加载中…
个人资料
j110
j110
  • 博客等级:
  • 博客积分:0
  • 博客访问:79,744
  • 关注人气:4
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
相关博文
推荐博文
谁看过这篇博文
加载中…
正文 字体大小:

美联社:计算机黑客助力美国攻击利比亚石油工业

(2011-06-16 17:13:39)
标签:

利比亚

卡扎菲

黑客

计算机战争

军事

Cyber Hackers Advised U.S. on Attacking Libya Oil Industry

电脑专家就如何使用黑客技术破坏利比亚石油和天然气设施以掐断卡扎菲政权的石油收入为美官员提供了建议,本消息来源于黑客们截获的一项研究报告中的内容。
Private computer experts advised U.S. officials on how cyberattacks could damage Libya’s oil and gas infrastructure and rob Moammar Gadhafi’s regime of crucial oil revenue, according to a study obtained by hackers.
美联社:计算机黑客助力美国攻击利比亚石油工业

 
一位反抗军士兵,坐在利Ras Lanouf石油精炼厂前的防空机枪炮位上。(美联社Hussein Malla摄)
An anti-Libyan leader Moammar Gadhafi rebel, sits with an anti-aircraft machine gun in front the oil refinery in Ras Lanouf, Libya. (Hussein Malla/AP Photo)

目前尚不清楚是由谁授权启动了这项“赛格黎明工程”,也不知道美政府在其中究竟是什么样的角色。但看起来发现外国政府计算机系统漏洞的工作越来越多地是由私人企业完成的。
(译注, cyber本意为计算机,本文中将译为赛格,参见深圳赛格广场。 塞格黎明是对“奥德赛黎明”的仿词,后者是对利政府的军事打击的行动代号。)
It remains unclear who commissioned “Project Cyber Dawn” and how much of a role the U.S. government played in it, but it shows the increasing amount of work being done by private companies in exposing foreign governments’ vulnerabilities to cyber attack.

“对于报告中提出实际操作建议的保密部分...让人惊叹于它的野心。”Eli Jellenc说,他是VeriSign公司的计算机安全专家。他本人未曾参与该研究并与报告的作者们没有联系。
“For the private sector to be making recommendations … that’s a level of ambition that you would not have seen until very recently,” said Eli Jellenc, a cyber security expert with VeriSign Inc. who is not linked to the study or its authors.

报告列出了利用计算机病毒使位于Ras Lanouf海岸的石油精炼厂停工的方法。这种病毒类似于去年导致伊朗铀浓缩机系统崩溃的Stuxnet蠕虫。报告同样分类列出了精炼厂中可能暴露的计算机硬件。
The study outlined ways to disable the coastal refinery at Ras Lanouf using a computer virus similar to the Stuxnet worm that led to a breakdown in Iran’s enrichment program late last year. It catalogued several pieces of potentially exposed computer hardware used at the refinery.

Lulz黑客组织从位于特拉华州的因特网监视公司Unveillance窃取了近1000封研究计算机数据安全的Email。大部分Email的内容是是关于一项小技术的索碎细节,但其它的则事关一项探测出卡扎菲电力设施的计算机系统安全弱点的工作。
The study was discussed in some of nearly 1,000 emails stolen by hacking group Lulz Security from Delaware-based Internet surveillance firm Unveillance, LLC as part of an effort to show how vulnerable data can be. Most of the emails detail the day-to-day trivia of running a small technology startup, but others concern an effort to scout out vulnerabilities in Gadhafi’s electronic infrastructure.

计算机战争在发生对Google、美国防部和国际货币基金组织的传奇性攻击后已越来越贴近现实。本月五角大楼将公布是否将计算机攻击定义为战争行为以及何时美国可采取计算机攻击行为的政策原则。
Cyberwarfare has assumed an increasingly high profile following dramatic computer attacks on Google, Inc., U.S. defense contractors and the IMF. This month, the Pentagon is expected to release policy on whether some cyber attacks should be considered acts of war and when a U.S. cyber attack might be justified.

赛格黎明工程由“CSFI计算机安全论坛”总体负责并汇编成报告,该组织的成员包括军官、学术和商业领袖。Unveillance的首席执行官Karim Hijazi是这份报告的21个共同作者之一,论坛的创建者Paul de Souza和前美国家航空航天局密码破译专家Jeffrey Bardin同样名列其中。
Project Cyber Dawn was put together by the Cyber Security Forum Initiative, a group whose membership includes military officials, academics and business leaders. Unveillance Chief Executive Karim Hijazi was one of the report’s 21 co-authors, among them forum founder Paul de Souza and Jeffrey Bardin, a former NSA code breaker.

这一组织于5月25日公开发布了该研究报告的删节版,当Hijazi意识到他的邮件已被窃取时,未删节版的报告已经开始在网上流传。
The group posted a redacted version of the study online on May 25, around the time that Hijazi realized his emails had been compromised, but by then the unredacted version was already online.

