推特上,一位推友向我推荐了美国外交政策网站上的这篇报道。我便求助推特,请推友帮助译成中文。推友 @yuhui926当即愿意翻译,并很快发给我译文。在此感谢这位推友。
黑客图伯特(西藏)
欢迎来到达兰萨拉:中国网络战的焦点
原文:Hack Tibet–Welcome to Dharamsala, ground zero in China’s cyberwar.
作者:Jonanthan Kaiman 发表于2013年12月4日
译者:推友 @yuhui926 译于2013年12月11日
译文转自:美国外交政策(Foreign Policy)
插图:Josh Cochran
达兰萨拉,印度—洛桑西绕嘉措( Lobsang Gyatso Sith)坐在一所图伯特学校礼堂的前面,来自他幻灯演示(PPT)的矩形光线微弱地照亮了他面前的数排学生。“除非你知道附件里是什么,否则绝不要打开,”西绕说。学生们点头。讲台上挂着达赖喇嘛的肖像,带着由摇曳的电子蜡烛形成的轮廓;一只流浪犬在人群后漫步。“绝不要把密码给任何人,”西绕说,并点击下一张幻灯片,讲解了使用陌生U盘的危险。“中国政府或其他人可能会控制你的电脑。”
欢迎来到达兰萨拉,它的人口两万,是世界上被黑客入侵频率最高的地区之一。这座位于印度郁郁葱葱的喜马拉雅山麓的小城市是达赖喇嘛的居住之处,他是流亡中的图伯特精神领袖;CTA,即“藏人行政中央”(之前称作“西藏流亡政府”),也是图伯特媒体机构和非政府组织的主持者,其中有一些被中国政府划入恐怖团体。1959年,在共产党军队暴力镇压拉萨(如今中国西部西藏自治区的首府)的一次起义后,达赖喇嘛逃到这里。印度热情接受了达赖喇嘛,作为(印度本国)多元宗教的标志,而成千上万的图伯特人跟随而至。根据2009年的一次统计,大约有十三万图伯特人流亡异乡,而达兰萨拉是他们所拥有的最接近政治首都的地方。
这座小城有着古老的气氛。穿过雪松密林,人们的居所紧贴着险峻的山路;猕猴们在屋顶上昂首阔步。然而它依然朝着未来谨慎地变化与前行。电脑已经无处不在。路边咖啡馆提供双倍意式浓缩咖啡与无线网(密码普遍是“解放图伯特”与“独立”)。年轻的图伯特人抢购苹果手机,后者与市场同类竞争物不同,提供了图伯特语言(藏语)的键盘选项。
城市中的图伯特社区与境内图伯特之间的交流变得前所未有的方便。然而给故乡拨打电话的风险也从未如此之高。“假如我们不使用通信安全通道,在境内图伯特的族人有可能会被指控向境外发送敏感信息而遭到起诉,”西绕说,他是图伯特行动中心的现场协调人,该中心总部设在纽约,资助教育项目并训练安全通讯系统人才。
中国政府在达兰萨拉无处不在又无迹可寻,以近乎无法被检测和难以追踪的手段设置恶意软件、拦截信息。图伯特中央政府的中文网站在八月遭黑客袭击。在图伯特社区的每个人都是目标,这是来自达赖喇嘛对使用智能手机的难民们的忠告。
11月初,中共西藏自治区党委书记陈全国提出了一系列要让达赖喇嘛在图伯特“消声”的措施,包括对网络交流的控制打压。“努力工作保证……敌对势力和达赖集团的声音形象听不到、看不到,” 他在共产党的领导刊物《求是》中这样写。
一种残酷的,有着几百年历史的古老抗议形式已经在图伯特燃烧起了火焰,北京同时采取了严酷高压与高技术策略镇压动乱。自2009年2月始,至少有120多位图伯特人在喜马拉雅地区自焚以抗议中国的统治。男人和女人,老人与年轻人,僧人与信徒。中国当局对此暴力回应,部署军队,切断电话线,强迫僧人们经受严酷的“爱国主义教育”运动。他们将自焚事件归咎于“敌对外国势力”的煽动——主要来自达兰萨拉,在那里,支持团体收集激烈的抗议信息并将信息传播到国外。专家们认为黑客袭击事件也许是详尽策划行动的一部分:通过识别潜在抗议者以先发制人。
针对达兰萨拉的网络攻击中,很少是以监控或控制城市网络基础设备为战略的。最常见的网络攻击是鱼叉式网络钓鱼攻击:图伯特人,特别是那些为图伯特流亡政府或倾向独立组织工作的人说他们频繁收到声称是朋友或联系人的奇怪邮件。这些邮件通常包含附件,一旦下载,使用者电脑便会感染恶意软件,使得黑客可以远程控制系统。电脑本质上变成了共享的电脑;关键词被记录,密码被保存,联系人被下载。一切都被损害。
吾嘎仓•格桑多杰(Kelsang Aukatsang),是图伯特流亡政府首相的前顾问,仍记得当他意识到被黑客入侵时的震惊。2012年7月,吾嘎仓发送了一封电子邮件给美国参议员安排其与首相洛桑森格的会面。第二天早上,美国参议员接到了来自驻华盛顿中国大使馆的意外电话,力劝她不要参加。会面最终根据约定进行。“但更重要的是他们知道了这件事——交流信息被截获了,”吾嘎仓说。“你想知道为了感到安全还有什么是可以做的。那是一种真实的被监视的危机感。”
