,亚洲欧美日韩国产成人精品影院,亚洲国产欧美日韩精品一区二区三区,久久亚洲国产成人影院,久久国产成人亚洲精品影院老金,九九精品成人免费国产片,国产精品成人综合网,国产成人一区二区三区,国产成...

立即打開(kāi)
為避免網(wǎng)絡(luò)攻擊,公司當(dāng)如何防止數(shù)據(jù)操縱?

為避免網(wǎng)絡(luò)攻擊,公司當(dāng)如何防止數(shù)據(jù)操縱?

Peter J. Beshar, Ari Mahairas 2019年10月09日
網(wǎng)絡(luò)攻擊正在破壞人們對(duì)數(shù)據(jù)可靠性的信任。
?
一只幽靈般的手出現(xiàn)在復(fù)雜的計(jì)算機(jī)電路網(wǎng)絡(luò)中。指紋識(shí)別、終端可見(jiàn)性和備份都是防止數(shù)據(jù)操縱的必要步驟。圖片來(lái)源:John Lund via Getty Images

2017年,康拉德·沃伊特入侵了密歇根州沃什特諾縣監(jiān)獄的IT系統(tǒng)。沃伊特的一位朋友在那里服刑,于是他篡改了該縣的電子監(jiān)獄記錄,把他的釋放日期提前。幸運(yùn)的是,監(jiān)獄工作人員找到了能證實(shí)這一騙局的書(shū)面記錄,立即通知了聯(lián)邦調(diào)查局和國(guó)土安全部。沃伊特現(xiàn)在和他的朋友一起服刑。

這個(gè)數(shù)據(jù)操縱的例子展示了網(wǎng)絡(luò)攻擊的一個(gè)新戰(zhàn)場(chǎng):這種攻擊破壞了人們對(duì)數(shù)據(jù)可靠性的信任,而正是這種信任驅(qū)動(dòng)著日益數(shù)字化的世界前行。

新聞里的網(wǎng)絡(luò)攻擊往往分為兩類:竊取敏感數(shù)據(jù)、切斷數(shù)據(jù)訪問(wèn)的勒索軟件攻擊。然而,高級(jí)軍事和情報(bào)官員認(rèn)為,操縱數(shù)據(jù)本身構(gòu)成的威脅可能最大。曾任美國(guó)網(wǎng)絡(luò)司令部(Cyber Command)和國(guó)家安全局(National Security Agency)局長(zhǎng)的羅杰斯上將曾作證說(shuō),他認(rèn)為最糟糕的網(wǎng)絡(luò)事件是“大規(guī)模的數(shù)據(jù)操縱”。由于幾乎所有東西都已經(jīng)數(shù)字化,大量數(shù)據(jù)在全球范圍內(nèi)相互關(guān)聯(lián),數(shù)據(jù)操縱造成的威脅幾乎覆蓋了所有行業(yè)和部門(mén)。

據(jù)《華爾街日?qǐng)?bào)》(Wall Street Journal)報(bào)道,如今,多達(dá)85%的股票交易是在“自動(dòng)駕駛”模式下進(jìn)行的,“由機(jī)器、模型或被動(dòng)的投資公式控制”。事實(shí)上,快速、自動(dòng)化的交易模式遍及整個(gè)金融市場(chǎng)和各大交易所。這種模式依賴復(fù)雜的算法,需要輸入來(lái)自于多個(gè)數(shù)據(jù)源的數(shù)據(jù),包括股價(jià)和其他市場(chǎng)的趨勢(shì)等。如果黑客暗中改變輸入算法的基礎(chǔ)數(shù)據(jù),就可以誘使計(jì)算機(jī)程序執(zhí)行能夠?qū)е隆八查g暴跌”的交易,給整個(gè)市場(chǎng)造成嚴(yán)重破壞。

工業(yè)生產(chǎn)也同樣容易受到影響。2017年,黑客部署了一種新型惡意軟件Triton侵入沙特阿拉伯的一家石油化工廠。黑客入侵了工廠的技術(shù)操作系統(tǒng),更重要的是,入侵了工廠的安全控制系統(tǒng)——這是防止設(shè)備故障和潛在災(zāi)難性爆炸或火災(zāi)的最后一道防線。Triton內(nèi)置自毀程序,該程序?qū)?chuàng)建“無(wú)效數(shù)據(jù),以覆蓋其操作痕跡”。幸運(yùn)的是,Triton的操作軟件僅導(dǎo)致工廠關(guān)閉,而沒(méi)有引起爆炸。

與此同時(shí),深度造假正在改變?nèi)蛘巍D切┍淮鄹牡囊粢曨l逼真地展示著那些從未發(fā)生過(guò)的事情,從未說(shuō)過(guò)的話。他們使用機(jī)器學(xué)習(xí)算法和人臉映射軟件來(lái)模擬真人。把邁克·泰森的臉換成奧普拉·溫弗瑞或把尼古拉斯·凱奇的臉換成艾米·亞當(dāng)斯(飾演超人女友露易絲·萊恩),可能會(huì)挺有趣。

