美英或曾黑入SIM卡巨頭試圖監聽全球手機
LONDON — Gemalto, a French-Dutch digital security company, said on Wednesday that it believed that American and British intelligence agencies had most likely hacked into the company’s networks in an attempt to gain access to worldwide mobile phone communications. But it said that the intrusions had only limited effect.
倫敦——法國荷蘭合資的數字安全公司金雅拓(Gemalto)週三表示,美國和英國情報機構很有可能入侵了該公司的網絡,以便監聽全球移動電話通信。但它說,這些入侵活動的影響有限。Gemalto said that the attacks had occurred over two years, starting in 2010, but that the National Security Agency of the United States and its British counterpart, the Government Communications Headquarters, or GCHQ, had failed to gain wholesale access to the company’s SIM card encryption codes.
金雅拓說,攻擊活動從2010年開始,持續了兩年多時間,但美國國家安全局(NAS)和英國的對應機構政府通訊總部(GCHQ)未能大規模竊取該公司SIM卡密鑰。
The company is the world’s largest producer of cellphone SIM cards — the small chips that hold an individual’s personal security and identity information — and its networks could have given American and British intelligence agencies the ability to collect mobile voice and data communications without the permission of governments or telecommunications providers.
SIM卡是存儲個人安全身份信息的小芯片,而金雅拓是全球最大的手機SIM卡生產商,英美情報機構如果成功侵入了該公司的網絡,就可以在沒有政府或電信運營商許可的情況下,蒐集移動語音和數據通信信息。
This hacking was first reported last week by the website The Intercept based on documents from 2010 provided by Edward J. Snowden, the former N.S.A. contractor whose leak of agency documents has set off a national debate over the proper limits of government surveillance.
上週,截擊(The Intercept)網站依據前NSA承包商僱員愛德華·J·斯諾登(Edward J. Snowden)提供的2010年的一些文件,率先報道了這一攻擊活動。斯諾登之前曝光的情報文件已經在美國掀起了全國性的辯論,一些人要求對政府監控加以適當限制。“At the time, we were not able to identify the perpetrators of the attacks,” Patrick Lacruche, Gemalto’s head of security, said at a news conference in Paris on Wednesday. “We now think that they could have been linked to the GCHQ. and N.S.A. operation.”
“當時,我們無法確定是誰發起了攻擊,”本週三,金雅拓安全主管帕特里克·拉克魯切(Patrick Lacruche)在巴黎的新聞發佈會上說。“我們現在認爲,這些攻擊可能與GCHQ和NSA有關。”The leaked documents from Mr. Snowden suggested that millions of SIM cards could have been affected. Olivier Piou, Gemalto’s chief executive, disputed that claim, but he declined to provide an exact figure.
從斯諾登泄露的文件來看,數以百萬計的SIM卡可能都遭受了影響。金雅拓首席執行官奧利維耶·皮烏(Olivier Piou)否認了這種說法,但他拒絕提供確切數字。“At the very most, very little,” said Mr. Piou when questioned by reporters about how many SIM cards were potentially infiltrated.
當記者問及有多少SIM卡可能遭到滲透時,“往最糟的情況估計,也非常少,”皮烏說。The company’s share price rose about 3 percent in afternoon trading in Amsterdam. Last week, analysts had warned that the suspected government hacking could affect Gemalto’s operations, though the company’s stock has fallen only about 2 percent since The Intercept published its article late Thursday.
該公司的股價在阿姆斯特丹股市下午的交易中上漲了約3%。雖然自從截擊網站上週四晚進行報道後,該公司的股價跌幅僅爲大約2%,但上週曾有分析師警告說,金雅拓的業務可能會受政府入侵消息的影響。A GCHQ spokesman declined to comment on the intelligence matters, and the N.S.A. did not respond to requests for comment.
GCHQ發言人拒絕就相關情報問題發表評論,NSA則沒有迴應記者的置評請求。Gemalto, whose customers include some of the world’s largest carriers, including Verizon Wireless and China Mobile, started its investigation into the possible hacking by the intelligence agencies after the company’s share price fell on Friday in the wake of the revelations. It was impossible to independently verify the company’s internal investigation into the hacking.
金雅拓公司的客戶中包括威瑞森無線(Verizon Wireless)和中國移動這樣的全球頂級運營商,入侵事件曝光後,該公司股價在上週五出現下跌,金雅拓也開始調查情報機構可能對該公司展開的入侵行動。獨立覈實該公司對入侵事件的內部調查是不可能的。The revelations are the latest in a series of suspected hacking activities by American and British intelligence agencies that were made public by Mr. Snowden.
