• 博客等级:
  • 博客积分:0
  • 博客访问:79,744
  • 关注人气:4
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
正文 字体大小:


(2011-06-16 17:13:39)






Cyber Hackers Advised U.S. on Attacking Libya Oil Industry

Private computer experts advised U.S. officials on how cyberattacks could damage Libya’s oil and gas infrastructure and rob Moammar Gadhafi’s regime of crucial oil revenue, according to a study obtained by hackers.

一位反抗军士兵,坐在利Ras Lanouf石油精炼厂前的防空机枪炮位上。(美联社Hussein Malla摄)
An anti-Libyan leader Moammar Gadhafi rebel, sits with an anti-aircraft machine gun in front the oil refinery in Ras Lanouf, Libya. (Hussein Malla/AP Photo)

(译注, cyber本意为计算机,本文中将译为赛格,参见深圳赛格广场。 塞格黎明是对“奥德赛黎明”的仿词,后者是对利政府的军事打击的行动代号。)
It remains unclear who commissioned “Project Cyber Dawn” and how much of a role the U.S. government played in it, but it shows the increasing amount of work being done by private companies in exposing foreign governments’ vulnerabilities to cyber attack.

“对于报告中提出实际操作建议的保密部分...让人惊叹于它的野心。”Eli Jellenc说,他是VeriSign公司的计算机安全专家。他本人未曾参与该研究并与报告的作者们没有联系。
“For the private sector to be making recommendations … that’s a level of ambition that you would not have seen until very recently,” said Eli Jellenc, a cyber security expert with VeriSign Inc. who is not linked to the study or its authors.

报告列出了利用计算机病毒使位于Ras Lanouf海岸的石油精炼厂停工的方法。这种病毒类似于去年导致伊朗铀浓缩机系统崩溃的Stuxnet蠕虫。报告同样分类列出了精炼厂中可能暴露的计算机硬件。
The study outlined ways to disable the coastal refinery at Ras Lanouf using a computer virus similar to the Stuxnet worm that led to a breakdown in Iran’s enrichment program late last year. It catalogued several pieces of potentially exposed computer hardware used at the refinery.

The study was discussed in some of nearly 1,000 emails stolen by hacking group Lulz Security from Delaware-based Internet surveillance firm Unveillance, LLC as part of an effort to show how vulnerable data can be. Most of the emails detail the day-to-day trivia of running a small technology startup, but others concern an effort to scout out vulnerabilities in Gadhafi’s electronic infrastructure.

Cyberwarfare has assumed an increasingly high profile following dramatic computer attacks on Google, Inc., U.S. defense contractors and the IMF. This month, the Pentagon is expected to release policy on whether some cyber attacks should be considered acts of war and when a U.S. cyber attack might be justified.

赛格黎明工程由“CSFI计算机安全论坛”总体负责并汇编成报告,该组织的成员包括军官、学术和商业领袖。Unveillance的首席执行官Karim Hijazi是这份报告的21个共同作者之一,论坛的创建者Paul de Souza和前美国家航空航天局密码破译专家Jeffrey Bardin同样名列其中。
Project Cyber Dawn was put together by the Cyber Security Forum Initiative, a group whose membership includes military officials, academics and business leaders. Unveillance Chief Executive Karim Hijazi was one of the report’s 21 co-authors, among them forum founder Paul de Souza and Jeffrey Bardin, a former NSA code breaker.

The group posted a redacted version of the study online on May 25, around the time that Hijazi realized his emails had been compromised, but by then the unredacted version was already online.

Bardin declined to answer specific questions about the unredacted version of the study. He acknowledged in a blog that it was circulated to “defense and intel types” but he refused to go into any further detail when contacted by email, saying only that he and his colleagues “are proud of the work we did.”

Hijazi通过一位代理人将针对报告的问题转交给de Souza,后者在一份声明中说报告的目的是“提醒国际社会”攻击利石油精炼厂的工业控制系统可能造成的风险。
Through a representative, Hijazi referred questions about the report to de Souza, who in a statement said it was aimed at “educating the international community” about the risks of an attack on the industrial control systems at oil refineries in Libya.

但报告中的建议很大程度上是提供给美国官方的,内容包括美国情报机构如何侦察当前或者以后的利比亚政权的消息。对此de Souza并未作详细解释。
But the recommendations are apparently addressed to American officials and contain suggestions on how U.S. intelligence could best spy on the current or any future Libyan administration. Despite repeated emails, de Souza did not clarify how such advice would be useful to an international audience.

The authors of Cyber Dawn argued that something similar to the Stuxnet attack on Iran could be done in Libya, noting that German engineering conglomerate Siemens AG — whose software system was exploited by Stuxnet — has played an important role in projects across the North African country.

Ras Lanouf每天可处理220,000桶原油,报告指出供应练油厂电力的电厂计算机系统是薄弱环节,因为它们中的某些硬件和伊朗一样是西门子产的。一位身在德国的西门子发言人未对记者的采访Email进行答复。
At Ras Lanouf, which has the capacity to handle 220,000 barrels of oil per day, the report identified the computers involved in running the refinery’s power plant as vulnerable because some were the same Siemens-brand hardware as the kind used in Iran. A Germany-based spokesman for Siemens didn’t return an email seeking comment.

Ras Lanouf依然处于卡的控制之下,而随着利比亚战事的胶着,联军或许乐于见到一场精确和不流血的计算机攻击发生在这些炼油厂中并打击卡的石油收入。
Ras Lanouf remains under Gadhafi’s control, and, as the Libyan civil war drags on, governments might see a cyberattack on such a facility as a discreet and bloodless way of cutting into Gadhafi’s oil revenue.

It remains unclear who was briefed about Cyber Dawn, and whether any of its ideas were taken onboard.

Several of the leaked emails suggest that the report was circulated among Pentagon officials, presidential staffers, and a group at the ODNI, presumably the Office of the Director of National Intelligence.

“Our final report will make it to the White House,” Bardin wrote in one of the emails.

But senior defense officials told The Associated Press they were unaware of the study. Officials, speaking on condition of anonymity because they were not authorized to describe internal discussions, said the Department of Defense gets unsolicited reports all the time, and that some of them may be reviewed by staff.

U.S. government cybersecurity experts would not comment on what, if any, hacking operations are being waged against the Gadhafi regime.

华盛顿的Lolita C. Baldor对此文写作有帮助。
Lolita C. Baldor in Washington contributed to this report.


Officially released version of Project Cyber Dawn: http://ow.ly/5bSIj (.pdf)
Bardin’s explanation of Cyber Dawn: http://ow.ly/5cPOO
Unveillance statement on the hack: http://ow.ly/5cPMJ
Cyber Security Forum Initiative: http://www.csfi.us/


阅读 评论 收藏 转载 喜欢 打印举报/Report
  • 评论加载中,请稍候...




    新浪BLOG意见反馈留言板 电话:4000520066 提示音后按1键(按当地市话标准计费) 欢迎批评指正

    新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

    新浪公司 版权所有