被处理。Portia Krebs说道。她是华盛顿一个贸易组织——美国电信协会的一位发言人。 U.S. Telecom andCTIA-The Wireless Association, another trade group, say the survey breaks witha tradition of voluntary cooperation between the industry and government overnational security measures. 另一个贸易组织——美国电信和CTIA无线协会认为,针对国家安全事务,该调查违反了行业和政府之间的自愿配合的原则。 “We are deeplyconcerned by the lack of information regarding how this data is going to beused and shared,” the groups said in a June 8 letter to then-Secretary ofCommerce Gary Locke. “Our concerns are exACerbated by the fact that thedepartment has chosen to direct the disclosure of this data pursuant to anassertion of authority under the Defense Production Act.” Locke is now the U.S.ambassador to China. “由于无法得知数据的用途和去向,我们非常担忧。”这些协会在6月8日致商务部部长骆家辉的信中写道。“我们的担忧与日俱增,因为根据国防制品法,商务部已经决定公开这些数据。”骆家辉现任美国驻华大使。 Krebs and AmyStorey, a spokeswoman for the Washington- based CTIA, declined to commentfurther on the letter or their groups’ concerns. Krebs和华盛顿CTIA协会的发言人Amy Srotey都拒绝对信件和他们的担忧做进一步评论。 Picture Frame In 2008, an Insigniabrand digital picture frame was shipped with malicious software embedded duringthe manufacturing process. Best Buy Co., which makes Insignia products, tracedthe malware to a single computer at a contractor’s plant in China, according toCarolyn Aberman, a company spokeswoman. Aberman declined to comment on whetherthe company discovered who may have planted it or why. 相框 2008年,欧宝(Insignia)牌数码相框在加工制造过程中被嵌入了恶意软件。制造商百思买公司最后在一家中国承包厂商那里找到了制造恶意软件的电脑,一家公司的发言人Carolyn Aberman说道。她没有说明百思买是否已经查明了植入恶意软件的人和原因。 An analysis byTotal Defense Inc., based in Islandia, New York, concluded the malware couldhave been a test run for a more sophisticated attack. It was designed to uploadonto computers when the picture frame was connected to a computer and wascapable of stealing large amounts of data while avoiding anti-virus detectors,the company’s analysis found. 位于纽约伊斯兰迪亚的Total Defense公司的一项分析认为这个恶意软件原本是一个测试程序,为后面更为复杂的攻击做准备。这项分析还发现:当数码相框连接到电脑时,该程序也随之进入电脑能够窃取大量数据,同时不被杀毒软件发现。 The malware came tolight because the picture frame was a product that Richfield, Minnesota-basedBest Buy, the world’s biggest consumer-electronics retailer, pulled from theshelves. 这个恶意软件被曝光是因为与之相关联的数码相框已被位于明尼苏达州里奇菲尔德的百思买公司下架。 Homeland Security In July, GregSchaffer of the Department of Homeland Security testified before the House Oversightand Government Reform Committee that the department knew of instances offoreign-made components seeded with cyber-spying technology. He declined toprovide further details. 国土安全 七月份,国土安全部Greg Schaffer先于众议院监管和政府改革委员会(the House Oversightand Government Reform Committee)证实:国土安全部已经掌握几起外国产零部件植入间谍软件的案例。他拒绝提供更多细节。 The CommerceDepartment survey also reflected U.S. intelligence community concerns overdiscounting and loan packages offered by foreign manufacturers. 商务部的调查还表明:美国情报部门关注外国制造商提供的打折和贷款服务。 It asks companiesto list makers of telecommunications equipment that offer the steepestdiscounts. Other questions ask what information or other conditionsmanufacturers require in exchange for sales or leasing, including knowledge ofphysical access procedures for entering buildings. 它要求被调查公司列出提供大幅度折扣的电信设备公司名单。还有一些问题是让被调查公司说明设备制造商租售设备的附加条件,比如进入大楼的程序信息等。 Lewis of the CSISsaid U.S. officials suspect the Chinese government is subsidizing the discountsto give U.S. companies incentives to buy Chinese-made network equipment. CSIS的Lewis说美国官员怀疑中国政府补贴了这些折扣,以使美国公司购买中国制造的网络设备。 “Huawei saysthey’re doing this and it’s completely legitimate, and it’s just us competingin the market,” Lewis said. “The other possibility is that they are doing itbecause they have an intelligence motive.” “华为公司说他们的打折行为是合法的,是一种市场竞争行为,”Lewis说。“也不排除他们有获取情报的动机。” | 
狗仔卡
楼主
提升卡
变色卡
抢沙发
千斤顶
显身卡
发表于 2011-12-5 22:39
