评论
打印
BELLEVILLE, Wis. — Drive past the dairy farms, cornfields and horse pastures here and you will eventually arrive at Cate Machine & Welding, a small-town business run by Gene and Lori Cate and their sons. For 46 years, the Cates have welded many things — fertilizer tanks, jet-fighter parts, cheese molds, even a farmer’s broken glasses.
威斯康星州贝尔维尔——从这里的奶牛养殖场、玉米地和牧马场开车过去,你最终会到达凯特机械及焊接厂,这是吉恩和洛瑞·凯特(Gene and Lori Cate)以及他们的儿子经营的一个小镇家庭企业。46年来,凯茨一家焊接过许多东西:化肥罐、喷气式战斗机的零部件、奶酪模具,甚至还有一位农民的摔坏了的眼镜框。
And like many small businesses, they have a dusty old computer humming away in the back office. On this one, however, an unusual spy-versus-spy battle is playing out: The machine has been taken over by Chinese hackers.
像许多小企业一样,他们有一台尘旧的计算机,在企业办公室里嗡嗡作响地运转着。但是,在这台机器上,一场不同寻常的间谍与反间谍战正在进行着:这台机器已经被中国黑客接管了。
The hackers use it to plan and stage attacks. But unbeknown to them, a Silicon Valley start-up is tracking them here, in real time, watching their every move and, in some cases, blocking their efforts.
黑客用它来计划和发动攻击。但是,黑客不知道的是,一家硅谷初创公司正在这台机器上跟踪他们,实时观察着他们的一举一动,在某些时候,还实时阻止他们的攻击。
“When they first told us, we said, ‘No way,’” Mr. Cate said one afternoon recently over pizza and cheese curds, recalling when he first learned the computer server his family used to manage its welding business had been secretly repurposed. “We were totally freaked out,” Ms. Cate said. “We had no idea we could be used as an infiltration unit for Chinese attacks.”
一天下午,吉恩·凯特边吃着比萨饼和奶酪凝乳、边说起这件事。“他们第一次告诉我们时,我们说,‘不可能。’”他回忆起第一次听到他家用来管理焊接业务的计算机服务器被秘密地挪为它用时说。“我们都惊呆了,”洛瑞·凯特说。“我们一点也不知道,我们被当作中国攻击的一个渗入点。”
On a recent Thursday, the hackers’ targets appeared to be a Silicon Valley food delivery start-up, a major Manhattan law firm, one of the world’s biggest airlines, a prominent Southern university and a smattering of targets across Thailand and Malaysia. The New York Times viewed the action on the Cates’ computer on the condition that it not name the targets.
在最近的一个周四,黑客攻击的目标似乎包括硅谷的一家食品外送初创公司、曼哈顿的一个主要律师事务所、世界上最大的航空公司之一、美国南部一所著名大学,以及泰国和马来西亚的一些零散目标。《纽约时报》得以看到的凯特家服务器上的攻击操作,条件是不报道受攻击目标的名字。
The activity had the hallmarks of Chinese hackers known as the C0d0s0 group, a collection of hackers for hire that the security industry has been tracking for years. Over the years, the group has breached banks, law firms and tech companies, and once hijacked the Forbes website to try to infect visitors’ computers with malware.
这种操作具有被称为C0d0s0小组的中国黑客团伙的特点,该团伙聚集了一批雇来的黑客,计算机安全行业的人跟踪他们已经多年了。几年来,该团伙攻击过银行、律师事务所,以及技术公司,并一度劫持了《福布斯》网站,试图让网站访问者的计算机感染上恶意软件。
There is a murky and much hyped emerging industry in selling intelligence about attack groups like the C0d0s0 group. Until recently, companies typically adopted a defensive strategy of trying to make their networks as impermeable as possible in hopes of repelling attacks. Today, so-called threat intelligence providers sell services that promise to go on the offensive. They track hackers, and for annual fees that can climb into the seven figures, they try to spot and thwart attacks before they happen.
