叙利亚黑客色诱反政府武装

WASHINGTON — To the young Syrian rebel fighter, the Skype message in early December 2013 appeared to come from a woman in Lebanon, named Iman Almasri, interested in his cause. Her picture, in a small icon alongside her name, showed a fair-skinned 20-something in a black head covering, wearing sunglasses.

华盛顿——在那名年轻的叙利亚反对派武装人员看来，2013年12月初Skype上的那条消息，似乎是黎巴嫩的一个名为伊曼·阿尔马斯里(Iman Almasri)的女子发来的，对方对他投身的事业很感兴趣。名字旁边的小图标里是她的照片，图上的她皮肤白皙，二十多岁，戴着黑色头巾和太阳镜。

They chatted online for nearly two hours, seemingly united in their opposition to the rule of Bashar al-Assad, the Syrian leader still in power after a civil war that has taken more than 200,000 lives. Eventually saying she worked “in a programing company in Beirut,” the woman asked the fighter whether he was talking from his computer or his smartphone. He sent her a photo of himself and asked for another of her in return. She sent one immediately, apologizing that it was a few years old.

他们在网上聊了近两个小时，两人似乎都反对叙利亚领导人巴沙尔·阿萨德(Bashar al-Assad)的统治。在内战夺去了20多万人的生命后，阿萨德依然在位。最后，该女子声称自己在“贝鲁特的一家编程公司”工作，并问他是在用电脑还是智能手机聊天。他发了一张自己的照片，并让她也发一张作为交换。她马上就传来了一张，并抱歉地表示是几年前拍的。

“Angel like,” he responded. “You drive me crazy.”

“像天使一样，”他回复说。“你让我着迷。”

What the fighter did not know was that buried in the code of the second photo was a particularly potent piece of malware that copied files from his computer, including tactical battle plans and troves of information about him, his friends and fellow fighters. The woman was not a friendly chat partner, but a pro-Assad hacker — the photos all appear to have been plucked from the web.

此人不知道，第二张照片的代码中隐藏了一款特别强大的恶意软件，会复制他电脑里的文件，包括战术性作战方案，以及有关他本人、他的朋友和其他叛军的大量信息。这名女子并不是一个友好的聊天伙伴，而是支持阿萨德的黑客。她的那些照片似乎都是从网上下载的。

The Syrian conflict has been marked by a very active, if only sporadically visible, cyberbattle that has engulfed all sides, one that is less dramatic than the barrel bombs, snipers and chemical weapons — but perhaps just as effective. The United States had deeply penetrated the web and phone systems in Syria a year before the Arab Spring uprisings spread throughout the country. And once it began, Mr. Assad’s digital warriors have been out in force, looking for any advantage that could keep him in power.

叙利亚冲突的一个特点是，即便仅仅零星可见，但却存在着非常活跃的网络战，且各方均有参与。网络战不及油桶炸弹、狙击手和化学武器那样惊心动魄，但效果或许是一样的。在阿拉伯之春运动在叙利亚各地扩散前的一年，美国就已深度渗透进了该国的网络和电话系统。而网络战一打响，阿萨德的数字大军也纷纷出动，寻找任何可能让他继续当权的有利条件。

In this case, the fighter had fallen for the oldest scam on the Internet, one that helped Mr. Assad’s allies. The chat is drawn from a new study by the intelligence-gathering division of FireEye, a computer security firm, which has delved into the hidden corners of the Syrian conflict — one in which even a low-tech fighting force has figured out a way to use cyberespionage to its advantage. FireEye researchers found a collection of chats and documents while researching malware hidden in PDF documents, which are commonly used to share letters, books or other images. That quickly took them to the servers where the stolen data was stored.

在前述案例中，那名反对派武装人员就被互联网上最古老的骗局蒙蔽了。该骗局帮助了阿萨德的盟友。那次聊天的例子摘自电脑安全公司火眼(FireEye)的情报搜集部门进行的一项新研究。该公司对叙利亚冲突的隐蔽角落进行了探索。在这场冲突中，就连技术含量较低的作战部队，也想出了利用网络间谍活动来为己方制造优势的办法。在分析通常被用来共享信件、图书或其他图片的PDF文件中隐藏的恶意软件时，火眼公司的研究人员发现了一批聊天记录和文件。这很快将他们引向了存储被盗数据的服务器。

Like the hackers who the United States says were working for North Korea when they attacked Sony Pictures in November, the assailants aiding Mr. Assad’s forces in this case took steps to hide their true identities.

美国表示，去年11月，服务于朝鲜的黑客攻击了索尼电影娱乐公司(Sony Pictures)。在叙利亚的案例中，和入侵索尼网络的黑客一样，为阿萨德的部队提供援助的攻击者采取了隐藏真实身份的多重措施。

The report says the pro-Assad hackers stole large caches of critical documents revealing the Syrian opposition’s strategy, tactical battle plans, supply requirements and data about the forces themselves — which could be used to track them down. But it is not evident how or whether this battlefield information was used.

