|
|
EvaGalperin_2019W-_关于跟踪软件,你需要了解的东西_-
|
| I want you to travel back in time with me, to the before time, to 2017. |
我想让你们和我一起回到过去, 一起回到 2017 年。 |
| I don't know if you can remember it, dinosaurs were roaming the earth. |
我不确定你们是否还记得, 恐龙曾在地球上漫游。 |
|
roaming:n.漫游;移动;v.漫步;闲逛;徘徊(roam的现在分词);
|
| I was a security researcher, |
我当时是一名网络安全研究员, |
| I had spent about five or six years doing research on the ways in which APTs, which is short for advanced persistent threats, which stands for nation-state actors, spy on journalists and activists and lawyers and scientists and just generally people who speak truth to power. |
我曾经花五到六年时间 研究什么是 APT, 就是高级长期威胁(advanced persistent threats)的缩写, 这个代表着国家级的行动者, 监察记者和活动家, 律师和科学家, 一般来说, 就是敢对权力说真话的人。 |
|
advanced:adj.先进的; v.前进; (advance的过去式和过去分词形式) persistent:adj.固执的,坚持的;持久稳固的; nation-state:n.单一民族国家; journalists:n.新闻记者(journalist的复数); generally:adv.通常;普遍地,一般地;
|
| And I'd been doing this for a while when I discovered that one of my fellow researchers, with whom I had been doing this all this time, was allegedly a serial rapist . |
我曾做了一段时间这个职业, 期间我发现, 我的一名研究员同事, 就是一直和我一起做这件事的人, 据说是一名连环强奸犯。 |
|
for a while:adv.片刻;暂时;一会儿;一时; allegedly:adv.依其申述;据说,据称; serial:adj.顺序排列的; n.电视连续剧; rapist:n.强奸犯;强奸者;
|
| So the first thing that I did was I read a bunch of articles about this. |
所以我所做的第一件事就是 阅读了大量关于他的文章。 |
|
a bunch of:一群;一束;一堆;
|
| And in January of 2018, |
在 2018 年 1 月, |
| I read an article with some of his alleged victims. |
我阅读了一篇据称 是他的受害者的文章。 |
| And one of the things that really struck me about this article is how scared they were. |
这篇文章对我影响最深的一件事是, 他们当时有多么恐惧。 |
| They were really frightened , they had, you know, tape over the cameras on their phones and on their laptops , and what they were worried about was that he was a hacker and he was going to hack into their stuff and he was going to ruin their lives. |
他们非常的恐惧, 他们用胶带封上手机 和电脑上的摄像头, 他们非常担心这个人是一个黑客, 他可以“黑”进 这些受害者的电子设备, 然后毁掉他们的生活。 |
|
frightened:adj.害怕的;受惊的;惊吓的;v.使惊吓;使惊恐;(frighten的过去分词和过去式) laptops:n.便携式电脑;笔记本电脑;(laptop的复数) hacker:n.电脑黑客,企图不法侵入他人电脑系统的人; stuff:n.东西:物品:基本特征:v.填满:装满:标本: ruin:n.废墟;毁坏;灭亡;v.毁灭;使破产;
|
| And this had kept them silent for a really long time. |
这让他们在长时间内 不得不保持沉默。 |
| So, I was furious . |
我对此非常的愤怒。 |
|
furious:adj.激烈的;狂怒的;热烈兴奋的;喧闹的;
|
| And I didn't want anyone to ever feel that way again. |
我也不希望还有人为此担心。 |
| So I did what I usually do when I'm angry: |
所以我做了 我每次生气都会做的事情: |
| I tweeted . |
发推特。 |
|
tweeted:v.(小鸟)吱吱地叫;啾鸣;(tweet的过去分词和过去式)
|
| (Laughter) |
(笑声) |
| And the thing that I tweeted was that if you are a woman who has been sexually abused by a hacker and that hacker has threatened to break into your devices , that you could contact me and I would try to make sure that your device got a full, sort of, forensic look over. |
这段推特的内容是, 如果你是一名被黑客性虐待的女性, 然后黑客恐吓要入侵你的设备, 你可以联系我, 我会尝试对 你的设备进行类似法医的检查。 |
|
sexually:adv.性,性欲 abused:v.滥用(以致危害健康); (abuse的过去分词和过去式) devices:n.[机][计]设备;[机]装置;[电子]器件(device的复数); contact:n.接触,联系;v.使接触,联系; forensic:adj.法院的;辩论的;适于法庭的;
