Saturday, June 21, 2008

なぜ世界的なハッカーは捕まらないのか

Live Science:Why Global Hackers Are Nearly Impossible to Catch
By Maggie Koerth-Baker, Special to LiveScience
posted: 19 June 2008 09:19 am ET

彼らはコンピュータの中にいて,我々のファイルを読んでいる.
アメリカ連邦議会が議会のコンピュータ上の機密文書を引き出すため,
中国政府が北京のハッカーを送り込んだとして告訴した.
中国は関与を否定したが,もし彼らが嘘をついているとしても,どうやってそれを証明できるであろうか?
コンピュータとセキュリティの専門家によれば,それは不可能だという.
少なくとも,法廷に持って行くには不十分だ.

They're in our computers, reading our files. The Chinese government, that is, according to two U.S. Congressmen who recently accused Beijing of sending hackers to ferret out secret documents stored on Congressional computers. The Chinese deny any involvement, but if they were lying, would we be able to prove it?

The answer, according to computer and security experts, is probably not.

At least, not conclusively enough for a court of law.

「ハッカーを罰する事は非常に難しい.もし出来たとしても,あなたが100%正しいとは言えないのだ」と,言うのは
ワシントンD.C.のCenter for Strategic and International Studiesディレクター&上級フェローのJames Lewisだ.
これはRep. Christopher H. Smith, R-N.J., and Rep. Frank R. Wolf, R-Vaが使ったコンピュータに,
誰が侵入したのか証明する捜査員が直面している問題だ.
この連邦議会員たちは,2006年初めに何度かアタックを受けたと証言している.

"It's very difficult to track hacker attacks and, even if you can track it, you don't always know with 100 percent certainty if you're right," said James Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C.
That was the problem faced by the investigators who attempted to figure out who broke into computers used by the staff of Rep. Christopher H. Smith, R-N.J., and Rep. Frank R. Wolf, R-Va. The Congressmen announced on June 11 that they'd been the targets of several attacks, beginning in 2006.

SmithとWolfはどちらも強い中国政府批判をしている.
彼らはレポーターに対しこれらのアタックは,
中国政府が,中国の批判者リストと連邦議会の人権ヒアリングのレポートを盗もうとしたものであると伝えた.

Both Smith and Wolf are high-profile critics of the Chinese government. They told reporters that, among other things, the hackers stole lists of identities of Chinese dissidents and records from Congressional human-rights hearings.

このような攻撃者を追って特定するのは可能だ.
インターネットを使っていれば,電子認証と同等のものを残すからだ.とLewisは説明する.
あなたのPCから別にPCに送られたそれぞれのメッセージは,
ルータやサーバを動き回る.
メッセージが受け取られると,その経路は残る.
認証がハッカーのPCへ逆方向に導いてくれる,とLewisは説明する.

It is possible to track such attackers, to a point. When you use the Internet, you leave the equivalent of digital footprints, Lewis explained. Every message your computer sends to a different computer travels in a series of hops from one router or server to another. Even after the message is received, the record of its path remains. Lewis said authorities can sometimes follow that path back to a hacker's computer.

しかしいつもという訳ではない.
一つは,全てのルータとサーバがレコードを保存しているわけではない.
もう一つ大きな問題は,攻撃に関係ないユーザの認証を使い,ハッカーが偽の足跡を作って隠蔽することだ.

But not always. For one thing, not all servers and routers save records. Another big problem is that hackers will often conceal their location by creating a fake trail, essentially leading authorities to a computer user who had nothing to do with the attack.

もっと辛いのは,ハッカーを追跡出来たとしても,その情報の信憑性がないという事実だ.とLewisは言う.
Smith and Wolfに対する攻撃の時も,我々は明確に中国のコンピュータまで追跡できたが,
中国政府が認めないのを知っての事だった.
「ただ,最後にアクセスしたコンピュータのインターネットアドレスしか得られないんだ」

More frustrating, Lewis said, is the fact that even when you can successfully trace a hacker, the information you get doesn't tell you who signed his paycheck. While the attacks on Smith and Wolf were apparently traced to a computer in China, knowing that doesn't necessarily implicate the Chinese government.

"All it gives you is the Internet address of the last computer in the line," he said.

これは,アメリカのインテリジェンスが状況証拠を考慮しているからである.
例えば,最近は誰が攻撃する動機を持っているかを見ているかもしれない.
「盗まれたレコードは,中国人権の活動家の秘密リストだ.」
「ほかに誰が中国政府だけに気を使うんだ?」
しかし,もう一つの元凶がある.中国は活動的な愛国ハッカー組織の温床である事だ.と彼は続ける.

Because of this, Lewis said, the U.S. intelligence services usually have to take circumstantial evidence into account. For instance, in the current case, they might look at who would have had the motivation to make the attack. "The records stolen were secret lists of Chinese human rights activists," he said. "Who else is going to care about that but the Chinese government?"

However, he said, there is one other possible culprit. China is home to a particularly active cadre of patriotic civilian hackers.

母国の英雄
ロンドンの国際委員会組織,BT groupのCSTO,Bruce Schneierが言うには,
組織,メディア,チベット政府や台湾政府,その他中国の敵をハックすることで,母国で英雄になっているものが居る.

Heroes at home
Bruce Schneier, chief security technology officer of the BT Group, an international communications company based in London, said some of these guys are heroes in their home country, thanks to hacks they've made on organizations, media and governments that are pro-Tibet, pro-Taiwan, or otherwise critical of Chinese interests.

政府公認のハッカーとは違うが,これらのサイバー自衛団は国の利益の妨げをなくす義務があり,
政府に対して情報を売ってさえいる.
Schneier and Lewisが言うには,国が後押ししていないので,
これらの市民ハッカーは真には自立していないが,おそらく優れた人間だろう.
また,ネット上の悪ふざけに至るまで,中国が一つの政府でないことも重要だ.
スパイをするハッカーを使うことが異常に求められ,特定の情報源を見つけることが非常に難しくなっている.

While not the same as official government hackers, these cyber-vigilantes are liable to pull stunts that benefit the government and, in some cases, they might even sell information they've gathered to the government. Both Schneier and Lewis said these civilian hackers aren't truly independent, in that they're probably tolerated, if not outright encouraged, by the government.

It's also important to note that China isn't the only government that's up to online shenanigans. Using hackers to conduct espionage is awfully appealing, precisely because it's so hard to conclusively pin on a specific source.

Lewisによると,
少なくとも中国近辺の6政府は,非常に洗練されたハッカーを持っている.
アメリカも含めてだ.
事実,攻撃は骨を折ってやるような仕事ではない.
「この攻撃に怒ってはいけない」
「これは国家間で普通の事なんだ.怒りたくもなるが,それは我々の防御が甘いということだ」

Lewis said there are at least a half dozen other governments, besides China's, that have highly sophisticated hacker capabilities. This includes the United States. In fact, he said, attacks are common enough that they're almost not something to get worked up about. "We shouldn't be outraged at this latest hack," he said. "This is just normal stuff between countries. It you want to be outraged, be outraged that our defenses are so poor."


感想
ほぼ僕の意訳です.
誤訳も多々あるかと.
こういうハッカーのお話はとても面白いですね.

No comments: