By Ryan Gallagher

瑞安·加拉格尔(Ryan Gallagher)

The alleged theft of data from the iPhone X used by billionaire Jeff Bezos has cast an unflattering light on the swiftly growing and highly secretive cottage industry of software developers specializing in digital surveillance.

亿万富翁杰夫·贝索斯(Jeff Bezos)使用的所谓iPhone X数据被盗窃案，给专注于数字监控的软件开发人员Swift增长且高度机密的家庭行业提供了一个令人flat然的印象。

NSO Group and Hacking Team are among the most well-known surveillance companies. Both have sold tools to law enforcement agencies that are used to covertly infect targeted mobile phones and computers with spyware, which can record calls, harvest text messages, take photographs using the device’s inbuilt camera and record audio using its microphone.

NSO集团和黑客团队是最著名的监视公司。 两家公司都向执法机构出售了工具，这些工具用于用间谍软件秘密感染目标移动电话和计算机，这些间谍软件可以记录呼叫，收集短信，使用设备的内置摄像头拍摄照片并使用其麦克风记录音频。

But many more companies, some of them not as well known to the public, are selling similar technology across the globe, as part of an industry that isn’t well understood and often subject to minimal regulation or oversight. The hack of Bezos’s phone has renewed calls from some officials for a moratorium on sales until more rigorous global controls are enacted.

但是，作为一个行业的一部分，该公司还没有被很好地理解，并且经常受到最小的监管或监督，而更多的公司(其中一些还没有为公众所熟知)正在全球销售类似的技术。 贝佐斯的手机遭到黑客入侵后，一些官员再次呼吁暂停销售，直到实施更严格的全球控制。

“This industry seems to just keep growing,” said Eric Kind, director of AWO, a London-based data rights law firm and consulting agency. “Ten years ago, there were just a few companies. Now there are 20 or more, aggressively pitching their stuff at trade shows around the world.”

总部位于伦敦的数据权利律师事务所和咨询公司AWO的主管埃里克·金(Eric Kind)说：“这个行业似乎只是在保持增长。” “十年前，只有几家公司。 现在有20个或更多的产品正在全球贸易展览会上积极推广。”

Spyware developers have maintained that they sell their technology to law enforcement and intelligence agencies to help catch criminals and terrorists. But as the surveillance trade has grown, it has been repeatedly criticized because its technology has been used to target activists, journalists and most recently, Bezos, the world’s richest person. Last week, it was revealed that the mobile phone of the Amazon.com Inc. chief executive officer was allegedly compromised by spyware sent to him from a WhatsApp account belonging to Mohammed bin Salman, the crown prince of Saudi Arabia. The Saudi Embassy denied the allegation.

间谍软件开发商坚持认为，他们会将技术出售给执法和情报机构，以帮助抓捕罪犯和恐怖分子。 但是随着监视行业的发展，它被一再受到批评，因为其技术已被用于瞄准活动家，新闻记者以及最近成为世界首富的贝索斯。 上周，有消息称，亚马逊公司首席执行官的手机被从属于沙特阿拉伯王储穆罕默德·本·萨勒曼(Mohammed bin Salman)的WhatsApp帐户发送给他的间谍软件所破坏。 沙特大使馆否认了这一指控。

While investigators haven’t identified the spyware that they suspect was used on Bezos’s iPhone, they cited NSO Group and Hacking Team as developing malware capable of such an attack. NSO has denied involvement, as has Memento Labs, which acquired the Hacking Team last year.

尽管调查人员尚未发现他们怀疑在Bezos的iPhone上使用过的间谍软件，但他们引用了NSO Group和Hacking Team来开发能够进行这种攻击的恶意软件。 NSO以及Memento Labs都拒绝参与，后者去年收购了Hacking Team。

“Companies and governments make the argument that they need spyware tools in order to address counterterrorism and other kinds of violent crime,” David Kaye, the United Nations special rapporteur on freedom of opinion and expression, said Thursday in an interview. “But the problem is you have no legal framework to ensure that when you sell and transfer the technology, it is actually used for those legitimate purposes and that it is used according to basic rule-of-law standards, such as surveillance only according to warrants issued by a court.”

