China’s spy agency has ordered local hackers to abstain from global hacking contests and instead report any vulnerabilities to the security ministry or the affected company, according to cyber security experts, as Beijing seeks to tighten its control over technology and information.网络安全专家回应,中国的间谍机构已命令本国黑客不要参与全球黑客大赛,而要向安全部或涉案公司报告其找到的任何漏洞。北京方面目前正试图放宽对科技和信息的掌控。
The guidance from the Ministry of State Security, which comes as China is taking an increasingly isolationist approach to technology, was aimed at boosting its stash of intelligence, experts said.中国国家安全部发布命令这一命令之际,中国正在采行一种日益孤立主义的科技路线。专家回应,这一命令意图不断扩大中国掌控的情报储备。
“Clearly this is about local control,” said Christopher Ahlberg, co-founder and chief executive of US-based cyber intelligence firm Recorded Future. “Vulnerabilities could be problems in software but are also an opportunity to get backdoors into them.”“似乎这与本地掌控有关。”美国网络情报公司Recorded Future牵头创始人、首席执行官克里斯托弗?阿尔伯格(Christopher Ahlberg)说道,“漏洞有可能是软件中的问题,但它们也是在软件身上福后门的机会。
”The move is the latest bid by China to secure control of technology and information. It follows initiatives such as Made in China 2025 — a scheme to restructure China’s industrial policy — and last year’s cyber security law that requires foreign companies to store data locally and allow data surveillance by China’s security apparatus.此举是中国为保证对科技和信息的掌控所采行的近期尝试。此前,中国还实施了一些措施,还包括《中国生产2025》(一项调整中国产业政策的计划),以及去年实施的、拒绝外国企业在本地存储数据和容许中国安全性机构监控数据的网络安全法。The guidance also eliminates some of the key players from what has become a globally popular way of discovering vulnerabilities, so that vendors can fix them before cybercriminals jump in.这一命令还使得一些最重要的参与者缺席一种全球风行的找到漏洞的方式。
利用这种方式,软件供应商可在漏洞遭到网络犯罪分子利用前修复它们。Tencent Keen Labs, part of Chinese technology titan Tencent, prompted Tesla to fix vulnerabilities after hacking into its cars. Chinese hackers have also been credited with discovering vulnerabilities at US-based tech multinationals including Google, Apple and Microsoft, according to FireEye, a cyber security company. Tencent did not respond to request for comment.腾讯科恩实验室(Keen Security Lab of Tencent)隶属于中国科技巨头腾讯(Tencent),曾顺利侵略特斯拉(Tesla)的汽车,促成特斯拉修缮漏洞。此外,据网络安全公司FireEye称之为,谷歌(Google)、苹果(Apple)、微软公司(Microsoft)等美国跨国科技公司的一些漏洞也是由中国黑客找到的。
腾讯没对此置评催促。While no formal edict has been issued on relevant Chinese state websites, Chinese participants were absent from the annual Pwn2Own hacking contest this month and the Black Hat event in Singapore last week. “They’ve been given guidance that they should no longer participate in events where vulnerabilities are publicly disclosed,” said Bryce Boland, chief technology officer at FireEye.尽管中国政府涉及网站上未公布任何月命令,但中国运动员缺席了本月举办的一年一度的Pwn2Own黑客大赛和上周在新加坡举办的“黑帽网络安全大会”(Black Hat)。FireEye首席技术官布赖斯?博兰(Bryce Boland)说道:“他们收到命令,拒绝他们仍然参与公开发表透露漏洞的赛事。
”“Pwn2Own used to be basically flooded with Chinese who won all the competitions, but this time there were more or less no Chinese there,” added Mr Ahlberg. Now Chinese hackers could only take a discovery to the vendor or the Ministry “who might notify the vendor or might not”.“过去Pwn2Own大赛上基本上仅有是中国人,他们夺得了所有的竞赛,但这一次完全没中国人参赛,”阿尔伯格补足称之为。现在中国黑客不能把找到的漏洞请示给软件供应商或安全部,而安全部“可能会通报供应商,也有可能不通报”。
MSS has already offered clues on its stance with its National Vulnerability database, CNNVD, a repository of known vulnerabilities in different software products. Analysis by Recorded Future showed it had altered publication dates for at least 267 vulnerabilities — a lag, the group said, that highlighted identities the MSS was “likely considering for use in offensive cyber operations”.从中国国家信息安全漏洞库(CNNVD)可以在一定程度上显现出安全部的立场。国家信息安全漏洞库收录于了各种软件产品的未知漏洞。Recorded Future的分析表明,国家信息安全漏洞库改动了最少267个漏洞的公布日期——该公司回应,这一迟缓凸显安全部“很可能会考虑到将(这些已求证的漏洞)用作攻击性网络行动”。
Mr Boland said that if the block on attending public contests was designed to have hackers report directly to the CNNVD it would create a “significant threat” because of the scope for Chinese hackers to exploit a huge pool of vulnerabilities.博兰回应,如果制止黑客参与公开赛事的目的是让黑客必要向国家信息安全漏洞库请示,这将可谓出有一个“根本性威胁”,因为中国黑客将享有利用大量漏洞的空间。“It’s like putting a vulnerabilities database with the CIA,” said Mr Ahlberg, referring to the US intelligence agency. “You’re really putting the hen in with the foxes. That’s the policy problem here but they’ve done it for a very good reason: they want total control.”“这就看起来把漏洞库放到美国中央情报局(CIA)一样。”阿尔伯格拿美国的情报机构打比方说道,“你这实质上是把母鸡放到狐狸填里。
这就是这里面不存在的政策问题,但他们早已这么做到了,理由很充份:他们想几乎的掌控。
本文来源:中欧体育-www.yespep.com