安全意識(shí)淡漠,中國(guó)成網(wǎng)絡(luò)犯罪高發(fā)地
HONG KONG — In China, some of the most successful cyberthreats are frighteningly simple.
香港——在中國(guó),一些最成功的網(wǎng)絡(luò)詐騙通常都極其簡(jiǎn)單。
One recent viral mobile message offered free Golden Retriever puppies to lure users into giving away personal information. Another online scam took thousands from a woman who wired money to an impostor she thought was her son’s teacher.
最近出現(xiàn)的一條手機(jī)病毒短信聲稱(chēng)免費(fèi)贈(zèng)送金毛幼仔,從而誘使用戶提供個(gè)人信息。另一個(gè)網(wǎng)絡(luò)騙局則導(dǎo)致一名女性給謊稱(chēng)是兒子老師的騙子匯去了數(shù)千元。
A current favorite of Chinese cybercriminals, according to Pei Zhiyong, the senior security researcher of the antivirus company Qihoo 360 Technology, is to simply program malicious code that asks users to disable their antivirus software.
殺毒軟件公司奇虎360的高級(jí)安全研究員裴智勇表示,中國(guó)網(wǎng)絡(luò)罪犯目前最青睞的方式是,直接編寫(xiě)惡意代碼,讓用戶關(guān)閉殺毒軟件。
“It will say their security program is incompatible with whatever they’re trying to do,” he said. “We call it a ‘Candy Trojan Horse,’ and 30 percent of users will actually respond by turning off their antivirus system.”
“它會(huì)彈出一個(gè)提示窗,用很萌的口吻提示說(shuō),用戶電腦上正在運(yùn)行的安全軟件,與他們即將要啟動(dòng)的這個(gè)程序之間存在沖突,”他說(shuō)。“我們把這種病毒程序稱(chēng)之為‘賣(mài)萌木馬’,而30%的用戶會(huì)聽(tīng)從這個(gè)提示而關(guān)閉自己的防病毒系統(tǒng)。”
Over the last decade, the Internet has gone mainstream in China. More than 600 million residents regularly go online, and China is also the world’s largest smartphone market. And domestic companies like the Alibaba Group are among the largest Internet companies in the world.
在過(guò)去十年中,互聯(lián)網(wǎng)在中國(guó)流行開(kāi)來(lái),經(jīng)常上網(wǎng)的人口超過(guò)了六億。中國(guó)同時(shí)還是世界上最大的智能手機(jī)市場(chǎng)。阿里巴巴集團(tuán)等中國(guó)公司已經(jīng)躋身世界最大的互聯(lián)網(wǎng)企業(yè)之列。
In its early days, China’s Internet market was plagued by malware and viruses. Popular free antivirus software offered by many companies has since helped stem that problem, but has led to a new one: Many PC users have become so comfortable that they are now easy prey to attacks that involve simply tricking them, instead of having their accounts breached by complex software. At Chinese companies, experts say, awareness lags that of their counterparts in developed nations.
在發(fā)展的早期,中國(guó)的互聯(lián)網(wǎng)市場(chǎng)飽受惡意軟件及病毒的侵?jǐn)_。多家公司提供的廣受歡迎的免費(fèi)殺毒軟件幫助阻止了這一問(wèn)題的蔓延,但同時(shí)也帶來(lái)了一個(gè)新問(wèn)題:不少個(gè)人電腦用戶過(guò)于放松警惕,很容易成為攻擊目標(biāo),陷入簡(jiǎn)單騙局,根本不需要罪犯通過(guò)復(fù)雜的軟件來(lái)破解他們的賬戶。專(zhuān)家表示,中國(guó)企業(yè)的網(wǎng)絡(luò)安全意識(shí)也落后于發(fā)達(dá)國(guó)家。
In 2013, cybercrime cost Chinese companies and individuals $37 billion, according to a research report by the security firm Norton, putting the nation second behind the United States at $38 billion, and well ahead of the $13 billion that cybercrime cost Europe or the $1 billion for Russia.
網(wǎng)絡(luò)安全公司諾頓(Norton)發(fā)布的一份研究報(bào)告顯示,2013年,網(wǎng)絡(luò)犯罪給中國(guó)企業(yè)和個(gè)人造成了370億美元(約合2300億元人民幣)的損失,僅次于美國(guó)的380億美元,但遠(yuǎn)超歐洲的130億美元和俄羅斯的10億美元。
Security analysts offer many reasons for this, but top among them is the naïveté of China’s myriad new Internet users, as well as government policies that have emphasized the growth of the Internet industry above all else.
