炫酷黑客计算机bat_黑客闯入世界上最安全的计算机的6种巧妙方式

炫酷黑客计算机bat

In a now-famous scene from the 1999 techno-thriller The Matrix, Laurence Fishburne’s character Morpheus sits in a chair, drenched in sweat, desperately resisting attempts to break into his web-connected brain.

劳伦斯·菲什伯恩(Laurence Fishburne)的角色莫菲斯(Morpheus)坐在1999年的技术惊悚片《黑客帝国》(The Matrix)中，如今已成名。他坐在椅子上，浑身是汗，浑身湿透，拼命抵制试图闯入网络连接的大脑的企图。

His friends look on helplessly. “It’s like hacking a computer", one intones in a way that somehow didn’t seem melodramatic back in the 90s. “All it takes is time.”

他的朋友们无助地看着。 “就像在入侵计算机一样”，一种音调在某种程度上似乎在90年代还不算是戏剧性的。“这只不过是时间。”

The scene has become symbolic of the world of cybersecurity. Modern encryption, virus detection systems, and CDNs can fight off the majority of attacks. But given enough time and resources, every system is potentially vulnerable.

该场景已成为网络安全世界的象征。 现代加密，病毒检测系统和CDN可以抵御大多数攻击。 但是如果有足够的时间和资源，每个系统都可能受到攻击。

One cybersecurity measure, though, was long thought to be nearly unhackable: the airgap. That was until one dedicated and relentless Israeli research came along and made it their mission to defeat the world’s most secure computers. Sometimes doing so required ingenuity, creativity, and a knowledge of the inductive properties of different motherboard components. And sometimes it just required dropping a USB drive in a parking lot.

但是，长期以来，人们一直认为一项网络安全措施几乎是无法破解的：漏洞。 直到以色列进行了一项专门的，不懈的研究，并将其作为击败世界上最安全的计算机的使命。 有时，这样做需要独创性，创造力以及对不同主板组件的感应特性的了解。 有时只需要将USB驱动器放入停车场即可。

What is an airgap, anyway? According to an explainer by Wired Magazine, the term “airgapped" refers to computer systems which have been physically isolated from the Internet, or any other network.

什么是气隙？ 根据《 连线杂志 》 (Wired Magazine)的解释 ，术语“隔离”是指与Internet或任何其他网络物理隔离的计算机系统。

Imagine you’ve just installed a computer in a data center. Now, yank out all its networking hardware, and anything that allows it to communicate wirelessly. Stick it deep inside a secure part of the facility (preferably underground). Only allow people to reach it by passing through several locked doors and checkpoints. Point a bunch of surveillance cameras at it, just for good measure.

想象一下，您刚刚在数据中心中安装了计算机。 现在，取消其所有网络硬件以及任何允许其无线通信的内容。 将其粘贴在设施安全的内部(最好是地下)。 仅允许人们通过几个锁着的门和检查站到达那里。 将一堆监视摄像机对准它，只是为了很好。

That computer is now “airgapped.” The “air" is literal--ideally there will be no physical connection (nothing but air) between your computer and the outside world. Airgapped systems are often used in situations where security is a matter of life and death: in military bases, nuclear power plants, sensitive government data repositories, aviation control centers and the like.

该计算机现在已“气密”。 “空中”是字面上的-理想情况下，您的计算机与外界之间将没有物理连接(只有空中)，气密系统通常用于安全是生死攸关的情况下：军事基地，核能发电厂，敏感的政府数据存储库，航空控制中心等。

At first glance, airgaps seem like they should be the definitive solution to cybersecurity. If a computer isn’t connected to the Internet, and physical access to it is controlled, how could hackers possibly breach it?

乍一看，漏洞似乎应该成为网络安全的最终解决方案。 如果计算机未连接到Internet，并且对计算机的物理访问受到控制，那么黑客如何可能破坏计算机？

Mordechi Guri, a researcher at Ben Gurion University of the Negev in Israel, has made a career out of answering that question. He and his team have developed and demonstrated numerous ingenious ways to break into airgapped systems--some wildly complex, and some embarrassingly simple.

以色列内盖夫本古里安大学的研究员Mordechi Guri的职业生涯就是从回答这个问题开始的。 他和他的团队已经开发出并展示了许多巧妙的方法来闯入气密的系统-有些异常复杂，而有些令人尴尬的简单。

The Negev is a massive desert of rolling sand dunes — bathed in sun and starkly beautiful — which covers more than half of Israel’s landmass. Traveling around it, it’s easy to believe that you’ve been transported to another planet. It’s the perfect metaphor for Guri’s work--his team is diligently hacking airgaps in a place that’s as physically separated from the outside world as one could hope to be.

