文 / 王不留(王不留)
选自20210619,Leaders
Broadbandits
网络盗匪
broadbandit: 改自单词broadband(宽带) bandit(强盗;土匪)
The new age of cyber-attacks could have huge economic costs.
网络攻击的新时代可能会带来巨大的经济代价。
Twenty years ago, it might have been the plot of a trashy airport thriller. These days, it is routine. On May 7th cybercriminals shut down the pipeline supplying almost half the oil to America’s east coast for five days. To get it flowing again, they demanded a $4.3m ransom from Colonial Pipeline Company, the owner. Days later, a similar “ransomware” assault crippled most hospitals in Ireland.
20年前,这可能是粗劣的机场惊悚片的情节。如今,这是例行公事。5月7日,网络犯罪分子将供应美国东海岸近一半石油的管道关闭了5天。为了让管道重新畅通,他们向管道拥有者科洛尼尔管道运输公司索要430万美元赎金。几天后,一个类似的“勒索软件”使爱尔兰大多数医院瘫痪。
trashy: 质量极其粗劣的;毫无价值的
thriller: (尤指关于罪案或间谍的)惊险小说(或戏剧、电影)
cyber-criminal: 网络罪犯
ransom: 赎金
ransomware: 勒索软件;敲诈软件(封锁用户的计算机系统,付钱后方解封)
cripple: 破坏; 削弱;使……残废
5月7日,美国大型成品油管道系统运营商科洛尼尔管道运输公司(Colonial Pipeline Company)因黑客通过非法软件控制其电脑系统或数据,不得不临时关闭设备。对输油管道实施袭击的是名为“黑暗面”(Dark Side)的网络犯罪团伙,他们对目标系统植入恶意软件,以索要赎金,劫持了科洛尼尔管道运输公司将近100GB的数据。“黑暗面”要求科洛尼尔公司交出赎金,否则相关数据将在网络上公布。
5 月 14 日凌晨,爱尔兰的公共服务医疗保健系统Health Service Executive(HSE)遭 Conti 勒索软件攻击,全国医疗保健系统受到广泛破坏,多家医院电子系统和存储信息无法进入。
Such attacks are evidence of an epoch of intensifying cyberinsecurity that will impinge on everyone, from tech firms to schools and armies . One threat is catastrophe: think of an air-traffic-control system or a nuclear-power plant failing. But another is harder to spot, as cybercrime impedes the digitisation of many industries, hampering a revolution that promises to raise living standards around the world.
这些攻击是网络不安全加剧时代的证据。网络不安全将冲击从科技公司到学校到军队的每个人。一种威胁是灾难:想想空中交通管制系统或核电站故障。但另一个更难发现,因为,网络犯罪阻碍了许多行业的数字化,阻碍了一场承诺提高世界各地生活水平的革命。
epoch: 时代;纪元;时期
impinge on: 打击;冲击;对…不利;妨碍
catastrophe: 灾难;灾祸;横祸
air-traffic-control: 空中交通管制
nuclear-power plant: 核电站
impede: 阻碍;阻止
digitisation: 数字化
hamper: 阻碍,妨碍;牵制
The first attempt at ransomware was made in 1989, with a virus spread via floppy disks. Cybercrime is getting worse as more devices are connected to networks and as geopolitics becomes less stable. The West is at odds with Russia and several autocracies give sanctuary to cyber-bandits.
勒索软件的首次尝试是在1989年,通过软盘实现病毒的传播。随着越来越多的设备连接到网络,地缘政治变得越来越不稳定,网络犯罪变得越来越严重。西方国家与俄罗斯有分歧,一些专制国家为网络强盗提供庇护。
floppy disk: 软(磁)盘
be at odds (with sb) (over/on sth): (就某事)(与某人)有分歧;有争执
autocracy: 专制国家
sanctuary: 庇护所;避难所
Trillions of dollars are at stake. Most people have a vague sense of narrowly avoided fiascos: from the Sony Pictures attack that roiled Hollywood in 2014, to Equifax in 2017, when the details of 147m people were stolen. The big hacks are a familiar but confusing blur: remember SoBig, or SolarWinds, or WannaCry?
数万亿美元处于危险之中。大多数人对勉强避免的惨败有一种的模糊感觉:从2014年扰乱好莱坞的“索尼影业遭黑客攻击事件”,到2017年1.47亿人的信息被窃取的“艾贵发信息泄露事件”。大型黑客攻击令人熟悉,但又令人困惑,印象模糊:(你)还记得SoBig,SolarWinds,WannaCry吗?
at stake: 有风险;处于危急关头
Vague 模糊的
narrowly avoided: 勉强避免的
fiasco: 惨败;可耻的失败;尴尬的结局
the Sony Pictures attack: 索尼影业遭黑客攻击事件。2014年11月,黑客组织“和平卫士”(Guardians of Peace)公布索尼影业员工电邮,涉及公司高管薪酬和索尼非发行电影拷贝等内容。
roil:扰乱;搅乱;使混乱
Equifax: 2017 年 9 月,美国征信巨头艾贵发公司承认 1.45 亿美国居民个人隐私信息泄露,这是该国历史上最严重的数据安全事件,以美国人口 3.2 亿计算,受影响的超过 40%。
blur: 模糊的记忆;记不清的事情
SoBig: 大无极病毒,主要危害是乱发邮件,邮件内容的一部分来自被感染机器中的资料,因此有可能泄漏用户的机密文件,特别是对利用局域网办公的企事业单位,所以这个病毒极有可能大面积传播。
SolarWinds: SolarWinds是一款体系结构的分布式网络性能监控系统,它拥有超过300,000个客户,包括:超过425家美国《财富》500强、美国全部十大电信公司、美国军方的所有五个部门、美国前五名会计师事务所、以及美国五角大楼、国务院、国家安全局、司法部、白宫。SolarWinds的系统被攻击之后,导致全球许多组织的网络遭到破坏,涉及的供应链范围极为广泛,被称为2020年美国最大网络安全事件。
WannaCry: 2017年,勒索病毒”WannaCry”感染事件爆发,全球范围近百个国家遭到大规模网络攻击,攻击者利用MS17-010漏洞,向用户机器的445端口发送精心设计的网络数据包,实现远程代码执行。被攻击者电脑中大量文件被加密,被要求支付比特币以解密文件。
A forthcoming study from London Business School (lbs) captures the trends by examining comments made to investors by 12,000 listed firms in 85 countries over two decades. Cyberrisk has more than quadrupled since 2002 and tripled since 2013. The pattern of activity has become more global and has affected a broader range of industries. Workers logging in from home during the pandemic have almost certainly added to the risks. The number of affected firms is at a record high.
伦敦商学院即将进行的一项研究通过分析85个国家的1.2万家上市公司在过去20年对投资者的评论,捕获到这些趋势。网络风险自2002年以来增加了三倍多,自2013年以来增加了两倍多。这种活动模式已经变得越来越全球化,并影响了更广泛的行业。疫情期间员工从家中登录无疑增加了风险。受影响的公司数量创历史新高。
listed firms: 上市公司
Log in 登录(系统)
quadruple: (使)变成四倍;增加三倍
triple: (使)变成三倍;增加两倍
Faced with this picture, it is natural to worry most about spectacular crises caused by cyber-attacks. All countries have vulnerable physical nodes such as oil pipelines, power plants and ports whose failure could bring much economic activity to a standstill. The financial industry is a growing focus of cybercrime: these days bank robbers prefer laptops to balaclavas. Regulators have begun to worry about the possibility of an attack causing a bank to collapse.
面对这种局面,人们自然会担心网络攻击引发的重大危机。所有国家都有脆弱的物理节点,比如输油管道,发电厂,和港口,它们的故障可能会使许多经济活动陷入停滞。金融业日益成为网络犯罪的焦点:这些日子,银行盗贼更喜欢笔记本电脑而不是胜过黑头套。监管机构开始担心攻击可能会导致银行破产。
picture: 情况;局面
spectacular: 惊人的;突如其来的
node: 连接到网络的设备(如计算机)
failure 故障;失败;衰退
bring sth to a standstill: 使....停滞
balaclava: 巴拉克拉瓦盔式帽/羊毛头罩(裹住头、颈和脸的大部分),指抢劫银行者的装扮。这起源于1854年的克里米亚战争中的巴拉克拉瓦战役。发明这种头套的最初目的并不是怕别人认出你,而是为了抵御从黑海刮来的刺骨寒风。
注:巴拉克拉瓦盔式帽
But Just as costly is the threat to new tech as confidence in it ebbs. Computers are being built into cars, houses and factories, creating an industrial “internet of things” (IOT). Insights gleaned from oceans of data promise to revolutionise health care. In theory, all that will boost productivity and save lives for years to come. But the more the digital world is plagued by insecurity, the more people will shy away from it and the more potential gains will be lost. Imagine hearing about ransomware in someone’s connected car: “pay us $5,000, or the doors stay locked.”
