提示:點擊上方"考博圈"↑ 查看更多考博資訊!!!
來源:新東方在線 編輯:學長
An electronic tsunami crashes down on a solitary journalist
電子海嘯讓獨立新聞工作者感到崩潰
TO A layman, the phrase 「Internet of Things」 (IoT) probably conjures up a half-fantastic future in which refrigerators monitor their own contents and send orders direct to thegrocer when the butter is running out, while tired commuters order baths to be drawn automatically using their smartphones as they approach their houses in their self-driving cars. Actually, though, a version of the IoT is already here. Wi-Fi hubs, smart televisions, digital video-recorders and the like are all part of a network of devices run by microprocessors that, just as much as desktop, laptop and tablet computers, form part of the internet—but with one crucial distinction. Unlike things immediately recognisable as computers, these devices are often designed with poor security, or even none at all. They are wide open to malicious hackers who might wish to misuse them. And there are already around 5 billion of them, according to Cisco, the world’s largest computer-networking company, with billions more to come in the years ahead.
對於一個門外漢來說,提起「物聯網」這個詞,可能會在腦海裡勾勒出一幅半奇幻的未來世界:冰箱會自動檢查存放的食物,並且會在黃油快要用完的時候會自動向雜貨鋪下單。下班了的人們拖著疲憊的身體,坐在自動駕駛的汽車中,就能夠通過手中的智慧型手機控制家中的浴缸自動放水。然而事實上,物聯網已經出現在我們的生活中了,只是功能有些不同而已。如通過微處理器運轉的wifi集線器、智能電視、電子數字視頻錄像機。正如臺式機、筆記本電腦和平板電腦是網絡的一部分一樣,它們是網絡設備的一部分。只是它們之間有一個重要的區別:它們不像電腦那樣,能立即識別事物。這些設備在設計的時候,安全性就很低,甚至毫無安全性可言。它們向心懷叵測,企圖利用它們的黑客敞開了大門。據世界上最大的計算機網絡公司——思科表示,目前這類產品的數量大約是50億個,未來還會以十億的速度增長。
layman:n. 外行
refrigerator:n. 冰箱,冷藏庫
grocer:n. 雜貨店
hub:n. 中心
tablet computer:平板電腦
crucial:adj. 重要的
One favourite trick of such hackers is the distributed denial of service attack, or DDoS. Thistemporarily enslaves a number of internet-enabled devices into an arrangement known as a botnet, and then directs this net to send simultaneous requests for attention to a single machine or cluster of machines, thus overwhelming it and making it unusable. Such attacks may be carried out by organised criminals, to hold a firm to ransom; by cyber-savvy countries, as a tool of low-level warfare—or, as in the case of one of the latest attacks, for revenge.
這些黑客的慣用伎倆是分布式阻斷服務攻擊,即DDoS。它會臨時在佔用一些可以上網的設備,讓它們成為任其擺布的網絡殭屍。接著控制這些網址向同一臺或某一個計算機集群,同時發送請求,從而壓垮或使其癱瘓掉。有組織的罪犯可能會利用這類的攻擊,脅迫受害公司交贖金;而在一些網絡發達的國家,這是小規模戰爭的工具——又或者是一種報復手段,正如Mrebs這次的事件一樣。
temporarily:adv. 臨時地
enslaves:vt. 徵服
botnet:n. 殭屍網絡
cluster:n. 群
ransom:n. 贖金;贖身,贖回
savvy:n. 悟性;理解能力;懂行(的人)
warfare: n. 戰爭
DDoS,分布式阻斷服務供給,即很多DoS攻擊源一起攻擊某臺伺服器就組成了DDoS攻擊,攻擊藉助於客戶/伺服器技術,將多個計算機聯合起來作為攻擊平臺,對一個或者多個目標發動DoS攻擊,從而成倍地提高拒絕服務攻擊的能力。用通俗的話來講,你家開了一家商店,你的競爭者們通過僱傭一堆路人去你家商店搶佔服務,而真正的顧客被攔在門外,這就造成了一天下來人絡繹不絕,但是卻沒有實質性購買訂單的現象,長此以往,你家的商店最終都會被拖垮。
The victim is Brian Krebs (pictured above), an American journalist who often reports on internet criminals, including those who run DDoS-for-hire services, and also those involved in the 「dark」 markets that trade in stolen identities and credit-card details. In the past, some of the people he has annoyed have sent heroin to his home while alerting the police to the fact they might find the drug there. This time, the very internet itself was turned against him. On September 20th Mr Krebs’s web server became the target of one of the largest DDoS attacks ever recorded—between 600 billion and 700 billion bits per second, or almost half a percent of the internet’s entire capacity, for hours at a time.
