黑客面面观

    最近美国接连曝出大公司和政府机构网站被“黑”的消息，让人感觉我们似乎已经被卷入了一场网络战争。最近几周，花旗集团（Citigroup）、索尼（Sony）和国际货币基金组织（IMF）的网站相继被黑。而就在上周三，美国中情局（CIA）网站也遭到了黑客的攻击。

    正如IT服务提供商BT公司的首席安全技术官、网络安全专家布鲁斯·施奈德指出的那样，黑客的确无处不在。虽然近期网络攻击事件频发，但对于黑客界来说，这些攻击只不过是家常便饭。施奈德表示：“这就是黑客行为，几十年来一贯如此。”

    施奈德说，老百姓们可能以为,黑客就是像莉丝贝·莎兰德（瑞典作家斯蒂格·拉赫松的惊悚小说《千禧年》三部曲中的女主角——译注）那样的电脑天才，整天到全球各大主要网络里黑来黑去，如入无人之境。但事实上，黑客生活远远没有那么刺激。不过黑客圈子生态环境很微妙，也很难梳理。黑客的队伍十分庞大，既有在自家地下室里搞搞小破坏的电脑怪才，也包括有组织的国家政府部门。黑客究竟在做些什么？他们的行事方式如何？这两个问题往往是人们心中的疑团。不过全球每天都有许多行为被归入“黑客侵入”这柄大伞之下。

独行侠

    人们当黑客的根本原因是为了消遣。施奈德指出：“大部分黑客只是普通人。”这意味着他们本身并不属于某个黑客网络，一般只是通过聊天室和在线论坛进行联系。“他们只是一些四处捣乱的普通人。”

    这类黑客中的某些人最终投向了企业的怀抱。例如Linux操作系统的核心组件程序是莱纳斯·托瓦兹写出来的，他一度曾是黑客界高山仰止的人物，甚至还与人合写了一本书，名字就叫《黑客的道德准则》（The Hacker Ethic），该书已于2001年出版。另一位知名度颇高的黑客是苹果（Apple）的共同创始人史蒂夫·沃兹尼亚克，他公开坦承自己早年在加州大学伯克利分校(UC Berkeley)学习期间，曾经制作并销售过能够侵入电话网络免费打电话的设备。

“黑客主义”

    还有一类黑客专门以获得曝光率为目的。这类黑客出现得相对较晚。哈佛大学伯克曼互联网与社会中心（Berkman Center for Internet and Society）研究员伊桑·扎克曼表示，这类黑客一般都是具有某种政治动机的团体，而他们所进行的黑客攻击，“实际目的是要获得媒体曝光率”。

    其中最出名的黑客团体之一叫作“匿名”（Anonymous）。这是一个松散的黑客网络，经常组织起来对某些网站进行攻击，有时是为了好玩，有时则是为了某些政治目的。通常这个团体会对目标发动一次“阻断服务”（DdoS）攻击，目的是要使某个特定网站瘫痪。“匿名”已经进行了好几次这样的攻击，其中最著名的一次当属2008年对山达基教会（Church of Scientology）网站的攻击。黑客们网上网下两线作战，既发动了阻断服务攻击，又组织其成员戴着面具进行抗议示威。最近，“匿名”还在Youtube上发了一个警告视频，称要对美联储（the Federal Reserve）进行攻击，要求美联储主席本·伯南克下台。不过到目前为止，还没有任何一个美联储的网站被“黑”掉。

    另一个叫LulzSec的黑客团体最近也曝出新闻。本周三该组织攻击了美国中央情报局的公共网站cia.gov，导致该网站暂时关闭。LulzSec还宣称对美国公共广播公司（PBS）、福克斯电视台（Fox）和索尼的被“黑”负责。标枪战略研究公司（Javelin Strategy & Research）的高级安全性分析师菲尔·布兰克表示，LulzSec之所以要攻击索尼，仅仅是为了证明索尼的网络安全性低得可怜，而且他们成功了。布兰克说：“这是一次非常基本、非常初级的攻击，任何一家现代企业都不应该抵挡不住这样一次攻击——实在太丢人了。”

    扎克曼表示，尽管索尼被轻松拿下，但一般说来，黑客组织的实力还是比较有限的。他注意到，在黑客界内部，阻断服务攻击以及类似的攻击方式只能算是雕虫小技，甚至还不够格被称作真正的“黑”。真正的“黑”是要对一个网络造成真正的危害，而不是暂时关掉一个网站。到目前为止，LulzSec并没有试图对重要的大型基础架构造成危害，“匿名”虽然尝试过，但刹羽而归——如“匿名”曾在2010年12月对亚马逊（Amazon）发起攻击，但未能得手。扎克曼说：“从本质上讲，黑客们关掉的只不过是网站的营销文案。”

黑客间谍

    由政府支持的黑客行为就是另一回事了。他们资金更雄厚，而且几乎无法追踪他们的行踪。施奈德表示：“美国这么干，中国也这么干。各国相互秘密侦察的做法已经有几千年的历史了。”

    复杂、密集的黑客攻击行动背后可能都有政府资助的影子，但要证实这种联系却很困难。本月早些时候，国际货币基金组织（IMF）向其工作人员通报IMF遭受了一次网络攻击，不过并没有公布细节。标枪战略研究公司的高级安全性研究员菲尔·布兰克表示，有人推测这次攻击获得了某个外国政府的资助，但却几乎没有任何公开的证据能证实这种猜测。布兰克说：“如此长距离的远程攻击需要一个庞大的基础架构以及一支庞大的IT工作和研究力量。一般说来，这种攻击超出了大多数个人的能力，而且可能并不是企业的刺探行为。”

