英國情報官員擔心巴克萊(Barclays)向200多萬客戶免費贈送的殺毒軟件可能正被俄羅斯政府用作情報收集工具。
A senior Whitehall official told the Financial Times that GCHQ, Britain’s digital surveillance agency, has harboured concerns for months over the distribution in the UK of software from Kaspersky Lab, one of the world’s most successful computer security companies.
美國白宮一名高級官員告訴英國《金融時報》,英國從事電子監(jiān)聽的情報機構(gòu)“政府通信總部”(GCHQ)數(shù)月來一直對卡巴斯基實驗室(Kaspersky Lab)——全球最成功的計算機安全公司之一——的軟件在英國被分發(fā)感到憂心忡忡。
GCHQ suspects that Kaspersky may have been exploited by the FSB, the successor organisation to the KGB, to snoop on sensitive foreign targets.
政府通信總部懷疑卡巴斯基可能已被俄羅斯聯(lián)邦安全局(FSB,其前身為克格勃(KGB))用來對敏感外國目標實施監(jiān)控。
Barclays, which has offered free subscriptions of the anti-virus software to users of its online banking services since 2008, is seeking to end its arrangement with Kaspersky.
巴克萊自2008年以來向其在線銀行服務的用戶免費提供卡巴斯基殺毒軟件,該行現(xiàn)在正試圖終止與卡巴斯基的合作。
Intelligence officials worry that the widespread distribution of Kaspersky by Barclays in particular exposes at-risk individuals — such as employees of British government departments or members of the military — who are customers of the bank and have downloaded Kaspersky software to boost their home security. No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers.
情報官員擔心巴克萊廣泛分發(fā)的卡巴斯基軟件讓該行客戶暴露于風險之中,尤其是其中的高風險人員,比如下載了卡巴斯基軟件在家中使用的英國政府部門雇員或軍方人員。目前沒有證據(jù)表明,在計算機上使用卡巴斯基軟件導致任何巴克萊客戶的數(shù)據(jù)被他人染指。
Barclays officials said they were seeking to quit the deal with Kaspersky for commercial reasons and that the move had no connection with GCHQ concerns. Officials at both Barclays and GCHQ said the two organisations had not discussed concerns over Kaspersky at any point.
巴克萊高層人士表示,他們出于商業(yè)原因正在尋求終止與卡巴斯基的協(xié)議,此舉與政府通信總部的擔憂無關。巴克萊高層人士和政府通信總部官員均表示,這兩個組織從未討論過對卡巴斯基的擔憂。
“We have never received any advice or guidance from GCHQ or the National Cyber Security Centre in relation to Kaspersky,” the bank said.
巴克萊表示:“我們從未收到政府通信總部或國家網(wǎng)絡安全中心(National Cyber Security Centre)有關卡巴斯基的任何建議或指導。”
The NCSC, the arm of GCHQ that liaises with the private sector to improve national cyber security, said: “The NCSC has never advised Barclays against the use of Kaspersky products. Any suggestion to the contrary is categorically untrue. The NCSC is not a regulator and does not mandate or ban any products. Our certification schemes do not currently cover anti-virus or anti-malware services.”
英國國家網(wǎng)絡安全中心隸屬政府通信總部,負責與私營部門聯(lián)絡、以鞏固國家網(wǎng)絡安全。該中心表示:“國家網(wǎng)絡安全中心從未建議巴克萊不要使用卡巴斯基的產(chǎn)品。任何暗示情況恰恰相反的說法都是謊言。國家網(wǎng)絡安全中心不是一個監(jiān)管機構(gòu),也不會授權或禁止任何產(chǎn)品。我們的認證計劃目前不包括殺毒或防惡意軟件服務。”
Public controversy around Kaspersky has been mounting since September, when the US Department of Homeland Security banned the software provider from all US government agencies.
自從9月份美國國土安全部(Department of Domestic Security)禁止所有美國政府機構(gòu)使用卡巴斯基的產(chǎn)品以來,圍繞這家軟件提供商的公眾爭議一直在加劇。
US and Israeli intelligence agencies have allegedly gathered evidence of “several” occasions in which Kaspersky was used by Russian agencies to hack sensitive information, according to senior western intelligence officials spoken to by the FT.
據(jù)英國《金融時報》接觸的西方高級情報機構(gòu)官員表示,美國和以色列情報機構(gòu)據(jù)稱已收集到證據(jù)證明,卡巴斯基“數(shù)”度被俄羅斯機構(gòu)用來竊取機密信息。
Kaspersky denied the allegations and said it did not have “inappropriate ties with any government”.
卡巴斯基否認了上述指控,表示它與“任何政府之間都不存在不當聯(lián)系”。
The cyber security firm added: “No credible evidence has been presented publicly by anyone or any organisation. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company.”
這家網(wǎng)絡安全公司還表示:“任何人或任何組織都沒有公開出示過可信的證據(jù)。指控本公司與俄羅斯政府存在任何不當聯(lián)系的說法,都是基于錯誤的陳述和不準確的假設,包括有關號稱對本公司有影響的那些俄羅斯法規(guī)政策的說法。”
Kaspersky is one of the most popular anti-virus products worldwide, with more than 400m users. It is used by a number of large businesses within the UK besides Barclays. The company began offering a pared-back version of its main anti-virus software for free to anyone in July.
