好英语网如何保护自己避免成为网络犯罪受害者?
In 2013, police in South Cambridgeshire in England took to the streets with an unexpected crime-fighting tool.
2013年,英国南剑桥郡(South Cambridgeshire)的警察把一种特殊的犯罪预防工具带上了大街。
The officers wandered past houses, looking for open windows or unlocked doors, then placed balloons in people’s front rooms and kitchens. By attaching advice about home security, the police hoped to encourage people to protect their property with greater care.
警察们检查每一栋房子,找到没有关上的窗户或未锁的门,然后在门厅和厨房前放置气球。气球上印着关于保障住家安全的建议,希望由此能够鼓励人们能够更加用心地保护自己的财产。
Home-owners who received these inflatable prompts were in the minority in their local area – most people in towns and cities lock their doors without thinking twice. But millions of computer users around the world don’t have the same mentality about their digital devices.
收到气球提示的房屋住户只占当地人口的一小部分——大多数城乡居民在离家外出的时候都会锁紧房门。然而,世界各地千百万计算机用户对于他们的数字化设备却没有同样的安全意识。
In fact, many frequently expose themselves to security threats online, or fall for scams in which they mistakenly give up access to their personal information or even their bank account. Fraud is very much on the rise and the recent boom has largely been attributed to the perseverance of cyber-criminals hoping to catch us out.
事实上,很多人经常将自身完全暴露在网络安全威胁之下,或者让骗子轻而易举地获得其个人信息甚至银行账户。最近,网络诈骗不断增加,很大程度上就是网络罪犯分子努力不懈地试图诈骗那些粗心大意的人。
Why don’t we have a door-locking mindset when it comes to computers?
我们对于计算机安全为什么不像对房门上锁那样用心呢?
If you step back and consider the downsides of being hacked, it seems absurd that we don’t. Yes, your home is filled with many valuable items, but your computer and email account likely contain intimate personal information, sensitive work documents, and even access to your finances.
你要是考虑下受到黑客攻击的后果,就会知道不在乎网络安全是多么愚蠢了。对,我们的住宅里面有许多贵重物品,但是我们的计算机和电邮账户同样有许多私密个人信息、高敏感性工作文档、还有你的经济财务信息。
In reality, anyone could fall victim to, for example, a phishing scam. Phishing involves tricking a computer user into performing some risky action that undermines all their previous security precautions. You might be sent an innocuous email – even one that looks like it has come from an organisation or individual you trust.
事实上,每个人都可能成为网络诈骗的受害者。例如现在一种网络诈骗方式是:让计算机用户进行某种高风险操作,使得之前的安全努力付之东流。比如,某天你收到了一封貌似人畜无害的邮件——发信人甚至是你所信任的组织或个人。
These emails contain links or attachments that, when clicked on, cause malicious code to be downloaded. It could be designed to sit quietly on your computer and steal passwords or banking logins – or it might actually lock your whole machine down and demand a ransom payment before returning access to you.
一旦点击邮件里的链接或者附件,就会下载恶意代码——这种木马软件会潜入你的计算机盗取密码或银行登录信息,甚至把你的整个系统锁死,然后你必须缴纳一笔赎金才能重获对计算机的控制权。
We know that many people aren’t aware of these threats or the means to block them because such attacks are increasingly common and successful.
很多人对这些正在日趋蔓延的威胁或手段一无所知,也就无法将其拒之门外。
The cyber-secure mindset
网络安全意识
There are, however, practical ways in which we can better manage our digital security.
然而,我们能够采取某些实用化措施更好地保障数字安全。
By and large, those who already have a strict, security-minded approach online are those who work in cyber-security professionally. Matthew Hickey, co-founder of UK security firm Hacker House, told me about his own home: “The level of security that we put into our computer network at home would rival that of many government agencies.”
一般而言,那些已经采取了严格的网络安全措施的人往往都是网络安全专家。英国网络安全公司骇客之家(Hacker House)的联合创始人马修·海基(Matthew Hickey)这样描述自己的家:"我自己家计算机网络的安全水平能够媲美很多政府机构。"
He got some ideas for his home security practices from a guide apparently designed for employees of the US National Security Agency (NSA). “Obviously that was quite an interesting read,” he says.
很明显,他是参考美国国家安全署(NSA)的员工安全指南来设置家庭网络安全措施的。"这部《指南》读起来很有趣,"他说道。
Some of the precautions Hickey uses are beyond the needs of most people – including, for instance, having a “passive tap” – a special device set up to monitor all traffic leaving his home network or coming into it via the public internet. But other procedures should be commonplace for us all.