图伯特流亡政府一半以上的电脑都含有某种恶意软件,新闻官员次仁旺久(Tsering Wangchuk)估计,“达兰萨拉的多数重要电脑都被损坏,”他说。13位政府技术人员花费大量时间,仅仅只是查阅硬盘寻找并删除恶意代码。“他们一直在警觉地追着我们,” 另一位要求匿名的政府职员说。“假如十万次尝试中他们成功了一次,他们会乘此机会掠夺一切可能的信息。”
网络安全专家称此为“高级持续的威胁”(APT)——一场有目的并持续的网络攻击需要单独的黑客们普遍不具备的资源。“达兰萨拉的确是高级持续的威胁的焦点,”Greg Walton说,他是牛津大学网络安全博士培养中心的博士候选人。Walton在2008年来到达兰萨拉,并帮助达赖喇嘛的私人办公室更好地明白是谁一直在损害电脑系统。他的团队发现犯罪者是一个影子黑客团体,这个团体因其一系列的网络干扰行动被美国调查者们冠名“拜占庭冥神”。根据维基解密公布的美国国务院一份电报,这个团体与中国解放军(中国的军队)当中一个以中国西南的城市-成都为基地的部门有关联。
Walton说,许多设在达兰萨拉的图伯特非政府组织,都曾经被闻名于入侵西方公司、军商和政府部门的网络团体袭击。其中被美国麦迪安网络安全公司代号为“APT1”的团体是一个附属于中国军队的精英网络间谍组织。另一个团体被网络安全公司赛门铁克公司予以代号“Nitro”, 据传曾在2011年盗窃全球大化学公司的秘密文件。“在最悲观的光景中,流亡的图伯特人能做的微乎其微,因为他们资源贫瘠,”Walton说。“假如实际情况是连美国国务院五角大楼都被相同的网络团体所攻击,那么喜马拉雅山麓的难民们有什么解决这个问题的希望呢?”他描述来自中国的“高级持续的威胁”(APT) 策略如同汇集 “千粒沙,” 希望一些信息,无论多小,都将承担战略价值。
也许对图伯特的网络安全更有害的威胁来自微信——一个包括Instagram, Skype和 Facebook特点的中国智能手机应用程序。用户超过五亿,其中一亿在中国境外;作为难民联系家人的简捷方式,其流行度近几年在达兰萨拉爆发。“我这里所有的朋友都用微信,” 一位穿越喜马拉雅山脉逃到印度的22岁难民扎西朗杰(Tashi Nangyal)说。“因为在境内图伯特的族人们都在使用微信,我们没有想过使用别的。”
微信程序由总部在深圳的互联网帝国腾讯研发,如同中国所有的大网络公司,据传言其享受与国家领导层的密切关系。“从图伯特公民社会的观点来看,微信本身就是一个恶意软件,非常恶毒的,”Walton说。“所有信息流量都通过上海,等效于管道式的棱镜,”他补充,提到由爱德华·斯诺登揭露的美国国家安全局的高级机密监控程序。声援组织报道这个夏天,有两位西藏僧人因在微信上发布自焚者照片而被逮捕。其中一人被判处六年监禁;另一个很有可能将终身监禁。腾讯对此未有任何回复。
近几年,在达兰萨拉短期工作成为网络安全专家研究少为人知的网络攻击的方式,来自伯明翰大学的计算机科学家Shishir Nagaraja说,他曾协助达赖喇嘛的私人办公室。“你不需要花钱请人做这些事。剑桥一些头脑最聪明的人会很乐意为图伯特的网络自由权利与安全做出贡献,”他说。许多是年轻的、被工作的新奇所吸引的左倾理想主义者。然而“这是非常短暂的安排,”他说。大多数人只待两到三年,而中国的黑客攻击从未停止。
“我们十分脆弱,”总部在达兰萨拉的西藏之声主编丹增帕顿(Tenzin Paldon)说,西藏之声是一个通过短波播放图伯特新闻到中国的电台。帕顿的个人邮箱被黑客入侵;电台网站频繁遭到黑客攻击乃至瘫痪。然而帕顿拒绝被吓到。假如图伯特人继续自焚,她说,她将持续报道他们的故事。“我认为把这些人做了什么,并且为什么做这些事传给外面的世界是我们的责任。”
与此同时,达兰萨拉的图伯特社区开始形成初步的防御措施。在三月,网络激进分子推出了一个叫“牦牛聊”(YakChat)的安全可靠的图伯特语信息应用程序。图伯特流亡政府近期获得了一笔资金用于铺设新电缆,更新服务器和训练新员工,消息人士说,固然相关细节都不便于透露。
“我们现在尝试做的是为图伯特人提供成为网络安全专家的机会,”牛津大学研究人员Walton说。在西绕举行讲座时,许多来自图伯特儿童村的学生们都参加支持非政府组织活动;一些将加入图伯特中央政府。他们大多数都将第一次学习有关网络安全的知识,而专家希望课程会产生影响。“这是一个逐步的过程,教会人们保护隐私。互联网在他们生活中是一件相当新的事物,”学校电脑课程的领导平措多吉(Phuntsok Dorje)说。
西绕结束幻灯演示的时候,已接近黄昏,学生们陆续走出礼堂,走进凉爽、潮湿的雨季空气中。22岁的难民朗杰说,学生不允许在校园携带手机,他只能在假期联系家人。讲座使他开始反思。“我之前会在微信上谈论尊者达赖喇嘛,”他皱着眉说。我问他现在是否理解中国有可能会窃听。也许他会下载朝鲜的信息应用程序,他提出要让他的交流信息更难以被追踪。或者,也许今后他将更谨慎小心地说话。
Hack Tibet