但随着人们对新技术信心的衰退,新技术面临的威胁也同样代价高昂。计算机被用于汽车、房屋和工厂,创造了工业“物联网”。费力从海量数据中获得的见解有望带来医疗保健的革命。理论上,所有这些都将在未来几年提高生产力,拯救生命。但是数字世界受不安全的困扰越多,人们越回避它,也就会推动更多潜在收益。想像一下,如果有被不安全折磨越多,离开它的人们也越多,潜在的收益丢失得越多。想象一下,在某人被联网汽车上听到勒索软件说:“支付我们5000美元,否则门就锁着。”
Just as 正如;正在……的时候
ebb (away): 衰退;逐渐减少
“internet of things” (IOT): 物联网。指通过各种信息传感器、射频识别技术、全球定位系统、红外感应器、激光扫描器等各种装置与技术,实时采集任何需要监控、 连接、互动的物体或过程,采集其声、光、热、电、力学、化 学、生物、位置等各种需要的信息,通过各类可能的网络接入,实现物与物、物与人的泛在连接,实现对物品和过程的智能化感知、识别和管理。
glean sth from sb/sth: 费力地搜集(信息)
oceans of: 大量
plague:不断困扰;折磨;使苦恼
shy away from: (因害怕或信心不足而)回避;躲避;避免做
Dealing with cyber-insecurity is hard because it blurs the boundaries between state and private actors and between geopolitics and crime. The victims of cyber-attacks include firms and public bodies. The perpetrators include states conducting espionage and testing their ability to inflict damage in war, but also criminal gangs in Russia and Iran whose presence is tolerated because they are an irritant to the West.
处置网络不安全较为困难,因为模糊了国家和个人,地缘政治和犯罪之间的界限。网络攻击的受害者包括公司和公共机构。犯罪者包括从事间谍活动并测试其在战争中造成破坏能力的国家,也包含俄罗斯和伊朗的犯罪团伙,他们的存在之所以得到容忍,是因为他们令西方国家烦恼。
blur the boundaries 模糊……的界限
actor: 演员,参与者
body: 团体;机构;群体
perpetrator: 作恶者;犯罪者
espionage: 谍报活动;间谍行为
inflict: 使遭受(不好的事情);施加(打击、痛苦等)
irritant: 刺激性的;使人烦躁的事物
Be an irritant to sb 令某人烦恼
A cloud of secrecy and shame surrounding cyber-attacks amplifies the difficulties. Firms cover them up. The normal incentives for them and their counterparties to mitigate risks do not work well. Many firms neglect the basics, such as two-step authentication. Colonial had not taken even simple precautions. The cyber-security industry has plenty of sharks who bamboozle clients. Much of what is sold is little better than “medieval magic amulets”, in the words of one cyber-official.
网络攻击笼罩在秘密和羞耻的阴影中,这增加了应对难度。公司掩盖了这些问题。他们和交易对手减轻风险的正常激励并不奏效。许多公司忽略了一些基本的东西,如两步验证。科洛尼尔管道运输公司(Colonial Pipeline Company)甚至没有采取简单的预防措施。网络安全行业有大量欺骗客户的骗子。用一位网络官员的话来说,大部分出售的东西比“中世纪魔法护身符”好不了多少。
a cloud of: 阴影;焦虑
Secrecy 秘密
amplify: 增强
cover sth up: 掩饰/隐瞒某事
mitigate: 减轻;缓解;缓和
two-step authentication:(电脑的)两步/双重验证。和短信验证码一样道理,两步验证也是相当于给帐号多加一把“锁”,在输入正确的账号密码之后,用户同样还需要额外输入一个每 30 秒自动变化一次的 6 位数字验证码才能完成登录。
shark: 坑蒙拐骗的人;诈骗者
bamboozle: 欺骗;愚弄;蒙蔽
amulet: 护身符;驱邪物(为祛邪防病等佩戴的珠宝)
All this means that financial markets struggle to price cyberrisk and the penalty paid by badly protected firms is too small. The lbs study, for example, concludes that cyber-risk is contagious and is starting to be factored into share prices. But the data are so opaque that the effect is unlikely to reflect the real risk.
所有这些都意味着金融市场难以为网络风险定价,而保护不力的公司所付出的惩罚太小了。例如,伦敦商学院的研究得出结论,网络风险具有传染性,并已开始成为影响股价的因素。但数据是如此不透明,其效果不太可能反映真正的风险。
penalty: 罚金
contagious: 会蔓延的;传染性的
opaque: 难懂的;隐晦的;晦涩的
Fixing the private sector’s incentives is the first step. Officials in America, Britain and France want to ban insurance coverage of ransom payments, on the ground that it encourages further attacks. Better to require companies to publicly disclose attacks and their potential cost. In America, for example, the requirements are vague and involve large time lags.
