所属:生活杂谈 阅读:6947 次 评论:0 条 [我要评论]  [+我要收藏]


Greg Hoglund's nightmare began on Super Bowl Sunday. On Feb. 6 the high-tech entrepreneur was sitting in his home office, trying to get to the bottom of some unusual traffic he was seeing on the Internet. Two days earlier he'd noticed troubling activity hitting the website of HBGary Federal, the Sacramento startup he helped launch in 2009. He suspected some kind of hacker assault and had spent the weekend helping to shore up the company's systems. A few hours before Green Bay kicked off to Pittsburgh, Hoglund logged into his corporate account on Google (GOOG)—and confirmed his fears.

格雷格·霍格伦德(Greg Hoglund)的梦魇始于超级碗星期日。2月6日,这位高科技企业家正端坐于办公室,之前他在互联网上看到了一些不寻常的流量,因而想弄个水落石出。两天前,他就已经留意到有令人不安的活动在冲击HBGary Federal的网站,HBGary Federal是他于2009年协助成立的一家位于萨克拉门托的新创企业。他怀疑有某类黑客在发起攻击,于是利用这个周末来帮助维护该公司的系统。就在绿湾队与匹兹堡队比赛开球前几个小时,霍格伦德登录进入他在谷歌的企业帐号——他的担心被证实了!


He couldn't get in. Someone had changed the password and locked him out of his own e-mail system.


Stolen passwords and hackers are facts of life in the Internet Age. Twitter, Facebook, MasterCard (MA), the Washington Post Co. (WPO), the New York Stock Exchange (NYSE), the U.S. State Dept., and countless other organizations large and small have had to deal with cyber-assaults. More often than not, the security hole is plugged and, if the victims are lucky, the plague abates. Not this time. HBGary Federal is a spinoff of Hoglund's HBGary Inc., a cyber-security firm that offers protection to corporations and governments from cyber-attack. Hoglund built his career on the business of hacker-proofing—getting hacked meant HBGary failed at the very thing it's paid to get right.

在互联网时代,窃取密码与黑客可谓司空见惯。Twitter、Facebook、万事达卡、华盛顿邮报公司、纽约交易所、美国国务院以及其他无数大大小小的组织都必须对付网络攻击。多数情况下,安全漏洞是堵上了的,如果受攻击者还算幸运,灾难面前尚可全身而退。不过这次的情况完全有别。HBGary Federal是霍格伦德的HBGary公司旗下的一家网络安全公司,而HBGary专为企业和政府提供安全保护以免遭网络攻击。霍格伦德的事业就建立于防黑客的生意之上——被黑等于是说HBGary搞砸了自家的饭碗。

Hoglund called Google's corporate technical support to shut down the account, but a representative told him that doing so would take time. It didn't matter. Intruders were already helping themselves to tens of thousands of internal documents and e-mails, some of them personal exchanges between Hoglund and his wife, Penny Leavy, president of HBGary. Then the hackers—who turned out to be members of the anarchic cyber-guerrilla organization that calls itself Anonymous—triumphantly posted their electronic booty on an online file-sharing service for all the world to see.

霍格伦德致电谷歌企业技术支持,要求关闭该账号,但一名技术代表告诉他,这样做是需要时间的。于事无补。入侵者已经自行获取了数万个内部文档与邮件,其中一些是霍格伦德与妻子HBGary总裁佩妮·利维(Penny Leavy)之间的私人往来信件。随后,黑客得意洋洋地在一个文件共享网站上贴出了他们的电子战利品,让全世界都看得一清二楚。后来证明,这群黑客原来是无政府网络游击组织(自称为“匿名”)的成员。

That's when Hoglund's real problems began, and the resulting controversy—involving a high-powered Washington (D.C.) law firm, the Justice Dept., and the whistle-blower site WikiLeaks—hasn't just been entertaining geek theater but a rare look into the esoteric realm of cyber-security. It's a world where only a select few understand the workings of the computers and networks we all use, where publicly antagonizing the wrong people can have disastrous consequences, and where some participants tend toward self-aggrandizement and flexible differentiations between right and wrong.


