捲入中美黑客大戰的普通美國人家

BELLEVILLE, Wis. — Drive past the dairy farms, cornfields and horse pastures here and you will eventually arrive at Cate Machine & Welding, a small-town business run by Gene and Lori Cate and their sons. For 46 years, the Cates have welded many things — fertilizer tanks, jet-fighter parts, cheese molds, even a farmer’s broken glasses.

威斯康星州貝爾維爾——從這裏的奶牛養殖場、玉米地和牧馬場開車過去，你最終會到達凱特機械及焊接廠，這是吉恩和洛瑞·凱特(Gene and Lori Cate)以及他們的兒子經營的一個小鎮家庭企業。46年來，凱茨一家焊接過許多東西：化肥罐、噴氣式戰鬥機的零部件、奶酪模具，甚至還有一位農民的摔壞了的眼鏡框。

And like many small businesses, they have a dusty old computer humming away in the back office. On this one, however, an unusual spy-versus-spy battle is playing out: The machine has been taken over by Chinese hackers.

像許多小企業一樣，他們有一臺塵舊的計算機，在企業辦公室裏嗡嗡作響地運轉着。但是，在這臺機器上，一場不同尋常的間諜與反間諜戰正在進行着：這臺機器已經被中國黑客接管了。

The hackers use it to plan and stage attacks. But unbeknown to them, a Silicon Valley start-up is tracking them here, in real time, watching their every move and, in some cases, blocking their efforts.

黑客用它來計劃和發動攻擊。但是，黑客不知道的是，一家硅谷初創公司正在這臺機器上跟蹤他們，實時觀察着他們的一舉一動，在某些時候，還實時阻止他們的攻擊。

“When they first told us, we said, ‘No way,’” Mr. Cate said one afternoon recently over pizza and cheese curds, recalling when he first learned the computer server his family used to manage its welding business had been secretly repurposed. “We were totally freaked out,” Ms. Cate said. “We had no idea we could be used as an infiltration unit for Chinese attacks.”

一天下午，吉恩·凱特邊吃着比薩餅和奶酪凝乳、邊說起這件事。“他們第一次告訴我們時，我們說，‘不可能。’”他回憶起第一次聽到他家用來管理焊接業務的計算機服務器被祕密地挪爲它用時說。“我們都驚呆了，”洛瑞·凱特說。“我們一點也不知道，我們被當作中國攻擊的一個滲入點。”

On a recent Thursday, the hackers’ targets appeared to be a Silicon Valley food delivery start-up, a major Manhattan law firm, one of the world’s biggest airlines, a prominent Southern university and a smattering of targets across Thailand and Malaysia. The New York Times viewed the action on the Cates’ computer on the condition that it not name the targets.

在最近的一個週四，黑客攻擊的目標似乎包括硅谷的一家食品外送初創公司、曼哈頓的一個主要律師事務所、世界上最大的航空公司之一、美國南部一所著名大學，以及泰國和馬來西亞的一些零散目標。《紐約時報》得以看到的凱特家服務器上的攻擊操作，條件是不報道受攻擊目標的名字。

The activity had the hallmarks of Chinese hackers known as the C0d0s0 group, a collection of hackers for hire that the security industry has been tracking for years. Over the years, the group has breached banks, law firms and tech companies, and once hijacked the Forbes website to try to infect visitors’ computers with malware.

這種操作具有被稱爲C0d0s0小組的中國黑客團伙的特點，該團伙聚集了一批僱來的黑客，計算機安全行業的人跟蹤他們已經多年了。幾年來，該團伙攻擊過銀行、律師事務所，以及技術公司，並一度劫持了《福布斯》網站，試圖讓網站訪問者的計算機感染上惡意軟件。

There is a murky and much hyped emerging industry in selling intelligence about attack groups like the C0d0s0 group. Until recently, companies typically adopted a defensive strategy of trying to make their networks as impermeable as possible in hopes of repelling attacks. Today, so-called threat intelligence providers sell services that promise to go on the offensive. They track hackers, and for annual fees that can climb into the seven figures, they try to spot and thwart attacks before they happen.