|
| And then I went to lunch. |
然后我去吃午饭了。 |
| (Laughter) |
(笑声) |
| Ten thousand retweets later, |
结果这段推文获得了 一万次的转发, |
| (Laughter) |
(笑声) |
| I had accidentally started a project. |
我不小心启动了一个项目。 |
|
accidentally:adv.意外地:偶然,偶然地;
|
| So every morning, I woke up and my mailbox was full. |
结果每天早上起床的时候, 我的邮箱都是满的。 |
| It was full of the stories of men and women telling me the worst thing that had ever happened to them. |
满满都是男人和女人们的故事, 告诉我他们遇到的最糟糕的事。 |
| I was contacted by women who were being spied on by men, by men who were being spied on by men, by women who were being spied on by women, but the vast majority of the people contacting me were women who had been sexually abused by men who were now spying on them. |
有被男性监视的女性联系我, 有被男性监视的男性联系我, 还有被女性监视的女性联系我, 但是大部分联系我的人 是曾经被男性性虐待的女性, 她们现在仍被这些男性监视着。 |
|
contacted:v.联系,联络(如用电话或信件)(contact的过去分词和过去式) majority:n.大部分:大多数:多数票:成年人: contacting:v.联系,联络(contact的现在分词)
|
| The one particularly interesting case involved a man who came to me, because his boyfriend had outed him as gay to his extremely conservative Korean family. |
其中特别有意思的一个案件是 一个男性来找我, 因为他的男朋友 在他极度保守的韩国家庭里 公开了他男同性恋的身份。 |
|
particularly:adv.特别地,独特地;详细地,具体地;明确地,细致地; involved:adj.有关的; v.涉及; (involve的过去式和过去分词) extremely:adv.非常,极其;极端地; conservative:adj.保守的;n.保守派,守旧者; Korean:n.朝鲜族;韩国人;朝鲜话;adj.朝鲜的;朝鲜族的;朝鲜话的;
|
| So this is not just men-spying-on-women issue . |
所以这不仅仅是 男性监视女性的问题。 |
|
issue:n.重要议题;争论的问题;v.宣布;公布;发出;发行;
|
| And I'm here to share what I learned from this experience. |
我想在这里分享 我从这段经历中学到的东西。 |
| What I learned is that data leaks . |
我学到的是信息泄漏, |
|
leaks:n.泄漏; v.漏水; (leak的第三人称单数)
|
| It's like water. |
就像水一样, |
| It gets in places you don't want it. |
它出现在你不想让它出现的地方。 |
| Human leaks. |
人员泄漏。 |
| Your friends give away information about you. |
你的朋友泄漏你的信息。 |
| Your family gives away information about you. |
你的家人泄漏你的信息。 |
| You go to a party, somebody tags you as having been there. |
你去参加一个派对, 有人说你曾去过那里。 |
|
tags:n.标签; v.附加;
|
| And this is one of the ways in which abusers pick up information about you that you don't otherwise want them to know. |
这是侵犯者收集你信息的 其中一个方式, 这些信息你并不想让他们知道。 |
|
abusers:n.abuser的名词复数形式;
|
| It is not uncommon for abusers to go to friends and family and ask for information about their victims under the guise of being concerned about their " mental health." |
侵犯者常常打着 “关心他们心理健康”的幌子 去向受害者的朋友和家人 询问他们的信息。 |
|
uncommon:adj.不寻常的;罕有的;adv.非常地; guise:n.伪装;装束;外观;vt.使化装;vi.伪装; concerned:adj.有关的;关心的;v.关心;与…有关;(concern的过去时和过去分词) mental:adj.精神的;脑力的;疯的;n.精神病患者;
|
| A form of leak that I saw was actually what we call account compromise . |
我看到的一种形式的泄漏 其实就是我们说的账户泄露。 |
|
compromise:n.妥协;折中;互让;和解;v.妥协;违背(原则);达不到(标准);使陷入危险;
|
| So your Gmail account, your Twitter account, your Instagram account, your iCloud , your Apple ID, your Netflix , your TikTok -- |
你的谷歌邮箱账户, 你的推特账户, 你的 Instagram 账户, 你的 iCloud, 你的苹果账户, 你的奈飞账户,抖音账户—— |
|
Instagram:照片分享(一款运行在iPhone平台上的应用程序); iCloud:云端服务; Netflix:n.网飞公司(出租DVD;在线观看电影的网站。);
