中國黑客攻擊蘋果iCloud雲存儲

HONG KONG — For Apple in China, trouble seems to be the new normal.

香港——在中國，遭遇麻煩似乎成了蘋果公司(Apple)的新常態。

Cybersecurity monitoring groups and security experts said on Monday that people trying to use Apple’s online data storage service, known as iCloud, were the target of a new attack that sought to steal users’ passwords and then spy on their activities.

網絡安全監控團體和安全專家週一表示，嘗試使用蘋果在線數據存儲服務iCloud的人，成爲了一輪新攻擊的目標。攻擊者試圖竊取用戶的密碼，然後監控他們的活動。

Starting over the weekend, when many users across China tried to sign into their iCloud accounts, they may have been giving away login information to a third party, in what is called a man-in-the-middle attack.

從上週末開始，中國各地的許多用戶在嘗試登錄iCloud賬戶時，可能正在把登錄信息泄露給第三方。這被稱作中間人攻擊。

“You think you are getting information directly from Apple, but in fact the authorities are passing information between you and Apple, and snooping on it the whole way,” said a spokesman for an independent censorship-monitoring website, GreatFire, who declined to be named because of fear of reprisal.

“你以爲是直接從蘋果獲取信息，但實際上，當局正在你和蘋果之間傳遞信息，並一直在窺探，”監測網絡審查情況的獨立網站GreatFire的發言人說。因爲害怕遭到報復，這名發言人拒絕公開姓名。

News of the vulnerability came just as the new iPhone 6 arrived in Chinese stores after a monthlong regulatory delay tied, in part, to concerns about the phone’s security.

有關這一問題的消息傳出之際，正值蘋果新推出的iPhone 6登陸中國市場。此前，因爲監管方面的原因，iPhone 6在中國的發售被推遲了一個月，其中的部分原因是對iPhone安全性的擔憂。

Activists and security experts say they believe the attacks are backed by the Chinese government because they are hosted from servers to which only the government and state-run telecommunications companies have access, according to GreatFire. They are also similar to recent attacks on Google, Yahoo and Microsoft aimed at monitoring what information users were retrieving on the sites.

GreatFire稱，活動人士和安全專家表示，他們認爲這次的襲擊得到了中國政府的支持，因爲它們是由政府和國有電信公司纔有權限的服務器上發起的。此外，它們和谷歌(Google)、雅虎(Yahoo)以及微軟(Microsoft)最近遭遇的攻擊類似，而那些攻擊意在監控用戶從這些網站上讀取了什麼信息。

“All signs point to the Chinese government’s involvement,” said Michael Sutton, vice president for threat research at Zscaler, a San Jose, Calif., security company. “Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government.”

“所有跡象都指向中國政府與此事有關，”在加利福尼亞州聖何塞的安全公司Zscaler負責威脅研究的副總裁邁克爾·蘇頓(Michael Sutton)說。“證據表明，這輪攻擊發端於中國互聯網的核心中樞，而且假如不是像中國政府這樣的中央當局乾的，這種攻擊將很難實現。”

The targeting of Yahoo, Google and Apple also potentially reveals a new Chinese government effort to adapt to initiatives by Internet companies — most notably new encryption techniques — to protect user data from government spying.

把雅虎、谷歌和蘋果作爲目標也潛在地揭示出，爲了適應互聯網公司爲保護用戶數據免受政府監控而採取的措施，尤其是新的加密技術，中國政府做出了新的努力。

“The Chinese government could no longer sniff traffic, so they intercepted that traffic between the browser and the iCloud server,” Mr. Sutton said.

“中國政府無法再窺探流量，所以他們就截取了瀏覽器和iCloud服務器之間的流量，”蘇頓說。

Many web browsers, like Apple’s Safari, Google’s Chrome and Mozilla’s Firefox, flashed a warning to users that a so-called encryption certificate that is supposed to identify who is on the other end of a web session should not be trusted. That indicated that users were inadvertently communicating with the attackers, rather than iCloud. In effect, the hackers stepped into the middle of the online conversation.

許多網頁瀏覽器，如蘋果的Safari、谷歌的Chrome和Mozilla的Firefox，會彈出一條警告，提醒用戶不應信任本應識別出網絡會話的另一端是誰的“加密證書”。這種警告表明，用戶正在疏忽大意地與攻擊者而非iCloud交流。實際上，黑客是插入到了網絡對話的中間。

Mr. Sutton noted that Qihoo, a browser offered by the Qihoo 360 Technology Company that is popular with Chinese Internet users, did not flash a warning to users.

蘇頓指出，奇虎360科技有限公司推出的奇虎瀏覽器在中國網民中頗受歡迎，它就不會向用戶彈出這類警告。

“As more sites move to encryption by default — which prevents the censorship authorities from selectively blocking access to content — the Chinese authorities will grow increasingly frustrated with their ability to censor that content,” said the GreatFire spokesman.