Welcome to Dharamsala, ground zero in China’s cyberwar.
BY JONATHAN KAIMAN DECEMBER 4, 2013
DHARAMSALA, India — Lobsang Gyatso Sither sits at the front of a Tibetan school auditorium, the bright rectangle of his PowerPoint presentation dimly illuminating the first few rows of students before him. “Never open attachments unless you are expecting them,” Sither says. The students nod. A portrait of the Dalai Lama hangs above the stage, framed by flickering electronic candles; a stray dog ambles behind the crowd. “Never give anyone else your passwords,” Sither says, clicking to a new slide, which explains the dangers of using an unfamiliar thumb drive. “The Chinese government or others could take control of your computer.”
Welcome to Dharamsala, population 20,000 and one of the most hacked places in the world. This small city in India’s lush Himalayan foothills is home to the Dalai Lama, the exiled Tibetan spiritual leader; the Central Tibetan Administration, or CTA (formerly called the Tibetan government in exile); and a host of Tibetan media outlets and nongovernmental organizations, some of which the Chinese government classifies as terrorist groups. The Dalai Lama fled here in 1959 after communist troops violently suppressed an uprising in Lhasa, now the capital of western China’s Tibetan Autonomous Region. India embraced the Dalai Lama as a token of religious diversity, and tens of thousands of refugees followed suit. About 130,000 Tibetans live in exile, according to a 2009 census; Dharamsala is the closest thing they have to a political capital.
The city has an ancient feel. Homes cling to precipitous mountain roads that weave through dense cedar forests; macaque monkeys prance among the rooftops. Yet it is changing, moving cautiously into the future. Computers have become ubiquitous. Roadside cafes offer double espressos and wireless Internet (common passwords include “FreeTibet” and “Independence”). Young Tibetans are snapping up iPhones, which, unlike competing devices, offer the option of a Tibetan-language keyboard.