The HBGary Federal documents—to Hoglund's surprise, he says—revealed unethical and potentially criminal plans to build a digital-espionage-for-hire business. "They really showed how bad things are getting," says Bruce Schneier, a renowned computer security expert. "Blackmail, espionage, data theft. These are things that were proposed as reasonable things to do. And no one said, 'Are you crazy?' "

按霍格伦德所言,HGGary Federal的文档让他感到震惊,它们揭露了不道德的潜在犯罪计划——借此创立“数字间谍出租”的业务。“文档确实表明了情况有多糟糕,”著名计算机安全专家布鲁斯·谢内尔(Bruce Schneier)说道。“勒索、刺探、数据窃取,这些被当作合理的事情提议出来。而且竟然没人说,‘你疯了吗?’”

The plans were conceived in part by HBGary Federal's top executive, a former U.S. Navy cryptologist named Aaron Barr. Barr was working in conjunction with two other security companies. In a bit of cloak-and-dagger grandiosity, the firms dubbed their collaboration Team Themis, after a titan of Greek mythology who embodied natural law. (Forsaking Themis brings on Nemesis.) Team Themis proposed to electronically infiltrate grass-roots organizations opposed to the U.S. Chamber of Commerce, the powerful Washington lobbying organization. In a separate and even more legally dubious proposal intended for Bank of America (BAC), the group laid out a plan to infiltrate WikiLeaks and intimidate its supporters.

HBGary Federal的高级主管、前美国海军密码学家艾伦·巴尔(Aaron Barr)参与了该计划的设计。他是时在与另两家安全公司联手合作。带着对这项秘密行动的些许炫耀之情,这些公司将他们的合作命名为忒弥斯团队(Team Themis),忒弥斯是希腊神话中执掌自然法则的泰坦神。(抛弃忒弥斯,结果引来了复仇女神涅墨西斯。)忒弥斯团队建议以电子方式渗入那些对抗强大华盛顿游说组织——美国商会的民间组织。另一份为美国银行设计的建议书在法律上甚至更站不住脚,该组织在其中制定计划要渗入维基解密并恫吓其支持者。

Team Themis's machinations were exposed before they got past the proposal stage. But the schemes the security firms came up with were Nixonian in scope and Keystone Kops-like in execution. In a 12-page PDF sent to Hunton & Williams, the Washington law firm representing the U.S. Chamber, Team Themis suggested creating dummy documents and online personae, and scouring social networks such as Facebook for intelligence on their prospective client's most vocal critics. In the proposal for Bank of America, the security firms suggested hacking WikiLeaks itself to expose its sources.


For Hoglund and his 30-person company, the fallout from the revelations continues to grow. Employees of HBGary and their families have been besieged with hostile phone calls and e-mails, including some death threats, and the company canceled its presentations at the annual RSA cyber-security conference in February. News sites that cover computer security have plumbed the document dump, turning HBGary and Barr into objects of ridicule. Barr resigned on Mar. 1 and declines to speak publicly about the ordeal.


All of it makes Greg Hoglund furious. "These individuals are not hacktivists, they are criminals," he tells Bloomberg Businessweek, referring to his Anonymous adversaries. "If you let a gang of cyber-thugs hack into systems with impunity and get away with it, what kind of precedent does that set for cyber-security?"


Hoglund, 38, is widely respected in the computer security world for his expertise with "rootkits," software that facilitates privileged access to a computer while evading detection. The HBGary chief executive officer never went to college and learned his trade on the fly, spending time with other hackers and writing his own security software. He co-founded HBGary in 2004, providing corporations with tools to detect, analyze, and combat sophisticated malware attacks from hostile foreign governments. (The firm's name is derived from Hoglund and his two original partners, Shawn Bracken and Jon Gary.) Among the companies HBGary has worked with are Morgan Stanley (MS), Sony (SNE), and Walt Disney (DIS).

