敘利亞黑客色誘反政府武裝

WASHINGTON — To the young Syrian rebel fighter, the Skype message in early December 2013 appeared to come from a woman in Lebanon, named Iman Almasri, interested in his cause. Her picture, in a small icon alongside her name, showed a fair-skinned 20-something in a black head covering, wearing sunglasses.

華盛頓——在那名年輕的敘利亞反對派武裝人員看來，2013年12月初Skype上的那條消息，似乎是黎巴嫩的一個名爲伊曼·阿爾馬斯里(Iman Almasri)的女子發來的，對方對他投身的事業很感興趣。名字旁邊的小圖標裏是她的照片，圖上的她皮膚白皙，二十多歲，戴着黑色頭巾和太陽鏡。

They chatted online for nearly two hours, seemingly united in their opposition to the rule of Bashar al-Assad, the Syrian leader still in power after a civil war that has taken more than 200,000 lives. Eventually saying she worked “in a programing company in Beirut,” the woman asked the fighter whether he was talking from his computer or his smartphone. He sent her a photo of himself and asked for another of her in return. She sent one immediately, apologizing that it was a few years old.

他們在網上聊了近兩個小時，兩人似乎都反對敘利亞領導人巴沙爾·阿薩德(Bashar al-Assad)的統治。在內戰奪去了20多萬人的生命後，阿薩德依然在位。最後，該女子聲稱自己在“貝魯特的一家編程公司”工作，並問他是在用電腦還是智能手機聊天。他發了一張自己的照片，並讓她也發一張作爲交換。她馬上就傳來了一張，並抱歉地表示是幾年前拍的。

“Angel like,” he responded. “You drive me crazy.”

“像天使一樣，”他回覆說。“你讓我着迷。”

What the fighter did not know was that buried in the code of the second photo was a particularly potent piece of malware that copied files from his computer, including tactical battle plans and troves of information about him, his friends and fellow fighters. The woman was not a friendly chat partner, but a pro-Assad hacker — the photos all appear to have been plucked from the web.

此人不知道，第二張照片的代碼中隱藏了一款特別強大的惡意軟件，會複製他電腦裏的文件，包括戰術性作戰方案，以及有關他本人、他的朋友和其他叛軍的大量信息。這名女子並不是一個友好的聊天夥伴，而是支持阿薩德的黑客。她的那些照片似乎都是從網上下載的。

The Syrian conflict has been marked by a very active, if only sporadically visible, cyberbattle that has engulfed all sides, one that is less dramatic than the barrel bombs, snipers and chemical weapons — but perhaps just as effective. The United States had deeply penetrated the web and phone systems in Syria a year before the Arab Spring uprisings spread throughout the country. And once it began, Mr. Assad’s digital warriors have been out in force, looking for any advantage that could keep him in power.

敘利亞衝突的一個特點是，即便僅僅零星可見，但卻存在着非常活躍的網絡戰，且各方均有參與。網絡戰不及油桶炸彈、狙擊手和化學武器那樣驚心動魄，但效果或許是一樣的。在阿拉伯之春運動在敘利亞各地擴散前的一年，美國就已深度滲透進了該國的網絡和電話系統。而網絡戰一打響，阿薩德的數字大軍也紛紛出動，尋找任何可能讓他繼續當權的有利條件。

In this case, the fighter had fallen for the oldest scam on the Internet, one that helped Mr. Assad’s allies. The chat is drawn from a new study by the intelligence-gathering division of FireEye, a computer security firm, which has delved into the hidden corners of the Syrian conflict — one in which even a low-tech fighting force has figured out a way to use cyberespionage to its advantage. FireEye researchers found a collection of chats and documents while researching malware hidden in PDF documents, which are commonly used to share letters, books or other images. That quickly took them to the servers where the stolen data was stored.

在前述案例中，那名反對派武裝人員就被互聯網上最古老的騙局矇蔽了。該騙局幫助了阿薩德的盟友。那次聊天的例子摘自電腦安全公司火眼(FireEye)的情報蒐集部門進行的一項新研究。該公司對敘利亞衝突的隱蔽角落進行了探索。在這場衝突中，就連技術含量較低的作戰部隊，也想出了利用網絡間諜活動來爲己方製造優勢的辦法。在分析通常被用來共享信件、圖書或其他圖片的PDF文件中隱藏的惡意軟件時，火眼公司的研究人員發現了一批聊天記錄和文件。這很快將他們引向了存儲被盜數據的服務器。

Like the hackers who the United States says were working for North Korea when they attacked Sony Pictures in November, the assailants aiding Mr. Assad’s forces in this case took steps to hide their true identities.

美國表示，去年11月，服務於朝鮮的黑客攻擊了索尼電影娛樂公司(Sony Pictures)。在敘利亞的案例中，和入侵索尼網絡的黑客一樣，爲阿薩德的部隊提供援助的攻擊者採取了隱藏真實身份的多重措施。

The report says the pro-Assad hackers stole large caches of critical documents revealing the Syrian opposition’s strategy, tactical battle plans, supply requirements and data about the forces themselves — which could be used to track them down. But it is not evident how or whether this battlefield information was used.

