英国情报官员担心巴克莱(Barclays)向200多万客户免费赠送的杀毒软件可能正被俄罗斯政府用作情报收集工具。
A senior Whitehall official told the Financial Times that GCHQ, Britain’s digital surveillance agency, has harboured concerns for months over the distribution in the UK of software from Kaspersky Lab, one of the world’s most successful computer security companies.
美国白宫一名高级官员告诉英国《金融时报》,英国从事电子监听的情报机构“政府通信总部”(GCHQ)数月来一直对卡巴斯基实验室(Kaspersky Lab)——全球最成功的计算机安全公司之一——的软件在英国被分发感到忧心忡忡。
GCHQ suspects that Kaspersky may have been exploited by the FSB, the successor organisation to the KGB, to snoop on sensitive foreign targets.
政府通信总部怀疑卡巴斯基可能已被俄罗斯联邦安全局(FSB,其前身为克格勃(KGB))用来对敏感外国目标实施监控。
Barclays, which has offered free subscriptions of the anti-virus software to users of its online banking services since 2008, is seeking to end its arrangement with Kaspersky.
巴克莱自2008年以来向其在线银行服务的用户免费提供卡巴斯基杀毒软件,该行现在正试图终止与卡巴斯基的合作。
Intelligence officials worry that the widespread distribution of Kaspersky by Barclays in particular exposes at-risk individuals — such as employees of British government departments or members of the military — who are customers of the bank and have downloaded Kaspersky software to boost their home security. No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers.
情报官员担心巴克莱广泛分发的卡巴斯基软件让该行客户暴露于风险之中,尤其是其中的高风险人员,比如下载了卡巴斯基软件在家中使用的英国政府部门雇员或军方人员。目前没有证据表明,在计算机上使用卡巴斯基软件导致任何巴克莱客户的数据被他人染指。
Barclays officials said they were seeking to quit the deal with Kaspersky for commercial reasons and that the move had no connection with GCHQ concerns. Officials at both Barclays and GCHQ said the two organisations had not discussed concerns over Kaspersky at any point.
巴克莱高层人士表示,他们出于商业原因正在寻求终止与卡巴斯基的协议,此举与政府通信总部的担忧无关。巴克莱高层人士和政府通信总部官员均表示,这两个组织从未讨论过对卡巴斯基的担忧。
“We have never received any advice or guidance from GCHQ or the National Cyber Security Centre in relation to Kaspersky,” the bank said.
巴克莱表示:“我们从未收到政府通信总部或国家网络安全中心(National Cyber Security Centre)有关卡巴斯基的任何建议或指导。”
The NCSC, the arm of GCHQ that liaises with the private sector to improve national cyber security, said: “The NCSC has never advised Barclays against the use of Kaspersky products. Any suggestion to the contrary is categorically untrue. The NCSC is not a regulator and does not mandate or ban any products. Our certification schemes do not currently cover anti-virus or anti-malware services.”
英国国家网络安全中心隶属政府通信总部,负责与私营部门联络、以巩固国家网络安全。该中心表示:“国家网络安全中心从未建议巴克莱不要使用卡巴斯基的产品。任何暗示情况恰恰相反的说法都是谎言。国家网络安全中心不是一个监管机构,也不会授权或禁止任何产品。我们的认证计划目前不包括杀毒或防恶意软件服务。”
Public controversy around Kaspersky has been mounting since September, when the US Department of Homeland Security banned the software provider from all US government agencies.
自从9月份美国国土安全部(Department of Domestic Security)禁止所有美国政府机构使用卡巴斯基的产品以来,围绕这家软件提供商的公众争议一直在加剧。
US and Israeli intelligence agencies have allegedly gathered evidence of “several” occasions in which Kaspersky was used by Russian agencies to hack sensitive information, according to senior western intelligence officials spoken to by the FT.
据英国《金融时报》接触的西方高级情报机构官员表示,美国和以色列情报机构据称已收集到证据证明,卡巴斯基“数”度被俄罗斯机构用来窃取机密信息。
Kaspersky denied the allegations and said it did not have “inappropriate ties with any government”.
卡巴斯基否认了上述指控,表示它与“任何政府之间都不存在不当联系”。
The cyber security firm added: “No credible evidence has been presented publicly by anyone or any organisation. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company.”
这家网络安全公司还表示:“任何人或任何组织都没有公开出示过可信的证据。指控本公司与俄罗斯政府存在任何不当联系的说法,都是基于错误的陈述和不准确的假设,包括有关号称对本公司有影响的那些俄罗斯法规政策的说法。”
Kaspersky is one of the most popular anti-virus products worldwide, with more than 400m users. It is used by a number of large businesses within the UK besides Barclays. The company began offering a pared-back version of its main anti-virus software for free to anyone in July.
