訂閱

多平臺閱讀

微信訂閱

雜志

申請紙刊贈閱

訂閱每日電郵

移動應用

商業 - 科技

為避免網絡攻擊,公司當如何防止數據操縱?

網絡攻擊正在破壞人們對數據可靠性的信任。

?
一只幽靈般的手出現在復雜的計算機電路網絡中。指紋識別、終端可見性和備份都是防止數據操縱的必要步驟。圖片來源:John Lund via Getty Images

2017年,康拉德·沃伊特入侵了密歇根州沃什特諾縣監獄的IT系統。沃伊特的一位朋友在那里服刑,于是他篡改了該縣的電子監獄記錄,把他的釋放日期提前。幸運的是,監獄工作人員找到了能證實這一騙局的書面記錄,立即通知了聯邦調查局和國土安全部。沃伊特現在和他的朋友一起服刑。

這個數據操縱的例子展示了網絡攻擊的一個新戰場:這種攻擊破壞了人們對數據可靠性的信任,而正是這種信任驅動著日益數字化的世界前行。

新聞里的網絡攻擊往往分為兩類:竊取敏感數據、切斷數據訪問的勒索軟件攻擊。然而,高級軍事和情報官員認為,操縱數據本身構成的威脅可能最大。曾任美國網絡司令部(Cyber Command)和國家安全局(National Security Agency)局長的羅杰斯上將曾作證說,他認為最糟糕的網絡事件是“大規模的數據操縱”。由于幾乎所有東西都已經數字化,大量數據在全球范圍內相互關聯,數據操縱造成的威脅幾乎覆蓋了所有行業和部門。

據《華爾街日報》(Wall Street Journal)報道,如今,多達85%的股票交易是在“自動駕駛”模式下進行的,“由機器、模型或被動的投資公式控制”。事實上,快速、自動化的交易模式遍及整個金融市場和各大交易所。這種模式依賴復雜的算法,需要輸入來自于多個數據源的數據,包括股價和其他市場的趨勢等。如果黑客暗中改變輸入算法的基礎數據,就可以誘使計算機程序執行能夠導致“瞬間暴跌”的交易,給整個市場造成嚴重破壞。

工業生產也同樣容易受到影響。2017年,黑客部署了一種新型惡意軟件Triton侵入沙特阿拉伯的一家石油化工廠。黑客入侵了工廠的技術操作系統,更重要的是,入侵了工廠的安全控制系統——這是防止設備故障和潛在災難性爆炸或火災的最后一道防線。Triton內置自毀程序,該程序將創建“無效數據,以覆蓋其操作痕跡”。幸運的是,Triton的操作軟件僅導致工廠關閉,而沒有引起爆炸。

與此同時,深度造假正在改變全球政治。那些被篡改的音視頻逼真地展示著那些從未發生過的事情,從未說過的話。他們使用機器學習算法和人臉映射軟件來模擬真人。把邁克·泰森的臉換成奧普拉·溫弗瑞或把尼古拉斯·凱奇的臉換成艾米·亞當斯(飾演超人女友露易絲·萊恩),可能會挺有趣。

但美國國防部卻笑不出來,因為有可能會出現一段假的但相當可信的視頻,視頻中某位世界領導人或許正在煽動暴力或宣戰。美國國防部先進研究項目局(Defense Advanced Research Projects Agency)推出了一項重大舉措,以打擊“大規模自動化虛假信息攻擊”。他們的想法是利用算法和機器學習來實時處理成千上萬的視頻和圖像,尋找“不一致語義檢測器”。

在今天這個新的數字世界里,我們無法完全相信自己的眼睛和耳朵。對企業而言,這種風險已經成為現實,不再僅僅是理論:最近,一名利用深度偽造技術冒充的首席執行官在電話中成功指導下屬進行欺詐交易,令企業領導人和執法部門深感不安。

是時候讓所有組織都適應這一現實了,是時候讓普通人在自己的數字生活中加入一個新問題:“如何確保我看到的是真實的?”網絡安全最重要的是對分割后又重新編目的網絡和數據保持警惕。為了提防數據操縱,有三點最重要:指紋識別、終端可見性和備份。

數據完整性的基礎是對文檔和數據進行指紋識別。在此過程中,通過軟件嵌入一個惟一的、與組織的數據清單匹配的文本串來驗證數據。這在外人看來無害,同時讓信息所有者能夠驗證自己的數據。

除了在創建信息時就做好信息驗證外,組織還需要保護好信息的存儲和訪問。組織中使用的每一種設備都需要設立專門賬戶和規劃方案——不僅是計算機和智能手機,還有存儲驅動器、接入的顯示器和設備。這些“終端”中的每一臺設備都可以成為進入門戶的門戶——也可以成為早期預警系統,從而保護組織中更大的網絡不受侵害。終端安全可靠是防范數據操縱攻擊的重要手段。

任何曾因軟件崩潰丟失文件、將筆記本電腦落在機場安檢處或手機被盜的人都知道數據備份有多重要。同樣的原則也適用于網絡被破壞的銀行,所有的客戶和賬戶記錄都被替換成了篡改后的數據。為了重新生成幾十萬條準確的記錄,銀行需要有之前的(但是最近的)未被損壞的數據組。與之類似,組織需要不斷地備份和保存重要的數據和文檔——保存在單獨的網絡中,這些數據和文檔可以用來進行數據和流程的交叉檢查,還可以快速重建損壞的系統。

縱觀歷史,技術變革迫使社會為了追求真相和信任做斗爭。印刷機、攝影、無線電、移動圖像和PS技術都改變了人們對真實、想象和偽造的理解。在這個新時代,網絡不法行為正在侵蝕人們對金融、工業和政治體系的信心,公共部門和私營部門都有責任在一個欺騙日益增多的時代,努力維護人們的信任。

皮特·J·貝沙是威達信集團(Marsh & McLennan Companies)的執行副總裁兼總法律顧問,經常就網絡安全問題在美國國會作證。阿里·馬海拉斯是美國聯邦調查局紐約外勤辦公室負責反情報和網絡行動的特工。

?