    最近Gmail的被黑也是如此：谷歌（Google）本月早些时候宣布有人侵入了数百个Gmail用户的个人账户。布兰克表示，需要非常复杂和定向的侵入才能造成这种效果。谷歌追踪到入侵者的IP地址来自中国济南地区，这也是表明本次侵入可能是受政府支持的唯一证据。不过这次侵入之所以看似可疑，还因为被“黑”的用户包括美国政府官员和中国的政治激进份子。不过布兰克也表示，IP地址是可以伪造的，而且中国政府也竭力否认与此事有关。

    这宗谜案也可能和许多其他网络悬案一样，成为人们心中永远的问号。尽管这起网络侵入的规模和其复杂程度能够为我们提供一些线索，但就像施奈德所说的那样：“人们永远无法确切地知道谁是背后主使。总之，你永远不知道这是谁干的，他们为什么要这样做，”

    译者：朴成奎

    It's hard to get a handle on the hacker community, but here's a look at the range of people -- from lone geeks to organized governments -- who could be behind recent security breaches.

    The recent hacking headlines make it seem like we're in the middle of a cyberwar: In the past few weeks, there have been revelations of security breaches at organizations including Citigroup, Sony, the IMF, and -- as recently as yesterday -- the CIA's website.

    Indeed, hackers are everywhere, according to Bruce Schneier, security expert and chief security technology officer for IT service-provider BT. But for the hacker community, the apparent cluster of attacks is really just business as usual: "This is hacking, it hasn't changed in decades," he says.

    While the public may picture shadowy groups of Lisbeth Salander-like computer nerds taking down major networks around the globe, the truth is much less glamorous, Schneier says. Still, the hacker pecking order can be nuanced and tough to de-tangle. It runs the gamut from geeks messing around in their basements to organized national governments. What hackers do and how they do it often remains a mystery, but every day there are activities that fall under the wide umbrella of digital subversion called "hacking."

The lone wolf

    Hacking has its roots in recreation. "The majority of people hacking are just people," Schneier says, meaning they aren't connected to a hacking network other than chat rooms and online forums. "It's just guys messing around."

    Some members of this breed of hacker eventually go corporate. For example, Linus Torvalds, the man who wrote the central component for the Linux operating system, has a well-respected hacking history. He even co-authored a book called The Hacker Ethic, published in 2001. Another high-profile hacker is Apple (AAPL) co-founder Steve Wozniak, who speaks openly about his early days at UC Berkeley, building and selling devices that could hack phone networks to make free calls.

"Hacktavism"

    There's another, relatively new breed of hacker that seeks publicity. These are typically politically-motivated groups, says Ethan Zuckerman, a researcher at Harvard University's Berkman Center for Internet and Society. The attacks they launch, he says, are "really designed to get the press release."

    One of the most famous groups is Anonymous, an anarchic network of hackers that periodically organizes to shut down websites, either for fun or for some political purpose. Generally, the group launches a "denial of service" (DDoS) attack, which targets and cripples a specific site. Anonymous has launched several such campaigns, most famously its 2008 efforts to take down the digital presence of the Church of Scientology, which involved a DDoS attack and offline protests by masked members. Recently, the group forewarned an attack against the Federal Reserve, calling for the resignation of Chairman Ben Bernanke via a YouTube video, though none of the Fed's websites have been shut down yet.

    Another group called LulzSec has also stirred up news recently. On Wednesday, it temporarily crashed the Central Intelligence Agency's public website, Cia.gov. LulzSec has also claimed responsibility for breaches at PBS, Fox and Sony (SNE). For the Sony attack, LulzSec's goal was to showcase a pitiful lack of online security at the company, according to Phil Blank, a senior security analyst at Javelin Strategy & Research, and it succeeded. "It's a very fundamental, basic attack that no modern corporation should be subjected to -- it's embarrassing."

    While attacks like the one on Sony can be easy, the muscle power of hacktivist groups is generally limited, says Zuckerman. In fact, he notes that within the hacker community, DDoS and similar attacks don't even qualify as true hacking, which involves actually compromising a network, not taking down a site. LulzSec hasn't tried to harm large, critical infrastructures so far, and Anonymous has tried and failed, he says: The group couldn't pull through an attempt to crash Amazon (AMZN) in December 2010, for example. "Essentially, they're taking down people's marketing copy," says Zuckerman.

Hacking spies

    Government-backed hacking efforts are a different story -- they have much more funding, but can still be next to impossible to trace. They're also happening all the time, Schneier says: "The U.S. is doing it, China is doing it. Governments have spied on each other for thousands of years."

    While complicated, expensive hacks are more likely to involve government investment, it can be difficult to prove the connection. Earlier this month, the IMF announced to its faculty and staff that it had suffered a cyberattack, but hasn't released details. There has been speculation that the attack received funding from a foreign government, says Phil Blank, a senior security analyst at Javelin Strategy & Research, but there's little public proof. "To be able to create the attack from that distance requires a substantial infrastructure, IT work and research," he says. "Generally speaking, that is out of the scope of most individuals, and it's probably not corporate espionage."

    The same is true for recent Gmail hacks: Earlier this month, Google (GOOG) announced that someone had broken into hundreds of Gmail users' personal accounts. That required fairly complicated, targeted hacks, Blank says. But the only evidence that a government was behind it was that Google traced the origin of the attack to computers with Internet Protocol (IP) addresses in the Jinan region in China. Also, the hack seemed suspicious because victims included U.S. government officials and Chinese political activists. But IP addresses can be fabricated, Blank says, and the Chinese government vehemently denied anything to do with the incident.

    That hacking mystery, like so many others, may go unsolved. While the size or complexity of the hack can provide clues, "You never know who's behind anything really," says Schneier. "In general, you never know who did it or why."