卡巴斯基是全球最受欢迎的杀毒产品之一,用户逾4亿。英国境内除巴克莱外还有多家大公司使用该软件。卡巴斯基今年7月推出了面向所有人的简易免费版杀毒软件。
The British government has not publicly announced a position on the software provider. Concerns over Kaspersky being used as a Russian government proxy in Britain were nevertheless so great that the matter was also brought to the attention of Boris Johnson, the foreign secretary.
英国政府还未公开表明对这家软件提供商的立场。然而,在英国,有关卡巴斯基为俄罗斯政府效力的担忧情绪弥漫,以至于此事被提请英国外交大臣鲍里斯•约翰逊(Boris Johnson)注意。
“Kaspersky Lab continues to work with Barclays to provide its customers with internet security. Barclays, through its global reach, has done much to improve public awareness of cyber security threats and we look forward to continuing our relationship to help keep its customers protected online,” said Adam Maskatiya, general manager for UK and Ireland at Kaspersky.
卡巴斯基英国和爱尔兰地区总经理亚当•马斯卡提亚(Adam Maskatiya)说:“卡巴斯基实验室继续与巴克莱合作,保障巴克莱客户的网络安全。影响力遍及全球的巴克莱在提高公众对网络安全威胁认知方面做了大量工作,我们期待延续我们的合作关系,保障其客户的网络安全。”
Kaspersky has its headquarters in Russia and is headed by Eugene Kaspersky, a former KGB-trained Soviet military intelligence officer. Concerns over its connections to the Russian secret state have been prevalent in western intelligence circles for some years.
卡巴斯基的总部设在俄罗斯,由接受过克格勃(KGB)训练的前苏联军事情报官员尤金•卡斯佩尔斯基(Eugene Kaspersky)执掌。一些年来,对卡巴斯基与俄罗斯秘密机构之间有关联的担忧在西方情报圈中一直普遍存在。
At the heart of the current furore is a continuing FBI investigation into the leak of a trove of sensitive US cyber weapons. Hacking tools developed by the US National Security Agency were dumped online by a group known as the Shadow Brokers last year. US officials believe the group to be a Russian proxy. They believe the group acquired the trove from an NSA employee, who had illegally taken NSA tools home with him. He used Kaspersky anti-virus software on his home computer.
目前这场风波的核心是美国联邦调查局(FBI)对一批敏感的美国网络攻击工具遭泄露一事的持续调查。去年,一个叫做“影子经纪人”(Shadow Brokers)的组织将美国国家安全局(NSA)开发的一批黑客工具发到了网上。美国官员认为该组织为俄罗斯效力。他们认为,该组织从美国国家安全局一名雇员手中获取了这批工具,这名雇员违规将美国国安局的工具带回家中。他家中的电脑使用卡巴斯基杀毒软件。
Kaspersky has since admitted that its software did detect and download the NSA tools from the employee’s home computer.
卡巴斯基后来承认,其软件的确从这名雇员家中的电脑上检测并下载了美国国安局的工具。
“Kaspersky Lab security software, like all other similar solutions from our competitors, has privileged access to computer systems to be able to resist serious malware infections and return control of the infected system back to the user. In the mentioned incident, our systems pulled back a zip archive detected as malicious and which, when opened, was found to contain both malicious and source code files. The latter were then deleted,” the company said.
卡巴斯基表示:“卡巴斯基实验室的安全软件,就像我们竞争对手提供的所有其他类似解决方案一样,对计算机系统有较高的访问权限,由此能抵御严重恶意软件的感染,并将被感染系统的控制权交还给用户。在提到的那起事件中,我们的系统提取了一个被检测为恶意的zip压缩包,打开这个压缩包后发现,其中包含恶意代码文件和源代码文件。之后后者被删除。”
In a statement in September, announcing the ban on all Kaspersky products in US governmental organisations, the US Department of Homeland Security said: “The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
今年9月,美国国土安全部在宣布禁止美国政府机构使用卡巴斯基所有产品的声明中表示:“我部对某些卡巴斯基高层人士与俄罗斯情报机构及其他政府机构之间的关系感到担忧,也对如下情况感到担忧,即俄罗斯法律的某些规定让俄罗斯情报机构可以请求或强制卡巴斯基给予协助、而且可以拦截通过俄罗斯网络的通信。”
