中國網站品牌欄目(頻道)
|
China has been the target of serious cyberattacks from the United States, but Beijing has neverblamed Washington or the Pentagon because such accusations would be "technicallyirresponsible", Chinese Internet insiders said. The cyberattacks from the US have been as grave as the ones the US claims China hasconducted, they said on Tuesday. China's Internet emergency response agencyhas tried its best to handle all the UScomplaints made this year, they said. However, the US never mentioned thealleged Chinese hacking theft of the designsof more than 20 kinds of top US weapons, butinstead gave the unverified informationdirectly to the media. "We have mountains of data, if we wanted toaccuse the US, but it's not helpful in solvingthe problem," said Huang Chengqing,director of the National Computer NetworkEmergency Response TechnicalTeam/Coordination Center of China, alsoknown as CNCERT. "The importance of handling Internet securitycases keeps rising, but the issue can only besettled through communication, notconfrontation." Huang's remarks came after a slew of reportsaccusing China of hacking were released inthe US this year. High-ranking officials inWashington also pressed Beijing on the issuein recent weeks. According to CNCERT, in the first five monthsof this year, 13,408 overseas trojan horsesor bot control servers — two popular hackingtools — hijacked around 5.63 millionmainframes in China. Of those, 4,062 US-based control servers hijacked 2.91 millionmainframes in China. The US ranked first in both the number ofcontrol servers and the number of mainframes controlled in China. In the same period, websites of 249 important Chinese organizations including governmentdepartments, key information systems and research institutions were implanted with backdoorprograms. Among them, 54 websites were hijacked by US-based IP addresses for stealinginformation. "However, it's hard to judge whether the US government supported or got involved in thehacking. Besides, hackers can easily hide their real location and identities," Huang said. "So technically it is irresponsible and unfounded for some people to talk about alleged hackingsupported by the Chinese authorities." As for the Washington Post report in late May about Chinese hacking on US weapons, Huangsaid design information of top-class weapons are usually listed as top national secrets. "Evenfollowing the general principle of secret-keeping, it should not have been linked to the Internet." Huang said his agency has been fighting with hackers. Except for daily work of Internet securitymonitoring, prewarning and emergency response, CNCERT cut hackers’ remote control on39.37 million infected mainframes in 2012. The agency has set up Internet security cooperative relations with 91 organizations in 51countries and regions. Huang said a case in March explains the importance of such cooperation. At that time, SouthKorea suspected that Chinese hackers paralyzed the network of some local media and banksand required assistance from CNCERT. Through joint efforts, it was discovered that the IPaddress connected to the hacking was in the range of Chinese IP addresses but was actuallyused by a South Korean bank. As for cooperation with the US, Huang said in the first four months of this year CNCERTreceived 32 Internet security cases from the US, among the 227 complaints from abroad. They handled the US cases in time, except for attempted IP address attacks, which lackedsufficient proof. And they sent feedback to the US on all the cases. "But they did not mention these efforts, instead they advocated cases that they never let usknow about. Some