Communication between the city’s Tibetan community and Tibet itself is easier than it has ever been. Yet the risk of dialing home has never been greater. “If we don’t use secure lines of communication, Tibetans in Tibet could be prosecuted” for sending sensitive information abroad, says Sither, a field coordinator for the Tibet Action Institute, a New York-based nonprofit that sponsors education initiatives and trains activists on secure communications systems.
The Chinese government is everywhere and nowhere in Dharamsala, planting malware and intercepting messages in ways that are nearly undetectable and difficult to trace. The CTA’s Chinese-language website was hacked in August. Everyone within the Tibetan community is a target, from the Dalai Lama’s advisors to any smartphone-wielding refugee.
In early November, Tibet’s Communist Party chief, Chen Quanguo, proposed a raft of measures to stamp out the Dalai Lama’s voice in Tibet, including clamping down on online communications. “Work hard to ensure … that the voice and image of the enemy forces and the Dalai clique are neither seen nor heard,” he wrote in Qiushi, a leading party journal.
A brutal, centuries-old form of protest has caught fire in Tibet, and Beijing is resorting to tactics both heavy-handed and high-tech to quell the unrest. Since February 2009, at least 120 Tibetans in the Himalayan region have self-immolated to protest Chinese rule — men and women, old and young, monks and lay people. Chinese authorities have responded violently, deploying troops, cutting phone lines, and forcing monks to undergo draconian “patriotic education” programs. They blame “hostile foreign forces” for inciting the immolations — mainly from Dharamsala, where advocacy groups gather information about the fiery protests and distribute that information abroad. Experts say that the hacks may be part of an elaborate campaign to identify possible protests and preempt them.
Few cyberattacks on Dharamsala are strategically tailored to monitor or control the city’s network infrastructure, say experts. The most common attacks are spearphishing attempts: Tibetans, especially those working for the CTA or pro-independence organizations, say they frequently receive strange emails purporting to be from friends or associates. They often contain attachments that, once downloaded, infect the user’s computer with malware, allowing a hacker to operate the system remotely. The computer essentially becomes shared; keystrokes are recorded, passwords saved, contacts downloaded. Everything is compromised.
Kelsang Aukatsang, a former advisor to the Tibetan prime minister in exile, remembers the shock of realizing that he’d been hacked. In July 2012, Aukatsang sent an email to a U.S. senator to arrange a meeting for the prime minister, Lobsang Sangay. The following morning, the senator received a surprise call from the Chinese Embassy in Washington, urging her not to attend. The meeting ultimately proceeded as planned. “But the bigger point is that they knew — that exchange got intercepted,” Aukatsang said. “You wonder what more you can do to feel safe. There’s a real sense of being at risk, of being watched.”
MORE THAN HALF THE CTA’S COMPUTERS contain some sort of malware, estimates the government in exile’s press officer, Tsering Wangchuk. “Most of the key computers in our city, in Dharamsala, are in some way compromised,” he says. The administration’s technical staff of 13 spends much of its time simply trawling through hard disks, finding and eliminating malicious code. “They go after us all the time, diligently,” said another administration employee who requested anonymity. “If with every 100,000 attempts they have one success, they use that one success to exploit everything that they can.”
Cybersecurity experts call this “advanced persistent threat” (APT) — a constant onslaught of targeted attacks requiring resources that are normally unavailable to individual hackers. “Dharamsala is ground zero for advanced persistent threat, really,” says Greg Walton, a doctoral candidate at Oxford University’s Center for Doctoral Training in Cyber Security. Walton traveled to Dharamsala in 2008 to help the Dalai Lama’s private office better understand what, and who, had been compromising its systems. His team discovered that the most likely culprit was a shadowy hacker group responsible for a series of network intrusions that American investigators had dubbed “Byzantine Hades.” The group, according to U.S. State Department cables released by WikiLeaks, had ties to a unit of the People’s Liberation Army, China’s military, based in the southwestern Chinese city of Chengdu.
