朝鮮網(wǎng)絡(luò)攻擊的威脅迫在眉睫

In a world of instability, one reassuringly constant rule is that countries have tended to behave in cyber space much as they do in the real world. That Russia should try to undermine confidence in western democracy by its online disinformation campaign in the US and Europe, or extend its siege of Ukraine by attacking domestic power supplies and industrial control systems with cyber weapons, is entirely predictable. So too is Iran’s behaviour in destroying Saudi Aramco’s computers or attacking US banks.

在一個不穩(wěn)定的世界中，一條可靠的不變規(guī)則是，國家往往在網(wǎng)絡(luò)空間中表現(xiàn)得和在現(xiàn)實(shí)世界中一樣。俄羅斯應(yīng)會試圖通過其在美國和歐洲的網(wǎng)上虛假宣傳，破壞人們對西方民主的信心，或者運(yùn)用網(wǎng)絡(luò)武器攻擊烏克蘭電力供應(yīng)和工業(yè)控制系統(tǒng)來繼續(xù)圍困烏克蘭，這是完全可以預(yù)見的。伊朗破壞沙特阿美(Saudi Aramco)的計算機(jī)或攻擊美國銀行的行為，也可以預(yù)見。

The crucial difference about such activity is that, in a highly networked world, “collateral damage” is far more difficult to estimate than for conventional or nuclear weapons. This year we have experienced worldwide impact from attacks with unintended consequences. In disrupting Ukrainian networks in June, Russian state actors probably did not set out to cripple major companies like Maersk, or Reckitt Benckiser, or FedEx. But while the attackers may not care much, Russia does at least have a stake in the international financial system. North Korea does not.

這類活動的關(guān)鍵不同在于，在一個高度網(wǎng)絡(luò)化的世界，其“附帶損害”比常規(guī)或核武器更加難以估計。今年，我們看到全球范圍受到了網(wǎng)絡(luò)攻擊的影響，造成意料不到的后果。在6月破壞烏克蘭網(wǎng)絡(luò)的事件中，俄羅斯的政府特工一開始很可能并不打算弄癱馬士基(Maersk)、利潔時(Reckitt Benckiser)或聯(lián)邦快遞(FedEx)等大公司。雖然攻擊者也許不太在乎，可至少國際金融體系對俄羅斯而言利益攸關(guān)。朝鮮則不一樣。

Pyongyang’s use of cyber demonstrates the rationality of the regime. It invested many years ago in developing the necessary elite maths and computer science skills at school age; it saw that much of the activity could be run from outside the country, using the openness of the internet, the grey world of cyber crime and its flow of skills and tools. As with its nuclear weapons and missile programme, North Korea has had help. We have to assume that extensive military co-operation with Tehran includes cyber, a key capability of the Iranian Revolutionary Guard Corps.

朝鮮對網(wǎng)絡(luò)的使用反映了政權(quán)的理性。多年前，朝鮮便投資培養(yǎng)學(xué)齡兒童必要的精英數(shù)學(xué)和計算機(jī)科學(xué)技能;朝鮮看到，利用互聯(lián)網(wǎng)的開放性、網(wǎng)絡(luò)犯罪的灰色世界及其技能和工具的傳播，這些活動中的大部分可以在國外實(shí)施。與其核武器和導(dǎo)彈計劃一樣，朝鮮也獲得了幫助。我們必須假定，朝鮮與伊朗之間的廣泛軍事合作包括網(wǎng)絡(luò)技術(shù)——這是伊朗革命衛(wèi)隊(Iran Revolutionary Guard Corps)的一項關(guān)鍵能力。

North Korea’s objectives too have been consistent with their wider strategy: attacking their southern neighbour, melodramatically defending their leader’s image, notably in the 2014 Sony Pictures attack, and stealing foreign currency. As sanctions bite further, we can expect this quest for hard currency to become a greater priority for Kim Jong Un’s regime.

朝鮮的目標(biāo)也與其更廣泛的戰(zhàn)略保持一致：攻擊他們的南方鄰國，夸張地捍衛(wèi)領(lǐng)導(dǎo)人的形象——特別是在2014年攻擊索尼影視(Sony Pictures)的事件中——并竊取外匯。隨著制裁的影響越來越大，我們可以預(yù)期，這種對硬通貨的追求將成為金正恩(Kim Jong Un)政權(quán)的一個更大優(yōu)先事項。

North Korea first attacked financial institutions in Seoul on a large scale in 2013. Since then they have been expanding their horizons. They have attacked banks from Vietnam to Poland, often targeting weak connections to the global Swift payments system. In 2016 they set their sights on nearly $1bn from a Bangladesh bank, of which they successfully cashed out $81m via the Philippines.

