奥巴马反黑客努力收效甚微
Two years ago, the Obama administration announced a new strategy to curb online espionage.
两年前,奥巴马政府宣布了一项遏制网络间谍活动的新战略。The five-point strategy came after a 2013 article in The New York Times about how the newspaper had been breached by Chinese hackers. The Times, working with a security company, also concluded that thousands of other American companies had been hacked by a Chinese military unit in Shanghai.
在这份包含五点内容的战略公布之前,《纽约时报》刚在2013年发表了一篇记录本报遭到中国黑客侵入的文章。此外,时报与一家安全公司合作,发现还有数千家美国公司遭到了位于上海的一个中国军方单位的黑客袭击。The White House said it would increase public awareness of the threat, encourage the private sector to increase its defenses, focus diplomacy on protecting trade secrets overseas, improve trade secret theft legislation and make investigations and prosecutions of corporate and state-sponsored trade secret theft a top priority.
白宫表示,该战略将提高公众对这一威胁的关注度、鼓励私营部门加强防御、在外交工作中专注于保护海外的商业机密、改进防止窃取商业机密的相关立法,并把调查和起诉盗窃企业和政府支持的商业机密的行为作为工作重心。
Since then, public awareness is up and so is spending. But the hacking continues.
此后,公众的关注度有所提高,相关的支出也增加了。黑客活动却还在继续。The private sector spent $665 million on data loss prevention last year, according to the technology research firm Gartner, with a 15 percent increase expected this year. On the legislative front, Congress strengthened penalties for those convicted under the Economic Espionage Act, raising the maximum fine for individuals convicted to $5 million from $500,000. And in terms of law enforcement, the F.B.I. lists digital crime, including intrusions that result in trade secret theft, as its third priority, just behind terrorism and counterintelligence. The agency reported a 60 percent increase in trade secret investigations from 2009 through 2013.
根据技术调研公司高德纳(Gartner)的数据,私营部门去年花费了6.65亿美元(约合41.3亿元人民币)来防止数据丢失,预计这一支出今年将增长15%。在立法方面,国会加强了对违反《经济间谍法》(Economic Espionage Act)行为的惩罚力度,将个人罚款的上限从50万美元提升到了500万美元。在执法方面,联邦调查局(FBI)将包括导致商业机密盗窃的网络侵入活动在内的网络犯罪,列为排名第三的重要任务,仅次于恐怖主义和反间谍工作。该机构称,从2009年到2013年,有关商业机密的调查增加了60%。But diplomatic efforts to engage China on the topic have largely failed. China’s response has simply been that it, too, is a victim of online attacks. And online espionage shows little sign of abating. Last year, 18 percent of the 1,598 confirmed breaches analyzed by Verizon were used for online espionage, compared with 22 percent of 1,367 attacks in 2013. Senator Sheldon Whitehouse, Democrat of Rhode Island, told a Senate Judiciary Committee hearing last year that 1 to 3 percent of United States gross domestic product was still lost, every year, through trade secret theft.
不过,在这一问题上接触中国的种种外交努力基本上以失败告终。中国的回应一直很干脆:“我们也是网络攻击的受害者”。网络间谍行为没有什么降温的迹象。去年,威瑞森通讯(Verizon)分析的1598件网络侵入案中,18%是为了从事网络间谍活动,而2013年的1367起事件中,网络间谍活动占22%。来自罗德岛的民主党参议员谢尔登·怀特豪斯(Sheldon Whitehouse)去年在参议院司法委员会(Senate Judiciary Committee)的听证会上说,美国每年仍有1%到3%的国内生产总值因为商业机密盗窃而流失。“There hasn’t been any change,” said James A. Lewis, a digital security expert at the Center for Strategic and International Studies in Washington. “There’s a lot more we can do. But we haven’t reached our pain point for taking more drastic steps on cyberespionage, and the Chinese haven’t reached their pain point for stopping it.”
“没有发生任何改变,”华盛顿国际战略研究中心(Center for Strategic and International Studies)的网络安全专家詹姆斯·A·刘易斯(James A. Lewis)说。“我们能做的还有很多。但我们还没达到对网络间谍活动采取更严厉措施的痛点,中国也没有达到停止这种行为的痛点。”The Justice Department is under significant pressure to bring more trade secret cases under the Economic Espionage Act. But it is incredibly difficult to bring cases against sophisticated hackers, who are not only smart enough to cover their tracks but also smart enough to live outside the United States. It is equally difficult to serve court summonses to the Chinese corporations that investigators say they believe are benefiting from stolen trade secrets.
司法部正面临着查处更多违反《经济间谍法》的商业机密窃取案件的巨大压力。不过,要想起诉手段高明的黑客格外困难,因为他们不仅聪明到可以掩盖自己的行踪,还懂得生活在美国以外的地区。要把法院传票送到调查人员认为从被窃商业机密中获利的中国公司手中,也同样困难。In 2013, the Justice Department brought several indictments that charged Chinese nationals with stealing trade secrets for the benefit of corporations in China, but none of the cases involved trade secrets obtained through online attacks. All the indictments involved either employees or former employees accused of passing their employer’s trade secrets to a company in China, or people who paid an employee to do so.
