纽约时报中文网 - 中英对照版-中英安洵文件泄露事件揭示中国黑客网络脆弱性

The Chinese hacking tools made public in recent days illustrate how much Beijing has expanded the reach of its computer infiltration campaigns through the use of a network of contractors, as well as the vulnerabilities of its emerging system.

前些天曝光的中国黑客工具不仅显示了中国政府通过承包商网络扩大计算机渗透的活动范围之大，也显示了其新兴系统的脆弱。

The new revelations underscore the degree to which China has ignored, or evaded, American efforts for more than a decade to curb its extensive hacking operations. Instead, China has both built the cyberoperations of its intelligence services and developed a spider web of independent companies to do the work.

从新泄露的文件可以看出，十多年来，中国在多大程度上无视或避开了美国为限制其广泛的黑客活动所做的努力。它不仅建立了自己的网络情报部门，还发展出一个由独立的公司组成的黑客行动网。

Last weekend in Munich, Christopher A. Wray, the F.B.I. director, said that hacking operations from China were now directed against the United States at “a scale greater than we’d seen before.” And at a recent congressional hearing, Mr. Wray said China’s hacking program was larger than that of “every major nation combined.”

上个周末，联邦调查局局长克里斯托弗·雷在慕尼黑说，来自中国的黑客行动现在以“前所未见的规模”针对美国。在最近的一次国会听证会上，雷说，中国的黑客项目比“所有主要国家的加起来还大”。

“In fact, if you took every single one of the F.B.I.’s cyberagents and intelligence analysts and focused them exclusively on the China threat, China’s hackers would still outnumber F.B.I. cyberpersonnel by at least 50 to one,” he said.

“实际上，如果让联邦调查局的所有网络特工和情报分析师都把注意力放在中国威胁上的话，中国的黑客人数仍以50比1的比例超过联邦调查局，”他说。

U.S. officials said China had quickly built up that numerical advantage through contracts with firms like I-Soon, whose documents and hacking tools were stolen and placed online in the last week.

美国官员表示，中国通过与安洵等公司签订合同，迅速建立起了这种数量上的优势。有人盗取了安洵的文件和黑客工具后，于一周多前放在了网上。

The documents showed that I-Soon’s sprawling activities involved targets in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere.

文件显示，安洵的大范围活动涉及韩国、台湾、香港、马来西亚、印度等地的目标。

But the documents also showed that I-Soon was having financial difficulty and that it used ransomware attacks to bring in money when the Chinese government cut funding.

但文件还显示，安洵在财务上遇到了困难，中国政府削减了拨款后，它使用勒索软件攻击来获得资金。

U.S. officials say this shows a critical weakness in the Chinese system. Economic problems in China and rampant corruption there often mean that money intended for the contractors is siphoned off. Strapped for cash, the contractors have stepped up their illegal activity, hacking for hire and ransomware, which has made them targets for retaliation and exposed other issues.

美国官员说，这显示了中国体系的一个严重弱点。中国的经济问题和猖獗的腐败往往意味着，本来是发给承包商的资金遭到挪用。由于资金短缺，承包商们加大了非法活动，出售黑客服务和勒索软件，这使它们成为了报复的目标，并暴露出了其他问题。

The U.S. government and private cybersecurity firms have long tracked Chinese espionage and malware threats aimed at stealing information, which have become almost routine, experts say. Far more troubling, however, have been Chinese cyberhacking efforts threatening critical infrastructure.

长期以来，美国政府和私人网络安全公司一直在追踪中国的间谍活动和恶意软件威胁，专家表示，这些旨在窃取信息的活动几乎已成为常态。但更令人不安的是威胁关键基础设施的中国网络黑客行动。

The intrusions, called Volt Typhoon after the name of a Chinese network of hackers that has penetrated critical infrastructure, set off alarms across the U.S. government. Unlike the I-Soon hacks, those operations have avoided using malware and instead use stolen credentials to stealthily access critical networks.

这些被称为“伏特台风”的入侵行为已引起了美国政府的警惕，这个名字来自渗透了美国关键基础设施的中国黑客网络。与安洵的黑客攻击不同，这些入侵避免使用恶意软件，而是使用窃取的资格证书来秘密进入关键网络。

Intelligence officials believe that intrusions were intended to send a message: that at any point China could disrupt electrical and water supplies, or communications. Some of the operations have been detected near American military bases that rely on civilian infrastructure — especially bases that would be involved in any rapid response to an attack on Taiwan.