卡巴斯基是全球最受歡迎的殺毒產(chǎn)品之一,用戶逾4億。英國境內(nèi)除巴克萊外還有多家大公司使用該軟件。卡巴斯基今年7月推出了面向所有人的簡易免費版殺毒軟件。
The British government has not publicly announced a position on the software provider. Concerns over Kaspersky being used as a Russian government proxy in Britain were nevertheless so great that the matter was also brought to the attention of Boris Johnson, the foreign secretary.
英國政府還未公開表明對這家軟件提供商的立場。然而,在英國,有關卡巴斯基為俄羅斯政府效力的擔憂情緒彌漫,以至于此事被提請英國外交大臣鮑里斯•約翰遜(Boris Johnson)注意。
“Kaspersky Lab continues to work with Barclays to provide its customers with internet security. Barclays, through its global reach, has done much to improve public awareness of cyber security threats and we look forward to continuing our relationship to help keep its customers protected online,” said Adam Maskatiya, general manager for UK and Ireland at Kaspersky.
卡巴斯基英國和愛爾蘭地區(qū)總經(jīng)理亞當•馬斯卡提亞(Adam Maskatiya)說:“卡巴斯基實驗室繼續(xù)與巴克萊合作,保障巴克萊客戶的網(wǎng)絡安全。影響力遍及全球的巴克萊在提高公眾對網(wǎng)絡安全威脅認知方面做了大量工作,我們期待延續(xù)我們的合作關系,保障其客戶的網(wǎng)絡安全。”
Kaspersky has its headquarters in Russia and is headed by Eugene Kaspersky, a former KGB-trained Soviet military intelligence officer. Concerns over its connections to the Russian secret state have been prevalent in western intelligence circles for some years.
卡巴斯基的總部設在俄羅斯,由接受過克格勃(KGB)訓練的前蘇聯(lián)軍事情報官員尤金•卡斯佩爾斯基(Eugene Kaspersky)執(zhí)掌。一些年來,對卡巴斯基與俄羅斯秘密機構(gòu)之間有關聯(lián)的擔憂在西方情報圈中一直普遍存在。
At the heart of the current furore is a continuing FBI investigation into the leak of a trove of sensitive US cyber weapons. Hacking tools developed by the US National Security Agency were dumped online by a group known as the Shadow Brokers last year. US officials believe the group to be a Russian proxy. They believe the group acquired the trove from an NSA employee, who had illegally taken NSA tools home with him. He used Kaspersky anti-virus software on his home computer.
目前這場風波的核心是美國聯(lián)邦調(diào)查局(FBI)對一批敏感的美國網(wǎng)絡攻擊工具遭泄露一事的持續(xù)調(diào)查。去年,一個叫做“影子經(jīng)紀人”(Shadow Brokers)的組織將美國國家安全局(NSA)開發(fā)的一批黑客工具發(fā)到了網(wǎng)上。美國官員認為該組織為俄羅斯效力。他們認為,該組織從美國國家安全局一名雇員手中獲取了這批工具,這名雇員違規(guī)將美國國安局的工具帶回家中。他家中的電腦使用卡巴斯基殺毒軟件。
Kaspersky has since admitted that its software did detect and download the NSA tools from the employee’s home computer.
卡巴斯基后來承認,其軟件的確從這名雇員家中的電腦上檢測并下載了美國國安局的工具。
“Kaspersky Lab security software, like all other similar solutions from our competitors, has privileged access to computer systems to be able to resist serious malware infections and return control of the infected system back to the user. In the mentioned incident, our systems pulled back a zip archive detected as malicious and which, when opened, was found to contain both malicious and source code files. The latter were then deleted,” the company said.
卡巴斯基表示:“卡巴斯基實驗室的安全軟件,就像我們競爭對手提供的所有其他類似解決方案一樣,對計算機系統(tǒng)有較高的訪問權限,由此能抵御嚴重惡意軟件的感染,并將被感染系統(tǒng)的控制權交還給用戶。在提到的那起事件中,我們的系統(tǒng)提取了一個被檢測為惡意的zip壓縮包,打開這個壓縮包后發(fā)現(xiàn),其中包含惡意代碼文件和源代碼文件。之后后者被刪除。”
In a statement in September, announcing the ban on all Kaspersky products in US governmental organisations, the US Department of Homeland Security said: “The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
今年9月,美國國土安全部在宣布禁止美國政府機構(gòu)使用卡巴斯基所有產(chǎn)品的聲明中表示:“我部對某些卡巴斯基高層人士與俄羅斯情報機構(gòu)及其他政府機構(gòu)之間的關系感到擔憂,也對如下情況感到擔憂,即俄羅斯法律的某些規(guī)定讓俄羅斯情報機構(gòu)可以請求或強制卡巴斯基給予協(xié)助、而且可以攔截通過俄羅斯網(wǎng)絡的通信。”