您现在的位置: 纽约时报中英文网 >> 纽约时报中英文版 >> 商业 >> 正文

人工智能用于网络攻击,发展中国家成试验场

更新时间:2017-7-4 10:07:20 来源:纽约时报中文网 作者:佚名

Hackers Find ‘Ideal Testing Ground’ for Attacks: Developing Countries
人工智能用于网络攻击,发展中国家成试验场

SAN FRANCISCO — The attack had the hallmarks of something researchers had dreaded for years: malicious software using artificial intelligence that could lead to a new digital arms race in which A.I.-driven defenses battled A.I.-driven offenses while humans watched from the sidelines.

旧金山——这种网络攻击带有多年来研究人员极为担心的特征:使用人工智能的恶意软件可能导致新的数字军备竞赛,以人工智能为主的防御措施与以人工智能为主的进攻手段在网上决一胜负,人类只能站在一边观看。

But what was not as widely predicted was that one of the earliest instances of that sort of malware was found in India, not in a sophisticated British banking system or a government network in the United States.

但是,没有被这样广泛预测的事情是,这类恶意软件的最早实例之一是在印度发现的,而不是在英国先进的银行系统或美国的政府网络中。

Security researchers are increasingly looking in countries outside the West to discover the newest, most creative and potentially most dangerous types of cyberattacks being deployed.

安全研究人员正越来越多地在西方以外的国家发现这类网络攻击软件的最新、最有创意和最具潜在危险的使用。

As developing economies rush to go online, they provide a fertile testing ground for hackers trying their skills in an environment where they can evade detection before deploying them against a company or state that has more advanced defenses.

由于发展中国家急于上网,它们已为黑客们提供了的沃土,让其在能躲避检测的环境中测试自己的技术,然后用这种技术对具有更先进防御的公司或国家发动进攻。

The cyberattack in India used malware that could learn as it was spreading, and altered its methods to stay in the system for as long as possible. Those were “early indicators” of A.I., according to the cybersecurity company Darktrace. Essentially, the malware could figure out its surroundings and mimic the behavior of the system’s users, though Darktrace said the firm had found the program before it could do any damage.

印度发生的这次网络攻击使用的恶意软件在其传播过程中就能自我学习,并且不断改变方法,以尽可能长时间地待在计算机系统中。据网络安全公司Darktrace说,这些都是人工智能的“早期迹象”。本质上,这类恶意软件可以弄清楚它的周边环境,并模仿系统中用户的行为,不过Darktrace表示,公司已经在该程序可能会造成任何损害之前将其发现。

“India is a place where newer A.I. attacks might be seen for the first time, simply because it is an ideal testing ground for those sorts of attacks,” said Nicole Eagan, the chief executive of Darktrace.

Darktrace首席执行官尼科尔·伊根(Nicole Eagan)说,“印度也许是新型人工智能网络攻击被首先观察到的地方,这是只不过是因为印度为这种攻击提供了理想的测试场。”

At times, these attacks are simply targeting more susceptible victims. While companies in the United States will often employ half a dozen security firms’ products as defensive measures, a similar company elsewhere may have just one line of defense — if any.

有时,这种攻击只针对更易受伤害的对象。虽然美国的公司通常会使用六家安全公司的产品作为防御措施,但其他地方的类似公司即使有防御的话,可能也只有一种。

In the case of attacks carried out by a nation-state, companies in the United States can hope to receive a warning or assistance from the federal government, while companies elsewhere will often be left to fend for themselves.

在面临一个独立国家发动的攻击时,美国的公司可以指望得到联邦政府的警告或帮助,而其他地方的公司往往只能靠自己去解决问题。

Cybersecurity experts now speculate that a February 2016 attack on the central bank of Bangladesh, believed to have been carried out by hackers linked to North Korea, was a precursor to similar attacks on banks in Vietnam and Ecuador.

网络安全专家现在推断,被认为是与朝鲜有关的黑客发动的、2016年2月对孟加拉国中央银行系统的攻击,使用的是对越南和厄瓜多尔发动类似攻击的软件的前身。

That hackers managed to steal $81 million from the Bangladesh Bank generated headlines because of the size of the heist. But what interested cybersecurity experts was that attackers had taken advantage of a previously unexplored weakness in the bank’s computers by undermining its accounts on Swift, the international money transfer system that banks use to move billions of dollars among themselves each day.

黑客们从孟加拉国银行窃取了8100万美元,盗窃的规模之大使其成为各地的新闻。不过,让网络安全专家感兴趣的是,黑客通过破坏银行的Swift的账户,利用了银行计算机系统以前不为人知的一个弱点,Swift是银行间每天进行数十亿美元转帐的国际汇款系统。

It was an unprecedented form of cyberattack. But since then, the cybersecurity firm Symantec has found the method used against banks in 31 countries.