|
| I had to figure out what a TikTok was. |
我要先弄清楚什么是抖音。 |
| If it had a login, |
只要有登录记录, |
| I saw it compromised . |
就有可能被盗。 |
|
compromised:v.妥协,折中,让步; (compromise的过去分词和过去式)
|
| And the reason for that is because your abuser is not always your abuser. |
原因是你的侵犯者 不总是你的侵犯者。 |
| It is really common for people in relationships to share passwords. |
人们都喜欢在亲戚朋友间分享密码。 |
| Furthermore , people who are intimate , who know a lot about each other, can guess each other's security questions. |
此外,大家都有亲密的人, 他们非常了解对方, 能猜到对方的保密问题。 |
|
Furthermore:adv.此外;而且; intimate:n.知己; v.暗示; adj.亲密的;
|
| Or they can look over each other's shoulders to see what code they're using in order to lock their phones. |
或者他们可以从背后偷窥 对方的锁屏密码。 |
| They frequently have physical access to the phone, or they have physical access to the laptop. |
他们经常能接触到电话, 或者经常接触到电脑。 |
|
frequently:adv.频繁地,经常地;时常,屡次; physical:adj.[物]物理的;身体的;物质的;符合自然法则的;n.体格检查;
|
| And this gives them a lot of opportunity to do things to people's accounts, which is very dangerous. |
这给了他们很多的机会 对别人的账户做手脚, 这些都是非常危险的。 |
| The good news is that we have advice for people to lock down their accounts. |
好消息是,我们建议 人们锁住他们的账户。 |
| This advice already exists, and it comes down to this: |
这个建议已经存在了, 它可以归结为: |
| Use strong, unique passwords for all of your accounts. |
请为你的所有账户 设置安全性强且独特的密码。 |
|
unique:adj.独特的,稀罕的;[数]唯一的;n.独一无二的人或物;
|
| Use more strong, unique passwords as the answers to your security questions, so that somebody who knows the name of your childhood pet can't reset your password. |
请为你的所有安全提示问题 设置安全性强且独特的答案。 所以即使一些人知道 你儿童时期的宠物名字 也不能重置你的密码。 |
|
childhood:n.童年;幼年;孩童时期 reset:vi.重置;清零;重新组合;n.重新设定;重新组合;重排版;
|
| And finally , turn on the highest level of two-factor authentication that you're comfortable using. |
最后,打开你用得最顺手的 最高级别的双重身份验证。 |
|
finally:adv.终于;最终;(用于列举)最后;彻底地; authentication:n.证明;鉴定;证实;
|
| So that even if an abuser manages to steal your password, because they don't have the second factor , they will not be able to log into your account. |
这样,即使侵犯者 计划盗取你的密码, 但是因为没有 第二重身份验证信息, 他们可能也不能登陆你的账号。 |
|
factor:n.因素;要素;[物]因数;代理人;v.做代理商;v.把…作为因素计入; log:原木,日志
|
| The other thing that you should do is you should take a look at the security and privacy tabs for most of your accounts. |
另一件你需要做的事就是, 你需要检查大多数账户的 安全和隐私栏。 |
|
take a look at:看一看;检查; privacy:n.隐私;秘密;隐居;隐居处; tabs:n.制表符; v.命名;
|
| Most accounts have a security or privacy tab that tells you what devices are logging in, and it tells you where they're logging in from. |
大多数的账号都有安全和隐私栏, 可以告诉你有哪些设备 登陆了你的帐号, 以及它们的登陆地点。 |
|
logging:n.伐木作业;v.把…载入正式记录;记录;采伐;(log的现在分词)
|
| For example, here I am, logging in to Facebook from the La Quinta , where we are having this meeting, and if for example, |
比如说, 我在拉昆塔酒店登陆了脸书, 就是我们这个会议所在的地方, 然后假设 |
|
Quinta:n.(有葡萄园等的)乡间邸宅;(西班牙和拉丁美洲的)别墅;
|
| I took a look at my Facebook logins and I saw somebody logging in from Dubai , |
我查看了我的脸书登陆记录, 然后发现有人在迪拜登陆, |
|
logins:n.登录名;登记;记入;录入;(logins是login的复数); Dubai:n.迪拜(阿拉伯联合酋长国的酋长国之一);