2013年,司法部发起了多起诉讼,指控一些中国公民窃取商业机密,从而为中国的企业牟利,但这些案子都与网络攻击无关。在这些案件中,一些当下或以前的雇员被控把雇主的商业机密提供给了中国企业,或是付给他们报酬的个人。The story was similar in 2014. During the first nine months of the year, the Justice Department reported 20 new prosecutions under the Economic Espionage Act — a 33 percent increase from 2013 — and several convictions, but only two of the indictments involved trade secrets theft via digital intrusions.
2014年的情形也是大同小异。在头九个月里,司法部通报,根据《经济间谍法》提出了20起新的诉讼——较2013年增长了33%——其中有一些人定罪,但其中只有两起指控与网络窃取商业机密有关。One, the landmark indictment filed last year against five members of the People’s Liberation Army for hacking United States companies, was largely symbolic given that the United States has no jurisdiction in China.
去年针对中国军方五名成员网络攻击美国企业的里程碑式的正式指控,基本上只具有象征意义,因为美国在中国没有司法权。In another, in August, a federal grand jury in California indicted a Chinese businessman on charges of conspiring to steal military secrets by hacking into Boeing and other United States companies. The defendant, Su Bin, is awaiting extradition in Canada.
去年8月,在另一起案件中,加州的一个联邦大陪审团指控一名中国商人,密谋通过攻击波音(Boeing)等美国公司来窃取军事机密。被告苏斌(音)正在加拿大等待引渡。The Justice Department’s biggest success last year was when prosecutors obtained the first-ever federal jury conviction for economic espionage charges against two Americans and a corporation accused of selling DuPont trade secrets to a state-owned company in China.
司法部去年最大的成就是,检方首次说服联邦陪审团判定两名美国人和一家企业的经济间谍罪名成立。他们被指向一家中国国有企业出售杜邦公司(DuPont)的商业机密。But that was not a hacking case. The two were charged with stealing trade secrets the old-fashioned way, by poaching former DuPont employees. And in that case too, the Justice Department’s efforts to bring charges against two Chinese citizens who played a central role in the theft, and the Chinese state-owned companies that benefited from them, have stalled.
不过,这不是一起网络攻击案件。两人被控以传统的方式窃取商业机密,即通过挖去杜邦公司的前员工。此外,在这个案子里,司法部意图指控在机密窃取过程中扮演核心角色的两名中国公民和这家获利的中国国企,但相关努力陷入了停滞。A look at two cases the Justice Department did bring against one Chinese-American and another Chinese citizen living in the United States suggests that the agency has found it difficult to constructively respond to online espionage. Those two cases suggest the pressure to bring such cases may be doing more harm than good.
再看看司法部针对一名华裔美国人和另一名在美国居住的中国公民的调查就会发现,该部门很难有效应对网络间谍行为。这两桩案件显示,调查此类案件的压力可能弊大于利。In Ohio, the Justice Department pursued a Chinese-American hydrologist for potential violations of the Economic Espionage Act, court documents show, but failed to find evidence and still tried to prosecute her for lesser charges that could have added up to 25 years in prison. After a review of her case revealed she was hardly a Chinese spy, the government dropped charges just before it was set to go to trial in March.
法庭文件显示,在俄亥俄州,司法部调查了一名华裔水文专家可能存在的违反《经济间谍法》的行为,但未能找到证据,却仍然试图用较轻的罪名指控她,而这些罪名可以并罚25年的监禁。由于审核之后发现她不大可能是中国间谍,政府在3月即将开始的庭审前撤销了指控。And in Philadelphia, a Chinese citizen who has permanent residency status in the United States has been held in a federal detention center since September 2012, after he was accused of damaging a corporate server computer to cover up trade secret theft. There, too, the government did not find violations of the Economic Espionage Act, but has aggressively pursued lesser charges, including intentionally causing harm to a protected computer system. His trial is scheduled for November.
在费城,一名在美国拥有永久居留身份的中国公民,自从2012年9月就一直被关押在联邦拘留中心,在那之前他被指控破坏一家公司的服务器电脑,从而掩盖商业秘密窃取行为。在该案件中,政府同样没有发现违反《经济间谍法》的行为,但仍积极地对他进行较轻的指控,包括故意破坏一个受保护的计算机系统。他的庭审定于11月进行。Trying another tack, President Obama signed a new executive order in April that established the first sanctions aimed at curbing foreign cyber espionage. The order authorized financial and travel sanctions against anyone participating in online attacks that posed a threat to the “national security, foreign policy, or economic health or financial stability of the United States.”
奥巴马总统又尝试另一种做法,于4月签署了一项新的行政命令,出台了第一批旨在遏制外国网络间谍活动的制裁措施。该命令授权对任何参与网络攻击、进而“对美国的国家安全、外交政策、经济状况或财政稳定”构成威胁的人进行财务和旅行方面的制裁。Until those sanctions are exercised, experts say the only option for curbing digital espionage may be patient diplomacy.
在这些制裁实施之前,专家称,遏制网络间谍活动的唯一选择就是需要耐心开展的外交活动。“They don’t live here, so we can’t arrest them, and we’re not going to go to war over this,” Mr. Lewis said. “So the key is consistent persuasion and pressure. It may be slow and it may not work. But there is no other alternative.”
“他们不住在美国,所以我们不能逮捕他们,我们也不打算因为这件事发动战争,”刘易斯说。“因此,关键是不断地劝说和施压。可能很缓慢,可能没有效果。但没有其他选择。”