情报官员们认为，这些入侵行为是为了传递一个信息：中国能随时中断美国的电力供应、供水或通讯。一些植入的代码是在靠民用基础设施维持运行的美国军事基地附近发现的，尤其是那些可能参与对中国袭击台湾做出快速反应的基地。

But even as China put resources into the Volt Typhoon effort, its work on more routine malware efforts has continued. China used its intelligence services and contractors tied to them to expand its espionage activity.

但就在中国将资源投入到“伏特台风”项目的同时，许多常规恶意软件的工作也在继续。中国利用了本国情报机构，以及与情报机构有关的承包商来扩大间谍活动。

I-Soon is most directly connected with China’s Ministry of Public Security, which traditionally has been focused on domestic political threats, not international espionage. But the documents also show that it has ties to the Ministry of State Security, which collects intelligence both inside and outside China.

安洵主要是直接与中国的公安部联系，公安部传统上关心的是国内的政治威胁，而不是国际上的间谍活动。但泄露的文件也显示，安洵与在中国境内外收集情报的国家安全部有联系。

Jon Condra, a threat intelligence analyst at Recorded Future, a security firm, said I-Soon had also been linked to Chinese state-sponsored cyberthreats.

安全公司Recorded Future在威胁方面的情报分析师乔恩·康德拉说，安洵也与中国国家支持的网络威胁有关。

“This represents the most significant leak of data linked to a company suspected of providing cyberespionage and targeted intrusion services for the Chinese security services,” Mr. Condra said. “The leaked material indicates that I-Soon is likely a private contractor operating on behalf of the Chinese intelligence services.”

“这是与一家涉嫌为中国安全部门提供网络间谍和定向入侵服务的公司有关的最重大数据泄露事件，”康德拉说。“泄露的材料表明，安洵很可能是在为中国情报部门工作的私人承包商。”

The U.S. effort to curb Chinese hacking goes back to the Obama administration, when Unit 61398 of the People’s Liberation Army, the Chinese military, was revealed to be behind intrusions into a wide swath of American industry, looking to steal secrets for Chinese competitors. To China’s outrage, P.L.A. officers were indicted in the United States, their pictures placed on the Justice Department’s “wanted” posters. None have ever stood trial.

美国遏制中国黑客行动的努力可追溯到奥巴马政府时代，当时，中国人民解放军61398部队被曝是入侵了许多美国工业部门的计算机网络的幕后黑手，这些入侵的目的是为中国的竞争对手窃取商业秘密。美国起诉了一些与入侵有关的解放军军官，他们的照片被贴在了司法部的“通缉”名单上，这激怒了中国。但没有人接受过审判。

Then China was caught in some of the boldest theft of data from the U.S. government: It stole more than 22 million security-clearance files from the Office of Personnel Management. Its hackers were undetected for more than a year, and the information they gleaned gave them a deep understanding into who worked on what inside the U.S. government — and what financial or health or relationship troubles they faced. In the end, the C.I.A. had to pull back officers who were scheduled to enter China.

那之后，美国还发现一些最大胆的盗取政府数据事件是中国实施的：从美国人事管理局的计算机上窃取了逾2200万份个人背景调查文件。打入计算机的黑客有一年多的时间没被发现，他们收集来的信息让他们深入了解美国政府内部的人员做什么工作，以及他们有哪些财务、健康或关系上的问题。结果是，中央情报局不得不撤换了原定被派往中国的官员。

The result was a 2015 agreement between President Xi Jinping and President Barack Obama aimed at curbing hacking, announced with fanfare in the White House Rose Garden.

该事件的结果是，国家主席习近平和奥巴马总统在2015年达成了一项旨在遏制黑客攻击的协议，协议是在白宫玫瑰园大张旗鼓宣布的。

But within two years, China had begun developing a network of hacking contractors, a tactic that gave its security agencies some deniability.

但协议宣布还没到两年，中国就已在开始发展一个黑客承包商网络，这种做法让中国的安全机构可以在一定程度上否认自己与侵入有关。

In an interview last year, Mr. Wray said China had grown its espionage resources so large that it no longer had to do much “picking and choosing” about their targets.

雷在去年的一次采访中说，中国进行间谍活动的资源已有了如此大的增长，以至于它不再需要对目标进行太多“挑选”。

“They’re going after everything,” he said.

“他们什么都想要，”他说。