[08.03.11 美国 CNN] 中国骇客：任何网站都不安全

dakelv

【标题】Chinese hackers: No site is safe中国骇客：任何网站都不安全
【来源】http://www.cnn.com/2008/TECH/03/07/china.hackers/index.html
【翻译】dakelv
【声明】本文翻译仅限Anti-CNN使用，谢绝转载。
【原文】
Chinese hackers: No site is safe
By John Vause
CNN

ZHOUSHAN, China (CNN) -- They operate from a bare apartmenton a Chinese island. They are intelligent 20-somethings who seem harmless. Butthey are hard-core hackers who claim to have gained access to the world's mostsensitive sites, including the Pentagon.

The leader of these Chinese hackers says there "isalways a weakness" on networks that allows cyber break-ins.
In fact, they say they are sometimes paid secretly by theChinese government -- a claim the Beijing government denies.

"No Web site is one hundred percent safe. There are Websites with high-level security, but there is always a weakness," says XiaoChen, the leader of this group.

"Xiao Chen" is his online name. Along with his twocolleagues, he does not want to reveal his true identity. The three belong towhat some Western experts say is a civilian cyber militia in China, launchingattacks on government and private Web sites around the world.

If there is a profile of a cyber hacker, these three arestraight from central casting -- young and thin, with skin pale from spendingtoo many long nights in front of a computer.

One hacker says he is a former computer operator in the People'sLiberation Army; another is a marketing graduate; and Xiao Chen says he is aself-taught programmer.

"First, you must know about the Web site you want toattack. You must know what program it is written with," says Xiao Chen."There is a saying, 'Know about both yourself and the enemy, and you willbe invincible.'"

CNN decided to withhold the address of these hackers' Website, but Xiao Chen says it has been operating for more than three years, with10,000 registered users. The site offers tools, articles, news and flashtutorials about hacking.
Private computer experts in the United States from iDefenseSecurity Intelligence, which provides cybersecurity advice to governments andFortune 500 companies, say the group's site "appears to be an importantsite in the broader Chinese hacking community."

Arranging a meeting with the hackers took weeks of on-again,off-again e-mail exchanges. When they finally agreed, CNN was told to meet themon the island of Zhoushan, just south of Shanghai and a major port for China'snavy.

The apartment has cement floors and almost no furniture.What they do have are three of the latest computers. They are cautious when itcomes to naming the Web sites they have hacked.

On camera, Xiao Chen denies knowing anyone who has targettedU.S. government Web sites. But off-camera, in conversations over three days, heclaims two of his colleagues -- not the ones with him in the room -- hackedinto the Pentagon and downloaded information, although he wouldn't specify whatwas gleaned. CNN has no way to confirm if his claim is true.

"They would not publicize this," he says ofsomeone who hacks the U.S. Defense Department. "It is verysensitive."
This week, the Pentagon said computer networks in the UnitedStates, Germany, Britain and France were hit last year by what they call"multiple intrusions," many of them originating from China.

At a congressional hearing in Washington last week,administration officials testified that the government's cyber initiative hasfallen far short of what is required. Most alarming, the officials said, therehas never been a full damage assessment of federal agency networks.  

"We are here today because we must do more," saidRobert Jamison, a top official in the U.S. Department of Homeland Security."Defending the federal system in its current configuration is asignificant challenge."
U.S. officials have been cautious not to directly accuse theChinese military or its government of hacking into its network.

But David Sedney, the deputy assistant secretary of defensefor East Asia, says, "The way these intrusions are conducted are certainlyconsistent with what you would need if you were going to actually carry outcyber warfare."
Beijing hit back at that, denying such an allegation andcalling on the United States to provide proof. "If they have any evidence,I hope they would provide it. Then, we can cooperate on this issue," QinGang, a spokesman for the Chinese Foreign Ministry, said during a regular pressbriefing this week.

But again off-camera, Xiao Chen says after the allegedPentagon attack, his colleagues were paid by the Chinese government. CNN has noway to independently confirm if that is true.

His allegations brought strenuous denials from Beijing."I am telling you honestly, the Chinese government does not do such athing," Qin said.

But if Xiao Chen is telling the truth, it appears hiscolleagues launched a freelance attack -- not initiated by Beijing, but paidfor after the fact. "These hacker groups in my opinion are not agents ofthe Chinese state," says James Mulvenon from the Center for IntelligenceResearch and Analysis, which works with the U.S. intelligence community.
"They are sort of useful idiots for the Beijingregime."

“Headds, "These young hackers are tolerated by the regime provided that theydo not conduct attacks inside of China."

One of the biggest problems experts say is trying to provewhere a cyber attack originates from, and that they say allows hackers likeXiao Chen to operate in a virtual world of deniability.

And across China, there could be thousands just like him,all trying to prove themselves against some of the most secure Web sites in theworld.



