4個月前,微軟(Microsoft)在網(wǎng)絡世界取得了一次成功。該公司的數(shù)字化偵察器發(fā)現(xiàn)了一個在世界各地許多計算機中安插了惡意軟件的“僵尸網(wǎng)絡”(也就是假服務器),隨后與美國聯(lián)邦調查局(FBI)及其他方面合作關閉了該網(wǎng)絡。微軟副總法律顧問湯姆•伯特(Tom Burt)稱,讓他們擔心的是,他們發(fā)現(xiàn)有至少1200萬臺——沒錯,就是1200萬——個人電腦已被感染。
If you are tempted to shout “hooray”, that is understandable. After all, botnets pose aparticularly pernicious threat since they are fiendishly hard to find. And cyber attacks ingeneral are increasing explosively, costing global businesses $400bn a year, according to datafrom Microsoft.
如果你不禁大聲叫好,是可以理解的。畢竟,因為“僵尸網(wǎng)絡”極其難以被發(fā)現(xiàn),它們構成了極其可怕的威脅。微軟數(shù)據(jù)還顯示,總體來看,網(wǎng)絡攻擊數(shù)量呈爆炸式增長,每年對全球企業(yè)造成4000億美元的損失。
There is a catch, though. Microsoft and the FBI now hope to bring the cyber hackers whocreated that botnet to court. But since this botnet was not entirely run from US soil — andthose 12m infected computers sit everywhere around the world, from China and India to Chileand the US — the saga could be about to plunge into a legal grey zone.
然而,有一個難題。微軟和FBI現(xiàn)在希望將創(chuàng)建這個“僵尸網(wǎng)絡”的網(wǎng)絡黑客訴諸公堂。但是,由于這個“僵尸網(wǎng)絡”并不完全在美國境內運行,同時那1200萬臺被病毒感染的電腦分散在從中國、印度到智利和美國的世界各地,這件奇功接下來可能會陷入法律灰色地帶。
“Think of a situation where you have a botnet in Singapore run by hackers in Bulgaria whocause damage to somebody in America,” Mr Burt told a Financial Times conference inWashington this week. “Who has jurisdiction? What laws are used?” Nobody knows. In cyberspace, as in the global financial system a decade ago, a plethora of criminal activity is indanger of falling between the cracks because national rules are ill suited to a fast-moving digitalworld.
“試想這樣一個情境——保加利亞的黑客在新加坡運營的‘僵尸網(wǎng)絡’對美國某個人造成了損害,”伯特不久前在英國《金融時報》于華盛頓舉辦的一場會議上稱,“誰擁有司法管轄權?適用哪國法律?”沒人知道。在網(wǎng)絡空間,就像10年前的全球金融體系一樣,非常多的犯罪活動都可能會逃脫制裁,因為各國法律沒跟上快速發(fā)展的數(shù)字化世界。
Investors and politicians around the world should take note — and worry. Deeply. In the pastcouple of years, western governments and businesses have made considerable strides inbuilding defences against cyber crime. This week in Washington, for example, the Departmentof Homeland Security is launching an “automated information-sharing” program for utilitycompanies. The aim is to ensure that, “when adversaries try something” against one US utilitycompany, everyone else is alerted, according to Suzanne Spaulding, an undersecretary at thedepartment.
世界各地的投資者和政界人士應該留意,并為此感到擔憂——嚴重擔憂。過去幾年,西方政府和企業(yè)在構建網(wǎng)絡犯罪防御網(wǎng)方面取得了長足的進展。例如,不久前在華盛頓,美國國土安全部(DHS)為公用事業(yè)企業(yè)啟動了一項“信息自動分享”計劃。DHS副部長蘇珊娜•斯波爾丁(Suzanne Spaulding)稱,該計劃的目的是確保當有人對一家美國公用事業(yè)企業(yè)圖謀不軌時,每個人都會收到警報。
In truth, such information-sharing is still imperfect. John Carlin, assistant attorney-general fornational security, admits “the vast majority of companies do not report small intrusions” toeach other. But the situation is better than four years ago, when suspicion between businessand the security establishment reached such depths that the US Chamber of Commercedragged its feet about setting up mandatory information-sharing programs. And the fact thatnobody has yet conducted a successful hack on a US utility, say, is one reason for comfort.