“隨着更多網站轉爲默認加密——可以防止審查機構有選擇地屏蔽內容——中國當局對自己審查內容的能力會越來越失望，”前述GreatFire發言人說。

“In some ways their hands are being forced. They can attempt these man-in-the-middle attacks or choose to outright block access to these sites. The more sites they block, the more they cut off the Chinese populace from the global Internet,” he added.

他還說，“他們其實別無選擇。他們可以嘗試這種中間人攻擊，或選擇直接屏蔽這些網站。他們屏蔽的網站越多，中國人孤立於國際網絡的程度就越嚴重。”

The timing of the attack, aligned with the release of the new iPhone in China, is a potential indicator that the government is trying to harvest sign-in data from a large number of users who are switching over to the iPhone 6. The new phone comes with better encryption to protect against government snooping.

攻擊的時機恰好是新款iPhone在中國市場發售之時。這或許意味着，政府正試圖從更換到iPhone 6的大量用戶手中獲取登錄數據。爲了防止政府的窺探，新款iPhone使用了更好的加密技術。

In September, Apple, based in Cupertino, Calif., said its latest operating system, iOS 8, included protections that made it impossible for the company to comply with government warrants asking for customer information like photos, emails and call history.

今年9月，總部位於加利福尼亞州庫比提諾的蘋果表示，公司最新的操作系統iOS 8配有的保護措施，將使其無法遵照政府命令，泄露圖片、電子郵件和通話記錄等客戶信息。

The change prompted the Federal Bureau of Investigation director, James B. Comey, to say in a recent speech that new encryption by Apple and others “will have very serious consequences for law enforcement and national security agencies at all levels.”

基於這個變化，聯邦調查局(FBI)局長詹姆斯·B·科米(James B. Comey)在近期的一次演講中稱，蘋果等公司的新型加密技術“將給各個層級的執法和國家安全機構造成嚴重影響”。

“Sophisticated criminals will come to count on these means of evading detection,” Mr. Comey said.

科米說，“經驗豐富的罪犯將依賴這些途徑來逃避偵查。”

In August, Apple began storing data for iCloud on servers in China in a move it said was intended to enhance performance of the service there. The company said the state-owned service provider China Telecom, which owns the servers where the data is stored, did not have access to the content.

今年8月，蘋果開始在中國境內的服務器上儲存iCloud數據。蘋果表示，這樣做是爲了提高iCloud在當地的服務質量。公司稱，儲存數據的服務器歸屬於中國的國有服務提供商中國電信，但其無法獲取儲存內容。

But security experts say it appears that Beijing has found a workaround, by coordinating man-in-the-middle attacks on a mass scale.

不過安全專家表示，中國政府似乎找到了一種變通方案，即組織大規模的中間人攻擊。

Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of , making their user names and passwords vulnerable to theft.

週二，蘋果承認受到網絡攻擊，但明確表示其iCloud服務器未被攻破。在公司的一個有關安全問題的網頁上，蘋果暗示，有人正通過中間人攻擊把用戶引向的虛假鏈接，從而使他們的用戶名和密碼易於泄露。

On the webpage, Apple explained how people could distinguish an authentic website from a fake one. Basically, users will receive warnings when the web browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings when they appear and avoid signing in.

蘋果在該網頁上對如何分辨真假網站進行了解釋。一般來說，當瀏覽器發現僞造的證書或不值得信賴的鏈接時，用戶就會收到警告。蘋果建議人們注意這類警告，不要登錄。

“Apple is deeply committed to protecting our customers’ privacy and security,” said Trudy Muller, an Apple spokeswoman. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”

“蘋果堅定地致力於保護用戶的隱私與安全，”蘋果的女發言人特魯迪·穆勒(Trudy Muller)說。“我們知道，有人爲了獲取用戶信息，在通過不安全的證書不時發動有組織的網絡攻擊，我們對此非常重視。”

Ms. Muller declined to comment on whether Apple had identified the Chinese government as the source of the attacks.

對於蘋果是否已經確認中國政府爲攻擊來源，穆勒拒絕置評。

Security experts said users should not visit websites if they receive a browser warning. Mr. Sutton also advised users to turn on two-factor authentication whenever possible, a procedure in which a user is prompted to enter a second one-time password that has been texted to the user’s phone. That way, he said, even if an attacker intercepts a password, they cannot use it to log into a site without the second password.

安全專家稱，如果收到瀏覽器發出的警告，用戶應該停止訪問相應網站。蘇頓還建議用戶儘可能地開啓雙因素認證。在進行雙因素認證時，用戶需要輸入另一個一次性密碼，而該密碼會通過短信發送到用戶的手機上。他說，通過這種方式，即便攻擊者截獲了某個密碼，他們也無法在沒有第二個密碼的情況下用其登錄網站。

“Users should treat this seriously,” Mr. Sutton said.

蘇頓說，“用戶應該嚴肅對待這個問題。”