黑客图伯特(西藏)
欢迎来到达兰萨拉:中国网络战的焦点
原文:Hack Tibet--Welcome to Dharamsala, ground zero in China's cyberwar.
作者:Jonanthan Kaiman 发表于2013年12月4日
译者:推友 @yuhui926 译于2013年12月11日
来源:美国外交政策(Foreign Policy)
http://www.foreignpolicy.com/articles/2013/12/04/hack_tibet_china_cyberwar
中文转自:http://woeser.middle-way.net/2013/12/blog-post_12.html
达兰萨拉,印度—洛桑西绕嘉措(Lobsang Gyatso Sither)坐在一所图伯特学校礼堂的前面,来自他幻灯演示(PPT)的矩形光线微弱地照亮了他面前的数排学生。“除非你知道会收到附件,否则绝不要打开,”西绕说。学生们点头。讲台上挂着达赖喇嘛的肖像,肖像四周由摇曳的电子蜡烛围着;一只流浪犬在人群后漫步。“绝不要把密码给任何人,”西绕说,并点击下一张幻灯片,上面讲解了使用陌生U盘的危险。“中国政府或其他人可能会控制你的电脑。”
欢迎来到达兰萨拉,它的人口两万,是世界上被黑客入侵频率最高的地区之一。小城位于印度喜马拉雅郁郁葱葱的山麓,是图伯特流亡精神领袖达赖喇嘛的居住之处。那里也是CTA即“藏人行政中央”(之前称作“西藏流亡政府”),以及众多图伯特媒体机构和非政府组织的所在地,其中有一些非政府组织被中国政府划入恐怖团体。1959年,在共产党军队暴力镇压拉萨(如今中国西部的西藏自治区的首府)的一次起义后,达赖喇嘛逃到这里。印度热情接受了达赖喇嘛,作为(印度本国)多元宗教的标志,而成千上万的图伯特人跟随而至。根据2009年的一次统计,大约有十三万图伯特人流亡异乡,而达兰萨拉是他们所拥有的最接近政治首都的地方。
这座小城有着古老的气氛。人们的居所紧贴着穿过雪松密林的险峻山路;猕猴们在屋顶上昂首阔步。然而这小城也在朝着未来谨慎地变化与前行。电脑已经变得无处不在了。路边咖啡馆提供双倍意式浓缩咖啡与无线网络服务(密码普遍是“解放图伯特”与“独立”)。年轻的图伯特人抢购苹果手机,这款手机和市场上同类竞争产品的不同之处是它提供了图伯特语言(藏语)的键盘选项。
这座小城的图伯特社区与境内图伯特之间的交流变得前所未有的方便。然而给故乡拨打电话的风险也从未如此之高。“假如我们不使用通信安全通道,在境内图伯特的族人有可能会被指控因为向境外发送敏感信息而遭到起诉,”西绕说,他是图伯特行动中心的现场协调人,该中心总部设在纽约,资助教育项目并向活动人士提供安全通讯系统的训练。
在达兰萨拉既无处不在又无迹可寻的中国政府,以近乎无法被检测和难以追踪的手段设置恶意软件、拦截信息。藏人行政中央的中文网站在八月遭黑客袭击。在图伯特社区内的每个人都是目标,上至达赖喇嘛的办公室,下至任何一个使用智能手机的难民都不例外。
11月初,中共西藏自治区党委书记陈全国提出了一系列要让达赖喇嘛在图伯特“消声”的措施,包括对网络交流的控制打压。“努力实现……敌对势力和十四世达赖集团的声音形象听不到、看不到,” 他在共产党的领导刊物《求是》中这样写。
一种残酷的,有着几百年历史的古老抗议形式已经在图伯特兴起,北京同时采取了严酷高压与高科技的策略镇压动乱。自2009年2月始,至少有120多位图伯特人在喜马拉雅地区自焚以抗议中国的统治,当中有男有女,有长有幼,有僧有俗。中国当局对此暴力回应,部署军队,切断电话线,强迫僧人们经受严酷的“爱国主义教育”运动。他们将自焚事件归咎于“敌对外国势力”的煽动——主要是指达兰萨拉,当地的支持团体收集激烈的资费抗议信息并将信息传播到国外。专家们认为黑客袭击事件也许是详尽策划行动的一部分:为的是识别潜在抗议者,以图先发制人。
专家说,针对达兰萨拉的网络攻击中,很少是专门以监控或控制城市网络和基础设备为目标。最常见的网络攻击是鱼叉式网络钓鱼攻击:图伯特人,特别是那些为藏人行政中央或倾向独立组织工作的人说他们频繁收到声称是朋友或联系人的奇怪邮件。这些邮件通常包含附件,一旦下载,使用者电脑便会感染恶意软件,使得黑客可以远程控制系统。电脑本质上被共享了;关键词被记录,密码被保存,联系人被下载。一切都被入侵了。
藏人行政中央司政的前顾问吾嘎仓•格桑多杰(Kelsang Aukatsang),仍记得他意识到被黑客入侵时的震惊。2012年7月,吾嘎仓发送了一封电子邮件给美国参议员安排其与司政洛桑森格的会面。第二天早上,美国参议员接到了来自驻华盛顿中国大使馆的意外电话,力劝她不要参加。会面最终根据约定进行。“但更重要的是他们知道了这件事——交流信息被截获了,”吾嘎仓说。“你想知道为了感到安全还有什么是可以做的。那是一种切实的危机感,一种受到监视的感觉。”