内盖夫(Negev)是一块绵延起伏的沙丘的大沙漠-沐浴在阳光下，显得格外美丽-覆盖了以色列一半以上的陆地。 绕着它走，很容易相信你已经被运送到另一个星球。 这是Guri工作的完美比喻-他的团队正在努力地在与外界完全疏远的地方破解漏洞。

Much of the team’s research was shared in a massive presentation from the Blackhat security conference, and in a detailed profile in Wired. In their published work, Guri’s team demonstrates a variety of ingenious ways to get data out of airgapped systems, often exploiting physical vulnerabilites in computers themselves.

在Blackhat安全会议的大型演讲中以及在Wired中进行了详细介绍 ，分享了团队的大部分研究成果。 在发表的工作中，Guri的团队演示了各种巧妙的方法来从气密的系统中获取数据，这些方法通常是利用计算机本身的物理漏洞。

One of Guri’s first hacks, which the team dubs Beatcoin, uses an airgapped computer’s speakers to transmit data via sound waves. Human hearing only extends to a few thousand hertz. But as anyone who’s used a dog whistle knows, it’s readily possible to generate sound at frequencies well above this range.

该团队将Beatcoin称为Guri的首批黑客之一，他们使用气密的计算机扬声器通过声波传输数据。 人类的听力仅延伸至数千赫兹。 但是，正如任何使用过狗哨的人都知道的那样，很容易以远高于此范围的频率产生声音。

Guri’s team realized that by hijacking an infected computer’s speakers, they could encode sensitive data into sound waves above the range of human hearing. Even with the speakers playing these encoded sounds at full blast, no human could hear their output.

Guri的团队意识到，通过劫持受感染计算机的扬声器，他们可以将敏感数据编码为超出人类听觉范围的声波。 即使扬声器完全播放这些编码的声音，也没有人能听到它们的输出。

The sound could then be picked up and decoded by a nearby cellphone — or with a listening device installed at a distance, if the target computer wasn’t well enough isolated. The team showed how they could use the tech to steal Bitcoin from an airgapped computer--thus the Beatcoin moniker.

然后，如果目标计算机隔离得不够好，则可以通过附近的手机或在远处安装的收听设备来拾取和解码声音。 该团队展示了他们如何使用该技术从一台气密的计算机上窃取比特币-因此是Beatcoin的绰号。

If that sounds clever, just wait--the team’s techniques only get crazier. Realizing that speakers aren’t the only way to generate sound waves, Guri’s team turned to other hardware.

如果这听起来很聪明，请稍候-团队的技术只会变得更加疯狂。 Guri的团队意识到扬声器并不是产生声波的唯一方法，因此转向了其他硬件。

Their Fansmitter exploit changes the speed of a secure computer’s cooling fan, essentially using it to tap out rhythms that encode data. Again, this can be picked up and decoded by a nearby infected cellphone. Their Diskfiltration hack does the same thing, but goes a step further. It uses the read/write arm of a hard drive to tap out the sounds, eliminating the need for speakers altogether.

他们的Fansmitter漏洞利用改变了安全计算机的冷却风扇的速度，实质上是利用它来挖掘编码数据的节奏。 同样，它可以被附近受感染的手机拾取并解码。 他们的“磁盘过滤”骇客也做同样的事情，但是更进一步。 它使用硬盘驱动器的读/写臂发出声音，从而完全不需要扬声器。

Sound isn’t the only wave that Guri’s team have exploited, either. Their Airhopper hack transmits special images to a computer’s monitor. The images are designed to induce a specific electromagnetic field in the wires connecting the monitor to the computer, essentially turning them into makeshift radio antennas that can then transmit data over a distance. A similar hack uses USB cables to the same effect.

声音也不是Guri团队所利用的唯一浪潮。 他们的Airhopper骇客程序会将特殊图像传输到计算机的显示器。 这些图像旨在在将显示器连接到计算机的电线中感应特定的电磁场，从本质上将它们变成临时的无线电天线，然后可以在远距离传输数据。 类似的黑客使用USB电缆来达到相同的效果。

Some of the team’s hacks go even deeper into the infected computer’s hardware. One, called Magneto, induces tiny magnetic fields in a computer or phone’s internal circuit boards. These encode data, and can pass through a Faraday cage, which blocks most other signals and is sometimes used to add another layer of security to airgapped systems.

