Loading

分析:华为路由器严重威胁网络安全,以及美国面临的其他安全威胁 【中英对照翻译】

新闻来源:The Washington Times《华盛顿时报》| 作者:Bill Gertz 比尔•格茨| 发布时间:January 27, 2021 /2021年1月27日

翻译/简评:helloworld|校对:X-Wing飞得更高 |审核:freedust |Page:小雨

简评:

这篇文章向美国人展示了国家安全的现状,其讲述了三个方面:华为、南海和国家安全局加密系统。

在华为窃取了思科路由器部分代码后,美国通过代码附带的后门能够通过华为路由器监听其通讯线路,但斯诺登泄密后,美国失去了这项能力,而中共国因被各国采购的华为路由器,不仅获得了这项能力,还有了“信号情报”的能力。而这种能力可对中共国和盟国分享。这对美国和世界安全构成了威胁。

同时,中共国在南海的行为使负责了全球三分之二贸易的航线也受到威胁。作为应对,美国派出了航母打击舰队进行地区秩序维护任务。

最后,通过分析美国国家安全局2020年网络安全活动报告,文章描绘了国家安全局承载的重要任务,以及其面临的挑战。

这篇文章通过美国以往对华为路由器的黑客行为,阐述了为何华为会影响国家安全。华为系统及其相关的情报能力,在网络情报方面至关重要,不仅可以截获并分析数据,分析VPN信息流,还能进行拒绝服务攻击。而这项能力现在完全落入了中共国军方伪装的民企华为手中。

另外,对比中共国,美国的分析报告坦率地承认了自己的不足,以及面对的威胁,从而让政策制定者了解其价值和重要性,在财政上进行倾斜支持。这也是美国的游戏规则,如果某个部门强调自己强大,反而可能使纳税人们认为其不需要再更多投资,从而丧失发展机会。而中共国的战狼外交在各方面充分地暴露了威胁,让美国安全和军队各部门顺带以其为理由,争取资金,发展实力,也让中共国所吹嘘的“力量”陷入更加尴尬的境地。

原文翻译:

How NSA hacked Huawei's routers

美国国家安全局如何入侵华为的路由器

Photo by: Patrick Semansky / A hacking unit at the National Security Agency was able to penetrate Huawei Technologies routers to steal secrets around the world. (Associated Press/File) | 美国国家安全局的一个黑客部门能够入侵华为技术的路由器,并窃得世界各地的秘密。(图:Patrick Semansky 美联社)

By Bill Gertz - The Washington Times - Wednesday, January 27, 2021

作者:比尔•格茨 - 华盛顿时报- 2021年1月27日

Documents leaked from the National Security Agency in 2014 revealed that the nation’s premier spy service was secretly stealing electronic and other secrets by hacking Huawei Technologies telecommunications gear used widely in China and around the world.

2014年美国国家安全局泄露的文件显示,美国首要间谍部门一直在通过入侵华为公司在中共国和世界各地广泛使用的电信设备,秘密获取电子信息和其他机密。

The sensational spying operation, code-named Shotgiant, was scuttled by Edward Snowden, the former NSA contractor now living in Russia who disclosed the top-secret hacking after stealing nearly 2 million NSA documents and releasing them to the press.

代号”Shotgiant”的轰轰烈烈的间谍行动,被前国家安全局承包商,现居住于俄罗斯的爱德华•斯诺登(Edward Snowden)所破坏。他窃取了近200万份国家安全局文件,并向媒体公布了这些文件,披露了这项属于最高机密的黑客行为。

Inside the Ring can now disclose how the NSA was able to conduct its electronic spying operations around the world, penetrating Huawei‘s routers and listening to the communications that passed through them.

圈内人士现在可以揭示,国家安全局如何能够开展其电子间谍活动,渗透华为路由器,并监听通过这些路由器传输的通信数据。

A person familiar with the operation said cyberspies working for the NSA‘s Tailored Access Operations group, the secret hacking unit based near Baltimore-Washington International Airport, were able to get inside Huawei equipment because of an earlier hack of Cisco Systems routers.

一位熟悉此行动的人士说,位于巴尔的摩的华盛顿国际机场附近的,美国国家安全局“量身定制访问行动”(Tailored Access Operations)小组的网络间谍,因早先对思科系统路由器的黑客经验,使其能够进入华为设备内部。

In the early, 2000s, Huawei was sued by Cisco for stealing portions of Cisco’s Internetwork Operating System, or IOS — a family of software used in the company’s routers and switches. The case was settled quietly out of court.

在2000年代初,华为因窃取了被用于思科公司路由器和交换机的互联网操作系统(IOS)的部分内容而被思科起诉。该案已于庭外悄然和解。

Unbeknownst to Huawei, the stolen technology included the same software NSA had successfully broken into in Cisco routers. Thus, all Huawei equipment became giant listing posts for the cyberspies.

华为不知道的是,这种被窃取的技术包括了美国国家安全局所利用的,用于破解进入思科路由器的相同软件。因此,所有华为设备都成为了网络间谍活动的巨型清单的一部分。

The ability to steal secrets from telecom gear was confirmed in an internal NSA memorandum from around 2012 that discussed big-router hacking.

2012年左右,国家安全局一份针对大型路由器的黑客行为的内部备忘录中,证实了这种从电信设备中窃取秘密的能力。

“I’m not talking about your home ADSL router. I’m talking about bigger routers, such as Ciscos/Junipers/Huaweis used by [internet providers] for their infrastructure,” an NSA technician wrote. “Hacking routers has been good business for us and our [Five Eyes] partners for some time now, but it is becoming more apparent that other nation states are honing their skills and joining the scene.”

“我所指的不是家用ADSL路由器,我所说的是更大的路由器,例如思科、瞻博(Juniper)、华为等公司生产的,由互联网服务提供商用于其基础设施的那种。”这位国家安全局的技术人员写道,“一段时间以来,对我们和(五眼联盟)的合作伙伴来说,黑客路由器一直是很好的生意。但越来越明显的是,其他国家也在磨练技能,并也加入了这场黑客行动。”

“Five Eyes” refers to the U.S. close intelligence-sharing alliance with Australia, New Zealand, Canada and Britain.

“五眼联盟”指的是与美国保持紧密情报共享的联盟国家,包括澳大利亚、新西兰、加拿大和英国。

Router hacking, the memo explained, allows spies to add login credentials that permit remote access “anytime you choose.”

备忘录解释说,路由器的黑客行动使间谍能够添加登录凭证,从而允许在“任何希望的时间”进行远程访问。

Routing rules also can be added or changed. Using “packet capture” capabilities in the equipment was described as “like a local listening post for any credentials being passed over the wire!”

路由规则也可被添加或更改。设备中的“数据包截获”功能被描述为“就像一个本地监听哨所,可以监听任何经过线缆传递的凭证数据!”

Another spying tool from hacked routers is weakening the encryption for virtual private networks so the NSA could create easily decipherable information streams.

被黑客入侵的路由器中,另一种间谍工具可削弱虚拟专用网络(VPN)的加密,因此国家安全局可以创建出易于解密的信息流。

Finally, the NSA used hacked routers to install “a dorked [manipulated] version of the operating system with whatever functionality you want pre-built in,” the memo said.

最后,备忘录说,国家安全局使用被入侵的路由器,安装一种“操作系统的白痴(修改)版本,其中可预先植入任何想要的功能。”

With Mr. Snowden’s leaks in 2014, the NSA lost the ability to spy on one of the most significant intelligence targets: China. Another NSA document revealed that the agency was spying on Huawei to learn its links to the Chinese military and the ruling Communist Party.

随着2014年斯诺登的泄密事件,国家安全局失去了对中共国这一最重要情报目标的监视能力。而另一份国家安全局文档显示,该部门正在对华为展开间谍行动,以了解其与中共国军方和执政的共产党之间的联系。

“Many of our targets communicate over Huawei-produced products, we want to make sure that we know how to exploit these products. We also want to ensure that we retain access to these communication lines, etc.,” the NSA stated in a briefing slide.

国家安全局的简报幻灯片说:“我们的很多监控目标都通过华为的产品进行通信,我们得确保我们知道如何破解这些产品,同时还要确保我们能够保持对这些通讯线路的访问权限等。”

“There is also concern that Huawei‘s widespread infrastructure will provide [China] with SIGINT capabilities and enable them to perform denial-of-service type attacks,” the slide stated, using the term for signals intelligence.

幻灯片表示:“令人担忧的是,华为广泛的基础设施将为中共国提供信号情报(SIGINT)功能,并且这些设备可被用于发动拒绝服务类型的攻击。”幻灯片在此处使用了“信号情报”术语。

One slide quoted a national intelligence estimate from the early years of the Obama administration warning that America’s cyberinfrastructure faced a growing threat from hackers.

一张幻灯片引用奥巴马政府初期的国家情报估计,并警告说,美国的网络基础设施正面临日益严重的黑客威胁。

“We assess with high confidence that the increasing role of international companies and foreign individuals in U.S. information technology supply chains and services will increase the potential for persistent, stealthy subversions,” the national intelligence estimate stated.

国家情报评估报告说:“我们有很高把握给出如下评估,在美国信息科技供应链上,跨国公司和在美的外国个人正承担着愈发重要的角色,这将增加持久而隐蔽的颠覆活动的可能性。”

A spokesman for NSA had no immediate comment. A Representative of Cisco did not return an email seeking comment.

国家安全局发言人没有立即发表评论。而通过电子邮件发送置评请求也没有得到思科公司代表的回复。

CARRIER STRIKE GROUP IN SOUTH CHINA SEA

南海航母舰队打击群

The USS Theodore Roosevelt aircraft carrier strike group is conducting operations in the South China Sea, sending a signal to Beijing that it does not own the strategic waterway.

美国海军西奥多•罗斯福号(USS Theodore Roosevelt)航母打击群正在南海开展行动,这向北京当局发出了一个信号,即中共国并不拥有这条战略航道。

The Pacific Fleet posted an update about the carrier and its accompanying warships this week, saying on Facebook that they were “conducting routine U.S. 7th Fleet maritime security operations, including flight operations with fixed and rotary-wing aircraft, maritime strike exercises, and coordinated tactical training between surface and air units.”

太平洋舰队本周发布了航母及其附属战舰的最新情况,称他们正在“进行美国第七舰队例行海上安全行动,包括使用固定翼和旋翼飞机的飞行行动、海上打击演习,以及地面和空中部队的战术协调训练。”

“After sailing through these waters throughout my 30-year career, it’s great to be in the South China Sea again, conducting routine operations, promoting freedom of the seas, and reassuring allies and partners,” said Rear Adm. Doug Verissimo, commander of Carrier Strike Group 9.

第九航母打击群指挥官,海军少将道格•韦里西莫(Rear Adm. Doug Verissimo)说:“我职业生涯30年,一直在这些海域航行。而现在,我很高兴能够再次来到南海,进行例行行动,促进海上航行自由,并让盟友和合作伙伴放心。”

“With two-thirds of the world’s trade traveling through this very important region, it is vital that we maintain our presence and continue to promote the rules-based order which has allowed us all to prosper,” the admiral added. “While we miss visiting our allies and partners in the region in person, we’re grateful for all the opportunities we have to operate with them at sea.”

这位海军司令补充说:“世界三分之二的贸易都会经过这一非常重要的地区。因此,我们必须保持存在,并继续促进基于规则的秩序。这将使我们所有人都能繁荣发展。尽管我们错过亲自拜访该地区盟友和合作伙伴的机会,但我们很高兴有机会在海上和联盟伙伴一起行动。”

China has been conducting naval and aerial surveillance near the carrier, but no provocations or incidents have been reported.