事實上,這類信息分享計劃仍不完善。美國司法部負責國家安全事務的副部長約翰•卡林(John Carlin)承認,“絕大多數(shù)企業(yè)并不相互通報自己受到的小規(guī)模入侵”。但是如今的情況要好于4年前,當時企業(yè)和安全機構相互抱有極深的戒心,以至于美國商會(US Chamber of Commerce)在建立強制信息分享計劃時也拖拖拉拉。目前還沒有任何針對比如一家美國公用事業(yè)企業(yè)的黑客攻擊得手過,這是值得欣慰的地方。
But, as business and government strengthen their defences, the big missing piece of thiscampaign is punishment. As any parent or regulator knows, it is hard to deter wrongdoingwithout a system for imposing discipline. And, right now, remarkably few cyber criminalshave been brought to trial relative to the scale of the current $400bn heist.
但是,隨著企業(yè)和政府加強防御,這一行動一大塊缺失的部分也凸顯了出來,那就是:懲罰。正如任何父母或監(jiān)管機構都知道的那樣,沒有一個強制施加管教的機制,就很難阻止不當行為。相比現(xiàn)在每年4000億美元的損失規(guī)模,目前被告上法庭的網(wǎng)絡罪犯數(shù)量少之又少。
That partly reflects the difficulty of identifying and apprehending perpetrators, particularly inplaces such as Russia and China. The other big problem is the one faced by Microsoft: the legalframework across borders is a mess.
這部分反映出確認犯罪者身份和施加逮捕的難度,特別是在俄羅斯和中國等地區(qū)。另外一個大麻煩是微軟面對的問題:跨國法律框架一片混亂。
In a rational world, this would suggest a multilateral body, such as the UN, urgently needs tocreate some common laws or at least promote more mutual recognition. In the real world,sensible collaboration is hard to organise now; indeed, events such as the Edward Snowdenaffair — where revelations by a former US National Security Agency contractor about the extentof American internet surveillance fuelled transatlantic rows over privacy — are making thisdebate even harder. “Walls are going up,” says Mr Burt.
在理性的世界中,這意味著一家多邊機構(比如聯(lián)合國)迫切需要制定一些通用法律,或者推動各國加強法律互認。而在現(xiàn)實世界里,理性的合作眼下很難組織起來;事實上,愛德華•斯諾登(Edward Snowden)等事件正使得相關討論更加難以進行。斯諾登是前美國國家安全局(NSA)合同工,他關于美國互聯(lián)網(wǎng)監(jiān)視強度的爆料,引發(fā)歐美關于隱私問題的爭執(zhí)。“高墻正在豎起,”伯特稱。
So in the interim, US officials are using whatever homegrown tools they have. Mr Carlin, forexample, says Washington security officials recently managed to extradite from Malaysia asuspected hacker who had created a cyber attack against a US retailer that spearheaded abigger Islamist plot.
因此,在現(xiàn)階段,美國官員正在利用一切本土手段。例如,卡林稱,華盛頓方面的安全官員最近成功從馬來西亞引渡了一名黑客嫌疑犯,此人對美國一家零售商發(fā)動了一場網(wǎng)絡攻擊,為一個更大的伊斯蘭主義陰謀做先期準備。
But strong-arm US legal action is not an effective long-term solution; not least because suchunilateral measures risk sparking a backlash. And many western companies are in effect stuck:they can build defences against cyber crime but cannot effectively retaliate.
但是,美國強硬的法律行動從長期來看并非有效的解決方案;尤其是因為此類單邊措施可能會引發(fā)反作用。很多西方企業(yè)實際上都被困?。核鼈兛梢詷嫿ㄡ槍W(wǎng)絡犯罪的防御網(wǎng),但是無法有效反擊。
So when people describe cyber space as the new Wild West, they are only half correct. This is aplace where baddies have an endless supply of cheap guns but ordinary citizens have onlybarricades. This looks unlikely to change soon — unless and until companies such as Microsoftfind a way to put those botnet creators behind bars. That would be an even more remarkablecoup.
所以,當人們把網(wǎng)絡空間形容為新的“狂野西部”(Wild West)時,他們只說對了一半。網(wǎng)絡空間是這樣一個地方:壞人有源源不斷的廉價槍支供應,而普通公民只有防御工事。這種狀況似乎不太可能很快改變——除非微軟等企業(yè)找到將“僵尸網(wǎng)絡”的創(chuàng)建者繩之以法的辦法。那將是一次更引人矚目的成功。