一美國新聞記者Brian Krebs深受其害。Brian Krebs經常報導網絡罪犯,包括曝光那些出租DDoS服務的人,盜竊身份和信用卡詳情的黑市交易行為。過去,一部分被他惹惱的人曾給他家郵遞海洛因之後報警,說警察可能會在他家找到毒品。他依靠網絡曝光不法行為,而這次他恰恰栽在了網絡身上。9月20日,Krebs的網絡伺服器受到了最大規模的DDoS攻擊。在長達數小時的情況下,他伺服器的訪問量竟然達到了每秒六億到七億比特——相當於整個網際網路可接受能力0.5%。
At first, his 「network mitigation provider」, a firm called Akamai that was supplying its services to him free, for the general good of the field, was able to ward off these attacks. Eventually, though, it had to surrender. On September 23rd, with his agreement, it cut him loose and he had to shut down until he could make alternative arrangements.
起初他的「網絡緩解系統供應商」,名叫阿卡邁的公司,出於這個領域的共同利益,給他免費提供服務。這些服務能夠抵擋網絡攻擊。最後阿卡邁公司也撐不住了。9月23日,在徵得他的同意後,阿卡邁公司關閉了對他的服務,找到其他方法之前,他不得停掉自己的網站。
mitigation:n. 減輕;緩和;平靜
provider:n. 供應者;養家者
Though Mr Krebs’s case is extreme by current standards, there is a risk it will soon become typical. Matthew Prince, the boss of CloudFlare, a firm that helps websites manage heavy traffic and deal with assaults of this sort, says his firm has already seen a sustained ten-day trillion-bits-per-second DDoS attack—though that was launched by a country (he declined to say which) rather than by a private criminal organisation. Other firms, such as OVH, a French web-hosting service, have also reported attacks of this magnitude.
儘管就目前的網絡攻擊標準來看,Krebs的例子比較極端、少見,但他這種情況很可能迅速地多起來。一家幫助網站管理繁重的訪問量和處理此類攻擊的公司CloudFlare的總裁Matthew Prince說,他的公司已經連續十天受到每秒萬億比特的DDoS攻擊——雖然攻擊來自某個政府(他拒絕透露是哪個國家)而非私人犯罪組織。其他公司比如法國一家網絡主機服務公司OVH(Open Virtual Hosting)也被報導過遭受了同樣嚴重的攻擊。
etreme:adj. 極端的
assault:n. 攻擊;襲擊
magnitude:n. 大小;量級
On September 17th analysts at Flashpoint, Intel’s business-security division, announced that they had found a botnet composed of 1m devices, mostly digital video-recorders. And on October 1st the source code for 「Mirai」, the botnet that attacked Mr Krebs’s computer, was released to an internet hackers』 forum by a pseudonymous individual. Mirai scans the internet for devices protected by factory-default usernames and passwords (which is often the case for machines that are part of the internet of things, since their owners rarely bother to change these defaults). It then recruits them into the network.
9月17日,因特爾公司的商業安全部門Flashpoint的分析師宣布,他們找到了一百萬臺設備——主要是數字錄像機,組成的殭屍網絡。而在10月1日,攻擊Krebs網絡系統的Mirai殭屍網絡的原始碼被匿名者公布在一個網絡黑客論壇上。Mirai通過瀏覽網絡,查找那些出廠設置下,由用戶名和密碼保護的設備。(設備所有者們很少會留心去更改設備的出廠設置)隨後它會將這些設備歸為己用。
pseudonymous:adj. 匿名的
factory-default:出廠默認值
2016年10月4日,一名叫Anna-senpai的黑客在黑客論壇Hackforums公布了名為Mirai的物聯網殭屍網絡病毒原始碼,稱此次攻擊發動是為了引起信息安全業界的主意,發布的原始碼希望能夠幫助安全業界提高。一開始Krebs的網絡攻擊被認為是有史以來最大的一次網絡攻擊之一,其總共遭到的攻擊流量達到了620GB,然而沒過多久,法國主機服務供應商OVH同時遭到了兩次攻擊,攻擊總流量則超過了1TB,研究人員發現,該殭屍網絡通過物聯網設備——如網絡攝像頭、路由器、DVR、恆溫器展開一系列攻擊。
For the perpetrators, DDoS attacks are a perfect example of asymmetical warfare—cheap to carry out and expensive to prevent. The cost to Mr Krebs’s attackers, whoever they were (he has his suspicions, but no proof), would have been negligible even before Mirai’s source code was released; a few thousand dollars at most. Now, it is, in effect, zero. Defending against such attacks, though, is by no means cheap. Mr Krebs says he has been quoted rates of $150,000 to $200,000 a year for full-time protection. That is a lot of money for a freelance to fork out.