譯者:Agatha

In 2017, Konrads Voits hacked the IT system of the Washtenaw County Jail in Michigan. A friend was serving a sentence there, so Voits digitally altered the county’s electronic prison records to accelerate his scheduled release date. Fortunately, jail staff found paper records proving the deception and promptly notified the FBI and Department of Homeland Security. Voits has now joined his friend serving time behind bars.

This example of digital data manipulation is a harbinger of a new frontier in cyber attacks: a breach of trust in the integrity of the data that powers the increasingly digitized world.

The cyber breaches that make the news tend to fall into two categories: the theft of sensitive data and ransomware attacks that cut off access to data. Yet, senior military and intelligence officials believe that manipulating the data itself may pose the greatest threat of all. Admiral Mike Rogers, former head of the U.S. Cyber Command and the National Security Agency, once testified that his worst-case cyber scenario involved “data manipulation on a massive scale.” As virtually everything becomes digitized and globally interconnected by vast volumes of data, the threat posed by data manipulation spans virtually every sector and industry.

Today, as much as 85% of stock market trades happen “on autopilot,” as the Wall Street Journal reported, “controlled by machines, models, or passive investing formulas.” Indeed, rapid-fire, automated trading cascades across financial markets and exchanges. It relies on complex algorithms using inputs from multiple data sources, including share prices and other market trends. If hackers surreptitiously alter the underlying data feeding the algorithms, they can induce the computer programs to execute trades that precipitate so-called flash crashes that cause havoc in the markets.

Industrial production is similarly susceptible. In 2017, hackers deployed Triton, a new form of malware, to penetrate a petrochemical plant in Saudi Arabia. The hackers gained access to the plant’s operational technology systems and, critically, its safety controls—the last line of defense against equipment failure and potentially catastrophic explosions or fires. Triton included a built-in self-destruct program that would create “invalid data to cover its tracks.” Fortunately, Triton’s operational malware caused the plant to shut down rather than explode.

Meanwhile, deepfakes are altering global politics. These manipulated bits of video and audio realistically display something that never happened or was never said. They use machine learning algorithms and facial-mapping software to animate real people. It may be funny when it’s blending Oprah Winfrey into Mike Tyson or Amy Adams (as Lois Lane) into Nicolas Cage.

But the Department of Defense (DoD) isn’t laughing so much, given the possibility of a fake but believable video of a world leader inciting violence or declaring war. The DoD’s Defense Advanced Research Projects Agency has undertaken a significant initiative to combat “large-scale automated disinformation attacks.” The idea is to deploy algorithms and machine learning to instantaneously process hundreds of thousands of videos and images searching for “semantic inconsistency detectors.”

In today’s new digital world, we can’t always believe our own eyes and ears. The risk is no longer theoretical for companies: Corporate leaders and law enforcement were recently rattled by a deepfake impersonating a CEO successfully directing a fraudulent transaction over the phone.

It’s time for all organizations to adapt to this reality and for individuals to add a new question to their own digital lives: “How do I know what I’m seeing is real?” The most important cybersecurity practices require the constant vigilance of segmented and inventoried networks and data. For data manipulation, three aspects rise to the top: fingerprinting, endpoint visibility, and back ups.

The foundation of data integrity will be fingerprinting documents and data. The process uses software that authenticates data by embedding a unique, identifying text string that matches to the organization’s data inventory. While it looks benign to outsiders, it gives the owners of the information the ability to validate their data.

In addition to verifying information at its creation, organizations need to secure it where it’s stored and accessed. Every device used in an organization needs to be specifically accounted and planned for—not just computers and smartphones, but storage drives and connected monitors and devices. Each of these "endpoints" can really be gateways into a network—or early warning systems to protect an organization's larger network from being compromised. Sound endpoint security can be a vital guard against data manipulation attacks.

Anyone who’s lost a document to a software crash, left their laptop at airport security, or had a phone stolen knows how important it is to back up their data. The same applies to a bank where the network’s been compromised, and all customer and account records replaced with altered data. To regenerate hundreds of thousands of accurate records, the bank needs an earlier (but recent) set of uncorrupted data. Similarly, organizations need to be able to constantly back up and preserve, in separate networks, vital data and documents that can be called on to crosscheck data and processes, and quickly rebuild corrupted systems.

Throughout history, technological changes have forced society to grapple with truth and trust. The printing press, photography, radio, moving images, and Photoshop all precipitated shifts in what can be understood to be real, imagined, or counterfeit. In this new era of cyber malfeasance that threatens to erode confidence in financial, industrial, and political systems, it’s up to both the public and private sectors to focus on safeguarding trust in a time of increasing deceit.

Peter J. Beshar is executive vice president and general counsel of Marsh & McLennan Companies and has testified frequently before Congress on cybersecurity matters. Ari Mahairas is the special agent in charge of counterintelligence and cyber operations at the FBI’s New York Field Office.

我來點評

  最新文章

最新文章:

500強情報中心

財富專欄

幸运赛车电视走势图