图伯特流亡政府一半以上的电脑都含有某种恶意软件,新闻官员次仁旺久(Tsering Wangchuk)推测藏人行政中央一半以上的电脑都含有某种恶意软件,“达兰萨拉的多数重要电脑都被入侵了,”他说。13位政府技术人员花费大量时间,仅仅只是检查硬盘,寻找并删除恶意代码。“他们一直在警觉地追着我们,” 另一位要求匿名的政府职员说。“假如十万次尝试中他们成功了一次,他们便会乘此机会掠夺一切可能的信息。”
网络安全专家称此为“高级持续威胁”(APT)——一场有目的而持续的网络攻击,这种攻击需要动用个人黑客们普遍不具备的资源。“达兰萨拉的确是高级持续威胁的焦点,”Greg Walton说,他是牛津大学网络安全博士培养中心的博士候选人。Walton在2008年来到达兰萨拉,并帮助达赖喇嘛的私人办公室更好地明白是谁一直在入侵电脑系统。他的团队发现犯罪者是一个影子黑客团体,这个团体因其一系列的网络干扰行动被美国调查者们冠名“拜占庭冥神”。根据维基解密公布的美国国务院一份电报,这个团体与中国人民解放军(中国的军队)当中一个以中国西南的城市-成都为基地的部门有关联。
Walton说,许多设在达兰萨拉的图伯特非政府组织,都曾经被闻名于入侵西方公司、军商和政府部门的网络团体袭击。其中被美国麦迪安网络安全公司代号为“APT1”的团体,是一个附属于中国军队的精英网络间谍组织。另一个团体被网络安全公司赛门铁克公司予以代号“Nitro”, 据传曾在2011年盗窃全球大化学公司的秘密文件。“最悲观的看法是,流亡的图伯特人能做的微乎其微,因为他们资源贫瘠,”Walton说。“假如实际情况是连美国国务院五角大楼都被相同的网络团体所攻击,那么喜马拉雅山麓的难民们有什么解决这个问题的希望呢?”他描述来自中国的“高级持续威胁”(APT))策略如同汇集 “千粒沙,” 当中的一些信息,无论多小,都将是具有战略价值的。
也许对图伯特的网络安全更有害的威胁来自微信——一个包括Instagram, Skype和 Facebook特点的中国智能手机应用程序。其用户超过五亿,其中一亿在中国境外;作为难民联系家人的简捷方式,它近几年在达兰萨拉极为流行。“我这里所有的朋友都用微信,” 一位穿越喜马拉雅山脉逃到印度的22岁难民扎西朗杰(Tashi Nangyal)说。“因为在境内的图伯特族人们都在使用微信,我们没有想过使用别的。”
微信程序由总部在深圳的互联网帝国腾讯研发,如同中国所有的大网络公司,据传言,它和国家领导层有着密切的关系。“从图伯特公民社会的观点来看,微信本身就是一个恶意软件,非常恶毒的,”Walton说。“所有信息流量都通过上海,想必是导向了中国版的棱镜,”他补充,提到由爱德华·斯诺登揭露的美国国家安全局的高级机密监控程序。声援组织报道这个夏天,有两位西藏僧人因在微信上发布自焚者照片而被逮捕。其中一人被判处六年监禁;另一个很有可能将终身监禁。腾讯对此未有任何回应。
近几年,在达兰萨拉短期工作成了网络安全专家研究鲜为人知的网络攻击方式的热门途径,来自伯明翰大学的计算机科学家Shishir Nagaraja说,他曾协助达赖喇嘛的私人办公室。“你不需要花钱请人做这些事。剑桥一些头脑最聪明的人会很乐意为图伯特的网络自由权利与安全做出贡献,”他说。许多是年轻的、被工作的新奇所吸引的左倾理想主义者。然而“这是非常短暂的安排,”他说。大多数人只待两到三年,而中国的黑客攻击不会停止。
“我们十分脆弱,”总部在达兰萨拉的西藏之声主编丹增帕顿(Tenzin Paldon)说,西藏之声是一个通过短波播放图伯特新闻到中国的电台。帕顿的个人邮箱被黑客入侵;电台网站频繁遭到黑客攻击多次被瘫痪。然而帕顿拒绝被吓到。假如图伯特人继续自焚,她说,她将持续报道他们的故事。“我认为把这些人做了什么,并且为什么做这些事传给外面的世界是我们的责任。”
与此同时,达兰萨拉的图伯特社区开始形成初步的防御措施。在三月,网络激进分子推出了一个叫“牦牛聊”(YakChat)的安全可靠的图伯特语信息应用程序。图伯特流亡政府近期获得了一笔资金用于铺设新电缆,更新服务器和训练新员工,消息人士说,固然相关细节都不会透露。
“我们现在尝试做的是为图伯特人提供更多成为网络安全专家的机会,”牛津大学研究人员Walton说。在西绕举行讲座的图伯特儿童村校园中,许多学生將会参加支持非政府组织的活动;一些人将加入藏人行政中央。他们大多数都是第一次学习有关网络安全的知识,而专家希望课程会产生影响。“这是一个逐步的过程,教会人们保护隐私。互联网在他们生活中是一件相当新的事物,”学校电脑课程的领导平措多吉(Phuntsok Dorje)说。
西绕结束幻灯演示的时候,已接近黄昏,学生们陆续走出礼堂,走进清凉、潮湿的雨季空气中。22岁的难民朗杰说,学生不允许在校园携带手机,他只能在假期联系家人。讲座使他开始反思。“我之前会在微信上谈论尊者达赖喇嘛,”他皱着眉说。我问他现在是否理解中国有可能会窃听。他说,他也许会下载韩国的通信应用,要让他的交流信息的通讯更难以被追踪。或者,今后他将更谨慎小心地说话。
__________________________
Hack Tibet
Welcome to Dharamsala, ground zero in China's cyberwar.
BY JONATHAN KAIMAN DECEMBER 4, 2013
DHARAMSALA, India — Lobsang Gyatso Sither sits at the front of a Tibetan school auditorium, the bright rectangle of his PowerPoint presentation dimly illuminating the first few rows of students before him. "Never open attachments unless you are expecting them," Sither says. The students nod. A portrait of the Dalai Lama hangs above the stage, framed by flickering electronic candles; a stray dog ambles behind the crowd. "Never give anyone else your passwords," Sither says, clicking to a new slide, which explains the dangers of using an unfamiliar thumb drive. "The Chinese government or others could take control of your computer."
Welcome to Dharamsala, population 20,000 and one of the most hacked places in the world. This small city in India's lush Himalayan foothills is home to the Dalai Lama, the exiled Tibetan spiritual leader; the Central Tibetan Administration, or CTA (formerly called the Tibetan government in exile); and a host of Tibetan media outlets and nongovernmental organizations, some of which the Chinese government classifies as terrorist groups. The Dalai Lama fled here in 1959 after communist troops violently suppressed an uprising in Lhasa, now the capital of western China's Tibetan Autonomous Region. India embraced the Dalai Lama as a token of religious diversity, and tens of thousands of refugees followed suit. About 130,000 Tibetans live in exile, according to a 2009 census; Dharamsala is the closest thing they have to a political capital.
The city has an ancient feel. Homes cling to precipitous mountain roads that weave through dense cedar forests; macaque monkeys prance among the rooftops. Yet it is changing, moving cautiously into the future. Computers have become ubiquitous. Roadside cafes offer double espressos and wireless Internet (common passwords include "FreeTibet" and "Independence"). Young Tibetans are snapping up iPhones, which, unlike competing devices, offer the option of a Tibetan-language keyboard.
Communication between the city's Tibetan community and Tibet itself is easier than it has ever been. Yet the risk of dialing home has never been greater. "If we don't use secure lines of communication, Tibetans in Tibet could be prosecuted" for sending sensitive information abroad, says Sither, a field coordinator for the Tibet Action Institute, a New York-based nonprofit that sponsors education initiatives and trains activists on secure communications systems.
The Chinese government is everywhere and nowhere in Dharamsala, planting malware and intercepting messages in ways that are nearly undetectable and difficult to trace. The CTA's Chinese-language website was hacked in August. Everyone within the Tibetan community is a target, from the Dalai Lama's advisors to any smartphone-wielding refugee.
In early November, Tibet's Communist Party chief, Chen Quanguo, proposed a raft of measures to stamp out the Dalai Lama's voice in Tibet, including clamping down on online communications. "Work hard to ensure … that the voice and image of the enemy forces and the Dalai clique are neither seen nor heard," he wrote in Qiushi, a leading party journal.
A brutal, centuries-old form of protest has caught fire in Tibet, and Beijing is resorting to tactics both heavy-handed and high-tech to quell the unrest. Since February 2009, at least 120 Tibetans in the Himalayan region have self-immolated to protest Chinese rule -- men and women, old and young, monks and lay people. Chinese authorities have responded violently, deploying troops, cutting phone lines, and forcing monks to undergo draconian "patriotic education" programs. They blame "hostile foreign forces" for inciting the immolations -- mainly from Dharamsala, where advocacy groups gather information about the fiery protests and distribute that information abroad. Experts say that the hacks may be part of an elaborate campaign to identify possible protests and preempt them.
Few cyberattacks on Dharamsala are strategically tailored to monitor or control the city's network infrastructure, say experts. The most common attacks are spearphishing attempts: Tibetans, especially those working for the CTA or pro-independence organizations, say they frequently receive strange emails purporting to be from friends or associates. They often contain attachments that, once downloaded, infect the user's computer with malware, allowing a hacker to operate the system remotely. The computer essentially becomes shared; keystrokes are recorded, passwords saved, contacts downloaded. Everything is compromised.
Kelsang Aukatsang, a former advisor to the Tibetan prime minister in exile, remembers the shock of realizing that he'd been hacked. In July 2012, Aukatsang sent an email to a U.S. senator to arrange a meeting for the prime minister, Lobsang Sangay. The following morning, the senator received a surprise call from the Chinese Embassy in Washington, urging her not to attend. The meeting ultimately proceeded as planned. "But the bigger point is that they knew -- that exchange got intercepted," Aukatsang said. "You wonder what more you can do to feel safe. There's a real sense of being at risk, of being watched."
MORE THAN HALF THE CTA'S COMPUTERS contain some sort of malware, estimates the government in exile's press officer, Tsering Wangchuk. "Most of the key computers in our city, in Dharamsala, are in some way compromised," he says. The administration's technical staff of 13 spends much of its time simply trawling through hard disks, finding and eliminating malicious code. "They go after us all the time, diligently," said another administration employee who requested anonymity. "If with every 100,000 attempts they have one success, they use that one success to exploit everything that they can."
Cybersecurity experts call this "advanced persistent threat" (APT) -- a constant onslaught of targeted attacks requiring resources that are normally unavailable to individual hackers. "Dharamsala is ground zero for advanced persistent threat, really," says Greg Walton, a doctoral candidate at Oxford University's Center for Doctoral Training in Cyber Security. Walton traveled to Dharamsala in 2008 to help the Dalai Lama's private office better understand what, and who, had been compromising its systems. His team discovered that the most likely culprit was a shadowy hacker group responsible for a series of network intrusions that American investigators had dubbed "Byzantine Hades." The group, according to U.S. State Department cables released by WikiLeaks, had ties to a unit of the People's Liberation Army, China's military, based in the southwestern Chinese city of Chengdu.