|
| I would find that suspicious , because I have not been to Dubai in some time. |
我觉得很可疑, 因为我从来没有到过迪拜。 |
|
suspicious:adj.可疑的;怀疑的;多疑的;
|
| But sometimes, it really is a RAT. |
但是有的时候, 真的是 RAT 在作祟。 |
| If by RAT you mean remote access tool. |
RAT 的意思是远程访问工具 (remote access tool)。 |
|
remote access:n.远程存取;远程访问;
|
| And remote access tool is essentially what we mean when we say stalkerware. |
远程访问工具 本质上就是我们所说的跟踪软件。 |
|
essentially:adv.本质上;本来;
|
| So one of the reasons why getting full access to your device is really tempting for governments is the same reason why getting full access to your device is tempting for abusive partners and former partners. |
为什么政府对能够完全访问 你的设备非常感兴趣, 以及为什么虐待型伴侣和前伴侣 也很渴望获得你的设备访问权限, 其实是出于同一个原因。 |
|
tempting:adj.吸引人的;诱惑人的;v.引诱;(tempt的现在分词); abusive:adj.辱骂的;滥用的;虐待的;
|
| We carry tracking devices around in our pockets all day long . |
我们的口袋里整天都装着追踪设备。 |
|
tracking:n.追踪,跟踪;v.跟踪;(track的现在分词) all day long:"allday"的变体;整天;一整天;终日;
|
| We carry devices that contain all of our passwords, all of our communications, including our end-to-end encrypted communications. |
我们携带的设备 包含了我们所有的密码, 我们所有的交流记录, 包括我们的端到端加密通信。 |
|
end-to-end:n.[计]端对端;首尾相连; encrypted:v.把…加密(或编码);(encrypt的过去式和过去分词)
|
| All of our emails, all of our contacts , all of our selfies are all in one place, often our financial information is also in this place. |
我们所有的邮件,我们所有的联系人, 我们所有的自拍,都储存在一个地方, 通常我们的财务信息也在这里。 |
|
contacts:v.联系,联络;(contact的第三人称单数) financial:adj.金融的;财政的,财务的;
|
| And so, full access to a person’s phone is the next best thing to full access to a person's mind. |
所以,完全访问一个人的手机 仅次于访问一个人的头脑。 |
| And what stalkerware does is it gives you this access. |
而跟踪软件所做的 就是给你这个访问权限。 |
| So, you may ask, how does it work? |
所以,你可能会问, 他们是怎么做到的呢? |
| The way stalkerware works is that it's a commercially available program, which an abuser purchases , installs on the device that they want to spy on, usually because they have physical access |
跟踪软件的原理是这样: 它本身是一套市场上 可以买到的计算机程序, 当一个侵犯者可以购买 并安装在他们想要监视的设备上, 通常是因为他们有物理访问权限, |
|
commercially:adv.商业上;通商上; purchases:v.[贸易]购买; n.所购物; installs:安装;安置;
|
| or they can trick their target into installing it themselves, by saying, you know, "This is a very important program you should install on your device." |
或者他们可以欺骗他们的目标, 让他们自己安装, 比如使用这样的说辞, “这是一个非常重要的程序, 你应该安装在你的设备上。” |
|
installing:v.安装;设置;建立(程序);(install的现在分词)
|
| And then they pay the stalkerware company for access to a portal , which gives them all of the information from that device. |
之后他们付钱给跟踪软件公司 以获得访问接口, 通过这个借口,他们就能获得 这个设备的所有信息。 |
|
portal:n.大门,入口;
|
| And you're usually paying something like 40 bucks a month. |
你一个月只需要支付 40 美元。 |
|
bucks:n.元;雄鹿;(buck的复数)
|
| So this kind of spying is remarkably cheap. |
这种间谍形式非常的便宜。 |
|
remarkably:adv.非常;极为;格外;出乎意料地
|
| Do these companies know that their tools are being used as tools of abuse? |
这些公司知道 他们的工具 被用来入侵他人的设备吗? |
| Absolutely . |
当然。 |
|
Absolutely:adv.绝对地;完全地;
|