Bardin拒绝回答有关报告中被删节部分的提问。他在一篇博文中确认报告已经发布给了“军事和情报部门”但拒绝在Email采访中提供任何进一步的消息,只是说他和同事们“对自己所做的工作感到自豪”。
Bardin declined to answer specific questions about the unredacted version of the study. He acknowledged in a blog that it was circulated to “defense and intel types” but he refused to go into any further detail when contacted by email, saying only that he and his colleagues “are proud of the work we did.”

Hijazi通过一位代理人将针对报告的问题转交给de Souza,后者在一份声明中说报告的目的是“提醒国际社会”攻击利石油精炼厂的工业控制系统可能造成的风险。
Through a representative, Hijazi referred questions about the report to de Souza, who in a statement said it was aimed at “educating the international community” about the risks of an attack on the industrial control systems at oil refineries in Libya.

但报告中的建议很大程度上是提供给美国官方的,内容包括美国情报机构如何侦察当前或者以后的利比亚政权的消息。对此de Souza并未作详细解释。
But the recommendations are apparently addressed to American officials and contain suggestions on how U.S. intelligence could best spy on the current or any future Libyan administration. Despite repeated emails, de Souza did not clarify how such advice would be useful to an international audience.

赛格黎明工程的作者们不建议伊朗的Stuxnet攻击被复制于利比亚,因为德国企业巨头Siemens的软件系统,亦即Stuxnet在伊朗的破坏目标,在整个北美的工程项目建设中也有广泛使用。
(译注,参见http://en.wikipedia.org/wiki/Stuxnet)
The authors of Cyber Dawn argued that something similar to the Stuxnet attack on Iran could be done in Libya, noting that German engineering conglomerate Siemens AG — whose software system was exploited by Stuxnet — has played an important role in projects across the North African country.

Ras Lanouf每天可处理220,000桶原油,报告指出供应练油厂电力的电厂计算机系统是薄弱环节,因为它们中的某些硬件和伊朗一样是西门子产的。一位身在德国的西门子发言人未对记者的采访Email进行答复。
At Ras Lanouf, which has the capacity to handle 220,000 barrels of oil per day, the report identified the computers involved in running the refinery’s power plant as vulnerable because some were the same Siemens-brand hardware as the kind used in Iran. A Germany-based spokesman for Siemens didn’t return an email seeking comment.

Ras Lanouf依然处于卡的控制之下,而随着利比亚战事的胶着,联军或许乐于见到一场精确和不流血的计算机攻击发生在这些炼油厂中并打击卡的石油收入。
Ras Lanouf remains under Gadhafi’s control, and, as the Libyan civil war drags on, governments might see a cyberattack on such a facility as a discreet and bloodless way of cutting into Gadhafi’s oil revenue.

赛格黎明计划通知了谁尚不得而知,其中的建议是否已实施同样没人知道。
It remains unclear who was briefed about Cyber Dawn, and whether any of its ideas were taken onboard.

一些泄漏了的邮件中提到报告已被提交给五角大楼的官员、总统事务助理以及ODNI的一些人,其中ODNI应该就是指美國國家情報總監辦公室。
Several of the leaked emails suggest that the report was circulated among Pentagon officials, presidential staffers, and a group at the ODNI, presumably the Office of the Director of National Intelligence.

“报告的最终版本将提交给白官”Bardin在其中一封邮件中说。
“Our final report will make it to the White House,” Bardin wrote in one of the emails.

但国防部的高级官员对美联社称他们未曾接到与该项研究有关的信息。一位因未被授权描述内部讨论会而匿名的官员说,国防部经常收到未经请求主动提供的报告,它们中只有一部分能得到仔细阅读。
But senior defense officials told The Associated Press they were unaware of the study. Officials, speaking on condition of anonymity because they were not authorized to describe internal discussions, said the Department of Defense gets unsolicited reports all the time, and that some of them may be reviewed by staff.

美政府计算机安全专家不会就可能的针对卡政权的黑客行动进行评论。
U.S. government cybersecurity experts would not comment on what, if any, hacking operations are being waged against the Gadhafi regime.

———
华盛顿的Lolita C. Baldor对此文写作有帮助。
Lolita C. Baldor in Washington contributed to this report.

———

Online:网上文档
正式公布的赛格黎明工程的相关文档(PDF)
Officially released version of Project Cyber Dawn: http://ow.ly/5bSIj (.pdf)
Bardin关于赛格黎明的解释
Bardin’s explanation of Cyber Dawn: http://ow.ly/5cPOO
Unveillance公司对邮件被黑客窃取事件的评论
Unveillance statement on the hack: http://ow.ly/5cPMJ
计算机安全论坛
Cyber Security Forum Initiative: http://www.csfi.us/

0

阅读 评论 收藏 转载 喜欢 打印举报/Report
  • 评论加载中,请稍候...
发评论

    发评论

    以上网友发言只代表其个人观点,不代表新浪网的观点或立场。

      

    新浪BLOG意见反馈留言板 电话:4000520066 提示音后按1键(按当地市话标准计费) 欢迎批评指正

    新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

    新浪公司 版权所有