網絡間諜活動爆發新一輪冷戰

This is a tale of spies, a $500m cyber armsheist, accusations of an attempt to manipulate a US presidential election andan increasingly menacing digital war being waged between Russia and the west.

這是一個關於間諜、一次5億美元的網絡武器打劫、對俄羅斯操縱美國總統選舉企圖的指控、以及一場俄羅斯與西方之間越來越危險的數字化戰爭的故事。

It begins with a clandestine online groupknown as The Shadow Brokers. There is no evidence that it existed before lastSaturday, when a Twitter account in its name tweeted at a handful of leadingglobal news organisations with an unusual announcement: it was conducting a$500m auction of cyber weapons.

故事始於一個名爲“影子經紀人”(The Shadow Brokers)的祕密網絡組織。直到8月13日以前，還沒有證據顯示該組織的存在。而在8月13日，一個該名字的Twitter賬號發帖並@了多家頂尖的全球新聞機構，發佈了一條不同尋常的聲明：該組織正在開展一輪5億美元的網絡武器拍賣。

In a show of faith, the group put aselection of its wares — a 4,000-file, 250MB trove — on public rity analysts have been racing to go through the list but it is alreadyclear that at least some of what has been revealed so far is real.

爲顯示信譽，該組織挑選所拍賣數據的一部分公開展示，總共有4000個文件，大小爲250MB。安全分析師競相審查這份數據清單，不過目前已弄清楚的是，到目前爲止披露的數據中至少部分是真實的。

What is most remarkable, though, is thelikely former owner of the Shadow Brokers’ cyber bounty: an outfit known as theEquation Group. Equation is an elite hacking unit of the US National SecurityAgency. The Shadow Brokers claim that the stolen goods are sophisticated cyberweapons used by the NSA.

然而，最令人吃驚的是影子經紀人這批網絡戰利品可能的前主人：“方程式組織”(Equation Group)。方程式組織是美國國家安全局(NSA)的一個精英黑客部門。影子經紀人聲稱，這些其所竊取的數據是NSA所使用的精密網絡武器。

The Shadow Brokers’ motivations are notentirely clear. “If this was someone who was financially motivated, this is notwhat you would do,” says Orla Cox, director of security response at Symantec, aleading cyber security company. Cyber weapons are typically sold over the darkweb, notes Ms Cox, or they are used by hackers who want to remain certainly are not advertised to news outlets. And even the best are notpriced in $500m bundles.

影子經紀人的動機目前還不完全清楚。頂尖網絡安全公司賽門鐵克(Symantec)安全響應總監奧拉•考克斯(Orla Cox)表示：“如果說是出於財務動機，這樣的事你是不會去做的。”考克斯指出，網絡武器通常是在“暗網(dark web)”上銷售，或者由希望保持匿名的黑客使用。它們肯定不會在新聞門戶網站上打廣告。而且即使是最好的網絡武器，也不會打包標5億美元的價格。

“It’s a false flag. This isn’t about money. It’s a PRexercise,”she says.

她說：“這是一個幌子。這事與錢無關。這是一次公關行動。”

According to three cyber security companiesthat declined to be identified, the Shadow Brokers is mostly likely run byRussian intelligence. “There is no digital smoking gun,”said one analyst.

根據三家拒絕透露身份的網絡安全公司的說法，影子經紀人很可能是俄羅斯情報機構運營的。一位分析師表示：“目前還沒有確切的數字化證據。”

But the circumstantial evidence iscompelling, analysts say. And the list of other potential nation-state actorswith the capability, wherewithal and motive is short.

不過，分析師表示，相關旁證卻很有說服力。此外，其他擁有相應能力、財力和動機，可能參與此事的國家非常少。

“The fact that the Shadow Brokers did notexist before, appeared at this time and are using intelligence that has beensaved up until now suggests this is all part of some deliberate, targetedoperation, put together for a particular purpose,” says Ewan Lawson, a formercyber warfare officer in the UK’s Joint Forces Command and now senior research fellow at RUSI, thethink-tank.