| If you take a look at the marketing copy for Cocospy, which is one of these products, it says right there on the website that Cocospy allows you to spy on your wife with ease, "You do not have to worry about where she goes, who she talks to or what websites she visits." |
如果你看看 Cocospy 公司的 市场报告—— 他们出售的就是这类产品—— 网站上说 Cocospy 可以让你轻松监视你的妻子, “你不再需要担心她去了哪里, 和谁聊天以及浏览了什么网站。” |
| So that's creepy . |
所以这很令人毛骨悚然。 |
|
creepy:adj.令人毛骨悚然的;爬行的;
|
| HelloSpy, which is another such product, had a marketing page in which they spent most of their copy talking about the prevalence of cheating and how important it is to catch your partner cheating, including this fine picture of a man who has clearly just caught his partner cheating and has beaten her. |
HelloSpy 是另一款跟踪软件, 他们在一个营销页面上 花了大部分的篇幅 来谈论出轨的盛行, 以及抓到你的伴侣出轨 是多么的重要, 包括这张照片种的男性 刚刚抓到他的伴侣出轨, 然后殴打了她。 |
|
prevalence:n.流行;普遍;广泛;
|
| She has a black eye , there is blood on her face. |
她的眼眶乌青,脸上还有血迹。 |
|
black eye:n.(被打成的)青肿眼眶;
|
| And I don't think that there is really a lot of question about whose side HelloSpy is on in this particular case. |
在这个特殊的案件中, 很容易看出 HelloSpy 是站在哪一边的, |
| And who they're trying to sell their product to. |
以及他们想向哪方推荐产品。 |
| It turns out that if you have stalkerware on your computer or on your phone, it can be really difficult to know whether or not it's there. |
事实证明,很难判断 你的电脑或手机上 是否安装了跟踪软件, |
|
whether or not:是否…;
|
| And one of the reasons for that is because antivirus companies often don't recognize stalkerware as malicious . |
其中一个原因是 因为杀毒软件公司 通常不会把跟踪软件当作恶意软件。 |
|
antivirus:n.反病毒程序;抗病毒素; recognize:v.认识;认出;辨别出;承认;意识到; malicious:adj.恶意的;恶毒的;蓄意的;怀恨的;
|
| They don't recognize it as a Trojan or as any of the other stuff that you would normally find that they would warn you about. |
他们不会把跟踪软件 当作特洛伊病毒, 或者是他们警告可能 存在危险的任何你通常 能找到的病毒。 |
|
Trojan:n.勇士;特洛伊人;勤勉的人;adj.特洛伊的;特洛伊人的; normally:adv.正常地;通常地,一般地;
|
| These are some results from earlier this year from VirusTotal. |
这些是今年早些时期来自于 VirusTotal 的数据结果。 |
| I think that for one sample that I looked at |
这是我看过的一个样本, |
| I had something like a result of seven out of 60 of the platforms recognized the stalkerware that I was testing. |
在我测试的 60 个平台中 有 7 个都能识别跟踪软件。 |
|
platforms:n.平台; v.把…放在台上; recognized:v.认识;认出;辨别出;承认;意识到;(recognize的过去分词和过去式)
|
| And here is another one where I managed to get 10, 10 out of 61. |
这是另一个样本,在 61 个软件中 有 10 个可识别跟踪软件。 |
| So this is still some very bad results. |
可以说这样的结果很糟糕。 |
| I have managed to convince a couple of antivirus companies to start marking stalkerware as malicious. |
我已经成功地说服了 几家杀毒软件公司 开始将跟踪软件当作恶意软件。 |
|
convince:v.使确信;使相信;说服,劝说;
|
| So that all you have to do if you're worried about having this stuff on your computer is you download the program, you run a scan and it tells you "Hey, there's some potentially unwanted program on your device." |
所以如果你担心 你的电脑上有跟踪软件, 只需要下载这个程序, 开始扫描,这个程序就会告诉你 “嘿,你的设备中有一些 你可能不想要的程序。” |
|
potentially:adv.可能地,潜在地; unwanted:adj.不需要的;有害的;讨厌的;空闲的;
|