那是一次以前没有看到过的网络攻击形式。但那以后,网络安全公司赛门铁克(Symantec)已发现该方法被用于攻击31个国家的银行系统。

The malware discovered by Darktrace researchers stopped short of being a full-fledged A.I.-driven piece of software. It did, however, learn while it was in the system, trying to copy the actions of the network in order to blend in.

Darktrace研究人员发现的恶意软件还不是一个完全由人工智能主导的软件。但它确实在侵入系统后进行了自我学习,试图模仿网络的行为以蒙混过关。

“What was concerning was that this attack, once it got into the network, used A.I. techniques, like trying to learn the behaviors of employees on the network, to remain undetected for as long as possible,” Ms. Eagan said. She said she saw a future in which countries raced against one another to hire people skilled in developing complex algorithms that could be used to run such malware.

“令人担忧的是,这种攻击一旦进入网络后,它能使用人工智能,像比如试图学习公司雇员在网络上的行为,让自己尽可能长时间地不被发现,”伊根说。她说,她看到这样一种各国相互竞争的未来,他们雇用熟悉复杂算法研发的人,这些算法可用来操作这类恶意软件。

Ms. Eagan’s company, which has headquarters in Cambridge, England, and San Francisco, has increasingly found hacking incidents in India since it expanded there.

伊根的公司分别在英国剑桥和旧金山设有总部,公司自从进入印度以来,已在那里发现了多次黑客入侵事件。

As other cybersecurity companies enter Southeast Asia, Africa and other parts of the world where they have not had much presence, they will continue to discover new types of malware being tested in those markets, said Allan Liska, a senior threat intelligence analyst at Recorded Future, a cybersecurity firm based in Somerville, Mass.

随着其他网络安全公司进军东南亚、非洲,以及世界上以前不受关注的其他地方,这些公司将继续发现在这些市场进行测试的新型恶意软件,Recorded Future公司的高级威胁情报分析师艾伦·里斯卡(Allan Liska)说,这家公司位于马萨诸塞州的萨默维尔市。

As internet use has expanded in Africa, Mr. Liska said, his company has noticed an increase in so-called spear-phishing attacks in which hackers appear to be testing their skills in English- and French-speaking African countries. Spear phishing employs messages that appear innocuous but contain dangerous malware. They are one of the most popular forms of cyberattacks, though they largely depend on the attackers’ ability to hone a message that can fool a victim into opening a link or attachment.

里斯卡说,随着互联网的使用在非洲推广,他的公司注意到所谓的钓鱼诈骗攻击有所增加,黑客似乎在测试讲英语和讲法语的国家测试自己的技能。钓鱼是指把危险的东西藏在看似无害的信息里的恶意软件。钓鱼软件是最受欢迎的网络攻击形式之一,虽然它们在很大程度上取决于攻击者是否编出让欺骗受害者打开链接或附件的信息。

He said that in the spear-phishing tests his company had found, attackers appeared to be testing their language, but did not include the actual malware in the link, what he described as the payload.

里斯卡表示,在他的公司发现的钓鱼软件测试中,攻击者似乎是在测试他们的语言能力,所给的链接中实际上并没有包括他称之为有效载荷的恶意软件。

“They save that payload for when they are going to actually launch their attack in whatever French- or English-speaking country they are after,” Mr. Liska said.

“他们把有效载荷留了下来,以便以后在对某个法语国或英语国发动攻击时用上,”里斯卡说。

Countries across Southeast Asia and the Middle East that have come online over the last decade have been tempting targets for hackers, said Chris Rock, an Australian security researcher and chief executive of the cybersecurity firm Kustodian.

在过去十年中陆续上网的东南亚和中东国家都已经成为对黑客有诱惑力的对象,克里斯·罗克(Chris Rock)说,他在澳大利亚研究网络安全,是网络安全公司Kustodian的首席执行官。

“They are a testing ground for different kinds of environments,” he said. “For hackers, they can be low-hanging fruit.”

“他们是不同环境的测试场所,”他说。“对于黑客来说,他们可能是低挂果实。”

Doing tests in a country that presumably has fewer defenses is a double-edged sword, Mr. Rock said. On one hand, attackers can hone their skills. On the other hand, they risk being discovered. Once a cybersecurity firm has the signature of an attack, it can build defenses against it, and spread those defenses among its clients.

罗克说,在一个假设防御力较小的国家进行测试是一把双刃剑。一方面,攻击者可以磨练他们的技能。另一方面,他们有被发现的风险。网络安全公司一旦发现攻击的特征,就可以对其进行防范,并将这些防御措施传播给其客户。

Mr. Rock said that if one target “has, actually, installed a good defense and you get caught, then you have wasted your time.”

罗克说,如果一个目标“其实安装了一个很好的防御软件,将你抓住了,那你就白费了自己的时间。”

“全文请访问纽约时报中文网,本文发表于纽约时报中文网(http://cn.nytimes.com),版权归纽约时报公司所有。任何单位及个人未经许可,不得擅自转载或翻译。订阅纽约时报中文网新闻电邮:http://nytcn.me/subscription/”

相关文章列表