新闻来源:CHINA LAW BLOG|作者:Steve Dickinson;
翻译、简评:小小妹|校对:1818|PAGE:玄天生;
简评:
黑客本身就是一个非法的组织或个人,通过互联网、软件窃取你的个人隐私和资料来获取相应的利益。但是中共政府利用这一手段来监控企业和个人,从而保护自己的利益和维护自身的权利免受侵害。实际上中共就是最大的犯罪集团,这相当于又当裁判又下场踢球,毫无规则可言。在中共国你没有任何人权,因为你一旦说了,做了一些损害政府的言论和活动,它们会第一时间察觉并且采取行动,并让你因此付出沉痛代价。可想而知,如果中共政府称霸世界,那么所有的人都将成为他们的奴隶。
原文翻译
PRC Government Hacking: How It’s Done
中共国政府黑客:如何进行 (第一部分)
POSTED IN BASICS OF CHINA BUSINESS LAW, CHINA BUSINESS, INTERNET
In The Chinese Government is Accessing YOUR Network Through the Backdoor and There Still is NO Place to Hide, I explained how Chinese banks are requiring their account holders — including all foreign companies in China — to install malware which allows the Chinese government to see all account holder data. In China Malware: Sorry, Techno Geeks, There Still is no Place to Hide, I explained how, “in China, the government itself is the hacker and it will not allow any foreign or domestic technician to provide services that will defeat the hacker’s ultimate goals.”
在《中共政府正在通过后门访问你的网络并使你的信息,无处可藏》中,我解释了中国银行如何要求其帐户持有人(包括在中共国的所有外国公司)安装恶意软件,从而使中共政府可以查看到所有帐户持有人的数据。在《中共国的恶意软件:对不起,技术极客们,依旧无处可藏》中,我解释道,“在中共国,政府本身就是黑客,它不会允许任何外国或国内技术人员提供会破坏黑客最终目标的服务。”
In this post, the first of a two part series (part 2 will come out tomorrow), I explain the Chinese government’s hacking goals, how it does its hacking, and why it is virtually impossible for foreign companies to avoid being hacked by the Chinese government or to fight back against it.
文章分为上下两部分,此篇为第一部分(第二部分将于明天发布),我将解释中共政府的黑客攻击目标,它们怎样进行黑客攻击,以及为什么外国公司几乎不可避免地遭到中共政府的入侵或进行反击。
A. The Chinese Government is the Hacker.
A:中共政府是黑客。
The basic goal of the PRC Comprehensive National Security concept in the network realm is for all network communication and information to be open and available to the Chinese government while blocked from access to parties outside the state. In keeping with this concept, the government seeks to ensure all network activity conducted within China is transparent to the state. This program is applied to all persons (individuals or entities) that operate within the borders of the PRC (and now Hong Kong and Macao). If you operate in China, you must assume all of your networked data and communications are subject to capture by the Chinese government. There is no longer any privileged status given to foreign invested companies or to foreign nationals; Once within the borders of the PRC, their treatment is the same as for domestic companies and Chinese nationals. Just as is true for any PRC citizen, there is no place to hide.
在网络领域中,总体国家安全概念的基本目标是使所有网络通信和信息向中共政府开放并可供中共政府使用,同时禁止国外各方访问。为遵循这一理念,政府将努力确保在中共国境内进行的所有网络活动对国家而言都是透明的。该计划适用于在中共国(以及现在的香港和澳门)境内开展活动的所有人(个人或实体)。如果你在中共国开展业务,则必须假定你所有的联网数据和通信均会被中共政府所捕获。外商投资公司或外国国民不再享有任何特权;一旦进入中共国境内,他们的待遇与国内公司和中共国公民是相同的。 就像所有中共国公民一样,你无处可藏。
So how does the PRC government implement this program? The key point is that the Chinese government is the hacker. When the hacker is directly involved in creating and policing the Internet and the key agent for implementing cybersecurity, it is axiomatic there will be no protection from the network intrusion/data collection activities of that hacker. The hacker dictates how the system will work and it of course provides no protection against its own activities.
那么中共政府是如何执行该计划呢? 关键是中共政府就是黑客。 当黑客直接参与创建和管理互联网以及实施网络安全的关键代理,并对其进行监管时,毫无疑问,该黑客不会受到网络入侵/数据收集活动的影响。 黑客决定了系统的工作方式,当然,它也不会对自己的活动提供任何保护。
B. Aisino Corporation
B. 航天信息公司(Aisino Corporation)
This basic fact is illustrated by the Golden Spy/Golden Helper malware program discussed below. Trustwave reports that the Golden Spy software was written by Aisino Corporation: (Aerospace Information Joint Stock LLC. – 航天信息股份有限公司) Listed IT company specializing in information security. Their website states they are owned by the state company CASIC (China Aerospace Science & Industry Corporation Limited – 中国航天科工集团公司). See GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software.