| It gives you the option of removing it, but it does not remove it automatically . |
它将会给你选择删除的权利, 但是它不会自动删除。 |
|
option:n.选择;可选择的东西; automatically:adv.自动地;机械地;无意识地;adj.不经思索的;
|
| And one of the reasons for that is because of the way that abuse works. |
其中一个原因是 基于跟踪软件的运行方式。 |
| Frequently, victims of abuse aren't sure whether or not they want to tip off their abuser by cutting off their access. |
通常,受害者不确定 他们是否想通过切断访问权 来摆脱入侵者。 |
|
tip:n.小窍门,小费;v.给…小费;使倾斜;
|
| Or they're worried that their abuser is going to escalate to violence or perhaps even greater violence than they've already been engaging in. |
或者他们担心这样做会导致侵犯者 进一步施暴, 甚至可能比他们 已经遭受的暴力更严重。 |
|
escalate:vi.逐步增强;逐步升高;vt.使逐步上升; violence:n.暴力;侵犯;激烈;歪曲; engaging:adj.有趣的; v.吸引住(注意力、兴趣); (engage的现在分词)
|
| Kaspersky was one of the very first companies that said that they were going to start taking this seriously. |
卡巴斯基是第一批 提出会严肃对待 这件事情的公司之一。 |
| And in November of this year, they issued a report in which they said that since they started tracking stalkerware among their users that they had seen an increase of 35 percent. |
在今年的 11 月份, 他们发布了一份报告称, 自从他们开始追踪 用户中的跟踪软件以来, 他们发现该软件的使用率 增加了 35%。 |
|
issued:v.宣布;公布;发出;将…诉诸法律;(issue的过去分词和过去式)
|
| Likewise , Lookout came out with a statement saying that they were going to take this much more seriously. |
同样,Lookout 也发表了一份声明, 称他们将更加严肃地对待此事。 |
|
Likewise:adv.同样地;也; Lookout:n.监视处;观察所;瞭望台;监视员; statement:n.声明;陈述,叙述;报表,清单;
|
| And finally, a company called Malwarebytes also put out such a statement and said that they had found 2,500 programs in the time that they had been looking, which could be classified as stalkerware. |
最终,一家名叫 Malwarebytes 的公司 也发表了声明, 说在他们进行搜寻的那段时间里, 已经发现了 2500 个 可以被认定为跟踪软件的程序。 |
|
classified:adj.机密的; v.将…分类; (classify的过去分词和过去式)
|
| Finally, in November I helped to launch a coalition called the Coalition Against Stalkerware, made up of academics , people who are doing this sort of thing on the ground -- |
最终,在 11 月份, 我帮助创立了一个 “反跟踪软件联合会” (Coalition Against Stalkerware), 该联合会的成员包括学者, 那些在实地做这类事情的人—— |
|
launch:v.发射(导弹,火箭等); n.发射; coalition:n.联合;结合,合并; made up of:由…组成,由…构成; academics:n.学术水平;学术知识;专业学者;
|
| the practitioners of helping people to escape from intimate partner violence -- and antivirus companies. |
帮助人们逃离 亲密伴侣暴力的实践者—— 和杀毒软件公司。 |
|
practitioners:n.实践者;开业者;实习者(practitioner的复数);
|
| And our goal is both to educate people about these programs, but also to convince the antivirus companies to change the norm in how they act around this very scary software, so that soon, if I get up in front of you and I talk to you about this next year, |
我们的目标是教育人们 这些软件的类型, 但也要说服杀毒公司 改变他们针对这个非常可怕的 所以很快,如果我明年 依然能够站在你们面前 和你们谈论这个话题, |
| I could tell you that the problem has been solved, and all you have to do is download any antivirus and it is considered normal for it to detect stalkerware. |
我可能可以告诉你们, 这个问题已经被解决了, 你们所有的人下载的 任何的杀毒软件 都已经内置了跟踪软件的检测功能。 |
|
detect:vt.察觉;发现;探测;
|
| That is my hope. |
这是我的希望。 |
| Thank you very much. |
非常感谢你们。 |
| (Applause) |
(掌声) |