但美國(guó)國(guó)防部卻笑不出來(lái),因?yàn)橛锌赡軙?huì)出現(xiàn)一段假的但相當(dāng)可信的視頻,視頻中某位世界領(lǐng)導(dǎo)人或許正在煽動(dòng)暴力或宣戰(zhàn)。美國(guó)國(guó)防部先進(jìn)研究項(xiàng)目局(Defense Advanced Research Projects Agency)推出了一項(xiàng)重大舉措,以打擊“大規(guī)模自動(dòng)化虛假信息攻擊”。他們的想法是利用算法和機(jī)器學(xué)習(xí)來(lái)實(shí)時(shí)處理成千上萬(wàn)的視頻和圖像,尋找“不一致語(yǔ)義檢測(cè)器”。

在今天這個(gè)新的數(shù)字世界里,我們無(wú)法完全相信自己的眼睛和耳朵。對(duì)企業(yè)而言,這種風(fēng)險(xiǎn)已經(jīng)成為現(xiàn)實(shí),不再僅僅是理論:最近,一名利用深度偽造技術(shù)冒充的首席執(zhí)行官在電話中成功指導(dǎo)下屬進(jìn)行欺詐交易,令企業(yè)領(lǐng)導(dǎo)人和執(zhí)法部門(mén)深感不安。

是時(shí)候讓所有組織都適應(yīng)這一現(xiàn)實(shí)了,是時(shí)候讓普通人在自己的數(shù)字生活中加入一個(gè)新問(wèn)題:“如何確保我看到的是真實(shí)的?”網(wǎng)絡(luò)安全最重要的是對(duì)分割后又重新編目的網(wǎng)絡(luò)和數(shù)據(jù)保持警惕。為了提防數(shù)據(jù)操縱,有三點(diǎn)最重要:指紋識(shí)別、終端可見(jiàn)性和備份。

數(shù)據(jù)完整性的基礎(chǔ)是對(duì)文檔和數(shù)據(jù)進(jìn)行指紋識(shí)別。在此過(guò)程中,通過(guò)軟件嵌入一個(gè)惟一的、與組織的數(shù)據(jù)清單匹配的文本串來(lái)驗(yàn)證數(shù)據(jù)。這在外人看來(lái)無(wú)害,同時(shí)讓信息所有者能夠驗(yàn)證自己的數(shù)據(jù)。

除了在創(chuàng)建信息時(shí)就做好信息驗(yàn)證外,組織還需要保護(hù)好信息的存儲(chǔ)和訪問(wèn)。組織中使用的每一種設(shè)備都需要設(shè)立專門(mén)賬戶和規(guī)劃方案——不僅是計(jì)算機(jī)和智能手機(jī),還有存儲(chǔ)驅(qū)動(dòng)器、接入的顯示器和設(shè)備。這些“終端”中的每一臺(tái)設(shè)備都可以成為進(jìn)入門(mén)戶的門(mén)戶——也可以成為早期預(yù)警系統(tǒng),從而保護(hù)組織中更大的網(wǎng)絡(luò)不受侵害。終端安全可靠是防范數(shù)據(jù)操縱攻擊的重要手段。

任何曾因軟件崩潰丟失文件、將筆記本電腦落在機(jī)場(chǎng)安檢處或手機(jī)被盜的人都知道數(shù)據(jù)備份有多重要。同樣的原則也適用于網(wǎng)絡(luò)被破壞的銀行,所有的客戶和賬戶記錄都被替換成了篡改后的數(shù)據(jù)。為了重新生成幾十萬(wàn)條準(zhǔn)確的記錄,銀行需要有之前的(但是最近的)未被損壞的數(shù)據(jù)組。與之類似,組織需要不斷地備份和保存重要的數(shù)據(jù)和文檔——保存在單獨(dú)的網(wǎng)絡(luò)中,這些數(shù)據(jù)和文檔可以用來(lái)進(jìn)行數(shù)據(jù)和流程的交叉檢查,還可以快速重建損壞的系統(tǒng)。

縱觀歷史,技術(shù)變革迫使社會(huì)為了追求真相和信任做斗爭(zhēng)。印刷機(jī)、攝影、無(wú)線電、移動(dòng)圖像和PS技術(shù)都改變了人們對(duì)真實(shí)、想象和偽造的理解。在這個(gè)新時(shí)代,網(wǎng)絡(luò)不法行為正在侵蝕人們對(duì)金融、工業(yè)和政治體系的信心,公共部門(mén)和私營(yíng)部門(mén)都有責(zé)任在一個(gè)欺騙日益增多的時(shí)代,努力維護(hù)人們的信任。

皮特·J·貝沙是威達(dá)信集團(tuán)(Marsh & McLennan Companies)的執(zhí)行副總裁兼總法律顧問(wèn),經(jīng)常就網(wǎng)絡(luò)安全問(wèn)題在美國(guó)國(guó)會(huì)作證。阿里·馬海拉斯是美國(guó)聯(lián)邦調(diào)查局紐約外勤辦公室負(fù)責(zé)反情報(bào)和網(wǎng)絡(luò)行動(dòng)的特工。

?