英國聯合部隊司令部(Joint Forces Command)前網絡戰軍官、現任智庫英國皇家聯合軍種研究院(RUSI)高級研究員的尤安•勞森(Ewan Lawson)表示：“影子經紀人此前並不存在，卻在現在這個時間點出現，而且在使用一直累積到現在的情報，這意味着這完全是某個精心策劃的有目標行動的一部分，是爲了特定目的。”

“That purpose looks like it is to highlight perceived US hypocrisy.”Russia, hesays, is the obvious perpetrator.

“這一目的看起來似乎是爲了突出美國在外界眼中的虛僞。”他說，俄羅斯是明顯的肇事者。

Two senior western intelligence officialssay their assessment was evolving but similar: the Shadow Brokers’ stunt grewout of Russia’s desire to strike back at the US following accusations thatRussian intelligence was behind the hack into the Democratic National Committee’s intrusion, and the subsequent leak of embarrassing emails, has beeninterpreted by some as an attempt by Russia to interfere with the USpresidential election.

兩名西方資深情報官員表示，他們的評估還在進行之中，不過也與此類似：影子經紀人的驚人之舉，是由於俄羅斯想要還擊美國，因爲之前美國指責俄羅斯情報機構是美國民主黨全國委員會(Democratic National Committee)被黑客攻擊的幕後黑手。那次入侵以及隨後泄露的令人尷尬的電郵，被部分人解釋爲俄羅斯試圖干預美國總統選舉。

The US has yet to respond officially tothat hack, even though they know it to be Russia, according to this narrative.

按照這種說法，儘管美國知道那次黑客攻擊是俄羅斯干的，卻仍未作出正式迴應。

Now, with a piece of Le Carré-esquepublic signalling between spymasters, Russia’s Shadow Brokersgambit has made any such response greatly more complex, the officials suggest.

這兩名官員暗示，如今，藉助勒卡雷（Le Carré，間諜小說作家——譯者注）式的間諜組織首腦之間的公開發信號，俄羅斯影子經紀人的詭計大大提高了任何此類迴應的複雜性。

The US and its allies, of course, arehardly innocent of hacking. Regin, a piece of malware used to crack intotelecoms networks, hotels and businesses from Belgium to Saudi Arabia — thoughmainly Russia — is a tool used by the US and the UK, while the Equation Groupis among the most virulent and sophisticated hacking operations around.

當然，美國及其盟友很難說在網絡攻擊方面是無辜的。惡意軟件Regin被用來攻擊從比利時到沙特阿拉伯（儘管主要目標是俄羅斯）的電信網絡、酒店和企業，它就是美國和英國使用的工具。此外，方程式組織也是最具攻擊性和最老練的黑客組織之一。

If the warning to Washington was not beingtelegraphed clearly enough by Moscow, Edward Snowden, the NSAcontractor-turned-whistleblower now living in Russia, spelt it out.

如果說莫斯科向華盛頓發出的這次警告還不夠明確的話，前NSA合同工、現居俄羅斯的泄密者愛德華•斯諾登(Edward Snowden)則明確指出了這一點。

“Circumstantial evidence and conventionalwisdom indicates Russian responsibility,” he wrote in a tweet to his 2.3mfollowers. “This leak looks like somebody sending a message that an escalationin the attribution game could get messy fast,” he said in another.

他在Twitter上向230萬粉絲髮帖道：“相關旁證和常規推理顯示俄羅斯對此負有責任。這次爆料看起來像是某人在傳遞一個消息：這場歸罪遊戲可能難堪地快速升級。”

In the US intelligence community theassumption is that, at the very least, Mr Snowden is an unwitting agent ofRussian intelligence, if not a tool of it. “It’s all partof the signalling,”says one intelligence official.

美國情報界的推測是，斯諾登就算不是俄羅斯情報機構的工具，至少也是無意間做了他們的特工。一位情報官員表示：“所有這一切都是這次信號傳遞的一部分。”

“The Russians have had the initiative inthis whole thing starting from even before the DNC break-in,” says Jim Lewis,director of strategic technologies at the CSIS think-tank and a former US statedepartment official. “They have the place of honour when it comes to threats tothe US in cyber space right now. They’ve accelerated —they’re much lessrisk averse and they’re much more aggressive.”