团队的一些黑客行为甚至更深入到了受感染计算机的硬件中。 一种叫做Magneto，在计算机或电话的内部电路板上会产生微小的磁场。 这些对数据进行编码，并且可以穿过法拉第笼 ，该笼会阻止大多数其他信号，有时会用于为气密系统添加另一层安全保护。

Another series of hacks uses lights connected to the infected computer to transmit data. This can be as simple as blinking the computer’s LED status light in a specific sequence, like a high-tech, optical version of morse code. Or it can be as complex as hijacking the infrared night vision LEDs on surveillance cameras connected to the infected computer, using them to blink out sequences which can be read by a passing drone.

另一系列的黑客使用连接到受感染计算机的信号灯来传输数据。 这可以简单地按照特定顺序闪烁计算机的LED状态灯，例如高科技的莫尔斯电码光学版本。 或者它可能像劫持连接到受感染计算机的监控摄像头上的红外夜视LED一样复杂，使用它们闪烁掉可以被经过的无人机读取的序列。

One technique even uses heat to transmit data. By controlling the heat emitted by different components on an infected computer, Guri’s team shows that they can transmit out a few bits of data at a time. It’s not enough to steal a big document, but provides enough bandwidth to (slowly) exfiltrate an encryption key.

一种技术甚至利用热量来传输数据。 通过控制受感染计算机上不同组件散发的热量，Guri的团队表明，它们可以一次传输出少量数据。 窃取一个大文档还不够，但是要提供足够的带宽以(缓慢地)泄露加密密钥。

Most of these hacks assume that the attacker has some form of physical access to the infected computer. Again, this could be through an infected cellphone in a repair contractor’s pocket, or a sophisticated measuring device set up near a secure facility to monitor for radio or magnetic transmissions.

这些黑客中的大多数都假定攻击者对受感染的计算机具有某种形式的物理访问。 同样，这可能是通过维修承包商口袋中受感染的手机，或者是在安全设施附近安装的精密测量设备来监视无线电或磁传输。

My favorite hack, though, doesn’t even require physical access to the infected facility. Called Powerhammer, it varies the infected system’s electrical consumption in order to transmit data over a facility’s powerlines. These signals could potentially be read by an attacker miles away, with nothing more than an induction clamp on the facility’s power line.

但是，我最喜欢的黑客甚至不需要物理访问受感染的设施。 称为Powerhammer，它可以改变受感染系统的用电量，以便通过设施的电力线传输数据。 攻击者可能会在几英里外读取这些信号，而只要在设施的电源线上安装感应夹即可。

At first, it’s easy to dismiss Guri’s techniques as elaborate party tricks--technically impressive, but unlikely to work in the real world.

起初，很容易将Guri的技术视为精心制作的聚会技巧-技术上令人印象深刻，但不太可能在现实世界中起作用。

Except they’re not. The NSA has reportedly used an RF technology similar to Airhopper for years, transmitting data from airgapped computers to listening stations up to 8 miles away. And the Stuxsnet worm famously infected airgapped computers at a nuclear enrichment facility in Iran, reportedly causing centrifuges and other industrial equipment to fail.

除非他们不是。 据报道，NSA多年来一直使用类似于Airhopper的RF技术，将数据从气密的计算机传输到8英里外的收听站。 据报道，Stuxsnet蠕虫病毒感染了伊朗一家核浓缩厂的气隙计算机 ，据报道导致离心机和其他工业设备发生故障。

Guri’s team provides a variety of recommendations to help facility operators protect their systems from his team’s threats. These include disabling all unused hardware (like audio hardware) on airgapped computerd, unplugging monitors and connected devices, ensuring aural and visual separation of critical systems from the outside world, and more.

Guri的团队提供了各种建议，以帮助设施操作员保护其系统免受其团队的威胁。 这些措施包括在气密的计算机上禁用所有未使用的硬件(例如音频硬件)，拔下显示器和连接的设备，确保听觉和视觉上将关键系统与外界隔离开等等。

But Guri and his team also acknowledge that the biggest threat to airgapped systems isn’t a technical hack. The biggest threat these systems face are their users.

但是古里和他的团队也承认，对气密系统的最大威胁不是技术攻击。 这些系统面临的最大威胁是其用户。

In many cases, the easiest way to infect an airgapped system is to infect a USB drive, and then get someone to plug it into the airgapped computer. Indeed, this is how Stuxsnet found its target. Sometimes this requires targeting specific parties--like a contractor with physical access to the airgapped system--using traditional methods of hacking spy-craft.

在许多情况下，感染气密系统的最简单方法是感染USB驱动器，然后找人将其插入气密计算机中。 确实，这就是Stuxsnet找到目标的方式。 有时，这需要使用黑客入侵间谍工具的传统方法来锁定特定方，例如可以实际访问封闭系统的承包商。

But sometimes, it requires nothing more than dropping an infected USB drive in a parking lot. In an alarming study from the University of Illinois, researchers left hundreds of USB drives in public spaces around the university’s campus. About 45% of the time, someone came along, found the drive, and plugged it into their computer.

