奧巴馬反黑客努力收效甚微
Two years ago, the Obama administration announced a new strategy to curb online espionage.
兩年前,奧巴馬政府宣佈了一項遏制網絡間諜活動的新戰略。The five-point strategy came after a 2013 article in The New York Times about how the newspaper had been breached by Chinese hackers. The Times, working with a security company, also concluded that thousands of other American companies had been hacked by a Chinese military unit in Shanghai.
在這份包含五點內容的戰略公佈之前,《紐約時報》剛在2013年發表了一篇記錄本報遭到中國黑客侵入的文章。此外,時報與一家安全公司合作,發現還有數千家美國公司遭到了位於上海的一箇中國軍方單位的黑客襲擊。The White House said it would increase public awareness of the threat, encourage the private sector to increase its defenses, focus diplomacy on protecting trade secrets overseas, improve trade secret theft legislation and make investigations and prosecutions of corporate and state-sponsored trade secret theft a top priority.
白宮表示,該戰略將提高公衆對這一威脅的關注度、鼓勵私營部門加強防禦、在外交工作中專注於保護海外的商業機密、改進防止竊取商業機密的相關立法,並把調查和起訴盜竊企業和政府支持的商業機密的行爲作爲工作重心。
Since then, public awareness is up and so is spending. But the hacking continues.
此後,公衆的關注度有所提高,相關的支出也增加了。黑客活動卻還在繼續。The private sector spent $665 million on data loss prevention last year, according to the technology research firm Gartner, with a 15 percent increase expected this year. On the legislative front, Congress strengthened penalties for those convicted under the Economic Espionage Act, raising the maximum fine for individuals convicted to $5 million from $500,000. And in terms of law enforcement, the F.B.I. lists digital crime, including intrusions that result in trade secret theft, as its third priority, just behind terrorism and counterintelligence. The agency reported a 60 percent increase in trade secret investigations from 2009 through 2013.
根據技術調研公司高德納(Gartner)的數據,私營部門去年花費了6.65億美元(約合41.3億元人民幣)來防止數據丟失,預計這一支出今年將增長15%。在立法方面,國會加強了對違反《經濟間諜法》(Economic Espionage Act)行爲的懲罰力度,將個人罰款的上限從50萬美元提升到了500萬美元。在執法方面,聯邦調查局(FBI)將包括導致商業機密盜竊的網絡侵入活動在內的網絡犯罪,列爲排名第三的重要任務,僅次於恐怖主義和反間諜工作。該機構稱,從2009年到2013年,有關商業機密的調查增加了60%。But diplomatic efforts to engage China on the topic have largely failed. China’s response has simply been that it, too, is a victim of online attacks. And online espionage shows little sign of abating. Last year, 18 percent of the 1,598 confirmed breaches analyzed by Verizon were used for online espionage, compared with 22 percent of 1,367 attacks in 2013. Senator Sheldon Whitehouse, Democrat of Rhode Island, told a Senate Judiciary Committee hearing last year that 1 to 3 percent of United States gross domestic product was still lost, every year, through trade secret theft.
不過,在這一問題上接觸中國的種種外交努力基本上以失敗告終。中國的迴應一直很乾脆:“我們也是網絡攻擊的受害者”。網絡間諜行爲沒有什麼降溫的跡象。去年,威瑞森通訊(Verizon)分析的1598件網絡侵入案中,18%是爲了從事網絡間諜活動,而2013年的1367起事件中,網絡間諜活動佔22%。來自羅德島的民主黨參議員謝爾登·懷特豪斯(Sheldon Whitehouse)去年在參議院司法委員會(Senate Judiciary Committee)的聽證會上說,美國每年仍有1%到3%的國內生產總值因爲商業機密盜竊而流失。“There hasn’t been any change,” said James A. Lewis, a digital security expert at the Center for Strategic and International Studies in Washington. “There’s a lot more we can do. But we haven’t reached our pain point for taking more drastic steps on cyberespionage, and the Chinese haven’t reached their pain point for stopping it.”
“沒有發生任何改變,”華盛頓國際戰略研究中心(Center for Strategic and International Studies)的網絡安全專家詹姆斯·A·劉易斯(James A. Lewis)說。“我們能做的還有很多。但我們還沒達到對網絡間諜活動採取更嚴厲措施的痛點,中國也沒有達到停止這種行爲的痛點。”The Justice Department is under significant pressure to bring more trade secret cases under the Economic Espionage Act. But it is incredibly difficult to bring cases against sophisticated hackers, who are not only smart enough to cover their tracks but also smart enough to live outside the United States. It is equally difficult to serve court summonses to the Chinese corporations that investigators say they believe are benefiting from stolen trade secrets.
司法部正面臨着查處更多違反《經濟間諜法》的商業機密竊取案件的巨大壓力。不過,要想起訴手段高明的黑客格外困難,因爲他們不僅聰明到可以掩蓋自己的行蹤,還懂得生活在美國以外的地區。要把法院傳票送到調查人員認爲從被竊商業機密中獲利的中國公司手中,也同樣困難。In 2013, the Justice Department brought several indictments that charged Chinese nationals with stealing trade secrets for the benefit of corporations in China, but none of the cases involved trade secrets obtained through online attacks. All the indictments involved either employees or former employees accused of passing their employer’s trade secrets to a company in China, or people who paid an employee to do so.