“甚至從美國民主黨全國委員會服務器被攻擊之前，俄羅斯人就在整件事情裏掌握了主動，”前美國國務院官員、智庫戰略與國際研究中心(CSIS)戰略技術總監吉姆•劉易斯(Jim Lewis)說，“目前美國面臨的網絡威脅中，俄羅斯佔據了前列。他們已經加快了步伐——變得趨於冒險和富於攻擊性得多。”

Attribution problems

歸罪難題

“Attributing”cyber attacks —or identifying their source —is a thorny issue.

網絡攻擊的“歸罪”——或者說指認攻擊源頭——是一個棘手的問題。

For cyber super powers, insiders say, it israrely technical limitations that prevent governments from castigatingattackers. The problem, an age-old one for spycraft, is that in disclosing whatthey know, officials may give away how they got it.

熟悉內情的人士表示，對於網絡超級大國而言，阻止政府譴責攻擊者的極少是技術方面的限制。其中的難題對間諜事務也是由來已久，那就是如果官員們公開所知信息，他們可能會泄露出他們是如何得到這些信息的。

For agencies like the NSA and UK’s GCHQthere is a deeply ingrained culture of secrecy surrounding their cybersurveillance work that stretches back to the origins of signals intelligenceduring the second world war. US intelligence knew very quickly that the Chinesewere behind the hack of the Office of Personnel Management, announced in Junelast year, which targeted the records of millions of Americans. But it tooktime to decide what the appropriate response should be and what kind of effectthey wanted from it.

NSA和英國政府通信總部(GCHQ)等機構的網絡監聽工作有一種根深蒂固的祕密文化，可以溯源至二戰時期的信號情報工作。關於去年6月公佈的美國人事管理局(Office of Personnel Management)遭黑客攻擊的事件，美國情報機構其實很快就知曉這起針對數百萬美國人的人事記錄的攻擊是中國黑客所爲，但他們花費了一些時間來決定該做出何種迴應，又想要從中取得何種效果。

Outside the inner circles of the spy world,there is a growing sense that more public attribution is needed to try and putthe brakes on a cyber cold war that is spiralling out of control.

在間諜世界的核心圈子之外，有一種越來越強的認知——需要嘗試更多地公開指認網絡攻擊者，給正在逐漸失控的網絡冷戰踩踩剎車。

“Up to now there has been a degree of approachingcyber defence one day at a time,” says RUSI’s Mr Lawson. “But now it’s reacheda momentum where people are starting to say we need to start calling peopleout, making more of an issue about these attacks, because otherwise, how are weever going to establish any sort of global norms about it,”

“到現在爲止，網絡防務在某種程度上是得過且過，”英國皇家聯合軍種研究院的勞森說，“但現在已經達到了一種勢頭，人們開始說，我們需要開始點一些人的名，更多地引起有關這些攻擊的爭論，因爲如果不這樣，我們該如何建立任何有關網絡攻擊的全球性準則呢？”

Publicly identifying attackers can bepowerful. Chinese activity against US companies decreased markedly after USauthorities publicly indicted five senior Chinese military officials last year,proving to Beijing that they knew exactly what its hackers were up to —and wouldrespond even more harshly if they continued. But the power of attribution alsodepends on the adversary. Unlike China, Russia does not depend economically onthe US.

公開指認攻擊者可以產生強大的效果。在美國當局去年公開起訴5名中國高級軍官後，中國針對美國企業的黑客行爲顯著減少了。美國當局通過此舉向北京方面展示，他們清楚地知道中國黑客在幹什麼，如果這些黑客繼續行動，美國方面會報以更加嚴厲的迴應。但指認攻擊者的效果也取決於對手。與中國不同，俄羅斯在經濟上對美國沒有依賴。

The Kremlin’s hackers are also farstealthier. A particular trend in Russia’s hacking operations in the past 18months, says a senior British cyber security official, has been towards such“false flagging”, where attacks are hidden behind proxies. The official pointsto an attack on the French broadcaster TV5Monde in April last year. The websitewas defaced with pro-Isis imagery, but it was the Russians who wereresponsible, he says.

