電話加密,竊聽無門
????最近華爾街最流行的是什么?不是金融衍生工具,不是抵押證券,甚至也不是工作保障,而是加密的電話線路。 ????美國司法部(the Justice Department)最近破獲的幾起金融犯罪里,電話竊聽都起了至關(guān)重要的作用。正是靠著從電話竊聽中搜集到的證據(jù),聯(lián)邦檢察官普利特?巴拉拉才在一樁罕見的內(nèi)幕交易案中,告倒了對沖基金經(jīng)理拉杰?拉賈拉特南。而在加密電話線路上,雙方的談話會(huì)被加密,防止電話遭人竊聽——無論是聯(lián)邦探員還是別的什么人都沒轍。 ????就像普通的有線電話一樣,加密電話從來不是什么高科技。上世紀(jì)80年代和90年代,國務(wù)院(the State Department)的特工把加密電話放在手提箱里,必要的時(shí)候把它插在墻上就能打電話。不過電話加密軟件生產(chǎn)商Meganet公司的首席執(zhí)行官索爾?貝加爾表示,現(xiàn)在我們既不需要特殊的手機(jī),也不需要像007那樣為掩人耳目,把電話做成皮鞋的樣子。Meganet公司為幾乎各種類型的手機(jī)生產(chǎn)加密軟件。一般說來,通話雙方的手機(jī)必須都能對通話進(jìn)行加密和解碼。不過現(xiàn)在有些軟件允許對通話進(jìn)行單方加密,等到通話內(nèi)容達(dá)到另一方的網(wǎng)絡(luò)時(shí)再解碼。 ????貝加爾表示,不到兩年時(shí)間,他的公司從金融部門客戶那里獲得的營收入就從0增長到了2,000萬美元。與此同時(shí),光是其中一位金融客戶就利用Meganet的軟件激活了19,000臺加密手機(jī)。貝加爾表示,在金融業(yè)和石油天然氣領(lǐng)域的帶動(dòng)下,他的公司的商業(yè)業(yè)務(wù)取得了快速增長,因此Meganet正在準(zhǔn)備掛牌上市。不過貝加爾以及本文采訪的其他安全性專家都不愿透露客戶的名字。 ????互聯(lián)網(wǎng)與音頻安全軟件制造商Fortinet發(fā)現(xiàn),企業(yè)客戶也對加密電話有著類似的需求。這家公司位于加利弗尼亞洲的薩尼維爾市,該公司現(xiàn)在正著手研發(fā)它的第一款產(chǎn)品,該公司負(fù)責(zé)產(chǎn)品研發(fā)的副總裁帕特里克?貝德維爾表示,這款產(chǎn)品可以與加密軟件進(jìn)行“互動(dòng)”。Fortinet的軟件的設(shè)計(jì)初衷是要在網(wǎng)絡(luò)“門戶”上保護(hù)手機(jī)和數(shù)據(jù),而不是保護(hù)個(gè)人通話。不過由于客戶經(jīng)常遭遇聲音加密,因此Forttinet希望使IT安全人員可以在所有這些網(wǎng)絡(luò)門戶上攔截通話,然后對它們進(jìn)行破解。 ????金融部門對這些功能的需求尤其強(qiáng)勁。貝德威爾表示:“在金融服務(wù)領(lǐng)域,他們正在提高聲音內(nèi)容的保護(hù)等級。金融服務(wù)業(yè)對我們來說極為重要,在先進(jìn)安全性技術(shù)的采用上,金融業(yè)往往是第一批吃螃蟹的人。部分原因是由于他們更容易成為高級安全性攻擊的靶子。正所謂槍打出頭鳥。” ????在電話安全行業(yè),像Fortinet和Meganet這種公司只是小角色。這個(gè)行業(yè)還包括私人控股的Tripleton以及通用動(dòng)力(General Dynamics)等大公司。 ????情報(bào)咨詢機(jī)構(gòu)Stratfor的反恐專家弗萊德?波頓指出,從很多方面來看,電話安全只是網(wǎng)絡(luò)安全的延伸。大多數(shù)公司都使用VoIP網(wǎng)絡(luò)電話,也就是說他們的電話線路和網(wǎng)絡(luò)聯(lián)接走的是一條線。盡管許多企業(yè)只關(guān)心互聯(lián)網(wǎng)的數(shù)據(jù)安全,但他們可能沒有意識到,許多電話黑客,或是小報(bào)記者【比如《世界新聞報(bào)》(News of the World)】,可能正在忙著竊聽你們的電話。 ????此外,很多公司還面臨著商業(yè)間諜活動(dòng)的威脅。波頓表示:“比如你是一位CEO,現(xiàn)在正在某個(gè)國家旅行,那里的行業(yè)間諜活動(dòng)猖獗,比如中國、俄羅斯、印度或以色列。那么你就需要具備安全地與總部進(jìn)行通話的能力。”企業(yè)對電話進(jìn)行加密的原因不一而足。 ????對于大多數(shù)金融機(jī)構(gòu)來說,他們還需要提防來自執(zhí)法機(jī)構(gòu)的竊聽。波頓表示,隨著電話加密和衛(wèi)星電話技術(shù)的發(fā)展,辦案人員越來越難以通過電話監(jiān)督和電話記錄來辦案了。 ????今年初夏,帆船集團(tuán)(Galleon Group)前交易員茲伊?高佛爾因涉嫌內(nèi)幕交易而受審,華爾街開始愈發(fā)重視電話安全問題。高佛爾最終被判有罪。其中有一個(gè)證據(jù)是特別致命的,法庭聽取了一盤來自聯(lián)邦調(diào)查局(FBI)的錄音帶,其中高佛爾的一個(gè)同謀賈森?高德法伯驚慌地要求高佛爾替他買新的預(yù)付費(fèi)手機(jī)。因?yàn)樗念A(yù)付費(fèi)手機(jī)是匿名的,但有人在給他的這部手機(jī)打電話的時(shí)候叫出了他的名字。唉,高德法伯雖然安全意識不錯(cuò),可惜還是晚了一步——高佛爾的電話線已經(jīng)被執(zhí)法機(jī)關(guān)錄音了。 ????一位安全性公司的代表告訴《財(cái)富》雜志,不光只有對沖基金在保護(hù)他們的電話線路。至少有兩家主要的信用卡公司,以及四家美國排名前十的銀行都購買了手機(jī)加密軟件。 ????Meganet的貝加爾指出:“我們曾經(jīng)見過有些大型的(金融)機(jī)構(gòu),要求所有高層管理人員都要求必須使用經(jīng)過加密的手機(jī)。凡是參與公司‘財(cái)務(wù)方面’的人員,包括交易人員,也都要求使用加密手機(jī)。” ????一位基金經(jīng)理告訴《財(cái)富》,他的一位同行供職于在今年夏天的內(nèi)幕交易偵訊中受到傳喚的某家公司。這位同行很久以前告訴他,他們公司的電話很“安全”。值得注意的是,這家公司現(xiàn)在尚未受到指控。 ????譯者:樸成奎 |
????What's all the rage on Wall Street these days? Not derivatives, mortgage-backed securities or even job security. It's encrypted phone lines. ????Wire taps are at the center of the Justice Department's latest crackdown on financial crimes -- it was evidence collected from them that helped U.S. attorney Preet Bharara win a rare insider trader victory over hedge fund manager Raj Rajaratnam. On encrypted phone lines, the speech of both parties is scrambled to prevent eavesdropping -- by the Feds or anyone else. ????Like our own landlines, encrypted phones used to be a low-tech affair -- special agents for the State Department in the 1980s and 1990s would carry their phones in a briefcase and plug them into a wall to make a call. These days, neither special handsets nor repurposed Max Smart-style shoes are required, says Saul Backal, chief executive of Meganet, which makes encryption software for almost any kind of cell phone. Typically the phones on both ends of the conversation must be enabled to encrypt and decipher the speech, although some software enables phone calls to be encoded one way and then decoded when they reach the recipient's network. ????Backal says his company's revenue from customers in the financial sector grew from almost nothing to $20 million in the last two years. During that time frame, one financial client alone activated 19,000 encrypted cell phones with Meganet software. Backal says the growth in the company's commercial business, led by the financial industry and the oil-and-gas sector, is helping Meganet prepare for an IPO. Neither Backal nor the other security professionals interviewed for this story would name their clients. ????Internet-and-voice security software maker Fortinet (FTNT) is seeing similar demand for encrypted phones from corporate clients. The Sunnyvale, Calif.