霍格伦德现年38岁,因其对“rootkit”(该软件可在避开侦测的同时轻松获取计算机的访问权限)的了如指掌而在计算机安全领域里广受尊敬。这位HBGary首席执行官从未上过大学,生意也是即学即用,他喜欢与其它黑客呆在一起,并编写自己的安全软件。他于2004年联合创立了HBGary,为企业提供工具来侦测、分析和抗击来自敌对外国政府的复杂恶意软件攻击。(该公司得名于霍格伦德及另两位初始合作伙伴肖恩·布莱肯(Shawn Bracken)与乔·加里(Jon Gary))。HBGary服务的公司包括摩根斯坦利、索尼与迪斯尼。

Fifteen months ago, Hoglund decided to branch out into a new market and spun off HBGary Federal to perform classified work for the U.S. government. Employees of the subsidiary would have military experience and top security clearances. To run the operation, Hoglund tapped Barr, then an engineer in the Intelligence Systems Division of military contractor Northrop Grumman (NOC).

15个月前,霍格伦德决定开辟新的分支市场,于是拆出HBGary Federal来为美国政府完成机密工作。该子公司的员工要具备军事经验,并拥有最高安全许可。为了开展业务,霍格伦德相中了巴尔,当时他是军事任务承包商诺斯罗普·格鲁曼公司情报系统部门的工程师。

"Aaron has a very high IQ. He's a very smart individual," says Hoglund. "He also has an incredibly good reputation, or he did at the time."


In the year after he was hired, Barr had little success building HBGary Federal's business. The firm initially attempted to break into the "incident response" market, selling its spycraft to government agencies so they could shut down leaks and identify cyber-attackers. That field is competitive, and paying work sparse for startups. By October 2010, in the e-mails that later became public, Hoglund warned Barr that HBGary Federal was "out of money and none of the work you had planned has come in." In his reply, Barr agreed.

巴尔上任之后的一年里,他在HBGary Federal的业务开拓上收效甚微。公司起初试图打入“事件响应”市场,销售间谍工具给政府机构使其能阻止信息外泄和识别网络攻击者。但这一领域竞争十分激烈,对新创企业来说利润空间不大。据后来公开的邮件显示,到了2010年10月,霍格伦德警告巴尔说,HBGary Federal“财政捉襟见肘,而你所计划的工作了无成效。”在回复中,巴尔对此予以承认。

Barr did have one possible lifeline. On Oct. 19, Palantir Technologies, a Palo Alto (Calif.) cyber-security company whose terrorism analysis software is used by the Pentagon and the CIA, reached out to HBGary Federal and another security firm, Virginia-based Berico Technologies, with a tempting offer. Palantir said it had been approached by Hunton & Williams, a century-old firm with ties to the Republican Party and the defense industry. The firm needed investigative services on behalf of a high-profile, deep-pocketed client.

巴尔确有一根可能的救命稻草。10月19日,位于加州帕洛阿尔托的网络安全公司Palantir科技(五角大楼和CIA都使用了它的恐怖行动分析软件)向HBGary Federal和另一家安全公司、位于弗吉尼亚州的Berico科技伸出了橄榄枝,报价煞是诱人。Palantir说,拥有百年历史、与共和党及军工业关系不浅的何威律师事务所曾与其接洽。作为一位大名鼎鼎、财大气粗客户的代表,该事务所亟需调查服务。

Barr and representatives from the other companies discussed the project via e-mail and visited Hunton & Williams in November to meet with Richard Wyatt, co-head of the firm's litigation group. A person who was at the meeting says Wyatt wore suspenders, smoked a cigar, and propped up his cowboy boots on his desk—a cartoonish vision of a D.C. power broker. But the security professionals were impressed when they learned the identity of the prospective client: the U.S. Chamber of Commerce, which had just backed a wave of successful conservative candidates for Congress.