2013年,司法部發起了多起訴訟,指控一些中國公民竊取商業機密,從而爲中國的企業牟利,但這些案子都與網絡攻擊無關。在這些案件中,一些當下或以前的僱員被控把僱主的商業機密提供給了中國企業,或是付給他們報酬的個人。The story was similar in 2014. During the first nine months of the year, the Justice Department reported 20 new prosecutions under the Economic Espionage Act — a 33 percent increase from 2013 — and several convictions, but only two of the indictments involved trade secrets theft via digital intrusions.
2014年的情形也是大同小異。在頭九個月裏,司法部通報,根據《經濟間諜法》提出了20起新的訴訟——較2013年增長了33%——其中有一些人定罪,但其中只有兩起指控與網絡竊取商業機密有關。One, the landmark indictment filed last year against five members of the People’s Liberation Army for hacking United States companies, was largely symbolic given that the United States has no jurisdiction in China.
去年針對中國軍方五名成員網絡攻擊美國企業的里程碑式的正式指控,基本上只具有象徵意義,因爲美國在中國沒有司法權。In another, in August, a federal grand jury in California indicted a Chinese businessman on charges of conspiring to steal military secrets by hacking into Boeing and other United States companies. The defendant, Su Bin, is awaiting extradition in Canada.
去年8月,在另一起案件中,加州的一個聯邦大陪審團指控一名中國商人,密謀通過攻擊波音(Boeing)等美國公司來竊取軍事機密。被告蘇斌(音)正在加拿大等待引渡。The Justice Department’s biggest success last year was when prosecutors obtained the first-ever federal jury conviction for economic espionage charges against two Americans and a corporation accused of selling DuPont trade secrets to a state-owned company in China.
司法部去年最大的成就是,檢方首次說服聯邦陪審團判定兩名美國人和一家企業的經濟間諜罪名成立。他們被指向一家中國國有企業出售杜邦公司(DuPont)的商業機密。But that was not a hacking case. The two were charged with stealing trade secrets the old-fashioned way, by poaching former DuPont employees. And in that case too, the Justice Department’s efforts to bring charges against two Chinese citizens who played a central role in the theft, and the Chinese state-owned companies that benefited from them, have stalled.
不過,這不是一起網絡攻擊案件。兩人被控以傳統的方式竊取商業機密,即通過挖去杜邦公司的前員工。此外,在這個案子裏,司法部意圖指控在機密竊取過程中扮演核心角色的兩名中國公民和這家獲利的中國國企,但相關努力陷入了停滯。A look at two cases the Justice Department did bring against one Chinese-American and another Chinese citizen living in the United States suggests that the agency has found it difficult to constructively respond to online espionage. Those two cases suggest the pressure to bring such cases may be doing more harm than good.
再看看司法部針對一名華裔美國人和另一名在美國居住的中國公民的調查就會發現,該部門很難有效應對網絡間諜行爲。這兩樁案件顯示,調查此類案件的壓力可能弊大於利。In Ohio, the Justice Department pursued a Chinese-American hydrologist for potential violations of the Economic Espionage Act, court documents show, but failed to find evidence and still tried to prosecute her for lesser charges that could have added up to 25 years in prison. After a review of her case revealed she was hardly a Chinese spy, the government dropped charges just before it was set to go to trial in March.
法庭文件顯示,在俄亥俄州,司法部調查了一名華裔水文專家可能存在的違反《經濟間諜法》的行爲,但未能找到證據,卻仍然試圖用較輕的罪名指控她,而這些罪名可以並罰25年的監禁。由於審覈之後發現她不大可能是中國間諜,政府在3月即將開始的庭審前撤銷了指控。And in Philadelphia, a Chinese citizen who has permanent residency status in the United States has been held in a federal detention center since September 2012, after he was accused of damaging a corporate server computer to cover up trade secret theft. There, too, the government did not find violations of the Economic Espionage Act, but has aggressively pursued lesser charges, including intentionally causing harm to a protected computer system. His trial is scheduled for November.
在費城,一名在美國擁有永久居留身份的中國公民,自從2012年9月就一直被關押在聯邦拘留中心,在那之前他被指控破壞一家公司的服務器電腦,從而掩蓋商業祕密竊取行爲。在該案件中,政府同樣沒有發現違反《經濟間諜法》的行爲,但仍積極地對他進行較輕的指控,包括故意破壞一個受保護的計算機系統。他的庭審定於11月進行。Trying another tack, President Obama signed a new executive order in April that established the first sanctions aimed at curbing foreign cyber espionage. The order authorized financial and travel sanctions against anyone participating in online attacks that posed a threat to the “national security, foreign policy, or economic health or financial stability of the United States.”
奧巴馬總統又嘗試另一種做法,於4月簽署了一項新的行政命令,出臺了第一批旨在遏制外國網絡間諜活動的制裁措施。該命令授權對任何參與網絡攻擊、進而“對美國的國家安全、外交政策、經濟狀況或財政穩定”構成威脅的人進行財務和旅行方面的制裁。Until those sanctions are exercised, experts say the only option for curbing digital espionage may be patient diplomacy.
在這些制裁實施之前,專家稱,遏制網絡間諜活動的唯一選擇就是需要耐心開展的外交活動。“They don’t live here, so we can’t arrest them, and we’re not going to go to war over this,” Mr. Lewis said. “So the key is consistent persuasion and pressure. It may be slow and it may not work. But there is no other alternative.”
“他們不住在美國,所以我們不能逮捕他們,我們也不打算因爲這件事發動戰爭,”劉易斯說。“因此,關鍵是不斷地勸說和施壓。可能很緩慢,可能沒有效果。但沒有其他選擇。”