有一个销售有关像C0d0s0这样的攻击团伙情报的既隐晦又被大肆炒作的新兴行业。直到最近,公司通常采取的一种防御战略是,努力让他们的网络尽可能地不可渗透,以期击败进攻。如今,有所谓的威胁情报提供商,他们出售采取进攻方式的服务。他们跟踪黑客,他们收取可能高达七位数的年费以试图在攻击发生前,发现和阻止攻击。
These companies have a mixed record of success. Still, after years of highly publicized incidents, Gartner, a market research company, expects the market for threat intelligence to reach $1 billion next year, up from $255 million in 2013.
这些公司的业绩鱼龙混杂。尽管如此,在对计算机攻击事件的多年广泛报道之后,市场研究公司高德纳(Gartner)预计,威胁情报的市场明年将达到10亿美元的规模,而2013年的市场规模只是2.55亿美元。
Remarkably, many attacks rely on a tangled maze of compromised computers including those mom-and-pop shops like Cate Machine & Welding. The hackers aren’t after the Cates’ data. Rather, they have converted their server, and others like it, into launchpads for their attacks.
值得注意的是,许多攻击依赖于一个错综复杂的受感染计算机网,其中包括像凯特机械和焊接这样的家庭企业的服务器。黑客对凯特家的数据并不关心。相反,他们把凯特家的、以及其他类似的服务器转换为他们发动攻击的平台。
These servers offer the perfect cover. They aren’t terribly well protected, and rarely, if ever, do the owners discover that their computers have become conduits for spies and digital thieves. And who would suspect the Cate family?
这些服务器为黑客提供了最佳的掩护。它们往往没有很好的安全保护,服务器的拥有者很少、也很难发现,他们的计算机已成为间谍和数字化小偷的中转站。而且,谁会怀疑凯特家的人呢?
Two years ago, the Cates received a visit from men informing them that their server had become a conduit for Chinese spies. The Cates asked: “Are you from the N.S.A.?”
两年前,几名男子来到凯特家,告诉他们,他们的服务器已成为中国间谍的中转站。凯特家人问:“你们是从国家安全局(简称NSA)来的吗?”
One of the men had, in fact, worked at the National Security Agency years before joining a start-up company, Area 1, that focuses on tracking digital attacks against businesses. “It’s like being a priest,” said Blake Darché, Area 1’s chief security officer, of his N.S.A. background. “In other people’s minds, you never quite leave the profession.”
实际上,这些男子中有一人,在加入初创公司“一区”(Area 1)的很多年前,曾在国家安全局工作过。一区专门跟踪针对企业的数字攻击,首席安全官布雷克·达尔谢(Blake Darché)提到自己的NSA背景时说,“就像是当牧师。在其他人的心目中,你永远不会完全离开那个行业。”
Mr. Darché wanted to add the Cates’ server to Area 1’s network of 50 others that had been co-opted by hackers. Area 1 monitors the activity flowing into and out of these computers to glean insights into attackers’ methods, tools and websites so that it can block them from hitting its clients’ networks, or give them a heads-up days, weeks or even months before they hit.
达尔谢想把凯特家的服务器添加到一区的一个由50台已被黑客利用的其他计算机组成的网络中来。一区监视着出入于这些计算机上的活动,从而深入了解攻击者的方法、工具和他们的目标网站,以便在黑客攻击公司客户的网络时进行阻止,或在攻击发生前的数日、数周、甚至数月,让客户得到有关情报。
The Cates called a family meeting. “People work really hard to make products, and they’re getting stolen,” Ms. Cate said. “It seemed like the least we could do.” Area 1 paid for the installation cost, about $150.
凯特家为此召开了一次家庭会议。“人家花大力气制造产品,而产品却在被盗取,”洛瑞·凯特说。“这似乎是我们至少可以做的事情。”一区支付了大约150美元的安装费用。
Shortly after installing a sensor on the machine, Mr. Darché said his hunch was confirmed: The sensor lit up with attacks. Area 1 began to make out the patterns of a familiar adversary: the C0d0s0 group.
凯特家的计算机上安装了一个探测设备后不久,达尔谢说,他的预感被证实了:探测设备上亮起了攻击的信号。一区开始从中看到了一个熟悉对手的模式,这个对手就是C0d0s0小组。
