安全意識淡漠，中國成網(wǎng)絡犯罪高發(fā)地

安全意識淡漠，中國成網(wǎng)絡犯罪高發(fā)地

HONG KONG — In China, some of the most successful cyberthreats are frighteningly simple.

香港——在中國，一些最成功的網(wǎng)絡詐騙通常都極其簡單。

One recent viral mobile message offered free Golden Retriever puppies to lure users into giving away personal information. Another online scam took thousands from a woman who wired money to an impostor she thought was her son’s teacher.

最近出現(xiàn)的一條手機病毒短信聲稱免費贈送金毛幼仔，從而誘使用戶提供個人信息。另一個網(wǎng)絡騙局則導致一名女性給謊稱是兒子老師的騙子匯去了數(shù)千元。

A current favorite of Chinese cybercriminals, according to Pei Zhiyong, the senior security researcher of the antivirus company Qihoo 360 Technology, is to simply program malicious code that asks users to disable their antivirus software.

殺毒軟件公司奇虎360的高級安全研究員裴智勇表示，中國網(wǎng)絡罪犯目前最青睞的方式是，直接編寫惡意代碼，讓用戶關閉殺毒軟件。

“It will say their security program is incompatible with whatever they’re trying to do,” he said. “We call it a ‘Candy Trojan Horse,’ and 30 percent of users will actually respond by turning off their antivirus system.”

“它會彈出一個提示窗，用很萌的口吻提示說，用戶電腦上正在運行的安全軟件，與他們即將要啟動的這個程序之間存在沖突，”他說。“我們把這種病毒程序稱之為‘賣萌木馬’，而30%的用戶會聽從這個提示而關閉自己的防病毒系統(tǒng)。”

Over the last decade, the Internet has gone mainstream in China. More than 600 million residents regularly go online, and China is also the world’s largest smartphone market. And domestic companies like the Alibaba Group are among the largest Internet companies in the world.

在過去十年中，互聯(lián)網(wǎng)在中國流行開來，經常上網(wǎng)的人口超過了六億。中國同時還是世界上最大的智能手機市場。阿里巴巴集團等中國公司已經躋身世界最大的互聯(lián)網(wǎng)企業(yè)之列。

In its early days, China’s Internet market was plagued by malware and viruses. Popular free antivirus software offered by many companies has since helped stem that problem, but has led to a new one: Many PC users have become so comfortable that they are now easy prey to attacks that involve simply tricking them, instead of having their accounts breached by complex software. At Chinese companies, experts say, awareness lags that of their counterparts in developed nations.

在發(fā)展的早期，中國的互聯(lián)網(wǎng)市場飽受惡意軟件及病毒的侵擾。多家公司提供的廣受歡迎的免費殺毒軟件幫助阻止了這一問題的蔓延，但同時也帶來了一個新問題：不少個人電腦用戶過于放松警惕，很容易成為攻擊目標，陷入簡單騙局，根本不需要罪犯通過復雜的軟件來破解他們的賬戶。專家表示，中國企業(yè)的網(wǎng)絡安全意識也落后于發(fā)達國家。

In 2013, cybercrime cost Chinese companies and individuals $37 billion, according to a research report by the security firm Norton, putting the nation second behind the United States at $38 billion, and well ahead of the $13 billion that cybercrime cost Europe or the $1 billion for Russia.

網(wǎng)絡安全公司諾頓(Norton)發(fā)布的一份研究報告顯示，2013年，網(wǎng)絡犯罪給中國企業(yè)和個人造成了370億美元(約合2300億元人民幣)的損失，僅次于美國的380億美元，但遠超歐洲的130億美元和俄羅斯的10億美元。

Security analysts offer many reasons for this, but top among them is the naïveté of China’s myriad new Internet users, as well as government policies that have emphasized the growth of the Internet industry above all else.

安全方面的分析人士對此給出了很多解釋，但其中最主要的原因在于，中國無數(shù)的新網(wǎng)民還太不成熟，以及政府在互聯(lián)網(wǎng)行業(yè)方面的政策強調增長高于一切。

At the same time, many businesses have no consistent approach to ensure employees do not inadvertently compromise corporate networks. Companies also are often reluctant to pay for security software.

與此同時，很多企業(yè)沒有采取周密的舉措來防止員工無意間危害公司網(wǎng)絡。它們通常也不愿花錢來購買安全軟件。

And the prevalence of pirated software in the country — and the back doors and other security holes in those programs — makes many businesses, and individuals, unwittingly vulnerable.

存在后門等安全漏洞的盜版軟件在中國非常盛行，使得很多公司及個人不知不覺中成為易受攻擊的目標。

Beijing maintains strict control of the flow of information online and closely tracks many users. But it has focused far less on stopping cybercrime or punishing companies that enable or encourage attacks. As a result, China’s companies tend to focus on attracting users above all else, and therefore a consensus among Chinese Internet companies on mitigating attacks has been slow to emerge.

政府一直在嚴格控制網(wǎng)絡信息的傳播，并且密切跟蹤不少用戶的活動，但不太關注如何阻止網(wǎng)絡犯罪，以及懲罰允許或鼓勵攻擊活動的公司。結果，中國企業(yè)往往將吸引用戶當做首要任務，因此國內的互聯(lián)網(wǎng)公司遲遲沒有就降低受攻擊的風險達成一致。

“The Internet companies assume everyone is going to play dirty, so that’s how they approach it,” said Mark Natkin, managing director of China tech research firm Marbridge Consulting. “The Dudley Do-Rights get chopped off at the knees, so instead of trying to clean things up, they get scrappy.”

“互聯(lián)網(wǎng)企業(yè)默認大家都會使用骯臟的手段，這就是他們的態(tài)度，”中國科技業(yè)調研公司邁博瑞咨詢的執(zhí)行董事馬克·納特金(Mark Natkin)說。“傻乎乎照章辦事的會死得很難看，所以他們不去設法整治，而是全都變得好斗起來。”

Things could get worse for China as new users take to the web on smartphones. According to the Norton report, 75 percent of Chinese smartphone users have experienced mobile cybercrime in the 12 months leading up to the 2013 survey, compared with a global average of just 38 percent.

隨著新一代用戶開始利用智能手機上網(wǎng)，情況可能會變得更糟。諾頓的報告顯示，中國75%的智能手機用戶在過去12個月中遭遇過手機網(wǎng)絡犯罪，而全球平均水平僅為38%。

A 2013 study by the Data Center of China’s Internet showed that 35 percent of China’s most popular 1,400 apps tracked user data that had no connection to the function of the application.

DCCI互聯(lián)網(wǎng)數(shù)據(jù)中心2013年的一項研究表明，在中國最受歡迎的1400個應用中，有35%都會追蹤與應用的功能無關的用戶數(shù)據(jù)。

When customers then bring their phones into work, the situation becomes dangerous for companies as well, Mr. Sentonas said.

森托納斯說，當用戶使用手機工作時，他們的公司也會陷入危險。

The huge cost of attacks on companies has led to growing awareness among executives, though analysts say many companies still lack a high-level executive charged with security. Efforts by companies to ensure that employees do not inadvertently compromise corporate networks have ranged from negligence to draconian measures, according to Thomas Parenty, the head of the information security firm Parenty Consulting.

網(wǎng)絡攻擊給企業(yè)造成的巨大損失提高了高管們的警覺性，但分析人士表示，許多公司仍然缺乏負責網(wǎng)絡安全的高層管理人員。信息安全公司帕朗蒂咨詢 (Parenty Consulting)的負責人托馬斯·帕朗蒂(Thomas Parenty)稱，為了防止員工不小心使公司網(wǎng)絡陷入危險，企業(yè)的應對五花八門，有些采取了嚴厲措施，另有一些則顯得粗心大意。

In one instance, Mr. Parenty recalled how a manager of a Shenzhen company set up employee computers so they all faced the front of the room. He then set up his desk on a raised dais at the back of the room, giving him a view of employees’ screens so he could track online activity.

帕朗蒂一直記得深圳一家公司的經理的做法。這位經理規(guī)定了工作人員電腦的位置，讓它們全都對著房間的前面。然后，他把自己的辦公桌放在房間后部的一座高臺上，這樣就能看到所有員工的屏幕，知道他們在網(wǎng)上干什么。

“It was like Oliver Twist,” he said.

“就跟《霧都孤兒》(Oliver Twist)似的，”他說。

At times, it is company policy, not employees, that leads to problems. Many Chinese companies have a tendency to spurn costly software, instead opting to use pirated copies of programs like Microsoft Windows and Adobe Photoshop, leaving them open to security holes in the software. There are many companies and organizations that use entirely unpaid-for copies of Windows, Mr. Parenty said.

有時候，問題出在公司政策方面，而非員工身上。很多中國企業(yè)會放棄昂貴的軟件，而采用盜版的微軟Windows和Adobe Photoshop，使公司暴露在這些盜版軟件的安全漏洞面前。帕朗蒂稱，不少企業(yè)和機構上上下下全部使用不花錢的Windows盜版。

At one organization Mr. Parenty said he discovered that “each employee computer’s disk was entirely full of bootleg software and downloaded movies.” His firm “had to strip each desktop to the bare metal and then buy legitimate software and put in controls so they couldn’t just download pirated copies of everything Adobe has ever made,” he said.

帕朗蒂表示，他在一家機構發(fā)現(xiàn)，“每臺員工電腦的硬盤里都裝滿了盜版軟件和下載的電影。”他的公司“不得不把每臺機器清理得什么都不剩，然后購買正版軟件并安裝控制程序，這樣他們就無法下載各種Adobe產品的盜版了。”

To keep employees happy, he then set up a “tea break computer” not connected to the company’s network, where workers could sign onto popular Chinese chat, gaming and social media programs.

為了讓員工開心，他隨后設置了一臺未連入公司網(wǎng)絡的“茶歇電腦”，讓他們可以用來使用中國流行的聊天、游戲和社交媒體程序。

Recognizing that few companies will spend for security software, the most successful security firms in China offer software free. One of China’s largest antivirus companies, Qihoo 360, provides a suite of antivirus programs without charge, making money on advertisements and other promotions it pipes through its products.

由于意識到很少有企業(yè)愿意花錢購買安全軟件，中國最成功的網(wǎng)絡安全公司都在免費提供軟件。奇虎360是中國最大的反病毒公司之一，它就是免費提供一整套殺毒程序，然后通過產品附帶的廣告等促銷手段來賺錢。

The company had 495 million monthly active users for its PC-based products in September, according to the company’s recent earnings report. Still, analysts argue it has more vulnerabilities than most purchased services and isn’t ideal for protecting companies.

奇虎360最近的盈利報告表明，9月，公司旗下適用于個人電腦的產品擁有4.95億的月活躍用戶。不過，分析人士認為，它的漏洞還是要比大多數(shù)需要花錢購買的服務更多，對于保護企業(yè)而言并不理想。