巴尔与其他公司的代表通过邮件对该项目进行了讨论,并于11月造访何威,会见了事务所诉讼组联席主管理查德·怀亚特(Richard Wyatt)。一名与会人员描述,怀亚特身着背带裤、抽着雪茄,脚上蹬的牛仔靴翘到了桌子上——活灵活现一位特区的政治掮客模样。但安全专家听闻他们潜在客户的身份之后更是刻骨铭心,因为这位客户就是美国商会,它刚为国会输送了一大批颇有成就的保守派候选人。

The Chamber, it seemed, had a public-relations problem: Activist organizations such as U.S. ChamberWatch, Velvet Revolution, and Change to Win were accusing it of financial improprieties and using foreign donations for political purposes. The Chamber believed all these grass-roots organizations were working in concert with the surreptitious backing of major unions. According to the e-mails released by Anonymous, Hunton & Williams was already amassing reams of information, including union rosters, and needed expert help in digesting the data. The security firms' mission, should they choose to accept it: Infiltrate the activist groups and their leadership, compile dossiers, and help the law firm "truly understand and eliminate emerging threats that could cause harm to their clients," according to a Team Themis document.


The team's members spent much of November working up their proposal. They highlighted how they would funnel their gleanings through Palantir Technologies' military-grade terrorist-tracking software. "We need to blow these guys away with descriptions of our capabilities," wrote Matthew Steckman, an engineer at Palantir, in one of the e-mails in the published documents. "Make them think that we are Bond, Q, and money penny [sic] all packaged up with a bow."

团队成员11月份大部分时间都在制定建议书。他们着重介绍了如何借助Palantir科技的军事级恐怖活动追踪软件提炼所收集的信息。“我们需要通过功能描述震住这些家伙,”Palantir的工程师马修·斯特克曼(Matthew Steckman)在曝光文件的一封邮件里这么写道。“让他们以为我们是邦德、Q和芒尼潘妮【原文如此】的混合体【译注:Q和芒尼潘妮都是邦德电影中的角色,其中Q是军情六处研发部门的头,而芒尼潘妮是邦德顶头上司、军情六处的头M的秘书】。”

Then there was the matter of price. Such private online espionage was hardly common practice, and there was no industry-standard pay scale. Team Themis landed on $2 million. For that sum, the client would get a "daily intelligence summary," "link diagrams," and "target impact analysis," among other services. Hunton & Williams, on behalf of the Chamber, balked at the price, so the security companies agreed to do a pilot on spec. (The law firm has not commented on the matter.)


Hunton & Williams clearly saw potential in Team Themis. On Dec. 2, in a message with the subject line "Urgent: Opportunity," a partner at the firm asked the group to come up with a new plan, this time to combat WikiLeaks on behalf of a different prospective client—Bank of America, which believed WikiLeaks was about to publish a cache of its documents. (The Justice Dept., the e-mails suggested, had recommended that Bank of America hire Hunton & Williams.)


Barr took the lead in crafting what would become an infamous 24-slide PowerPoint presentation that called for a cyber-campaign of disinformation against WikiLeaks. The document analyzes WikiLeaks' server infrastructure, talks about planting news stories about the exposure of its confidential informants, and proposes online attacks. Some of the language is comical, like a verbal version of an old Spy Vs. Spy cartoon from Mad magazine: "Speed is crucial!" blares one slide. "The threat demands a comprehensive analysis capability now." A person familiar with the creation of the presentation said it was the result of late-night brainstorming, and that the security firms knew Bank of America would likely reject the most aggressive tactics.


As with the Chamber of Commerce scheme, the WikiLeaks proposal never got a final hearing. While HBGary Federal and the other security firms awaited a formal go-ahead from Hunton & Williams and its clients, Barr decided to deploy his new research techniques on Anonymous.

与商会方案一样,维基泄密的建议书永远都不会进入最后听证阶段了。当HBGary Federal与其它安全公司翘首以盼何威及其客户正式通过的批复时,巴尔决定对“匿名”采用其新研究的技术。

Anonymous has had a busy winter. The group, which appears to be less a formal organization than a loose coalition of tech-savvy radicals, attacked government websites in Egypt and Tunisia. It launched denial-of-service attacks on (AMZN), PayPal, MasterCard, and Visa (V) after those companies declined to do business with WikiLeaks. Barrett Brown, an unofficial spokesman for the group, says its goal is "a perpetual revolution across the world that goes on until governments are basically overwhelmed and results in a freer system."