Many Dharamsala-based Tibetan NGOs, Walton says, have been attacked by groups that are better known for infiltrating Western corporations, military contractors, and government agencies. One, dubbed “APT1” by cybersecurity firm Mandiant, is an elite cyber-espionage outfit affiliated with the Chinese military. Another group is a corporate espionage unit that allegedly stole secret documents and formulas from major global chemical companies in 2011 in an attack campaign dubbed “Nitro” by computer security firm Symantec. “In the most pessimistic light, there’s very little that the Tibetans can do in exile, because they’re so underresourced,” says Walton. “If you have a situation where the State Department or the Pentagon is being compromised by the same groups, what hope do refugees in the foothills of the Himalayas have to deal with that problem?” He describes China’s APT strategy as gathering “a thousand grains of sand,” hoping that some piece of information, no matter how small, will bear strategic value.
PERHAPS AN EVEN MORE PERNICIOUS THREAT to Tibetan cybersecurity is WeChat, a Chinese smartphone app that combines features from Instagram, Skype, and Facebook. The program has more than 500 million users, with 100 million of them outside China; its popularity has exploded in Dharamsala over the past few years as an easy way for refugees to contact relatives back home. “All of my friends here use WeChat,” says Tashi Nangyal, a 22-year-old Tibetan refugee who fled to India on foot across the Himalayas. “Since Tibetans inside Tibet are all using WeChat, we don’t think of using any alternatives.”
The program was developed by Tencent, a Shenzhen-based Internet empire that, like all major Chinese Internet companies, is rumored to enjoy close ties to the country’s leadership. “From Tibetan civil society’s point of view, WeChat is itself malware — it’s malicious,” says Walton. “All of the traffic is being channeled through Shanghai. It’s presumably being piped into China’s equivalent of PRISM,” he adds, referring to the U.S. National Security Agency’s top-secret surveillance program, which was exposed by leaker Edward Snowden. Advocacy groups reported this summer that two monks in Tibetan areas of China were arrested after posting pictures of self-immolation protests to WeChat. One received a six-year prison sentence; the other will likely spend the rest of his life in jail. Tencent did not reply to a request for comment.
In recent years, short stints in Dharamsala have become a popular way for security experts to analyze little-known cyberattacks, says Shishir Nagaraja, a computer scientist at the University of Birmingham who has also aided the Dalai Lama’s private office. “You don’t have to pay people for this stuff. Some of the brightest minds at Cambridge will be more than happy to contribute to securing the Tibetans’ Internet freedom rights,” he says. Many are young, left-leaning idealists who are attracted by the novelty of the job. Yet “it’s a very temporary arrangement,” he said. Most stay for only two or three years, while China’s hacking never ends.
“We are very vulnerable,” says Tenzin Paldon, the Dharamsala-based editor in chief of Voice of Tibet, a radio station that broadcasts Tibet news into China via shortwave radio. Paldon’s personal email account has been hacked; the broadcaster’s website has been crippled repeatedly. Yet Paldon refuses to be cowed. If Tibetans continue to self-immolate, she says, she will continue to report their stories. “I think it’s our duty to spread the word about what these people did, and why they’re doing it, to the outside world.”
Meanwhile, Dharamsala’s Tibetan community has formed an incipient defense. In March, cyberactivists launched a secure Tibetan-language messaging application called YakChat. And the Tibetan government in exile recently procured a grant to lay new cables, update its servers, and train new staff, sources say, though they’re keeping the details under wraps.
“What we’re trying to do now is provide more opportunities for Tibetans themselves to become experts in cybersecurity,” says Walton, the Oxford researcher. Many students at the Tibetan Children’s Village, the leafy school campus where Sither gave his presentation, will go on to work in advocacy NGOs; some will join the CTA. Most are learning about cybersecurity for the first time, and experts hope that the lessons will resonate. “It’s a gradual process, teaching people to guard their privacy. The Internet is quite a new thing in their lives,” said Phuntsok Dorje, the head of the school’s computer program.
IT’S TWILIGHT BY THE TIME SITHER FINISHES his PowerPoint presentation, and the students file out of the auditorium and into the cool, damp air of the rainy season. Nangyal, the 22-year-old refugee, says that students are not allowed to keep phones on campus and that he can only contact his family on holidays. The assembly has made him reflective. “I used to talk about His Holiness the Dalai Lama on WeChat,” he says, his brow furrowed. I ask him whether he now understands that the Chinese may be listening in. Maybe he’ll download a Korean messaging app, he offers, to make his communications less traceable. Or maybe, from now on, he’ll just be more careful about what he says.
延伸阅读:
藏人行政中央中文網站已恢復正常
本文由自动聚合程序取自网络,内容和观点不代表数字时代立场
.png)
