朝鲜网络攻击的威胁迫在眉睫
在一个不稳定的世界中,一条可靠的不变规则是,国家往往在网络空间中表现得和在现实世界中一样。俄罗斯应会试图通过其在美国和欧洲的网上虚假宣传,破坏人们对西方民主的信心,或者运用网络武器攻击乌克兰电力供应和工业控制系统来继续围困乌克兰,这是完全可以预见的。伊朗破坏沙特阿美(Saudi Aramco)的计算机或攻击美国银行的行为,也可以预见。
The crucial difference about such activity is that, in a highly networked world, “collateral damage” is far more difficult to estimate than for conventional or nuclear weapons. This year we have experienced worldwide impact from attacks with unintended consequences. In disrupting Ukrainian networks in June, Russian state actors probably did not set out to cripple major companies like Maersk, or Reckitt Benckiser, or FedEx. But while the attackers may not care much, Russia does at least have a stake in the international financial system. North Korea does not.
这类活动的关键不同在于,在一个高度网络化的世界,其“附带损害”比常规或核武器更加难以估计。今年,我们看到全球范围受到了网络攻击的影响,造成意料不到的后果。在6月破坏乌克兰网络的事件中,俄罗斯的政府特工一开始很可能并不打算弄瘫马士基(Maersk)、利洁时(Reckitt Benckiser)或联邦快递(FedEx)等大公司。虽然攻击者也许不太在乎,可至少国际金融体系对俄罗斯而言利益攸关。朝鲜则不一样。
Pyongyang’s use of cyber demonstrates the rationality of the regime. It invested many years ago in developing the necessary elite maths and computer science skills at school age; it saw that much of the activity could be run from outside the country, using the openness of the internet, the grey world of cyber crime and its flow of skills and tools. As with its nuclear weapons and missile programme, North Korea has had help. We have to assume that extensive military co-operation with Tehran includes cyber, a key capability of the Iranian Revolutionary Guard Corps.
朝鲜对网络的使用反映了政权的理性。多年前,朝鲜便投资培养学龄儿童必要的精英数学和计算机科学技能;朝鲜看到,利用互联网的开放性、网络犯罪的灰色世界及其技能和工具的传播,这些活动中的大部分可以在国外实施。与其核武器和导弹计划一样,朝鲜也获得了帮助。我们必须假定,朝鲜与伊朗之间的广泛军事合作包括网络技术——这是伊朗革命卫队(Iran Revolutionary Guard Corps)的一项关键能力。
North Korea’s objectives too have been consistent with their wider strategy: attacking their southern neighbour, melodramatically defending their leader’s image, notably in the 2014 Sony Pictures attack, and stealing foreign currency. As sanctions bite further, we can expect this quest for hard currency to become a greater priority for Kim Jong Un’s regime.
朝鲜的目标也与其更广泛的战略保持一致:攻击他们的南方邻国,夸张地捍卫领导人的形象——特别是在2014年攻击索尼影视(Sony Pictures)的事件中——并窃取外汇。随着制裁的影响越来越大,我们可以预期,这种对硬通货的追求将成为金正恩(Kim Jong Un)政权的一个更大优先事项。
North Korea first attacked financial institutions in Seoul on a large scale in 2013. Since then they have been expanding their horizons. They have attacked banks from Vietnam to Poland, often targeting weak connections to the global Swift payments system. In 2016 they set their sights on nearly $1bn from a Bangladesh bank, of which they successfully cashed out $81m via the Philippines.
朝鲜在2013年首次大规模攻击了首尔的金融机构。此后,他们一直在扩大范围。他们已攻击了从越南到波兰的银行,往往是瞄准银行与环球银行金融电信协会(Swift)支付系统之间的薄弱环节。2016年,他们瞄准了孟加拉国一家银行的近10亿美元,最终借道菲律宾成功地拿到了8100万美元。
It is impossible to say how many of the ransomware attacks swilling around the world have some link to North Korean groups, or to estimate how much it brings in, since those who pay rarely want to advertise it. But it is reasonable to assume that they are making a healthy profit from low cost, high volume attacks. “WannaCry”, which affected hundreds of organisations from the National Health Service in the UK to the German rail network in April, seems to have been a ransomware attack that got out of control. It was a reminder that, while Pyongyang is well outside our European sphere of influence and its missiles will not reach us, its cyber attacks already have.
我们不可能说出世界各地爆发的勒索软件攻击中,有多少与朝鲜团体有一些联系,也无法估计出这种勒索给他们带来了多少钱,因为没几个付勒索金的人愿意张扬这件事。但是,我们可以合理地假设,朝鲜从低成本、大规模的攻击中谋取了可观的暴利。今年4月,影响了从英国国家医疗服务体系(NHS)到德国铁路网络等数百家机构的“想哭”(WannaCry),似乎是一场失控的勒索软件攻击。这提醒我们,尽管朝鲜处在远离欧洲影响范围的地方,他们的导弹打不到我们,但朝鲜的网络攻击已命中了我们。
Most recently North Korea has been attacking bitcoin exchanges, an indication of its developing interests, along with assaults on South Korean and US military planners. The Pyongyang regime’s capabilities will improve and they will continue to surprise us, as they have in other technology areas. There are an increasing number of sophisticated cyber tools available; they will learn from their mistakes and use them to better effect. The possibility of miscalculation is also severe: if an attack were, for example, to affect US hospitals, and that led to injury or death, the pressure to retaliate would be extreme.
最近,朝鲜一直在攻击比特币交易所,这表明除了攻击韩国和美国的军事规划机构,朝鲜的兴趣点也在变化。平壤政权的能力会有所提高,而且会继续让我们吃惊,正如他们在其他技术领域做到的那样。越来越多的先进网络工具可以获得;他们会从错误中学习,并更好地利用这些工具。误判的可能性也很严峻:例如,如果一场攻击影响了美国医院,并造成伤害或死亡,报复的压力将是非常大的。
It is wearyingly familiar that the options for response to this asymmetric cyber activity are limited. North Korea is not widely networked and has limited connections to the internet. The best hope for direct action is through law enforcement in those jurisdictions unwittingly hosting some of the activity, principally in Southeast Asia and China.
令人熟悉到厌烦的是,应对这种不对称网络活动的选项是有限的。朝鲜内部并未广泛联网,与互联网的连接也很有限。采取直接行动的最大希望,是通过无意中成为其中一些攻击活动发生地的司法管辖区(主要是东南亚和中国)的执法机构采取行动。
In the meantime, hardening defences will be the priority. Financial institutions in developed countries are better protected than any other sector of the economy, partly because they are the number one target of cyber crime. But they are less used to state threats and it is not trivial that we now see nations and state-backed crime groups robbing banks and holding companies to ransom. The fact that North Korea is a regime that blends horror with James Bond villain absurdity should not make us complacent.
与此同时,加强防御将成为优先事项。在发达国家,金融机构比任何其他经济部门受到了更好的保护,部分原因在于它们是网络犯罪的首要目标。但它们还不太习惯于国家攻击;我们现在看到国家和国家支持的犯罪团体抢劫银行和勒索企业,这并非小事。朝鲜是一个把恐怖与詹姆斯•邦德(James Bond)恶棍式荒诞混在一起的政权,我们不应对此满不在乎。
The writer is a former director of GCHQ, a UK government intelligence and security organisation
本文作者为英国情报与安全机构政府通信总部(GCHQ)前主任
- 频道推荐
- |
- 全站推荐
- 推荐下载
- 网站推荐