對於罪犯來說,DDoS攻擊堪稱是不對稱戰爭的完美典型——犯罪成本極低,而預防措施實施起來卻很昂貴。無論攻擊攻擊Krebs的人是誰(儘管Krebs心裡有懷疑對象,但是沒有確鑿證據),在Mirai的原始碼被公布之前,攻擊者至少要花費幾千美元,而現在,實際上成本為零。而抵抗這種攻擊的費用很高。Krebs說,他每年需要花費十五萬到二十萬美元來尋求全天候保護。這對於自由記者來說絕對是一筆不小的開支。
perpetrator:n. 犯罪者;作惡者;行兇者
asymmetical:adj. [數] 非對稱的
negligible:adj. 微不足道的,可以忽略的
fork out:v. 支付;放棄
不對稱作戰,是指用不對稱手段、不對等力量和非常規方法所進行的作戰;不對稱軍事理論,是指用以指導不對稱作戰的知識體系;不對稱軍事理論研究,是指為形成不對稱軍事理論而進行的學術活動。戰爭發展至今天,如果不能在與敵方的理論角逐中佔據上風,那麼在實戰中也就很難爭得主動。
One way around this is to sign up for Project Shield, a programme (free to those accepted for enrolment into it) run by Google and designed to keep independent news organisations online. Google says Project Shield already protects both individual journalists and editorial organisations, including Rafael Marques de Morais, who reports on corruption and politics in Angola, and El Ciudadano, a Chilean periodical that promotes social and political reform. Since September 25th it has been protecting Mr Krebs, too—though attacks on his web server continue. CloudFlare offers a similar service, Project Galileo, which protects the American Civil Liberties Union, the Committee to Protect Journalists and others.
在這種攻擊面前還有一個選擇,即「護盾項目」,這是Google運營的項目(給在Google登陸的用戶提供免費服務),旨在保護獨立新聞機構的網絡運營。Google說,「護盾項目」已經給獨立新聞者和期刊評論機構提供了保護,包括專門報導安哥拉的腐敗政治的Rafael Marques de Morais,以及智利一本促進社會和政治改革的期刊《El Ciudadano》。從9月25日起,該項目已經開始保護Krebs了,儘管Krebs的網站仍在遭受攻擊。而CloudFlare也提供了一個相似的服務——「伽利略計劃」——用以保護美國民權同盟、記者委員會,以及其他的組織。
2013年,Google宣布,它將幫助網站業主們保護他們的站點抵擋"分布式拒絕服務攻擊"(DDoS)。Google希望"護盾項目"(Project Shield)能夠幫助小網站在遭受DDoS攻擊期間繼續運行,尤其是那些資源不足、卻承載著與"媒體、選舉和人權"相關內容的站點。截止目前(2013年10月23日),該項目已用於幫助若干敏感領域的小站,使它們在黑客和政府的攻擊下挺了下來。
Ultimately, however, the answer to DDoS attacks like that perpetrated by Mirai is to build better security into both devices and the networks they are attached to. Edith Ramirez, chairwoman of America’s Federal Trade Commission, said as much in January 2015 when she delivered a polite but blistering speech about privacy and security practices at one of the electronic industry’s main trade meetings, the Consumer Electronics Show, in Las Vegas. Equally politely, deaf ears were turned. Andy Ellis, Akamai’s chief security officer, says network operators could introduce filters that would prevent common illegitimate traffic from reaching its destination, but the costs and complexities involved mean they do not want to—particularly if their competitors are not forced to bear similar costs.
然而諸如受到Mirai攻擊的這種DDoS攻擊的最終解決方法便是,給那些與網絡攻擊有關的設備和網絡建立更堅固的保護。美國聯邦貿易委員會的女會長Edith Ramirez說,正如2015年1月,在拉斯維加斯消費電子展會上,在與一家電子工廠的主要貿易會議上,她禮貌而又激烈地就隱私權和安全實踐進行了演講,但是同樣地,人們禮貌地選擇了裝聾作啞。阿卡邁的首席安全官Andy Ellis說,網絡運營商可以用過濾器來阻止一般性非法訪問,不過這個成本和複雜性可能會讓它們望而卻步——特別是如果在這件事上,它們的競爭者無需花同等的費用的時候。
perpetrate:vt. 犯(罪);做(惡)
blistering:adj. 猛烈的
operator:n. 經營者
complexity n. 複雜性
One answer might be government action, in the form of required security standards, to level the playing-field by making all firms bear the same burden. There is no immediate sign of that happening, but if DDoS attacks in the trillions of bits per second range proliferate, that may change. In the meantime, though, people like Mr Krebs will continue to suffer from what Bruce Schneier, an internet-security guru at IBM, aptly describes as 「thedemocratisation of censorship」.
期待您的翻譯。這並不會立即實施,不過如果每秒萬億級的DDoS攻擊現象激增的話,也許會加快這一進程。然而與此同時, 像Krebs這樣受到攻擊的人,還會繼續遭受來自如IBM網絡安全專家Bruce Schneier恰當描述的「審查制度的民主化」這一緩慢過程的折磨。
Guru:n. 古魯(指印度教等宗教的宗師或領袖);專家
aptly:adv. 適宜地;適當地
democratisation:n. 民主化
censorship:n. 審查制度;審查機構
本期推薦視頻:考博專業課複習指導
主講人:小樣學姐 中山人類學博士
課程介紹:
本課程基於考博專業複習不同於考研的思路,將詳細講解如何進行考博專業課複習。重點指導如何高效準確地整理專業課複習筆記,力助全面清晰地備戰考博專業課。
點擊下方「閱讀原文」觀看視頻
據說考博士的人們都關注了這個公眾號
考博圈:考博路上,彼此陪伴!
提供考博信息 | 分享考博心路