斯諾登公開了英美情報機構涉嫌開展的一系列黑客活動,金雅拓遭受的攻擊則是最新曝光的一起。Targets of the surveillance programs have included high-profile figures like Angela Merkel, the German chancellor, whose cellphone conversations American intelligence agencies are suspected of monitoring. The services of a number of the world’s largest tech companies, including Google and Facebook, were also infiltrated, according to the Snowden leaks.
這些監聽計劃的目標包括德國總理安吉拉·默克爾(Angela Merkel)這樣的顯要人士,她的手機通話有可能遭受了美國情報機構的竊聽。從斯諾登曝光的文件來看,谷歌和Facebook等全球頂級高科技公司的服務也遭到了滲透。The tapping of people’s online communications has led to widespread criticism of what is perceived as overreaching by American and British intelligence agencies.
竊聽人們在線通信信息的做法遭到了廣泛批評,一些人認爲英美情報機構過度行使了職權。“Trust in the security of our communications systems are essential for our society and for businesses to operate with confidence,” Eric King, deputy director of Privacy International, an advocacy group based in London, said in a statement on Wednesday. “The impact of these latest revelations will have ripples all over the world.”
“對於我們的社會,以及對於企業經營的信心來說,人們對通信系統安全的信任是至關重要的,”總部設在倫敦的隱私國際(Privacy International)組織的宣傳部副主任埃裏克·金(Eric King)在週三的聲明中說。“這些最新曝光信息的影響將波及世界各地。”Gemalto said in a news release that it had experienced many attacks in 2010 and 2011 and that it detected “two particularly sophisticated intrusions which could be related to the operation.” But it said that the attacks “only breached its office networks and could not have resulted in a massive theft of SIM encryption keys.”
金雅拓在一份新聞稿中表示,它在2010年和2011年間經歷了大量攻擊,發現“兩次特別複雜的入侵可能與情報機構有關”。但該公司說,攻擊“僅僅侵入了辦公網絡,不會導致SIM密鑰的大規模失竊”。In June 2010, an unknown third party, which Gemalto said it now believed was either an American or British intelligence agency, had tried to spy on its communications network. A month later, Gemalto said, emails containing malware were sent to some of its customers, many of which are the world’s largest cellphone carriers. The emails had pretended to come from Gemalto’s employees.
2010年6月,曾有人試圖入侵金雅拓的通信網絡,現在該公司認爲,攻擊者可能就是美國或者英國情報機構。該公司還表示,一個月後,含有惡意軟件的郵件被髮送到它的一些客戶那裏,其中很多客戶都是世界上最大的手機運營商。這些電郵被僞裝成來自金雅拓員工的郵件。“We immediately informed the customer, and also notified the relevant authorities both of the incident itself and the type of malware used,” Gemalto said, adding that it had detected several attempts to gain access to its employees’ computers during that time.
“我們立即通知了客戶,同時也向有關部門通報了攻擊事件本身以及這些惡意軟件的類型,”金雅拓說,在那段時間,它發現好幾次有人試圖入侵公司員工的計算機。The company said that its SIM encryption codes and other customer data had not been stored on the networks that were targets of the attack, and that it had upgraded its internal security software beginning in 2010 to limit the impact of future hacking.
該公司表示,其SIM卡密鑰和其它客戶數據並沒有存儲在那些遭受攻擊的網絡上,而且它從2010年開始就升級其內部安全軟件,以便抵禦未來的黑客攻擊。Gemalto did admit, however, that the hacking attempts in 2010 may have given some access to SIM cards based on outdated telecom technology, known as 2G.
然而,金雅拓也承認,該公司2010年遭受的攻擊可能給會讓某些SIM卡蒙受損失,這些SIM卡採用的是過時的2G電信技術。American and British intelligence agencies are suspected of targeting SIM cards used by carriers in hot spots like Afghanistan, Iran and Yemen, which still mainly used 2G SIM cards in 2010, according to the leaked documents. This technology did not offer the same security protection as the SIM cards that are typically used in Western countries, Gemalto warned.
泄露的文件顯示,英美情報機構針對的目標可能是阿富汗、伊朗和也門等地區運營商使用的SIM卡,這些局勢緊張地區在2010年時主要使用的仍然是2G SIM卡。金雅拓警告說,2G技術的安全性不如西方國家通常使用的SIM卡強。“If the 2G SIM card encryption keys were to be intercepted by the intelligence services,” Gemalto said, “it would be technically possible for them to spy on communications when the SIM card was in use in a mobile phone.”
“如果情報部門截獲了2G SIM卡密鑰,”金雅拓說,“從技術上說,當一部手機在使用這種SIM卡的時候,他們是可以監聽通信的。”