-based company is developing its first product that would "interact" with encryption software, says vice president of product development Patrick Bedwell. Fortinet's software is designed to protect phones -- and data -- at network "gateways" rather than on individual lines. But clients are encountering voice encryption so much, Fortinet wants to allow IT security personnel to intercept calls at these gateways and decrypt them. ????Demand for such capabilities is particularly strong in the financial sector. "In financial services, they are trying to improve the level of protection for voice content," says Bedwell. "The financial sector is extremely important to us -- they are often the early adopters of more advanced security techniques. Partly because they're the target of often more advanced security attacks, they're the sharp end of the stick." ????Fortinet and Meganet are smaller players in the phone-security industry that includes closely held Tripleton and General Dynamics (GD). ????In many ways, says Fred Burton, a counterterrorism authority at the intelligence consulting firm Stratfor, phone security is just an extension of Internet security. Most corporations use voice-over Internet protocol, meaning their phone lines go through the same "pipe" as their Internet connection. While the corporation worries about its Internet data security, computer hackers – or tabloid newspaper reporters, as in the case of News of the World – could be busy eavesdropping on phone calls. ????And then there's the threat of corporate espionage. "Let's say you have a CEO that's traveling to places where there are high rates of industrial-espionage type activities, such as China, Russia, India or Israel, and they want ability to communicate back with HQ," says Burton. All the more reason to encrypt. ????For most financial institutions, of course, another major worry is the prying ears of law enforcement. As phone-encryption and satellite-telephone technology develops, says Burton, investigators are finding it tougher to make cases using phone surveillance and phone records. ????Telephone-security consciousness among some parties on Wall Street became clear during the trial of ex-Galleon Group trader Zvi Goffer for insider trading earlier this summer, which resulted in a conviction. In one particularly damning piece of evidence, the court heard a tape from the FBI that featured one of Goffer's accomplices, Jason Goldfarb, calling him with a panicky request for new prepaid cellphones. Goldfarb feared that a third party had compromised the supposed anonymity of his prepaid phone by calling him on it. Alas, Goldfarb was a little late with his security consciousness -- Goffer's line had already been tapped by law enforcement. ????It's not just hedge funds that are protecting their lines. At least two major credit card companies and four of the top ten U.S. banks have bought phone-encryption software, a security firm representative told Fortune. ????"We have seen in large [financial] corporations [where] all upper management members were required to carry encrypted cell phones," says Meganet's Backal. With some clients, anyone involved in any "financial aspect" of the firm's business, including trading, uses encrypted cell phones, he says. ????One hedge-fund manager told Fortune that a colleague inside one of the largest firms subpoenaed during the sweeping insider-trading investigation had told him long ago that the phones at that firm were "secure." Notably, that firm has yet to be charged. |