cases can be addressed if they had talked to us, why not let us know? It isnot a constructive train of thought to solve problems," Huang said. "Besides, we have smooth communication at the civil level. I don't understand why all levels ofthe US government are accusing China of cybersecurity recently. I felt it is driven by somepolitical intentions, though I don't know what the intentions are." Huang said he noticed the US has kept beefing up its cyberwar forces as it hyped hackingthreats from China. After Mandiant, a Washington-based cybersecurity group, said in a report in February that thePeople's Liberation Army sponsors hacking, US Cyber Command and National Security Agencychief General Keith Alexander told Congress in March that of the 40 new Cyber Commandteams being assembled, 13 would be focused on offensive operations. Gao Xinmin, vice-chairman of Internet Society of China, said: "The US is much more dependenton the Internet than developing nations, so it is fully understandable that they attach greatimportance to the issue." "However, because of the lack of mutual trust, it is easy for some countries to blame hacking onother governments. And driven by some political needs, the dirty water is often poured ontoChina," Gao said. The White House has announced that cybersecurity will be high on the agenda of President XiJinping's meeting with US President Barack Obama this week in California. CNCERT's Huang said it is necessary to have multi-level talks, but the most effective way is to"start from the basic level" and beef up communication between frontline agencies, such asemergency response organizations, from relevant countries. |
中國國家級網絡安全應急機構和互聯網協會的高層人士周二表示,中國遭受來自美國的網絡攻擊的嚴重程度并不亞于美國所聲稱的來自中國的威脅,但中國采取了“對事不對國”的態度,從未為此怪罪美國政府或軍隊,因為“技術層面上這樣的做法不負責任”。 他們還表示,中方今年已盡其所能地處理并反饋了美國計算機緊急響應小組(US-CERT)向中方投訴的個案。這些專業人士稱美方從未向中國國家計算機網絡應急技術處理協調中心(CNCERT)提及美國媒體近期報道的中國黑客盜取美國重大武器系統設計一事,而是直接把未經證實的資料泄露給媒體。 這些官員是在《中國日報》的專訪中就美方最近密集發表所謂中國在網絡安全方面對美構成極大威脅的言論,以及美方高官不斷就此對北京施壓的情況做此表態的。 “如果我們想指責美國的話有大量數據,但這無助于問題的解決,隨著信息化的發展,網絡安全事件的處理越來越重要。但這些問題的解決應該通過對話而不是對抗。”CNCERT主任黃澄清說。 據CNCERT向《中國日報》獨家披露的最新數據,2013年1至5月,境外約有13408臺木馬或僵尸網絡控制服務器控制了中國境內近563萬臺主機,其中位于美國的4062臺控制服務器控制了中國境內近291萬臺主機,無論是按照控制服務器數量還是按照控制我國主機數量規模進行排名,美國都名列第一。 此外,同期中國有249個重要政府部門、重要信息系統和科研機構等單位的網站被境外入侵并植入網站后門,其中54個單位被美國地址入侵和竊取信息。 “但是很難判定美國政府支持和參與了這些事件。另外,擁有專業技術的黑客可以輕而易舉的隱藏自己的真實位置和身份。所以單從技術層面上講,一些國家和人士有關中國網絡安全威脅論的言論是不負責任和缺乏依據的。”黃澄清說。 至于《華盛頓郵報》5月底報道的中國竊取美國二十多項武器設計機密的指責,黃表示尖端武器的研制資料一般被列為國家最高等級機密,“即使遵循一般的保密原則,也絕不可能放在互聯網上”。 黃說事實上他負責的機構一直在與黑客做著艱苦的斗爭。除了日常的網絡安全事件的監測、預警和應急處置工作外,2012年CNCERT切斷了黑客對3937萬余臺感染主機的遠程操控。 這個機構目前已經與51個國家和地區的91個組織建立了網絡安全合作關系。 黃說,今年3月有一個案例,當時韓國懷疑中國的黑客行為導致了當地一些媒體和銀行計算機網絡同時癱瘓,韓國通過CNCERT請求幫助協調,經雙方共同努力,證實疑似IP地址實為韓國銀行內部自用,而其恰好使用了中國IP地址范圍,從而導致韓方誤認為攻擊來自中國。 黃澄清說,今年1月至4月CNCERT接到的227起來自境外的網絡安全投訴中,有32起來自US-CERT。除了部分惡意IP地址嘗試攻擊事件因對方提供證據不足無法處理外,其余的事件中方均及時處理并向美方反饋。 “但他們并沒有提到這些,而是把沒有告訴我們的問題大肆渲染,如果跟我們說的話有些問題是能解決的,為什么不讓我們知道呢?這不是解決問題的建設性思路,”他說。 “另外,現在民間層面的溝通是暢通的,但我們不知道為什么近一段時間來美國政府各個層面都在就網絡安全問題攻擊中國。我認為這種做法是出于政治上的考量,盡管我不清楚他們的目的。” 黃說他注意到美國在發布“中國黑客威脅論”的同時一直在加強自己網絡戰的力量。美國網絡安全公司曼迪昂特2月18日發布報告指責中國軍方黑客威脅,3月12日美國網絡戰司令部司令亞歷山大隨即宣布新增40支網絡部隊,其中13支確定用來進攻。 “美國社會對網絡的依存度比我們發展中國家高的多,所以他們對網絡安全更加重視是可以理解的,”中國互聯網協會副理事長高新民說。 “但有些國家之間由于缺乏戰略互信,容易認為攻擊源受到對方政府的支持,再加上某些政治需要,經常把臟水潑向中國。這樣只會加深猜忌,”他說。 關于白宮宣布網絡安全將會是國家主席習近平和美國總統奧巴馬本周在加州會晤的首要議題之一,黃澄清表示多層次溝通是必要的,但最有效的辦法是從基層做起,讓網絡安全應急處置的專業部門和各國政府執法部門開始加強溝通。 CNCERT已經參與了美國東西方研究所牽頭舉行的定期國際民間網絡安全問題溝通和協調。黃說他欣賞該機構“積極和建設性的”的態度和具體的解決方法。據《紐約時報》5月26日報道,東西方研究所正同包括中美在內的多個國家政府代表合作討論信息技術基礎設施保護方面的基本規則。 “互聯網是自下而上發展起來的,現在單純靠政府解決全部問題是不現實的。而東西方研究所跟各個層面建立了廣泛的溝通渠道,”黃說。 2011年,CNCERT完成了與該機構開展的為期兩年的中美網絡安全對話機制反垃圾郵件專題研究。從2012年至今,雙方正在就”反黑客攻擊”專題開展對話。 相關閱讀 (中國日報記者李瀟堃編譯) |