朝鮮在2013年首次大規(guī)模攻擊了首爾的金融機(jī)構(gòu)。此后，他們一直在擴(kuò)大范圍。他們已攻擊了從越南到波蘭的銀行，往往是瞄準(zhǔn)銀行與環(huán)球銀行金融電信協(xié)會(Swift)支付系統(tǒng)之間的薄弱環(huán)節(jié)。2016年，他們瞄準(zhǔn)了孟加拉國一家銀行的近10億美元，最終借道菲律賓成功地拿到了8100萬美元。

It is impossible to say how many of the ransomware attacks swilling around the world have some link to North Korean groups, or to estimate how much it brings in, since those who pay rarely want to advertise it. But it is reasonable to assume that they are making a healthy profit from low cost, high volume attacks. “WannaCry”, which affected hundreds of organisations from the National Health Service in the UK to the German rail network in April, seems to have been a ransomware attack that got out of control. It was a reminder that, while Pyongyang is well outside our European sphere of influence and its missiles will not reach us, its cyber attacks already have.

我們不可能說出世界各地爆發(fā)的勒索軟件攻擊中，有多少與朝鮮團(tuán)體有一些聯(lián)系，也無法估計出這種勒索給他們帶來了多少錢，因為沒幾個付勒索金的人愿意張揚(yáng)這件事。但是，我們可以合理地假設(shè)，朝鮮從低成本、大規(guī)模的攻擊中謀取了可觀的暴利。今年4月，影響了從英國國家醫(yī)療服務(wù)體系(NHS)到德國鐵路網(wǎng)絡(luò)等數(shù)百家機(jī)構(gòu)的“想哭”(WannaCry)，似乎是一場失控的勒索軟件攻擊。這提醒我們，盡管朝鮮處在遠(yuǎn)離歐洲影響范圍的地方，他們的導(dǎo)彈打不到我們，但朝鮮的網(wǎng)絡(luò)攻擊已命中了我們。

Most recently North Korea has been attacking bitcoin exchanges, an indication of its developing interests, along with assaults on South Korean and US military planners. The Pyongyang regime’s capabilities will improve and they will continue to surprise us, as they have in other technology areas. There are an increasing number of sophisticated cyber tools available; they will learn from their mistakes and use them to better effect. The possibility of miscalculation is also severe: if an attack were, for example, to affect US hospitals, and that led to injury or death, the pressure to retaliate would be extreme.

最近，朝鮮一直在攻擊比特幣交易所，這表明除了攻擊韓國和美國的軍事規(guī)劃機(jī)構(gòu)，朝鮮的興趣點(diǎn)也在變化。平壤政權(quán)的能力會有所提高，而且會繼續(xù)讓我們吃驚，正如他們在其他技術(shù)領(lǐng)域做到的那樣。越來越多的先進(jìn)網(wǎng)絡(luò)工具可以獲得;他們會從錯誤中學(xué)習(xí)，并更好地利用這些工具。誤判的可能性也很嚴(yán)峻：例如，如果一場攻擊影響了美國醫(yī)院，并造成傷害或死亡，報復(fù)的壓力將是非常大的。

It is wearyingly familiar that the options for response to this asymmetric cyber activity are limited. North Korea is not widely networked and has limited connections to the internet. The best hope for direct action is through law enforcement in those jurisdictions unwittingly hosting some of the activity, principally in Southeast Asia and China.

令人熟悉到厭煩的是，應(yīng)對這種不對稱網(wǎng)絡(luò)活動的選項是有限的。朝鮮內(nèi)部并未廣泛聯(lián)網(wǎng)，與互聯(lián)網(wǎng)的連接也很有限。采取直接行動的最大希望，是通過無意中成為其中一些攻擊活動發(fā)生地的司法管轄區(qū)(主要是東南亞和中國)的執(zhí)法機(jī)構(gòu)采取行動。

In the meantime, hardening defences will be the priority. Financial institutions in developed countries are better protected than any other sector of the economy, partly because they are the number one target of cyber crime. But they are less used to state threats and it is not trivial that we now see nations and state-backed crime groups robbing banks and holding companies to ransom. The fact that North Korea is a regime that blends horror with James Bond villain absurdity should not make us complacent.

與此同時，加強(qiáng)防御將成為優(yōu)先事項。在發(fā)達(dá)國家，金融機(jī)構(gòu)比任何其他經(jīng)濟(jì)部門受到了更好的保護(hù)，部分原因在于它們是網(wǎng)絡(luò)犯罪的首要目標(biāo)。但它們還不太習(xí)慣于國家攻擊;我們現(xiàn)在看到國家和國家支持的犯罪團(tuán)體搶劫銀行和勒索企業(yè)，這并非小事。朝鮮是一個把恐怖與詹姆斯•邦德(James Bond)惡棍式荒誕混在一起的政權(quán)，我們不應(yīng)對此滿不在乎。

The writer is a former director of GCHQ, a UK government intelligence and security organisation

本文作者為英國情報與安全機(jī)構(gòu)政府通信總部(GCHQ)前主任