“匿名”这个冬天很繁忙。它不像个正规的组织,而是技术娴熟的激进分子结成的松散同盟,曾攻击过埃及和突尼斯的政府网站。在亚马逊、贝宝、万事达卡和Visa拒绝与维基泄密做交易之后,该组织向它们发动过拒绝服务攻击。该组织的非官方发言人巴雷特·布朗(Barrett Brown)说,其目标是“在全世界开展永久革命,直到政府基本被扫除,形成一个更自由的社会体系。”

Barr had come to believe that companies would have to defend themselves against this anarchic sensibility using the same tactics as the mischief makers. He also believed he had the skills and experience to join the battle. His principal weapon was a method he developed to associate the real identities found in social networks such as Facebook and LinkedIn with the anonymous profiles of hackers. So while Hunton & Williams weighed Team Themis's proposals, and with the ultimate fate of HBGary Federal hanging in the balance, Barr figured the time was right to demonstrate how social networks could yield an intelligence bonanza.

巴尔认识到公司不得不进行自我防护,以免遭受这种无政府主义情绪的侵害,使用的策略就是把水搅混。他自信拥有足够的技艺与经验加入这场战斗。他的主要武器便是他所开发的一种方法,该方法可以将社交网络如Facebook与LinkedLn中发现的真实身份与黑客的匿名资料关联起来。因此,何威还在评估忒弥斯团队的建议书,HBGary Federal的最终命运尚悬于一线这个节骨眼上,巴尔认为恰是时候来展示社交网络如何能够成为情报的金矿。

Barr began by hanging out in an online forum called Internet Relay Chat (IRC), using a fake identity. At the same time, on social networks, he "friended" people thought to be senior members of the Anonymous collective. Barr then compared the times that suspected hackers logged into IRC chat rooms anonymously and into their own identifiable social networking accounts.


The exposed HBGary e-mails would later reveal that Barr's own employees thought he was overreaching and that they feared retribution from the vengeful Anonymous. But Barr plunged ahead. He proposed a talk at the RSA conference in San Francisco titled "Who Needs NSA when we have Social Media?" Then he promoted the talk by suggesting he would expose the identities of the primary members of the group.


On Feb. 4, a Friday, Barr bragged to the Financial Times about his upcoming talk and claimed he had obtained the identities of the group's de facto leaders. Bad idea. As Stephen Colbert summed it up, lampooning the HBGary affair on his TV show, "Anonymous is a hornet's nest. And Barr said, 'I'm gonna stick my penis in that thing.' "

2月4日,星期五,巴尔向《金融时报》吹嘘他即将进行的演讲,并声称他获得了该组织实际领导者的身份。糟糕的点子。斯蒂芬·科贝特(Stephen Colbert)在其电视秀上讽刺HBGary丑闻时如是概括道,“‘匿名’是个马蜂窝。而巴尔说,‘我要把我的命根子插到那东西里。’”

When hackers taunt, they often use the term "pwned"—as in, "I so pwned you, newbie." No one seems to agree where the word came from. Google it, and you'll find claims that it's a corruption of "owned," or that it's from a computer game, or maybe it's just a shortened form of the chess term "pawned." Whatever its origins, the term connotes humiliating domination by another person or group.


That's roughly what happened next to Barr, Hoglund, and HBGary. Responding to Barr's public claims, the Anonymous hackers exploited a vulnerability in the software that ran HBGary Federal's website, obtained an encrypted list of the company's user names and passwords, and decoded them. Barr and some of his colleagues, Anonymous then discovered, had committed computer security's biggest sin: They used the same password on multiple accounts. The hackers commandeered Barr's Twitter and LinkedIn accounts, lacing both with obscenities. One of the passwords also opened the company's corporate Google account. Jackpot. In less than 48 hours after Barr's Financial Times interview appeared, the hackers had the keys to the kingdom.

接下来在巴尔、霍格伦德与HBGary身上发生的事情和这没什么差别。为了回击巴尔的公开声明,“匿名”黑客利用了HBGary Federal网站运行软件中的一个漏洞,获取了该公司用户名与密码的加密列表,并对之进行了解密。“匿名”随后发现,巴尔与他的一些同事竟然犯了计算机安全的大忌:对多个账号使用相同密码。黑客劫获了巴尔的Twitter与Linkedln账号,用下流话在里面灌水。其中一个密码同时可打开该公司的谷歌企业账号。中了头彩了!就在巴尔的《金融时报》专访刊出不到48小时,黑客就拿到了进入这一王国【译注:指HBGary Federal】的钥匙。

They immediately started downloading HBGary's e-mails. All told, Anonymous got hold of 60,000-plus—about 4.7 gigabytes worth, including attachments—and quickly put them all online in conveniently searchable form. The material details online security holes at HBGary clients and prospects such as Sony, Johnson & Johnson (JNJ), Disney, ConocoPhillips (COP), and dozens of others. The e-mails showed that DuPont (DD) was breached in 2009 (by the same hackers who hit Google) and again in late 2010. DuPont employees on a business trip to China even found that their laptops had been implanted with spyware while the hardware was supposedly locked inside a hotel safe.


In the ensuing days, Barr and Leavy, HBGary's president, took to IRC channels to plead with Anonymous for mercy. None was forthcoming. Members of the group and their supporters gleefully defaced and posted photos of Barr, published personal details about his family, tweeted his Social Security number, and generally gloated about pwning a professional adversary. They said the "ninja team" that hacked HBGary included a 16-year-old girl named Kayla. (Rumors online suggest that "Kayla" is actually a 26-year-old man living in New Jersey. Who's right? Not even Anonymous may know.) "We have no choice but to defend ourselves and defend WikiLeaks by these means," says Brown, the unofficial Anonymous spokesman. "This has just begun. We're absolutely at war now."


Meanwhile, the other members of Team Themis deny they wanted to push the operations as far as Barr did—despite the volumes of incriminating e-mails. Palantir Technologies CEO Alex Karp blames HBGary for conceiving the plot, decries any attempt to develop "offensive cyber capabilities," and has placed on leave Steckman, the engineer who coordinated with Team Themis. Palantir also issued a public apology to Glenn Greenwald, a journalist who was singled out in a Themis proposal as a WikiLeaks defender and thus a possible target. In a statement, Berico Technologies says it "does not condone or support any effort that proactively targets American firms, organizations, or individuals." At the same time, it cut ties with HBGary.

与此同时,虽然受牵连的邮件如雪片般飞来,忒弥斯团队的其他成员还是否认了他们打算像巴尔一样开展业务。Palantir科技的CEO阿历克斯·卡普(Alex Karp)怪罪HBGary设计了这个阴谋,谴责任何开发“攻势性网络功能”的企图,并安排斯特克曼,那个与忒弥斯团队协调的工程师休假。Palantir还向格伦·格林沃尔德(Glenn Greenwald)发布了公开道歉,他是Salon.com的一名记者,在忒弥斯建议书中被选出来作为维基泄密的拥护者,由此成为可能的目标。在一份声明中,Berico科技说它“不会容忍或支持任何主动瞄准美国公司、组织或个人的尝试。”同时,它还与HBGary断绝了来往。

The U.S. Chamber of Commerce said in a press release that it's "incredulous that anyone would attempt to associate such activities with the Chamber," adding that it had not seen the incendiary proposals before they were made public. Morgan Stanley dropped HBGary as a security contractor. Barr never delivered his speech and when he tendered his resignation three weeks after the Anonymous attack, he said he was confident HBGary would be able to "weather this storm."


As for Hoglund, even his friends in the security industry wonder how long HBGary can survive amid the onslaught of negative publicity. But the CEO claims his company has undergone a rigorous security review and is back on track. He says the hackers "made a hole-in-one from 200 yards away" and that it will never happen again. "They are nowhere near as sophisticated and scary and large as they would like people to think they are," he says.


And while the lesson of the HBGary saga may be that it's not always easy to tell the black hats from the white hats in the ambiguous game of computer security, Hoglund has no doubt which is which. "It will get worse," he says. "This whole event has only emboldened them. I hope this isn't the way the Internet has to be. Right now it's a domain of lawlessness. This is bigger than HBGary, than my company. Right now, the pendulum has swung way over to the bad guys' side."



2011-03-31 10:36 编辑:kuaileyingyu