联合国见解和言论自由问题特别报告员戴维·凯伊 ( David Kaye)星期四在接受采访时说：“公司和政府争辩说他们需要间谍软件工具来应对反恐和其他形式的暴力犯罪。” “但是问题是，您没有法律框架来确保当您出售和转让该技术时，该技术实际上是出于合法目的使用的，并且该技术是根据基本法治标准使用的，例如仅根据法院发出的手令。”

Kaye and another UN expert, Agnes Callamard, the special rapporteur on summary executions and extrajudicial killings, said on Jan. 22 that the allegations involving Bezos’s phone were “a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware.” Kaye described the current spyware trade as a “free for all” and, along with Callamard, called for a moratorium on the global sale and transfer of private surveillance technology.

Kaye和另一位联合国专家，即决处决和法外处决特别报告员Agnes Callamard于1月22日说，涉及Bezos电话的指控“是间谍软件不受限制的营销，销售和使用造成的危害的具体例子。 。” Kaye将当前的间谍软件交易描述为“所有人免费”，并与Callamard一起呼吁暂停全球销售和转让私人监视技术。

Rory Byrne, co-founder of Security First, an organization that provides digital security advice to journalists and human rights activists, said he expected to see an uptick in episodes involving spyware as the technology spreads.

向新闻记者和人权活动家提供数字安全建议的组织Security First的联合创始人Rory Byrne表示 ，随着技术的传播，他预计间谍软件事件会有所增加。

“The truth is, it’s becoming easier and easier and easier for governments to build the capability themselves or to just buy it off the shelf,” Byrne said.

伯恩说：“事实是，政府自己建立能力或直接购买现成的能力变得越来越容易。”

Only a few countries — including the U.K., Germany, Austria and Italy — have any kind of legal framework governing hacking by law enforcement, said Ilia Siatitsa, legal officer and director of the government program at Privacy International. In 2016, a new law in the U.K. expanded and defined how police and spies in the country could hack devices, which it termed “equipment interference.” The tactic must be approved either by a senior police chief or a government minister and then, in most cases, additionally authorized by a current or former high court judge, known as a judicial commissioner.

国际私隐组织的法务官兼政府计划负责人伊利亚·萨蒂察 ( Ilia Siatitsa)表示，只有少数几个国家(包括英国，德国，奥地利和意大利)拥有管理执法人员进行黑客入侵的任何法律框架。 2016年，英国的一项新法律进行了扩展，并定义了该国的警察和间谍如何破解设备，该技术被称为“设备干扰”。 该策略必须先由高级警察局长或政府部长批准，然后在大多数情况下，再由现任或前任高等法院法官(称为司法专员)授权。

In the U.S., the Federal Bureau of Investigation has since the late 1990s been using forms of spyware to gather information on electronic communication. The FBI has since obtained expanded powers to hack computers across the U.S., as long as it has obtained a search warrant from a judge to use the method.

在美国，自1990年代后期以来，联邦调查局一直在使用间谍软件形式收集有关电子通信的信息。 此后，FBI获得了扩展权限，可以在美国境内入侵计算机，只要它已获得法官的搜查令即可使用该方法。

In most countries, however, “there is not a clear picture of what governments are permitted by law to do” in terms of hacking, said Siatitsa. “The fact is that we don’t even know which governments are engaging in this. It’s very problematic. It goes against the international human rights framework, which requires that if there’s interference with our privacy, it must be explicitly provided for by law.”

