網絡攻擊進入危險的新階段

Hillary Clinton’s presidential campaign was thrown into turmoil by the leak of emails documenting dirty tactics by the Democratic party leadership. Suggestion of attempts to rig the primary contest in her favour is not merely embarrassing; it is bound to anger supporters of her defeated rival, Bernie Sanders, and deepen the party’s divisions. But this should not be a source of satisfaction for Republicans. They should be equally alarmed by the possibility that the leak came from Moscow — marking a serious escalation in the long term trend of Russian aggression in cyber space.

記錄美國民主黨領導層“骯髒勾當”的電子郵件的泄露，讓希拉里•克林頓(Hillary Clinton)的競選陷入了混亂。試圖操縱初選、使之有利於希拉里的跡象不僅令人難堪，還一定會惹怒已被希拉里擊敗的對手伯尼•桑德斯(Bernie Sanders)的支持者，進一步加劇民主黨的分裂。但美國共和黨不應因此而竊喜。後者同樣應該對下面這種可能性感到警惕，即此次泄密有可能是莫斯科方面所爲——標誌着俄羅斯網絡空間攻擊行爲的長期趨勢出現重大升級。

It is extremely difficult to pin down the source of a hacking attack — especially given the Kremlin’s tendency to outsource such work to criminal groups or pro-government organisations. However, cyber security firms have set out credible evidence to identify the groups responsible for hacking the Democratic National Committee’s network — best known as APT 28 and APT 29. They say that the techniques these groups use, the timezone in which they operate and their previous targets — including the White House and US State Department, eastern European governments and Nato — suggest close links to the Kremlin or Russian security services.

確定黑客攻擊的來源極爲困難——尤其是考慮到克里姆林宮傾向將此類工作外包給犯罪團伙或親政府的組織。然而，網絡安全公司已展示了可靠證據，確認了侵入美國民主黨全國委員會(DNC)計算機網絡的組織——人們最熟悉的名字是APT 28和APT 29。網安公司表示，這些組織使用的技術、活動的時區以及先前的目標（包括白宮、美國國務院、東歐各國政府及北約(NATO)）表明，它們與克里姆林宮或俄羅斯安全機構之間存在密切聯繫。

It would hardly be a new development for Moscow to adopt such tactics. As far back as 2007, Estonia suffered crippling attacks on the websites of its banks, government and telecoms networks. Georgian state websites were targeted shortly before the outbreak of war in 2008. Of course, many other governments, the US foremost among them, employ similar methods to gather intelligence and counter security threats.

莫斯科採用此類手段並不新鮮。早在2007年，愛沙尼亞國內的銀行、政府及電信網絡就遭受過致命攻擊。2008年，俄格戰爭爆發前不久，格魯吉亞政府網站也曾是攻擊目標。當然，許多其他國家的政府（尤其是美國）也採用類似方法收集情報、應對安全威脅。

What is worrying is that Russia is increasingly apt to use its intelligence findings to influence events on the ground. Cold war techniques of bugging and blackmail have new and dangerous possibilities in the era of social media and WikiLeaks. Moscow is combining old-fashioned tradecraft with a willingness to wage wars of disinformation, seeking to muddy the waters and undermine people’s faith in their own country’s institutions and authorities.

令人擔憂的是，俄羅斯越來越善於利用搜集到的情報對現實中的事件施加影響。在社交媒體和維基解密(WikiLeaks)的時代，冷戰時期的竊聽及敲詐技術有了新的、危險的可能性。莫斯科正在將老式的諜報技術與發動虛假情報戰的意願結合起來，試圖把水攪渾，破壞人們對自己國家機構和當局的信任。

This was true in Ukraine, where hackers attempted to corrupt the results of the 2014 elections. It was apparent in Syria, where Russia waged a systematic cyber campaign against opposition groups and NGOs, seeking to influence the flow of information and hide the extent of its military operations. If it is true that Moscow is behind the leak of the DNC’s emails, this represents a far more brazen and audacious attempt to strike at the heart of the US democratic process.

烏克蘭就領教過這種策略，當時黑客試圖搞亂2014年大選的結果。這種策略在敘利亞也很明顯，俄羅斯在該國針對反對派組織和非政府組織進行了系統性的網絡攻擊，試圖左右信息傳播、掩蓋其軍事行動的規模。如果莫斯科真是此次DNC電郵泄露事件的幕後主使，這代表了俄羅斯在打擊美國民主進程核心方面更加厚顏無恥和大膽的嘗試。

This is an especially dangerous development at a time when there are so many cleavages in western society that can be exploited. Yet it is very hard to identify an effective response.

在西方社會存在如此多可被利用的裂隙之際，此事件是一個尤其危險的苗頭。然而，要找到有效的應對之策非常困難。

The US government can hardly protest about a leak that demonstrates Democratic failings. More generally, it is very difficult to put up effective technical defences against such attacks. As for diplomacy, the US has had some success — it struck a deal with China to refrain from cyber espionage that has at least helped. However, this was possible because Beijing was unwilling to be shown up and anxious to preserve its commercial interests. The US has no such leverage over Vladimir Putin. Sanctions against Russia are already in place. As for deterrence, there is only so far rhetoric can go.

美國政府幾乎不可能去抗議一起揭露民主黨陰私的爆料。總體而言，很難針對此類攻擊行爲建立有效的技術防禦。至於外交方面，美國取得了一些成功——與中國達成的不進行網絡間諜活動的協議至少有所幫助。然而，中美之所以能達成協議，是因爲北京方面不願意被揭穿，而且急於要保護自己的商業利益。但美國對弗拉基米爾•普京(Vladimir Putin)沒有這樣的籌碼。對俄羅斯的制裁早已就位。至於威懾，打打嘴仗的效果始終有限。

The immediate effect of the leak may be to damage Mrs Clinton’s campaign. But this is no cause for Donald Trump to celebrate. It is rather a reminder that this is no time for the US to weaken its commitment to transatlantic security.

此次電郵泄露的直接影響可能是破壞希拉里的競選。但這不應成爲唐納德•特朗普(Donald Trump)慶祝的理由。這一件事反倒提醒我們，眼下美國絕不能削弱對跨大西洋安全的承諾。