下面讨论的Golden Spy / Golden Helper恶意软件程序说明了这一基本事实。 据Trustwave报告称,Golden Spy软件由航天信息公司(Aerospace Information Joint Stock LLC。–航天信息股份有限公司)编写,这家上市的IT公司专注信息安全领域。 据该公司的网站,它归中共国有公司中国航天科工集团有限公司(CASIC)所有。 请参阅GoldenSpy第4章:官方Golden Tax软件中嵌入的GoldenHelper恶意软件。
CASIC is the PRC’s leading manufacturer of missiles and related aerospace devices. It sells missile systems to North Korea and it works closely with the Russian military. As a weapons provider, it is an SOE directly under the control of the PRC government and the CCP. That is, it is the government. Recently, as part of the PRC plan to promote indigenous development of network operations and cloud computing, CASIC entered into the commercial network business via Aisino, its subsidiary that had been active in payment processing and other accounting systems. Aisino’s drafting of the Golden Shield tax software and implementation of the related system is part of that process.
中国航天科工集团有限公司是中共国领先的导弹和相关航空航天设备的制造商。 它向朝鲜出售导弹系统,并与俄罗斯军队密切合作。 作为武器供应商,它是直接由政府和中共控制的国有企业,它也就相当于政府(直属)。 最近,作为中共国促进网络运营和云计算本地化发展计划的一部分,中国航天科工集团有限公司通过其子公司航天信息公司进入了商业网络业务,该公司一直活跃于支付处理和其他会计系统。 航天信息公司起草了Golden Shield税收软件以及相关系统的编写是(促进网络运营和云计算本地化发展)计划的一部分。
C. The Golden Spy/Golden Helper Malware
C. Golden Spy / Golden Helper恶意软件
Aisino’s drafting the Golden Spy malware means the PRC government drafted this malware. Simply stated, the PRC government is the hacker and this hacker is shielded from any liability arising from its hacking activity. This is why Aisino employed a crude and easy to identify trojan horse system for this malware. It is at no risk of getting caught or getting punished or getting taken down.
航天信息公司起草了Golden Spy恶意软件,就等于是中共政府起草了该恶意软件。 简而言之,中共政府就是黑客,所以它得以免于因其黑客活动所引起的任何责任。这就是为什么航天信息公司为此恶意软件使用了一种粗略且易于识别的特洛伊木马系统,但并没有受到监测,惩罚或被勒令禁止。
Some have commented to us and to security professionals that such an obvious intrusion somehow shows the PRC government cannot be behind the malware program. ArsTechnica responded to this type of comment in clear terms:
一些人向我们和安全专家评论说,这种明显的入侵也就表明中共政府不能成为恶意软件程序的幕后黑手。 ArsTechnica网站明确做出回应:
Comment from reader: “Use of a trojan downloader is not subtle.”
Response from ArsTechnica: As for it being less subtle… malware like this isn’t subtle period by the standards you’re applying here, so that’s a bizarre argument. It’s also a bit odd that you think the Chinese government cares about subtlety when we’re talking about software that’s distributed by government mandate within their country. Like… what, are the Chinese authorities going to crack down on them?
读者评论:“特洛伊木马下载程序的使用并不隐蔽。”
来自ArsTechnica网站的回复:至于说它不那么隐蔽的原因……按照你在此应用软件的标准,像这样的恶意软件还不成熟,所以这是一个奇怪的论点。说来也怪,你认为中共政府关心的是程序是否隐蔽吗?这可是政府授权在境内使用的软件啊。说的好像中共政府会对其进行打击似的。
So this is the situation in the PRC. As Arstechnica makes clear, when the malware or illicit gathering of data is done by the government itself, there is no remedy and no escape. The Chinese government and its related group of hackers do not need to be subtle or hide their tracks when they are operating within the borders of the PRC.
因此,这就是中共国的情况。 正如Arstechnica网站明确指出的那样,当恶意软件或非法数据收集由政府自己完成时,那就没有补救措施也没有后路。在境内开展业务时,中共国政府及其相关的黑客组织不必隐蔽或遮掩自己的踪迹。
D. Part 2, Tomorrow
D.第二部分,明天
Tomorrow, in Part 2, I will explain how the Chinese nation-state hacker accomplishes its goals in the network sector by setting out the four basic ways the PRC government gains access to foreign company networks and company data.
明天,在第二部分中,我将通过阐述中共政府如何获得外国公司网络和公司数据访问的四种基本方式,来说明中共黑客如何实现其在网络领域的目标。
编辑 【喜马拉雅战鹰团】