克里姆林宮的黑客們也要隱祕得多。一名英國高級網絡安全官員說，過去18個月俄羅斯的黑客行動一直傾向於“立幌子”——在代理的掩護下進行攻擊。這名官員提到去年4月法國廣播電視公司TV5Monde所受的一次攻擊。他說，該公司的網站被換上了親“伊拉克和黎凡特伊斯蘭國”(ISIS)的圖像，但真正該爲此事負責的是俄羅斯黑客。

Russia has become much more aggressive inblurring other boundaries too: their cyber operations do not just exfiltrateinformation, they also sometimes weaponise it. Outright acts of destruction areon the table, too, as was the case when Russia took down the Ukrainian powergrid in January.

俄羅斯在模糊其他界線方面也變得積極得多：他們的網絡黑客行動不再僅僅竊取信息，他們有時也把這些信息化爲武器。直接進行破壞的行爲也公開化了，比如俄羅斯在今年1月攻陷烏克蘭電網的例子。

If the tools are new, the techniques maynot be. Philip Agee, a former CIA agent, sprang to prominence in the 1970s forpublishing a series of salacious books and pamphlets claiming to expose theactivities and agents of his former paymasters. He said he was a whistleblowerand became a feted figure of the left in the west.

就算工具是新的，這些手法可能也不是。上世紀70年代，前美國中央情報局(CIA)特工菲利普•阿吉(Philip Agee)因爲出版了一系列聲稱揭露中情局活動和下屬特工的色情書籍和小冊子而一躍成名。他自稱是個揭祕者，並受到了西方左翼人士的熱烈追捧。

But in reality he was carefully directed bythe KGB, the Soviet spy agency. Under the Russians’ guidance, his outputblended genuine US intelligence leaks with outright disinformation concocted byMoscow to suit its own ends. Hundreds of CIA agents were exposed by hisactivities.

但事實上，他的行動受到了蘇聯特工機構克格勃(KGB)的精心指導。在蘇聯人的指導下，他的書籍混合了真實的美國情報泄密和莫斯科方面炮製的虛假信息，以服務蘇聯的目的。數百名中情局特工因爲他的行爲而暴露。

The KGB’s use of Agee wasboth an act of disruption and one of manipulation. It boxed in the CIA andaffected their decision-making. Moscow ensured genuine agents’names werepublicised at times to suit their ends.

克格勃對阿吉的利用既是一種擾亂，也是一種操縱。此舉讓中情局陷入困境，影響了他們的決策。莫斯科還不時公開特工的真實姓名，以服務自身目的。

The Shadow Brokers may be the same trickadapted to the 21st century.

影子經紀人或許只是同一花招的21世紀版本。

Both are textbook examples of what Sovietstrategists called reflexive control — a concept that has become resurgent inRussian military planning today. Reflexive control is the practice of shapingan adversary’s perceptions. A state might convince an opponent not to retaliatefor interfering in an election, for example, by raising the possibility ofreleasing information about its own tactics.

這二者都是蘇聯戰略家所稱“反身控制”的經典教科書案例。“反身控制”的概念在今天的俄羅斯軍事規劃中再度興起。反身控制是一種塑造對手認知的做法。比如，一個國家可能通過提高泄露對手策略信息的可能性，來說服對手不要報復其對選舉的干擾。

“These are old tactics,” says CSIS’ MrLewis. “The Russians have always been better at this kind of thing than us. Butnow, they’re just able to wield them so much more effectively. They have takentremendous advantage of the internet. Information is a weapon.”

“這些都是老的戰術，”智庫戰略與國際研究中心的劉易斯說，“在這種事情上，俄羅斯人一直比我們更擅長。但現在，他們能夠有效得多地使用這種戰術。他們極大地利用了互聯網。信息是一種武器。”