安全方面的分析人士對(duì)此給出了很多解釋?zhuān)渲凶钪饕脑蛟谟?,中?guó)無(wú)數(shù)的新網(wǎng)民還太不成熟,以及政府在互聯(lián)網(wǎng)行業(yè)方面的政策強(qiáng)調(diào)增長(zhǎng)高于一切。
At the same time, many businesses have no consistent approach to ensure employees do not inadvertently compromise corporate networks. Companies also are often reluctant to pay for security software.
與此同時(shí),很多企業(yè)沒(méi)有采取周密的舉措來(lái)防止員工無(wú)意間危害公司網(wǎng)絡(luò)。它們通常也不愿花錢(qián)來(lái)購(gòu)買(mǎi)安全軟件。
And the prevalence of pirated software in the country — and the back doors and other security holes in those programs — makes many businesses, and individuals, unwittingly vulnerable.
存在后門(mén)等安全漏洞的盜版軟件在中國(guó)非常盛行,使得很多公司及個(gè)人不知不覺(jué)中成為易受攻擊的目標(biāo)。
Beijing maintains strict control of the flow of information online and closely tracks many users. But it has focused far less on stopping cybercrime or punishing companies that enable or encourage attacks. As a result, China’s companies tend to focus on attracting users above all else, and therefore a consensus among Chinese Internet companies on mitigating attacks has been slow to emerge.
政府一直在嚴(yán)格控制網(wǎng)絡(luò)信息的傳播,并且密切跟蹤不少用戶的活動(dòng),但不太關(guān)注如何阻止網(wǎng)絡(luò)犯罪,以及懲罰允許或鼓勵(lì)攻擊活動(dòng)的公司。結(jié)果,中國(guó)企業(yè)往往將吸引用戶當(dāng)做首要任務(wù),因此國(guó)內(nèi)的互聯(lián)網(wǎng)公司遲遲沒(méi)有就降低受攻擊的風(fēng)險(xiǎn)達(dá)成一致。
“The Internet companies assume everyone is going to play dirty, so that’s how they approach it,” said Mark Natkin, managing director of China tech research firm Marbridge Consulting. “The Dudley Do-Rights get chopped off at the knees, so instead of trying to clean things up, they get scrappy.”
“互聯(lián)網(wǎng)企業(yè)默認(rèn)大家都會(huì)使用骯臟的手段,這就是他們的態(tài)度,”中國(guó)科技業(yè)調(diào)研公司邁博瑞咨詢(xún)的執(zhí)行董事馬克·納特金(Mark Natkin)說(shuō)。“傻乎乎照章辦事的會(huì)死得很難看,所以他們不去設(shè)法整治,而是全都變得好斗起來(lái)。”
Things could get worse for China as new users take to the web on smartphones. According to the Norton report, 75 percent of Chinese smartphone users have experienced mobile cybercrime in the 12 months leading up to the 2013 survey, compared with a global average of just 38 percent.
隨著新一代用戶開(kāi)始利用智能手機(jī)上網(wǎng),情況可能會(huì)變得更糟。諾頓的報(bào)告顯示,中國(guó)75%的智能手機(jī)用戶在過(guò)去12個(gè)月中遭遇過(guò)手機(jī)網(wǎng)絡(luò)犯罪,而全球平均水平僅為38%。
A 2013 study by the Data Center of China’s Internet showed that 35 percent of China’s most popular 1,400 apps tracked user data that had no connection to the function of the application.
DCCI互聯(lián)網(wǎng)數(shù)據(jù)中心2013年的一項(xiàng)研究表明,在中國(guó)最受歡迎的1400個(gè)應(yīng)用中,有35%都會(huì)追蹤與應(yīng)用的功能無(wú)關(guān)的用戶數(shù)據(jù)。
When customers then bring their phones into work, the situation becomes dangerous for companies as well, Mr. Sentonas said.
森托納斯說(shuō),當(dāng)用戶使用手機(jī)工作時(shí),他們的公司也會(huì)陷入危險(xiǎn)。
The huge cost of attacks on companies has led to growing awareness among executives, though analysts say many companies still lack a high-level executive charged with security. Efforts by companies to ensure that employees do not inadvertently compromise corporate networks have ranged from negligence to draconian measures, according to Thomas Parenty, the head of the information security firm Parenty Consulting.