中共国一直在该航母附近进行海空监视,但没有关于挑衅或事件的报道。

“We all benefit from free and open access to the seas, and our operations represent our commitment to maintaining regional security and stability,” said Capt. Eric Anduze, the Roosevelt’s commanding officer.

罗斯福号指挥官埃里克•安德兹上校(Capt. Eric Anduze)说:“我们都受益于在自由和开放的海域航行,我们的行动代表了我们对维护区域安全稳定的承诺。”

In addition to the carrier and its warplanes, warships in the group include the guided missile cruiser USS Bunker Hill, and guided missile destroyers USS Russell and USS John Finn.

除航母和战机外,该打击群还包括邦克山号(USS Bunker Hill)导弹巡洋舰,以及罗素号(USS Russell)和约翰•芬恩号(USS John Finn)导弹驱逐舰。

NSA SECURES F-22 SOFTWARE

国家安全局维护F-22软件系统的安全

At one time, the National Security Agency was so secret that even its name was classified. Uttering the three words could land someone in hot water for violating secrecy rules. Now the agency, once dubbed “No Such Agency” for its penchant for anonymity, has raised its profile significantly.

曾经,美国国家安全局是如此机密,以至于它的名字都被保密了。说出这三个词都可能使某人违反保密规定而陷入困境。现在,这一度因其隐秘性被戏称为“无此机构”的国家安全局,已大大提升了它的知名度。

Earlier this month, the NSA published an annual report on its 2020 cybersecurity activities, most of which in the past would have been considered top-secret.

本月初,美国国安局发布了2020年网络安全活动的年度报告,其中绝大部分活动在过去都被视为最高机密。

The report reveals that the agency “rekeyed” the encryption software used on board all 165 F-22 stealth fighters. The security measure is done each year.

报告显示,该机构对所有165架F-22隐形战斗机上使用的加密软件进行了“密钥更新”,这是一项每年都会进行的安全措施。

Military software used on the F-22 includes NATO-standard Link 16 communications software, advanced “friend or foe” identification software, sensor fusion software for overhead views and anti-jamming, military-grade GPS links.

F-22上使用的军事软件包括:北约标准的Link 16通信软件,先进的敌我识别软件,应用于俯视观察的传感器融合软件,以及抗干扰的军用级GPS链路。

If Chinese or Russian hackers obtain the keys or other secrets about the software, then enemy military hackers could penetrate the jet software and cause it to malfunction or crash during a conflict.

如果中共国或俄罗斯的黑客获得了有关该软件的密钥或其他秘密,那么敌方的军方黑客可能会侵入战机的软件系统,导致其在战斗时发生故障或坠毁。

The NSA also is working to upgrade the codes used for securing other weapons systems, including the launch codes for nuclear missiles.

国家安全局也在升级用于保护其他武器系统的密码,包括核导弹的发射密码。

“Foremost in NSA‘s code-making mission is the production of the nuclear ‘launch codes’ and related materials that would be used should the president ever authorize the launch of U.S. nuclear weapons,” the report said. “NSA also provides the encryption in the communications systems used to convey those orders.”

报告说:“国家安全局的密码制定的首要任务,是制作当总统授权发射美国核武器时将会使用的,核‘发射密码’及相关材料。国家安全局还将提供传达指令所用的供通信系统的加密方案。”

The NSA is responsible for making the codes, the keys and equipment used to protect government and military communications from foreign eavesdropping and data theft.

国家安全局负责制定密码、密钥和设备,以保护政府和军队通信免遭外国窃听和数据盗窃。

The agency also develops cryptographic protective technologies that were not specified in the report.

该机构还开发未在报告中具体说明的密码保护技术。

“These technologies are important in preventing or detecting adversaries from physically exploiting cryptographic equipment and classified material while they are deployed or shipped around the world,” the report said.