譯者:Agatha

In 2017, Konrads Voits hacked the IT system of the Washtenaw County Jail in Michigan. A friend was serving a sentence there, so Voits digitally altered the county’s electronic prison records to accelerate his scheduled release date. Fortunately, jail staff found paper records proving the deception and promptly notified the FBI and Department of Homeland Security. Voits has now joined his friend serving time behind bars.

This example of digital data manipulation is a harbinger of a new frontier in cyber attacks: a breach of trust in the integrity of the data that powers the increasingly digitized world.

The cyber breaches that make the news tend to fall into two categories: the theft of sensitive data and ransomware attacks that cut off access to data. Yet, senior military and intelligence officials believe that manipulating the data itself may pose the greatest threat of all. Admiral Mike Rogers, former head of the U.S. Cyber Command and the National Security Agency, once testified that his worst-case cyber scenario involved “data manipulation on a massive scale.” As virtually everything becomes digitized and globally interconnected by vast volumes of data, the threat posed by data manipulation spans virtually every sector and industry.

Today, as much as 85% of stock market trades happen “on autopilot,” as the Wall Street Journal reported, “controlled by machines, models, or passive investing formulas.” Indeed, rapid-fire, automated trading cascades across financial markets and exchanges. It relies on complex algorithms using inputs from multiple data sources, including share prices and other market trends. If hackers surreptitiously alter the underlying data feeding the algorithms, they can induce the computer programs to execute trades that precipitate so-called flash crashes that cause havoc in the markets.

Industrial production is similarly susceptible. In 2017, hackers deployed Triton, a new form of malware, to penetrate a petrochemical plant in Saudi Arabia. The hackers gained access to the plant’s operational technology systems and, critically, its safety controls—the last line of defense against equipment failure and potentially catastrophic explosions or fires. Triton included a built-in self-destruct program that would create “invalid data to cover its tracks.” Fortunately, Triton’s operational malware caused the plant to shut down rather than explode.

Meanwhile, deepfakes are altering global politics. These manipulated bits of video and audio realistically display something that never happened or was never said. They use machine learning algorithms and facial-mapping software to animate real people. It may be funny when it’s blending Oprah Winfrey into Mike Tyson or Amy Adams (as Lois Lane) into Nicolas Cage.

But the Department of Defense (DoD) isn’t laughing so much, given the possibility of a fake but believable video of a world leader inciting violence or declaring war. The DoD’s Defense Advanced Research Projects Agency has undertaken a significant initiative to combat “l(fā)arge-scale automated disinformation attacks.” The idea is to deploy algorithms and machine learning to instantaneously process hundreds of thousands of videos and images searching for “semantic inconsistency detectors.”

In today’s new digital world, we can’t always believe our own eyes and ears. The risk is no longer theoretical for companies: Corporate leaders and law enforcement were recently rattled by a deepfake impersonating a CEO successfully directing a fraudulent transaction over the phone.

It’s time for all organizations to adapt to this reality and for individuals to add a new question to their own digital lives: “How do I know what I’m seeing is real?” The most important cybersecurity practices require the constant vigilance of segmented and inventoried networks and data. For data manipulation, three aspects rise to the top: fingerprinting, endpoint visibility, and back ups.

The foundation of data integrity will be fingerprinting documents and data. The process uses software that authenticates data by embedding a unique, identifying text string that matches to the organization’s data inventory. While it looks benign to outsiders, it gives the owners of the information the ability to validate their data.

In addition to verifying information at its creation, organizations need to secure it where it’s stored and accessed. Every device used in an organization needs to be specifically accounted and planned for—not just computers and smartphones, but storage drives and connected monitors and devices. Each of these "endpoints" can really be gateways into a network—or early warning systems to protect an organization's larger network from being compromised. Sound endpoint security can be a vital guard against data manipulation attacks.

Anyone who’s lost a document to a software crash, left their laptop at airport security, or had a phone stolen knows how important it is to back up their data. The same applies to a bank where the network’s been compromised, and all customer and account records replaced with altered data. To regenerate hundreds of thousands of accurate records, the bank needs an earlier (but recent) set of uncorrupted data. Similarly, organizations need to be able to constantly back up and preserve, in separate networks, vital data and documents that can be called on to crosscheck data and processes, and quickly rebuild corrupted systems.

Throughout history, technological changes have forced society to grapple with truth and trust. The printing press, photography, radio, moving images, and Photoshop all precipitated shifts in what can be understood to be real, imagined, or counterfeit. In this new era of cyber malfeasance that threatens to erode confidence in financial, industrial, and political systems, it’s up to both the public and private sectors to focus on safeguarding trust in a time of increasing deceit.

Peter J. Beshar is executive vice president and general counsel of Marsh & McLennan Companies and has testified frequently before Congress on cybersecurity matters. Ari Mahairas is the special agent in charge of counterintelligence and cyber operations at the FBI’s New York Field Office.

  • 熱讀文章
  • 熱門(mén)視頻
活動(dòng)
掃碼打開(kāi)財(cái)富Plus App