【译文】


中国骇客：任何网站都不安全

中国舟山（CNN)- 他们在中国一个岛上的一个空空荡荡的地下室里操作。他们二十多岁，聪明，而且看起来并无恶意。但是他们却是发烧级骇客。他们曾声称入侵过世界上最敏感的网站，包括五角大楼。

这些中国骇客的头目说任何网络“都有弱点”，而这些弱点也使网络入侵成为可能。

事实上，他们说有时中国政府会秘密雇佣他们- 而北京政府对此则持否认态度。

“任何一个网站都不是百分之百安全。有些网站的安全系数很高，但是总是会有弱点，”这个骇客小组的组长小陈（音译）说。

“小陈”是他的网名。和他的两名同事一样，他不想暴露他的真实身份。这三个人属于西方专家所称的中国平民网上游击队，他们对世界范围内的政府和私人网站发起攻击。

如果网络骇客有一个共同的特征的话，那么这三个人就是最典型的- 年轻，瘦削，由于长时间在电脑前熬夜皮肤颜色因而变得苍白。


一个骇客说他以前是人民解放军里的一位电脑操作员。另外一个是市场专业毕业生；而小陈则是自学成才的编程员。
“首先，你必须了解你要攻击的网站。你必须知道网站是用什么语言写的，”小陈说，“俗话说，‘知己知彼，百战不殆。’”

CNN决定不公布这些骇客的网址，但是小陈说他们的网站已经运行了三年多了，拥有10万注册用户。这个网站提供（骇客)工具，文章，新闻和用Flash写的骇客教程。

iDefense 安全情报中心是一家为美国政府和财富500强公司提供网络安全建议的机构，它的私人计算机专家说，这个（骇客小组）的网站“在广泛的中国骇客社区看起来是一个重要的网站。”

经过数周断断续续的电子邮件往来，我们终于和骇客们安排好了见面。当他们终于同意见面时，他们告诉CNN会面的地点在位于上海南部，同时也是中国海军主要港口的舟山的一个岛上。

这个公寓的地面是水泥的，而且几乎没有任何家具。他们所有的是三台最新的电脑。当谈到他们入侵过的网站的名称时，他们讳莫如深。

在摄像机面前，小陈否认他认识任何把美国政府网站当作入侵目标的人。但是当摄像机没有打开时，在三天的谈话中，小陈声称他的两个同事– 不是和他在同一公寓的那两个– 曾经入侵过五角大楼，并且下载了资料，但是他不肯说什么资料被下载。CNN也无法证实他的说法。

“他们不会公开这个，”当他提到那个入侵了美国国防部的骇客时说。“这非常敏感。”

本周，五角大楼说美国，德国，英国和法国的计算机网络遭到了所谓“多次入侵，”这些入侵中很多来源于中国。

在上周华盛顿的国会听证会上，行政官员指证说政府有关网络安全的措施非常不利。这些行政官员指出，最令人错愕的是，联邦机构计算机网络从来没有进行过全面的损失评估。

“我们今天在这里是因为我们需要做的事情很多，”国土安全部的高级官员罗伯特·詹姆逊说。“在目前配置下保卫联邦（计算机）系统是一个很大的挑战。”

美国官员在直接指控中国军方和政府入侵美国政府网络上一直持谨慎态度。

但是负责东亚事务的美国副助理国防部长谢伟森说，“这些入侵的手段和要爆发网络战争时你将会看到的手段如出一辙。”

北京对此发表反驳否认这项指控并敦促美国提供证据。“如果美方在这方面对中国提出指控，请美方出示确凿证据，双方可以在这方面开展合作。”中国外交部发言人秦刚在例行记者会上说。

但是在没有摄像机打开的情况下，小陈说在所谓的五角大楼入侵之后，他的同事收到了中国政府的酬金。CNN无法独立地核实这个说法是否属实。

他的指控得到了北京的强烈否认，“我可以向你负责任地讲，中国政府不干这样的事情。”秦刚说。

但是如果小陈说的是实话的话，那么看起来他的同事发起的攻击是自发的，北京没有牵头，但是时候给了酬金。“这些骇客组织在我看来不是中国国家机构，”为美国情报网工作的情报研究和分析中心的詹姆斯·穆文诺说。

他们是群对北京当局有用的蠢货。”

他又接着说，“只要这些骇客不入侵中国国内网络，他们就被当局容忍。”

专家说最大的问题之一就是设法证明网络攻击时从何地发起的，专家们说这使得象小陈这样的骇客可以在虚拟的世界里运转而又可以否认他们的所作所为。

而且在整个中国，可能会有千千万万个小陈，通过入侵世界上最安全的网站来证明自己。




【译后注：】翻译到一半，突然停电，由于我用的是记事本，丢失了大约半小时的工作！从现在起改用Office！



[ 本帖最后由 dakelv 于 2008-8-20 21:51 编辑 ]