該報告稱，支持阿薩德的黑客竊取了大量關鍵文件。這些文件透露了敘利亞反對派的戰略、戰術性作戰方案、供給要求以及有關反叛武裝本身的信息——這類消息可能會被用來追蹤他們的身份。不過，這些作戰信息是否被用到了，以及具體的利用方式爲何，目前並不清楚。

“You’ve got a conflict with a lot of young, male fighters who keep their contacts and their operations on phones in their back pockets,” said one senior American intelligence official who spoke on the condition of anonymity to discuss espionage matters. “And it’s clear Assad’s forces have the capability to drain all that out.”

“你的作戰對象是年輕的男性武裝人員，而他們把自己的聯繫人信息和行動計劃保存在身後口袋裏的手機上，”一名美國高級情報官員稱。由於討論的是間諜問題，此人要求不具名。“顯然，阿薩德的部隊有能力把這些信息全部竊取過來。”

Mr. Assad was also the victim of cyberattacks, but of a far more advanced nature.

阿薩德本人也曾是網絡攻擊的受害者，但他遭受的那些攻擊活動要複雜得多。

A National Security Agency document dated June 2010, written by the agency’s chief of “Access and Target Development,” describes how the shipment of “computer network devices (servers, routers, etc.) being delivered to our targets throughout the world are intercepted” by the agency. The document, published recently by Der Spiegel, the German magazine, came from the huge trove taken by Edward J. Snowden; this one shows a photograph of N.S.A. workers slicing open a box of equipment from Cisco Systems, a major manufacturer of network equipment.

國家安全局(National Security Agency)的一份日期爲2010年6月的文件，描述了在該機構的行動中，“運往世界各地目標的計算機網絡設備（服務器、路由器等）是如何被截獲的。”文件的起草者是該機構“信息獲取與目標發展行動”(Access and Target Development)的負責人。《明鏡》週刊(Der Spiegel)最近披露了這份文件。它是愛德華·J·斯諾登(Edward J. Snowden)手中的大量機密文件之一。文件中配有一張圖片，展示的是國家安全局的工作人員正在劃開來自大型網絡設備生產商思科系統(Cisco Systems)的一箱設備。

After being opened, electronic “beacon implants” were placed in the circuitry. One set of devices was “bound for the Syrian Telecommunications Establishment to be used as part of their Internet backbone,” the document reveals. To the delight of American intelligence agencies, they soon discovered they had access to the country’s cellphone network — enabling American officials to figure out who was calling whom, and from where.

打開設備包裝後，他們在電路中放入了電子“信標嵌入裝置”。文件中披露，其中一套設備“將送到敘利亞的電信機構，成爲其互聯網基礎設施的一部分”。讓美國情報機構喜上眉梢的是，他們很快發現，自己可以進入該國的手機網絡了。美國官員可以藉此查出誰在給誰打電話，又是從哪裏打出。

Such interceptions are still highly classified; the United States government has never discussed its access to the Assad communications network. But the FireEye report, which will be released on Monday, makes it clear that such “network exploitation” is now a routine part of even the most low-tech if brutal civil wars, and available to those operating on a shoestring budget.

這樣的截獲行動仍然屬於高度機密；美國政府從未談論過進入阿薩德的通訊網絡的事情。不過火眼公司的報告明確顯示，即使是在十分殘酷但科技含量極低的內戰中，這樣的“網絡開發”都屬於常規做法。哪怕預算捉襟見肘，也可以獲得此類技術。該報告於週一發佈。

And that is a new development. The theft of the rebel battle plans stands in contrast to the cybervandalism carried out in recent years by the Syrian Electronic Army, which American intelligence officials suspect is actually Iranian, and has conducted strikes against targets in the United States, including the website of The New York Times. But mostly these have been denial-of-service attacks, which are annoying but not potential game-changers on the battlefield.

這是一個新情況。反對派作戰計劃被竊取一事，不禁讓人聯想起敘利亞電子軍(Syrian Electronic Army)最近幾年實施的網絡破壞活動。美國情報官員懷疑，敘利亞電子軍隸屬於伊朗，其攻擊對象包括美國的一些目標，如《紐約時報》的網站。但多數破壞活動爲拒絕服務攻擊，雖然很讓人惱火，但不大可能對戰爭的局勢帶來徹底的改變。

Exactly who conducted the hacking on behalf of Mr. Assad’s forces remains a mystery, as does whether the stolen data was ever used by the Syrian military. One of the authors of the report, Nart Villeneuve, a threat intelligence analyst for the company, said that it was likely that the hackers were based in Lebanon — which would be the only true statement in the chat with the Syrian fighter. They used a computer server in Germany, where FireEye found many of their chats in unprotected directories. A handful of the targets of the Syrian operation were contacted in recent months by FireEye researchers. “They really didn’t understand what had happened,” Mr. Villeneuve said. “They didn’t know their computers and phones had been compromised.”

究竟是誰爲阿薩德部隊實施了黑客活動仍然是一個謎，同樣不得而知的還有，被盜數據是否真的曾經爲敘利亞軍方所用。報告的作者之一納爾特·維爾納夫(Nart Villeneuve)是火眼公司的威脅情報分析師。他說，這些黑客很有可能是在黎巴嫩運作的——這可能是與那名敘利亞反對派武裝人員的對話中惟一的真實表述。他們使用了一臺位於德國的計算機服務器。火眼公司在那裏的不受保護的目錄中發現了許多聊天記錄。最近幾個月，火眼公司的研究人員聯繫了敘利亞武裝中的幾個受害目標。“他們真的不明白髮生了什麼，”維爾納夫說。“他們不知道自己的電腦和手機遭到了入侵。”