该报告称，支持阿萨德的黑客窃取了大量关键文件。这些文件透露了叙利亚反对派的战略、战术性作战方案、供给要求以及有关反叛武装本身的信息——这类消息可能会被用来追踪他们的身份。不过，这些作战信息是否被用到了，以及具体的利用方式为何，目前并不清楚。

“You’ve got a conflict with a lot of young, male fighters who keep their contacts and their operations on phones in their back pockets,” said one senior American intelligence official who spoke on the condition of anonymity to discuss espionage matters. “And it’s clear Assad’s forces have the capability to drain all that out.”

“你的作战对象是年轻的男性武装人员，而他们把自己的联系人信息和行动计划保存在身后口袋里的手机上，”一名美国高级情报官员称。由于讨论的是间谍问题，此人要求不具名。“显然，阿萨德的部队有能力把这些信息全部窃取过来。”

Mr. Assad was also the victim of cyberattacks, but of a far more advanced nature.

阿萨德本人也曾是网络攻击的受害者，但他遭受的那些攻击活动要复杂得多。

A National Security Agency document dated June 2010, written by the agency’s chief of “Access and Target Development,” describes how the shipment of “computer network devices (servers, routers, etc.) being delivered to our targets throughout the world are intercepted” by the agency. The document, published recently by Der Spiegel, the German magazine, came from the huge trove taken by Edward J. Snowden; this one shows a photograph of N.S.A. workers slicing open a box of equipment from Cisco Systems, a major manufacturer of network equipment.

国家安全局(National Security Agency)的一份日期为2010年6月的文件，描述了在该机构的行动中，“运往世界各地目标的计算机网络设备（服务器、路由器等）是如何被截获的。”文件的起草者是该机构“信息获取与目标发展行动”(Access and Target Development)的负责人。《明镜》周刊(Der Spiegel)最近披露了这份文件。它是爱德华·J·斯诺登(Edward J. Snowden)手中的大量机密文件之一。文件中配有一张图片，展示的是国家安全局的工作人员正在划开来自大型网络设备生产商思科系统(Cisco Systems)的一箱设备。

After being opened, electronic “beacon implants” were placed in the circuitry. One set of devices was “bound for the Syrian Telecommunications Establishment to be used as part of their Internet backbone,” the document reveals. To the delight of American intelligence agencies, they soon discovered they had access to the country’s cellphone network — enabling American officials to figure out who was calling whom, and from where.

打开设备包装后，他们在电路中放入了电子“信标嵌入装置”。文件中披露，其中一套设备“将送到叙利亚的电信机构，成为其互联网基础设施的一部分”。让美国情报机构喜上眉梢的是，他们很快发现，自己可以进入该国的手机网络了。美国官员可以借此查出谁在给谁打电话，又是从哪里打出。

Such interceptions are still highly classified; the United States government has never discussed its access to the Assad communications network. But the FireEye report, which will be released on Monday, makes it clear that such “network exploitation” is now a routine part of even the most low-tech if brutal civil wars, and available to those operating on a shoestring budget.

这样的截获行动仍然属于高度机密；美国政府从未谈论过进入阿萨德的通讯网络的事情。不过火眼公司的报告明确显示，即使是在十分残酷但科技含量极低的内战中，这样的“网络开发”都属于常规做法。哪怕预算捉襟见肘，也可以获得此类技术。该报告于周一发布。

And that is a new development. The theft of the rebel battle plans stands in contrast to the cybervandalism carried out in recent years by the Syrian Electronic Army, which American intelligence officials suspect is actually Iranian, and has conducted strikes against targets in the United States, including the website of The New York Times. But mostly these have been denial-of-service attacks, which are annoying but not potential game-changers on the battlefield.

这是一个新情况。反对派作战计划被窃取一事，不禁让人联想起叙利亚电子军(Syrian Electronic Army)最近几年实施的网络破坏活动。美国情报官员怀疑，叙利亚电子军隶属于伊朗，其攻击对象包括美国的一些目标，如《纽约时报》的网站。但多数破坏活动为拒绝服务攻击，虽然很让人恼火，但不大可能对战争的局势带来彻底的改变。

Exactly who conducted the hacking on behalf of Mr. Assad’s forces remains a mystery, as does whether the stolen data was ever used by the Syrian military. One of the authors of the report, Nart Villeneuve, a threat intelligence analyst for the company, said that it was likely that the hackers were based in Lebanon — which would be the only true statement in the chat with the Syrian fighter. They used a computer server in Germany, where FireEye found many of their chats in unprotected directories. A handful of the targets of the Syrian operation were contacted in recent months by FireEye researchers. “They really didn’t understand what had happened,” Mr. Villeneuve said. “They didn’t know their computers and phones had been compromised.”

究竟是谁为阿萨德部队实施了黑客活动仍然是一个谜，同样不得而知的还有，被盗数据是否真的曾经为叙利亚军方所用。报告的作者之一纳尔特·维尔纳夫(Nart Villeneuve)是火眼公司的威胁情报分析师。他说，这些黑客很有可能是在黎巴嫩运作的——这可能是与那名叙利亚反对派武装人员的对话中惟一的真实表述。他们使用了一台位于德国的计算机服务器。火眼公司在那里的不受保护的目录中发现了许多聊天记录。最近几个月，火眼公司的研究人员联系了叙利亚武装中的几个受害目标。“他们真的不明白发生了什么，”维尔纳夫说。“他们不知道自己的电脑和手机遭到了入侵。”