Many Dharamsala-based Tibetan NGOs, Walton says, have been attacked by groups that are better known for infiltrating Western corporations, military contractors, and government agencies. One, dubbed "APT1" by cybersecurity firm Mandiant, is an elite cyber-espionage outfit affiliated with the Chinese military. Another group is a corporate espionage unit that allegedly stole secret documents and formulas from major global chemical companies in 2011 in an attack campaign dubbed "Nitro" by computer security firm Symantec. "In the most pessimistic light, there's very little that the Tibetans can do in exile, because they're so underresourced," says Walton. "If you have a situation where the State Department or the Pentagon is being compromised by the same groups, what hope do refugees in the foothills of the Himalayas have to deal with that problem?" He describes China's APT strategy as gathering "a thousand grains of sand," hoping that some piece of information, no matter how small, will bear strategic value.
PERHAPS AN EVEN MORE PERNICIOUS THREAT to Tibetan cybersecurity is WeChat, a Chinese smartphone app that combines features from Instagram, Skype, and Facebook. The program has more than 500 million users, with 100 million of them outside China; its popularity has exploded in Dharamsala over the past few years as an easy way for refugees to contact relatives back home. "All of my friends here use WeChat," says Tashi Nangyal, a 22-year-old Tibetan refugee who fled to India on foot across the Himalayas. "Since Tibetans inside Tibet are all using WeChat, we don't think of using any alternatives."
The program was developed by Tencent, a Shenzhen-based Internet empire that, like all major Chinese Internet companies, is rumored to enjoy close ties to the country's leadership. "From Tibetan civil society's point of view, WeChat is itself malware -- it's malicious," says Walton. "All of the traffic is being channeled through Shanghai. It's presumably being piped into China's equivalent of PRISM," he adds, referring to the U.S. National Security Agency's top-secret surveillance program, which was exposed by leaker Edward Snowden. Advocacy groups reported this summer that two monks in Tibetan areas of China were arrested after posting pictures of self-immolation protests to WeChat. One received a six-year prison sentence; the other will likely spend the rest of his life in jail. Tencent did not reply to a request for comment.
In recent years, short stints in Dharamsala have become a popular way for security experts to analyze little-known cyberattacks, says Shishir Nagaraja, a computer scientist at the University of Birmingham who has also aided the Dalai Lama's private office. "You don't have to pay people for this stuff. Some of the brightest minds at Cambridge will be more than happy to contribute to securing the Tibetans' Internet freedom rights," he says. Many are young, left-leaning idealists who are attracted by the novelty of the job. Yet "it's a very temporary arrangement," he said. Most stay for only two or three years, while China's hacking never ends.
"We are very vulnerable," says Tenzin Paldon, the Dharamsala-based editor in chief of Voice of Tibet, a radio station that broadcasts Tibet news into China via shortwave radio. Paldon's personal email account has been hacked; the broadcaster's website has been crippled repeatedly. Yet Paldon refuses to be cowed. If Tibetans continue to self-immolate, she says, she will continue to report their stories. "I think it's our duty to spread the word about what these people did, and why they're doing it, to the outside world."
Meanwhile, Dharamsala's Tibetan community has formed an incipient defense. In March, cyberactivists launched a secure Tibetan-language messaging application called YakChat. And the Tibetan government in exile recently procured a grant to lay new cables, update its servers, and train new staff, sources say, though they're keeping the details under wraps.
"What we're trying to do now is provide more opportunities for Tibetans themselves to become experts in cybersecurity," says Walton, the Oxford researcher. Many students at the Tibetan Children's Village, the leafy school campus where Sither gave his presentation, will go on to work in advocacy NGOs; some will join the CTA. Most are learning about cybersecurity for the first time, and experts hope that the lessons will resonate. "It's a gradual process, teaching people to guard their privacy. The Internet is quite a new thing in their lives," said Phuntsok Dorje, the head of the school's computer program.
IT'S TWILIGHT BY THE TIME SITHER FINISHES his PowerPoint presentation, and the students file out of the auditorium and into the cool, damp air of the rainy season. Nangyal, the 22-year-old refugee, says that students are not allowed to keep phones on campus and that he can only contact his family on holidays. The assembly has made him reflective. "I used to talk about His Holiness the Dalai Lama on WeChat," he says, his brow furrowed. I ask him whether he now understands that the Chinese may be listening in. Maybe he'll download a Korean messaging app, he offers, to make his communications less traceable. Or maybe, from now on, he'll just be more careful about what he says.
沒有留言:
張貼留言
注意:只有此網誌的成員可以留言。