網(wǎng)絡(luò)攻擊給企業(yè)造成的巨大損失提高了高管們的警覺(jué)性,但分析人士表示,許多公司仍然缺乏負(fù)責(zé)網(wǎng)絡(luò)安全的高層管理人員。信息安全公司帕朗蒂咨詢(xún) (Parenty Consulting)的負(fù)責(zé)人托馬斯·帕朗蒂(Thomas Parenty)稱(chēng),為了防止員工不小心使公司網(wǎng)絡(luò)陷入危險(xiǎn),企業(yè)的應(yīng)對(duì)五花八門(mén),有些采取了嚴(yán)厲措施,另有一些則顯得粗心大意。
In one instance, Mr. Parenty recalled how a manager of a Shenzhen company set up employee computers so they all faced the front of the room. He then set up his desk on a raised dais at the back of the room, giving him a view of employees’ screens so he could track online activity.
帕朗蒂一直記得深圳一家公司的經(jīng)理的做法。這位經(jīng)理規(guī)定了工作人員電腦的位置,讓它們?nèi)紝?duì)著房間的前面。然后,他把自己的辦公桌放在房間后部的一座高臺(tái)上,這樣就能看到所有員工的屏幕,知道他們?cè)诰W(wǎng)上干什么。
“It was like Oliver Twist,” he said.
“就跟《霧都孤兒》(Oliver Twist)似的,”他說(shuō)。
At times, it is company policy, not employees, that leads to problems. Many Chinese companies have a tendency to spurn costly software, instead opting to use pirated copies of programs like Microsoft Windows and Adobe Photoshop, leaving them open to security holes in the software. There are many companies and organizations that use entirely unpaid-for copies of Windows, Mr. Parenty said.
有時(shí)候,問(wèn)題出在公司政策方面,而非員工身上。很多中國(guó)企業(yè)會(huì)放棄昂貴的軟件,而采用盜版的微軟Windows和Adobe Photoshop,使公司暴露在這些盜版軟件的安全漏洞面前。帕朗蒂稱(chēng),不少企業(yè)和機(jī)構(gòu)上上下下全部使用不花錢(qián)的Windows盜版。
At one organization Mr. Parenty said he discovered that “each employee computer’s disk was entirely full of bootleg software and downloaded movies.” His firm “had to strip each desktop to the bare metal and then buy legitimate software and put in controls so they couldn’t just download pirated copies of everything Adobe has ever made,” he said.
帕朗蒂表示,他在一家機(jī)構(gòu)發(fā)現(xiàn),“每臺(tái)員工電腦的硬盤(pán)里都裝滿了盜版軟件和下載的電影。”他的公司“不得不把每臺(tái)機(jī)器清理得什么都不剩,然后購(gòu)買(mǎi)正版軟件并安裝控制程序,這樣他們就無(wú)法下載各種Adobe產(chǎn)品的盜版了。”
To keep employees happy, he then set up a “tea break computer” not connected to the company’s network, where workers could sign onto popular Chinese chat, gaming and social media programs.
為了讓員工開(kāi)心,他隨后設(shè)置了一臺(tái)未連入公司網(wǎng)絡(luò)的“茶歇電腦”,讓他們可以用來(lái)使用中國(guó)流行的聊天、游戲和社交媒體程序。
Recognizing that few companies will spend for security software, the most successful security firms in China offer software free. One of China’s largest antivirus companies, Qihoo 360, provides a suite of antivirus programs without charge, making money on advertisements and other promotions it pipes through its products.
由于意識(shí)到很少有企業(yè)愿意花錢(qián)購(gòu)買(mǎi)安全軟件,中國(guó)最成功的網(wǎng)絡(luò)安全公司都在免費(fèi)提供軟件。奇虎360是中國(guó)最大的反病毒公司之一,它就是免費(fèi)提供一整套殺毒程序,然后通過(guò)產(chǎn)品附帶的廣告等促銷(xiāo)手段來(lái)賺錢(qián)。
The company had 495 million monthly active users for its PC-based products in September, according to the company’s recent earnings report. Still, analysts argue it has more vulnerabilities than most purchased services and isn’t ideal for protecting companies.
奇虎360最近的盈利報(bào)告表明,9月,公司旗下適用于個(gè)人電腦的產(chǎn)品擁有4.95億的月活躍用戶。不過(guò),分析人士認(rèn)為,它的漏洞還是要比大多數(shù)需要花錢(qián)購(gòu)買(mǎi)的服務(wù)更多,對(duì)于保護(hù)企業(yè)而言并不理想。