Siatitsa说，但是，在大多数国家中，“没有明确的法律规定政府可以做什么”。 “事实是，我们甚至都不知道哪个政府参与其中。 这是非常有问题的。 它违反了国际人权框架，该框架要求，如果对我们的隐私造成干扰，则必须由法律明确规定。”

Demand for the technology has increased among law enforcement agencies, who have turned to hacking as a method of spying on encrypted messages sent using popular apps such as WhatsApp, Signal and Telegram, Kind said. But other factors have made the technology appealing, too. Hacking allows law enforcement and intelligence agencies to maintain constant surveillance on targets who frequently travel internationally, according to Kind.

Kind说，执法机构对这种技术的需求在增加，执法机构已经将黑客作为监视使用诸如WhatsApp，Signal和Telegram等流行应用程序发送的加密消息的方法。 但是其他因素也使该技术具有吸引力。 Kind认为，黑客攻击使执法机构和情报机构可以对经常出国旅行的目标进行持续监视。

“Hacking tools allow you to get access to all the communications on a device no matter where the target is in the world, no matter what platform they are using or who they are communicating with,” Kind said. “That’s why hacking is so attractive to governments. It’s a single tool that they can use to get access to all communications on your phone at one easy point of access.”

Kind说：“黑客工具使您无论目标在世界任何地方，无论使用什么平台或与谁通信，都可以访问设备上的所有通信。” “这就是为什么黑客对政府如此具有吸引力。 他们只是一个单一的工具，他们可以在一个简单的访问点上访问手机上的所有通信。”

Italy’s GR Sistemi is among the companies that have marketed surveillance technology, offering government agencies a spyware system named “Dark Eagle.” Company marketing brochures, which were published by Privacy International, say the technology could be used to hack phones and computers, providing “full interception of Skype and other encrypted communication software.” The Dark Eagle system can covertly capture images from a person’s webcam, record sent and received email, capture instant messenger conversations and monitor web traffic, according to the company’s documents. The company didn’t respond to a message seeking comment.

意大利的GR Sistemi是销售监控技术的公司之一，为政府机构提供了名为“ Dark Eagle”的间谍软件系统。 由Privacy International 发布的公司营销手册说，该技术可用于黑客攻击手机和计算机，从而“完全拦截了Skype和其他加密通信软件。” 根据该公司的文件，Dark Eagle系统可以秘密捕获来自人的网络摄像头的图像，记录发送和接收的电子邮件，捕获即时通讯程序对话并监视Web流量。 该公司没有回应寻求评论的消息。

Israel’s Wintego Systems Ltd. has offered its customers a spy tool that it claims can intercept Wi-Fi traffic, steal their login credentials to their accounts, and extract “years of archived email, contacts, messages, calendars, and more,” according to company documents. A Wintego representative didn’t return messages seeking comment.

以色列的Wintego Systems Ltd.向其客户提供了一个间谍工具，据称它可以拦截Wi-Fi流量，窃取其登录凭据到其帐户，并提取“多年的存档电子邮件，联系人，消息，日历等”，公司文件 。 Wintego代表未回复要求评论的消息。

India’s ClearTrail Technologies, meanwhile, has marketed a system named Astra, which it describes as a “remote infection and monitoring framework” and promises “non-traceable payload delivery,” according to documents published by Privacy International. Once ClearTrail’s spyware is delivered to a computer or mobile phone, it can gather data stored on the device, including location, screen shots, Skype calls and search history, according to the documents. The company didn’t return a message seeking comment.

与此同时，印度的ClearTrail Technologies 已经销售了一个名为Astra的系统，该系统被描述为“远程感染和监视框架”，并承诺“不可追踪的有效载荷传送”，根据国际隐私组织发布的文件。 一旦将ClearTrail的间谍软件交付到计算机或手机，它就可以收集存储在设备上的数据，包括位置，屏幕截图，Skype通话和搜索历史记录。 该公司没有返回征求评论的消息。

Similar spyware tools have also allegedly been developed by Israel’s MerlinX, France’s Nexa Technologies, California-based SS8 Networks, Inc., according to company profiles and research reports, and Bloomberg News found at least a dozen other companies that appear to sell similar technology. MerlinX, Nexa and SS8 didn’t returned a message seeking comment.