海基所采用的某些安全措施已经超出了大部分人的需求,例如"被动水龙头",一种对进出家庭网络的流量进行监控的特殊设备。然而其他的安全措施也应该让所有人都能使用。
Take his suggestion that people use a separate device or smartphone when they want to check their bank account online. If your regular computer or phone gets compromised – more likely since it is used more often – then at least your money won’t be at risk.
例如,他建议人们用一台很少使用的单独联网设备或智能手机在线查看银行账户。考虑到你惯常使用的计算机或手机可能已经被植入木马——由于它们的使用频率很高,这一点的概率很大——至少这样做可以保证你的财产安全。
Or how about doing regular backups and keeping the external hard drive disconnected from your computer? That way, even if your whole machine gets encrypted thanks to ransomware, your files will still be accessible – with an uninfected machine of course.
那么该不该进行定期备份,并把信息保存在不和计算机连接的外接硬盘上呢?这样做的话,即便你的整台计算机中了勒索病毒而被整个加密,你保存在未感染设备里的文档却仍然活着。
“When I designed the network at home, I thought of it as a little island,” says Hickey. “I have a beach, on the beach is where all the average internet stuff could wash up. After the beach there’s a jungle – I break down the use of my computer in different layers and I make the assumption that at some point each layer could be broken.”
"设计自己家的网络时,我把它设想成一座小岛,"海基说。"有一片沙滩,所有网络信息都会冲刷到这片海滩上。海滩后面是一片丛林——我把我的电脑分成几层,并且假设每层的某些位置会崩溃掉。"
Another analogy would be Winston Churchill and General Ironside’s plans for defending Britain in the event of a Nazi invasion during World War Two. They made sure the south of England was littered with pillboxes and hardened defences. Stop-lines were drawn, marking where defending forces could fall back to, concentrate their efforts and use their position in the landscape against the enemy.
二战期间,温斯顿·丘吉尔(Winston Churchill)和艾因赛德将军(General Ironside)决心抵御纳粹德国的入侵。他们在英格兰南部建设了大量碉堡和坚固防线。他们划定了防守力量可以后撤的位置,从而利用原野中的防御工事打击侵略者。
Increasingly, public awareness campaigns are informing people about what those layers of security and best practices actually look like. For example, London’s Metropolitan Police recently launched a series of videos with extremely helpful advice. This includes the suggestion that users who want to access public wi-fi should download virtual private network software – this stops anyone from observing your web traffic by snooping on wi-fi network data (a surprisingly easy feat).
公共安全意识推广计划向人们展示了安全层级和最佳实践。例如,伦敦市警察局最近推出了系列短片为人们提供重要建议。其中包括:使用公共Wi-Fi前必须下载虚拟私有网络软件,从而防止他人通过截取Wi-Fi网络数据而监控你的上网活动(这一点很容易做到)。
Hickey, for one, acknowledges that computer security seems very complex to many people – not least because it is a minefield of jargon. However, he adds: “Ultimately, everybody has to take some level of accountability”.
海基承认,对于很多人来说计算机安全这个问题过于复杂,不仅仅是因为它充斥着技术术语。然而他说:"最终,所有人都不得不采取某种水平的安全措施。"
For example, never assume that a device that can connect to the internet in your home does so safely. There are thousands, if not more, webcams insecurely connected to the internet because no default security was included in the product. The result is that interior views of people’s homes and offices are available to view online, almost certainly without the device owners realising.
例如,不要以为你家里能上网的设备就一定是很安全的。有成千上万的网络摄像头由于默认设置不安全而泄密,让网上所有人都能看到用户家里或者办公室里的情景,而用户却对此一无所知。
We live in interesting times. Not long ago, wi-fi routers were also commonly distributed with no default requirement that users enter a password in order to connect to the network, for instance. That has now changed. But sadly it is only as more and more ordinary people are hit by ransomware or phishing scams that mindsets are beginning to change. We’re hopefully beginning to realise what the dangers out there really are – and how we can protect ourselves.
我们生活在一个有趣的年代。就在不久以前,上市的Wi-Fi路由器没有默认安全要求,用户无需输入密码就可上网。尽管这种情况现在已经发生变化,但是悲哀的是,越来越多的普通人成为勒索软件或者诈骗邮件的受害者,使得人们不断提高自己的安全意识。希望人们都能了解网络上有哪些真正的危险,以及该如何自我保护。
Those who live in big cities have done this for far longer. They might not experience a crime every day – but they don’t think twice about locking their front doors.
生活在大城市里的人们具有较高的安全意识。尽管犯罪是小概率事件,但是他们在每天离开家门时仍然会不假思索地锁紧大门。