有一個銷售有關像C0d0s0這樣的攻擊團伙情報的既隱晦又被大肆炒作的新興行業。直到最近，公司通常採取的一種防禦戰略是，努力讓他們的網絡儘可能地不可滲透，以期擊敗進攻。如今，有所謂的威脅情報提供商，他們出售採取進攻方式的服務。他們跟蹤黑客，他們收取可能高達七位數的年費以試圖在攻擊發生前，發現和阻止攻擊。

These companies have a mixed record of success. Still, after years of highly publicized incidents, Gartner, a market research company, expects the market for threat intelligence to reach $1 billion next year, up from $255 million in 2013.

這些公司的業績魚龍混雜。儘管如此，在對計算機攻擊事件的多年廣泛報道之後，市場研究公司高德納(Gartner)預計，威脅情報的市場明年將達到10億美元的規模，而2013年的市場規模只是2.55億美元。

Remarkably, many attacks rely on a tangled maze of compromised computers including those mom-and-pop shops like Cate Machine & Welding. The hackers aren’t after the Cates’ data. Rather, they have converted their server, and others like it, into launchpads for their attacks.

值得注意的是，許多攻擊依賴於一個錯綜複雜的受感染計算機網，其中包括像凱特機械和焊接這樣的家庭企業的服務器。黑客對凱特家的數據並不關心。相反，他們把凱特家的、以及其他類似的服務器轉換爲他們發動攻擊的平臺。

These servers offer the perfect cover. They aren’t terribly well protected, and rarely, if ever, do the owners discover that their computers have become conduits for spies and digital thieves. And who would suspect the Cate family?

這些服務器爲黑客提供了最佳的掩護。它們往往沒有很好的安全保護，服務器的擁有者很少、也很難發現，他們的計算機已成爲間諜和數字化小偷的中轉站。而且，誰會懷疑凱特家的人呢？

Two years ago, the Cates received a visit from men informing them that their server had become a conduit for Chinese spies. The Cates asked: “Are you from the N.S.A.?”

兩年前，幾名男子來到凱特家，告訴他們，他們的服務器已成爲中國間諜的中轉站。凱特家人問：“你們是從國家安全局（簡稱NSA）來的嗎？”

One of the men had, in fact, worked at the National Security Agency years before joining a start-up company, Area 1, that focuses on tracking digital attacks against businesses. “It’s like being a priest,” said Blake Darché, Area 1’s chief security officer, of his N.S.A. background. “In other people’s minds, you never quite leave the profession.”

實際上，這些男子中有一人，在加入初創公司“一區”(Area 1)的很多年前，曾在國家安全局工作過。一區專門跟蹤針對企業的數字攻擊，首席安全官布雷克·達爾謝(Blake Darché)提到自己的NSA背景時說，“就像是當牧師。在其他人的心目中，你永遠不會完全離開那個行業。”

Mr. Darché wanted to add the Cates’ server to Area 1’s network of 50 others that had been co-opted by hackers. Area 1 monitors the activity flowing into and out of these computers to glean insights into attackers’ methods, tools and websites so that it can block them from hitting its clients’ networks, or give them a heads-up days, weeks or even months before they hit.

達爾謝想把凱特家的服務器添加到一區的一個由50臺已被黑客利用的其他計算機組成的網絡中來。一區監視着出入於這些計算機上的活動，從而深入瞭解攻擊者的方法、工具和他們的目標網站，以便在黑客攻擊公司客戶的網絡時進行阻止，或在攻擊發生前的數日、數週、甚至數月，讓客戶得到有關情報。

The Cates called a family meeting. “People work really hard to make products, and they’re getting stolen,” Ms. Cate said. “It seemed like the least we could do.” Area 1 paid for the installation cost, about $150.

凱特家爲此召開了一次家庭會議。“人家花大力氣製造產品，而產品卻在被盜取，”洛瑞·凱特說。“這似乎是我們至少可以做的事情。”一區支付了大約150美元的安裝費用。

Shortly after installing a sensor on the machine, Mr. Darché said his hunch was confirmed: The sensor lit up with attacks. Area 1 began to make out the patterns of a familiar adversary: the C0d0s0 group.

凱特家的計算機上安裝了一個探測設備後不久，達爾謝說，他的預感被證實了：探測設備上亮起了攻擊的信號。一區開始從中看到了一個熟悉對手的模式，這個對手就是C0d0s0小組。