据公司简介和研究报告称 ，类似的间谍软件工具也由以色列的MerlinX ，法国的Nexa Technologies ，位于加利福尼亚的SS8 Networks，Inc. 开发 ，并且彭博新闻社发现至少还有十几家看似销售类似技术的公司。 MerlinX，Nexa和SS8没有返回信息以征求评论。

In recent years, some spyware developers have come under fire because their products have been sold to authoritarian governments whose security agencies have used the technology to target political opponents and critics.

近年来，一些间谍软件开发商受到了抨击，因为他们的产品已出售给专制政府，其安全机构已使用该技术针对政治对手和批评家。

In 2012, for instance, Bloomberg News reported that a prominent human rights activist in Bahrain was targeted with spyware traced to the company FinFisher. In 2014, WikiLeaks used leaked documents to identify FinFisher sales worth €47 million ($52 million) to countries including Qatar, Bahrain, Pakistan, Vietnam, Nigeria, Singapore and Bangladesh. FinFisher, which didn’t return a message seeking comment, has previously said its technology is necessary in the fight against terrorism and serious organized crime.

例如，2012年， 彭博新闻社报道说，巴林一位著名的人权活动家被发现带有间谍软件，该间谍软件可追溯至FinFisher公司。 2014年，WikiLeaks 使用泄露的文档确定FinFisher对卡塔尔，巴林，巴基斯坦，越南，尼日利亚，新加坡和孟加拉国等国家的销售总额为4,700万欧元(5,200万美元)。 FinFisher没有回覆征求评论的消息，该公司此前曾表示，其技术对于打击恐怖主义和严重的有组织犯罪至关重要。

Spyware sold by Israel’s NSO Group has been linked to hacks that have targeted human rights activists, journalists and politicians in countries including Morocco, Saudi Arabia and Mexico. Similar technology sold by Italy’s Hacking Team has been traced to hacks on activists and journalists in countries including Morocco, Ethiopia and the United Arab Emirates. Both companies have said they sell their equipment to law enforcement and intelligence agencies to fight crime and terrorism.

以色列国家安全组织(NSO Group)出售的间谍软件已经与针对摩洛哥 ， 沙特阿拉伯和墨西哥等国家的人权活动家，新闻工作者和政治人物的黑客活动有关。 意大利黑客小组出售的类似技术可以追溯到摩洛哥 ， 埃塞俄比亚和阿拉伯联合酋长国等国家的活动家和记者的黑客行为。 两家公司都表示，他们将设备出售给执法和情报机构，以打击犯罪和恐怖主义。

“Our products are only used to investigate terror and serious crime,” a NSO spokesman said in a statement last week. Memento Labs, which acquired Hacking Team, didn’t respond to a message seeking comment. But in a post on its LinkedIn page, the company said, “Memento Labs underlines its position in condemning any misuse of hacking technologies and capabilities, having always acted in compliance with all the relevant international laws.”

国家统计局发言人在上周的一份声明中说：“我们的产品仅用于调查恐怖和严重犯罪。” 收购了Hacking Team的Memento Labs没有回应寻求评论的消息。 但是该公司在其LinkedIn页面上的一篇文章中说：“ Memento Labs始终坚决遵守所有相关国际法，坚决谴责任何滥用黑客技术和功能的行为。”

Governments that possess hacking technologies are more likely to use them to target high-profile individuals than ordinary citizens, according to Byrne, of Security First.

Security First的Byrne认为，拥有黑客技术的政府比普通公民更有可能将其用于针对知名人士。

“You have to understand who is likely to target you,” Byrne said. “It’s important not to panic and become too paranoid.”

“您必须了解谁可能将您作为目标。”伯恩说。 “重要的是不要惊慌和变得过于偏执。”

— With assistance from William Turton

—在William Turton的协助下