报告说:“在加密设备和机密材料运输和部署到全球各地的过程中,这些技术对于侦测和防止对手物理性破解至关重要。”

The function appears to involve the use of anti-tamper and tamper-indicating equipment or software that will alert security officials if communications gear is targeted. According to the report, the NSA delivered 108,421 tamper-related products to customers around the world in 2020.

该功能似乎涉及使用防篡改和篡改指示设备或软件。当该通信设备成为目标时,相关系统将向安全官员发送警告。根据这项报告,国家安全局2020年向全球客户交付了108421个防篡改相关产品。

One new worry for the NSA is the development of quantum computing that could render current electronic eavesdropping nearly impossible.

量子计算的发展也是国家安全局担心问题。这种技术可让现在的电子窃听变得几乎不可能。

The NSA is working to make defense systems resistant to such advanced computer exploitation.

国家安全局也在努力使防御系统能够对抗对这种先进的计算机破解技术。

“Such a computer is still theoretical, but its development could render large swaths of the U.S. cryptographic inventory obsolete,” the report said. “Thus, the [Defense Department and the intelligence community] are relying heavily on NSA, with substantial fiscal investments to field next-generation encryption.”

报告说:“这种计算机现在只存在于理论上,但是它的发展很可能将使大部分美国储备的加密技术变得过时。因此,国防部和情报系统正指望国家安全局,投入大量财政资金,以开发出下一代的加密技术。”

As part of the new security, the NSA approved a new suite of “quantum-resistant cryptographic algorithms” used in defense and intelligence networks. The secure software will counter “a range of potential threats for future use in equipment supporting the warfighter.”

作为新的安全技术的一部分,美国国家安全局批准了用于防御和情报网络的一套全新的“量子抗性(quantum-resistant)加密算法”。这个安全软件将应对“未来作战人员支持设备将会面临的,一系列的潜在威胁。”

The report makes no mention of the massive SolarWinds hack of government and private computer systems that U.S. officials have said has the hallmarks of a Moscow intelligence operation.

该报告没有提及美国官员所说的大规模SolarWinds黑客入侵政府和私人电脑系统的事件,该事件具有莫斯科情报行动的特征。

SolarWinds is a management software company whose Orion software is used widely in computer networks. Some 18,000 networks were hit in the cyberattack, which allowed the hackers to gain access to sensitive information, including from the Treasury and Homeland Security Departments.

SolarWinds是一家管理软件公司,其Orion软件被广泛用于计算机网络中。在这次网络攻击中,有18000个网络受到攻击,这些攻击使黑客得以访问敏感信息,其中还包括来自财政部和国土安全部的敏感信息。

The White House said President Biden brought up the hacking operation in his first phone call since the election with Russian President Vladimir Putin.

白宫表示,拜登总统在大选后与俄罗斯总统弗拉米基尔•普京的首个电话中,就提及了这次黑客行动。

“Eighteen months ago, several colleagues and I discussed the results of an internal study to examine the state of the cybersecurity mission at NSA,” Anne Neuberger, NSA cybersecurity director, stated in the report. “The findings were grim. As technology and the cyberthreat had rapidly evolved, it was clear we had not always kept pace.”

国家安全局网络安全主管安妮•纽伯格(Anne Neuberger)在报告中指出:“十八个月前,我和几名同事讨论了一项有关国家安全局内网络安全行动现状的内部研究结果。其结论为,现状极为严峻。很明显,在技术和网络威胁迅速发展之时,我们显然没有始终跟上步伐。”

An NSA cybersecurity directorate was created shortly after the study to remedy the shortcomings.

在这项研究不久,国家安全局组建了一个网络安全局,以弥补这些不足。

• Contact Bill Gertz on Twitter at @BillGertz.

• 比尔•格茨先生推特账号:@BillGertz

🔗原文链接

编辑:【英国伦敦喜庄园编辑部】Edited by:【Himalaya London Club UK】