但有时，它只需要将受感染的USB驱动器丢到停车场即可。 在伊利诺伊大学的一项令人震惊的研究中，研究人员在该大学校园周围的公共场所中遗留了数百个USB驱动器。 大约有45％的时间，有人来了，找到了驱动器，然后将其插入计算机。

When surveyed, most people said they did so because they were worried someone had lost the drive, and they wanted to return it to its rightful owner. But 18% cited “curiosity" as their only reason for plugging the suspicious drives in.

在接受调查时，大多数人说这样做是因为担心某人丢失了驱动器，并希望将其退还给合法所有者。 但是18％的人认为“好奇心”是插入可疑硬盘的唯一原因。

And lest you think that this ruse could never work on security-minded government or military contractors, think again. According to a 2011 study by the Department of Homeland Security, when USB drives were left in the parking lots of sensitive facilities, the percent that got plugged in wasn’t 45%. It was 60%. If the drive had the logo of the target facility printed on it, that number rose to 90%.

再次考虑一下，以免您认为这种诡计永远不会对有安全意识的政府或军事承包商起作用。 根据国土安全部2011年的一项研究 ，当USB驱动器留在敏感设施的停车场时，插入的百分比不是45％。 是60％。 如果驱动器上印有目标设备的徽标，该数字将升至90％。

In 2008, a USB drive with a malicious worm was plugged into a computer at a military base in the Middle East (rumors, never confirmed, say it was dropped in a parking lot). The security breach that resulted was the worst in military history, and took the Pentagon 14 months to fix. The damage was so bad that it led to the creation of the United States Cyber Command, and led to a military ban on all USB drives that lasted more than 2 years.

2008年，带有恶意蠕虫的USB驱动器被插入中东军事基地的一台计算机中(谣言，从未得到证实，说它被丢在停车场了)。 造成的安全漏洞是军事史上最严重的事故，五角大楼花了14个月的时间才解决。 破坏是如此严重，以至于导致创建了美国网络司令部，并导致了对所有USB驱动器的军事禁令，该禁令持续了2年以上。

The cybersecurity community has long known that so-called “human factors” are always the weakest link in any system. Up to 95% of breaches are the result of human error, not a technical issue. All the complex security software in the world is no match for the office worker who keeps their passwords on a Post-It stuck to their monitor.

网络安全界早就知道，所谓的“人为因素” 始终是任何系统中最薄弱的环节 。 高达95％的违规是人为错误而不是技术问题的结果。 世界上所有复杂的安全软件都无法与办公室工作人员相提并论，后者将密码保存在粘贴在其显示器上的Post-It中。

That’s part of why all of Guri’s work is essentially a coda to a much more important point (and why they focus mainly on exfiltrating data; getting malicious code onto a machine in the first place is assumed to be easy): people are the best vector for spreading malware and other cyber threats.

这就是为什么Guri的所有工作从本质上来说都是一个重要的问题的原因(以及为什么它们主要集中于泄露数据；将恶意代码首先放在机器上被认为很容易)的原因：人是最好的载体传播恶意软件和其他网络威胁。

The Matrix had something right: given enough time, any computer can be hacked. Guri’s research is proof that no system, no matter how secure, is safe from the ingenious exploits of hackers.

Matrix拥有正确的选择：只要有足够的时间，任何计算机都可以被黑客入侵。 Guri的研究证明，无论系统多么安全，都无法免受黑客的巧妙利用。

But perhaps the most surprising secret of the cybersecurity world is that hacking is often unnecessary. To break into the world’s most secure airgapped systems, you could try encoding data into fan vibrations, sending telltale signals through powerlines, or converting monitor cables into makeshift antennas.

但是，也许网络安全世界中最令人惊讶的秘密是黑客通常是不必要的。 要闯入世界上最安全的气密系统，您可以尝试将数据编码为风扇振动，通过电力线发送有效信号或将监控器电缆转换为临时天线。

Or you could write IMPORTANT on a USB drive in Sharpie, drop it in a parking lot, and rely on “human factors" to do the rest.

或者，您也可以在Sharpie的USB驱动器上写入重要信息，将其放在停车场中，然后依靠“人为因素”来完成其余工作。

翻译自: https://medium.com/@tomsmith585/6-ingenious-ways-hackers-break-into-the-worlds-most-secure-computers-45d751376259

炫酷黑客计算机bat