第一步是修正私营部门的激励机制。美国、英国和法国的官员想禁止将支付的赎金纳入保险范围,理由是这会鼓励进一步的袭击。最好是要求公司公开披露攻击及其潜在成本。例如,在美国,要求是模糊的,涉及大量时间滞后。
insurance coverage: 保险范围
on the ground(s) that: 理由是
time lag:(两件相关事件的)时间间隔;时滞
With sharper and more uniform disclosure, investors, insurers and suppliers could better identify firms that are underinvesting in security. Faced with higher insurance premiums, a flagging stock price and the risk of litigation, managers might raise their game. Manufacturers would have more reason to set and abide by product standards for connected gizmos that help stem the tide of insecure iot devices.
通过更清晰、更统一的信息披露,投资者,保险公司和供应商可以更好地识别出在安全领域投资不足的公司。面对更高的保费、低迷的股价和诉讼风险,基金经理们可能会提高他们的策略。制造者将有更多的理由为联网设备设定和遵守产品标准,以帮助遏制不安全物联网设备的浪潮。
uniform: 一致的;相同的
disclosure: 透露的信息;公开;披露
insurance premiums: 保险费
flagging: 疲倦的;逐渐衰弱的,萎靡的
litigation: 诉讼
raise one's game: 改进,提高竞争力
abide by: 遵守(主语是人)
gizmo: 小玩意儿;小装置
Governments should police the boundary between the orthodox financial system and the shadowy world of digital finance. Ransoms are often paid in cryptocurrencies. It must be made harder to recycle money from these into ordinary bank accounts without proof that the money has a legitimate source. Likewise with cryptocurrency exchanges, which should face the same obligations as established financial institutions.
政府应监管传统金融体系和数字金融的神秘世界之间的边界。赎金通常用加密货币支付。如果不能证明资金有合法来源,就必须加大将资金从这些账户转到普通银行账户的难度。同样,加密货币交易所也应面临与成熟金融机构相同的义务。
police: 控制;监督
orthodox: 普遍接受的;正统的;规范的
shadowy: 神秘的;难以捉摸的
likewise 同样地
cryptocurrency: 加密电子货币
Obligation 义务
Cyber-insecurity is a matter of geopolitics, too. In conventional warfare and cross-border crime, norms of behaviour exist that help contain risks. In the cyber-domain novelty and confusion reign. Does a cyber-attack from criminals tolerated by a foreign adversary warrant retaliation? When does a virtual intrusion require a real-world response?
网络不安全也是一个地缘政治问题。常规战争和跨境犯罪中,存在有助于控制风险的行为规范。网络领域充满了新奇和混乱。外国对手所容忍的犯罪分子的网络攻击是否值得报复?何时虚拟入侵需要真实世界的响应?
reign: 支配;盛行
adversary: 对手
warrant: 需要;值得
retaliation: 报复;反击
intrusion: 闯入;侵扰
In conventional warfare and cross-border crime, norms of behaviour exist that help contain risks. 此为倒装句,正常语序为:In conventional warfare and cross-border crime, norms of behaviour that help contain risks exist .
A starting-point is for liberal societies to work together to contain attacks. At the recent summits of the G7 and NATO, Western countries promised to do so. But confronting states such as Russia is crucial, too. Obviously, they will not stop spying on the Western countries that do their own snooping. But a third summit, between Presidents Joe Biden and Vladimir Putin, began a difficult dialogue on cybercrime. Ideally the world would work on an accord that makes it harder for the broadbandits to threaten the health of an increasingly digital global economy.
一个出发点是自由社会共同遏制攻击。在最近七国集团和北约峰会上,西方国家承诺这样做。但与俄罗斯等国家对抗也至关重要。显然,他们不会停止监视西方国家,西方国家自己也在探听消息。但在第三次峰会,美国总统乔·拜登和弗拉基米尔·普京之间开启了一场关于网络犯罪的艰难对话。理想情况下,世界各国应达成一项协议,使网络盗匪更难威胁日益数字化的全球经济的健康。
spy on: 从事间谍活动;秘密收集情报
snoop: 探听;调查;窥探
accord: 正式协议
“王不留说”
“Cyberrisk has more than quadrupled since 2002 and tripled since 2013. ”这句话与倍数有关。在此,我整理了英语中倍数常见的表达,以供大家参考。
,
- double 表示“两倍,增加一倍”“增加一倍”其实也就是中文常说的“翻一番”,所以这两种说法都可以用double来表示。例句:My rent doubled last month. 上个月我的房租是原来的两倍(也就是翻了一番)。/ 上个月我的房租涨了一倍。
- triple 表示“三倍,增加两倍”例句:My rent tripled last month. 上个月我的房租是原来的三倍。/ 上个月我的房租涨了两倍。
- quadruple 表示“四倍,增加三倍”“增加三倍”其实也就是中文常说的“翻两番”,所以这两种说法都可以用quadruple来表示。例句:My rent quadrupled last month. 上个月我的房租是原来的四倍(也就是翻了两番)。/ 上个月我的房租涨了三倍。