Attack of the cybermen

Sophisticated viruses will be the workhorses of 21st-century spying. But there should be rules

复杂病毒将成为21世纪情报工作的利器,但他们应该被规范。

IF ASKED why they spied on the computers of their rivals (and allies), the authors of Regin, a sophisticated computer virus that seems to have been designed by a Western government, would presumably echo the proverbial bank robber, and reply “because that’s where the secrets are”.

如果问为什么他们为什么暗中监视对手（和外国）的电脑，这个复杂的病毒看起来是被西方政府所设计的，也就是病毒(Regin)的始作甬者可能会像银行劫匪那样给出普遍的回答：“因为秘密就在哪里”

As the world has gone digital, spying has, too. Regin is just the latest in a trend that first came to public notice in 2010, when a piece of American and Israeli software called Stuxnet was revealed to have been responsible for sabotaging part of Iran’s nuclear programme. Since then have come Flame, Red October, DarkHotel and others (see article); more surely lurk undiscovered in the world’s networks. But unlike the indiscriminate surveillance revealed by Edward Snowden, these chunks of malware seem, like traditional spying, to be targeted at specific governments or even individuals.

世界已经数字化，谍报工作也是。Regin也趋向此，只不过它是在2010年最早进入公众视野的一个，一个美国和以色列的叫做Stuxnet的软件被揭露，其要为破坏伊朗的部分核计划负责。
（Stuxnet，即震网，这货直接破坏了伊朗的核计划，伊朗都没察觉到这个病毒的存在）
这之后又出现了Falme，Red October，DarkHotel和其他病毒。显然还有其他未被发现的病毒于网络中。但和斯诺登所披露的不计后果的（软件）不同，这些不成规模的恶意软件就像传统间谍活动一样以特定的政府或和人为目标。

For spies, such digital espionage has advantages over the shoe-leather sort. Computers are stuffed with data that can be copied and beamed around the world in seconds—so much easier than fiddling with microdots or smuggling sensitive documents past guards. The more complicated computer operating systems get, the more riddled they are with unnoticed security holes. Staying safe means plugging them all; an attacker need only keep trying until a single one gives way.

对间谍们来说，这种数字间谍活动显然比那种藏在动物皮制成的鞋子里要好。计算机里充斥的数据能被复制，并在几分钟内被传播到世界各地很远的地方——这可比藏在胶卷里或偷渡敏感文件过安检要容易得多。越是复杂的操作系统，其不易被发现的安全漏洞就越多。保证安全就得把他们都补上。一个攻击者只要不断地试探直到找到一个就可以。

Computer espionage is usefully deniable, too: if programmers are careful it is hard to know who is behind an attack. (There are hints that Regin might be British—not least that one of its modules seems to be called “LEGSPIN”, a cricketing term. British spooks refuse to comment.) And it can be conducted from comfortable armchairs thousands of miles from the target, with no need to put human agents in harm’s way.

网络间谍活动也很容易被否认。如果程序员足够小心那么就很难发现背后的攻击者(有迹象表明Regin出自英国，它的模块中有一个好像叫做“LEGSPIN”的板球术语，英国间谍们对此不予置评）。这种活动可以从距目标千里之外的沙发上开展，而不用把特工置于险境。

But cyber-spying raises two tricky issues. One is that the low cost of gathering information this way may encourage more of it, and a Hobbesian world of spiralling espionage would be bad for everybody. What’s more, since there is no sharp distinction between digital spying tools and weapons—Stuxnet, for instance, damaged systems as well as stealing secrets—there is a danger that the greater ease of attacking an enemy’s digital assets means that governments will make war on each other with greater abandon. There is a close parallel with drone warfare, which is similarly cheaper and less risky than its flesh-and-blood counterpart.

但网络监控也引发了两个棘手的问题，其一是以这种方式收集信息成本太低廉，这也许会助长它（这种活动）。而且间谍活动螺旋式上升的特性对每个人都不是什么好事。而且，数字监控工具和武器并无明显差别——比如“震网”，除了窃取数据之外还损害系统。还有一个隐患就是攻击敌方的数字机密越容易，双方政府间就越容易发生无所顾忌的战争。这和无人机作战很像，比起血肉横飞的博弈，这反而更便宜且风险更低。

This is an argument for governments to be selective about how they use cyber-weapons not to withdraw them. Although cyber-weapons may lower the threshold for attacks, they don’t (yet) kill or maim people. If the choice is between a missile and a cyber-weapon, the latter is preferable.

关于政府选择如何使用网络武器还是不使用，还存在争论。尽管网络武器也许能降低攻击的门槛，但暂未造成人员伤亡。如果在导弹和网络武器之间选择，后者是更可取的。

Working for Main Street, not M

The other problem with cyber-weapons is that they encourage economic spying of a sort that has less to do with national security than corporate profits. The West has long complained that the Chinese and Russians help themselves to industrial secrets. But it is not clear that the West’s record is spotless: files leaked by Mr Snowden also suggest that American spies were keenly interested in Petrobras, Brazil’s state-controlled oil firm.

其二是网络武器鼓励了经济间谍活动，它对国家安全影响小但对公司利润则不是。西方长期以来抱怨中国人和俄罗斯人帮他们自己建立机密。但西方他们自己也干净不到哪里去：根据斯诺登先生的泄露出的机密文件显示，美国间谍对Petrobras，一家巴西石油国企很感兴趣。

Here, the question is one of motives. It would be surprising if the West were not spying on Gazprom, for instance, which acts as an arm of the Russian state. But spying on foreign firms to help your own is merely another way of ignoring the intellectual property rules that underlie technological prosperity. Governments should not do it.

在这，这种动机还有一个疑问。举个栗子，如果西方不去监视俄罗斯的左膀右臂——Gazprom，那可能会奇怪。但是监视其他国家来帮自己则完全是另一种行为了，这完全是对知识产权规则的忽视，这（知识产权规则）是科技进步的基石。政府不应这样做。

Cyber-warfare is an unruly business, where rules will be flouted. But it needs them. Cyber-warriors should remember that what they do to others will be done in turn to them.

网络战场没有规矩，在这里规则将被忽视。但是我们需要他们（网络战场）。网络战士们应该记住他们对别人所做的一切都会返还到他们身上。