蘋果發佈最新防監控系統補丁(2)

In many cases, the NSO Group had designed its tools to impersonate those of the Red Cross, Facebook, Federal Express, CNN, Al Jazeera, Google and even the Pokemon Company to gain the trust of its targets, according to the researchers.

研究人員稱，很多情況下，NSO集團把自己的工具設計得像紅十字會(Red Cross)、Facebook、聯邦快遞(Federal Express)、CNN、半島電視臺(Al Jazeera)、谷歌(Google)，甚至寶可夢公司(Pokemon Company)的一樣，以便獲取目標的信任。

“NSO Group was very professional, and very effective in staying silent,” said Mike Murray, a vice president at Lookout.

“NSO集團非常專業，在保持沉默方面也非常有效，”Lookout的副總裁邁克•默裏(Mike Murray)說。

In recent years, zero day flaws have been traded among hackers, brokers, companies like the NSO Group, and spy agencies and law enforcement networks eager for ways to break into devices.

近年來，零日漏洞在黑客、中間商、NSO集團這樣的公司，和迫切地想要破解設備的間諜機構與執法網絡之間交易。

Flaws in Apple’s iOS software are sold at a premium. Last year, a similar zero-day exploit in Apple’s iOS software was sold to Zerodium, a Washington buyer and seller of zero-days, for $1 million.

蘋果iOS軟件中的漏洞售價高昂。去年，蘋果iOS軟件中一個類似的零日漏洞被以100萬美元（約合670萬元人民幣）的價格，賣給了華盛頓零日漏洞中間商Zerodium公司。

Earlier this year, James Comey, the director of the Federal Bureau of Investigation, announced that his agency had paid hackers who found a way for the F.B.I. to crack into an iPhone used by one of the shooters in last year’s mass killings in San Bernardino, Calif. Neither the hackers nor the F.B.I. have told Apple how this was accomplished.

今年早些時候，聯邦調查局（Federal Bureau of Investigation，簡稱FBI）局長詹姆斯•科米(James Comey)宣佈，FBI向爲其找到破解一部iPhone的辦法的黑客支付了報酬。那部iPhone的主人是去年加州聖貝納迪諾大規模殺人事件中的槍手之一。黑客和FBI均未告訴蘋果公司他們是怎麼做到的。

Apple’s software update patches the NSO Group’s exploits, but it is unclear whether the company has patched the vulnerabilities used by the F.B.I. to crack into its iPhone. Apple recently began a “bug bounty” program to pay hackers who report vulnerabilities in its systems.

蘋果的軟件更新修復了被NSO集團利用的漏洞，但尚不清楚該公司是否修復了被FBI用來破解那部iPhone的漏洞。最近，蘋果啓動了一個“漏洞獎勵”計劃，出錢讓黑客報告其系統中的漏洞。

Among the other NSO targets, besides Mr. Mansoor, were Rafael Cabrera, a Mexican journalist, who broke a story on conflicts of interest among Mexico’s ruling family. In several cases, NSO Group’s tools had been crafted to target users in Yemen, Turkey, Mozambique, Mexico, Kenya and the U.A.E.

除曼蘇爾外，NSO的其他目標還包括墨西哥記者拉斐爾•卡布雷拉(Rafael Cabrera)。他寫了一篇揭露墨西哥統治家族中的利益衝突的報道。在幾個案例中，NSO集團製作的工具被用來追蹤也門、土耳其、莫桑比克、墨西哥、肯尼亞和阿拉伯聯合酋長國境內的用戶。

Zamir Dahbash, an NSO Group spokesman, said in an email, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.”

NSO集團的發言人扎米爾•達巴什(Zamir Dahbash)在電子郵件中表示，“本公司只面向獲得授權的政府機構銷售產品，並完全遵守嚴格的出口管控法律規定。”

Mr. Dahbash added that NSO Group does not operate any of its systems and requires that its customers use its products in a “lawful manner.” “Specifically,” he said, “the products may only be used for the prevention and investigation of crimes.”

達巴什接着表示，NSO集團不操作自己的任何系統，並且要求客戶“合法”使用其產品。“具體來說，”他說。“相關產品僅用於預防和調查犯罪。”

He would not say if the software is used by government agencies in the U.A.E. or Mexico.

他沒有透露阿拉伯聯合酋長國或墨西哥的政府機構是否使用了相關軟件。

In 2014, NSO Group sold a majority stake to San Francisco-based private equity firm Francisco Partners Management LLC for $120 million. Francisco Partners declined to comment.

2014年，NSO集團將多數股權作價1.2億美元，賣給了總部設在舊金山的私募股權公司Francisco Partners Management LLC。後者拒絕置評。

Mr. Mansoor said in an interview that the discoveries were a sad reminder that no matter what he does to protect his devices and digital security, he will continue to be a target for companies that provide this sort of spying technology.

曼蘇爾在接受採訪時表示，這些發現令人遺憾，提醒他注意，不管爲保護自己的設備和數字安全採取了何種措施，他依然會成爲提供這種間諜技術的公司的目標。

“I guess I am their regular customer,” he said. “I am the guinea pig.”

“我猜我是他們的老客戶，”他說。“我就是那個試驗對象。”

Bill Marczak, the researcher at Citizen Lab who has been helping Mr. Mansoor protect his digital security, said that the surveillance experienced by Mr. Mansoor is likely to expand.

一直在幫助曼蘇爾保護其數字安全的“公民實驗室”研究人員比爾•馬爾切克說，曼蘇爾經歷的這種監視可能會擴大。

“The targeting of these activists and dissidents is a taste of what’s to come,” Mr. Marczak said. “What they’re facing today will be faced by ordinary users tomorrow.”

“針對這些活動人士和異見人士的活動預示着未來的發展趨勢，”馬爾恰克說。“他們今天面臨的情況，普通用戶明天也會遇到。”