财富中文网

电话加密,窃听无门

分享: [双语阅读]

前有内幕交易案,后有报纸窃听丑闻,对于电话安全行业来说,现在可谓最佳的发展时机。

    最近华尔街最流行的是什么?不是金融衍生工具,不是抵押证券,甚至也不是工作保障,而是加密的电话线路。

    美国司法部(the Justice Department)最近破获的几起金融犯罪里,电话窃听都起了至关重要的作用。正是靠着从电话窃听中搜集到的证据,联邦检察官普利特•巴拉拉才在一桩罕见的内幕交易案中,告倒了对冲基金经理拉杰•拉贾拉特南。而在加密电话线路上,双方的谈话会被加密,防止电话遭人窃听——无论是联邦探员还是别的什么人都没辙。

    就像普通的有线电话一样,加密电话从来不是什么高科技。上世纪80年代和90年代,国务院(the State Department)的特工把加密电话放在手提箱里,必要的时候把它插在墙上就能打电话。不过电话加密软件生产商Meganet公司的首席执行官索尔•贝加尔表示,现在我们既不需要特殊的手机,也不需要像007那样为掩人耳目,把电话做成皮鞋的样子。Meganet公司为几乎各种类型的手机生产加密软件。一般说来,通话双方的手机必须都能对通话进行加密和解码。不过现在有些软件允许对通话进行单方加密,等到通话内容达到另一方的网络时再解码。

    贝加尔表示,不到两年时间,他的公司从金融部门客户那里获得的营收入就从0增长到了2,000万美元。与此同时,光是其中一位金融客户就利用Meganet的软件激活了19,000台加密手机。贝加尔表示,在金融业和石油天然气领域的带动下,他的公司的商业业务取得了快速增长,因此Meganet正在准备挂牌上市。不过贝加尔以及本文采访的其他安全性专家都不愿透露客户的名字。

    互联网与音频安全软件制造商Fortinet发现,企业客户也对加密电话有着类似的需求。这家公司位于加利弗尼亚洲的萨尼维尔市,该公司现在正着手研发它的第一款产品,该公司负责产品研发的副总裁帕特里克•贝德维尔表示,这款产品可以与加密软件进行“互动”。Fortinet的软件的设计初衷是要在网络“门户”上保护手机和数据,而不是保护个人通话。不过由于客户经常遭遇声音加密,因此Forttinet希望使IT安全人员可以在所有这些网络门户上拦截通话,然后对它们进行破解。

    金融部门对这些功能的需求尤其强劲。贝德威尔表示:“在金融服务领域,他们正在提高声音内容的保护等级。金融服务业对我们来说极为重要,在先进安全性技术的采用上,金融业往往是第一批吃螃蟹的人。部分原因是由于他们更容易成为高级安全性攻击的靶子。正所谓枪打出头鸟。”

    在电话安全行业,像Fortinet和Meganet这种公司只是小角色。这个行业还包括私人控股的Tripleton以及通用动力(General Dynamics)等大公司。

    情报咨询机构Stratfor的反恐专家弗莱德•波顿指出,从很多方面来看,电话安全只是网络安全的延伸。大多数公司都使用VoIP网络电话,也就是说他们的电话线路和网络联接走的是一条线。尽管许多企业只关心互联网的数据安全,但他们可能没有意识到,许多电话黑客,或是小报记者【比如《世界新闻报》(News of the World)】,可能正在忙着窃听你们的电话。

    此外,很多公司还面临着商业间谍活动的威胁。波顿表示:“比如你是一位CEO,现在正在某个国家旅行,那里的行业间谍活动猖獗,比如中国、俄罗斯、印度或以色列。那么你就需要具备安全地与总部进行通话的能力。”企业对电话进行加密的原因不一而足。

    对于大多数金融机构来说,他们还需要提防来自执法机构的窃听。波顿表示,随着电话加密和卫星电话技术的发展,办案人员越来越难以通过电话监督和电话记录来办案了。

    今年初夏,帆船集团(Galleon Group)前交易员兹伊•高佛尔因涉嫌内幕交易而受审,华尔街开始愈发重视电话安全问题。高佛尔最终被判有罪。其中有一个证据是特别致命的,法庭听取了一盘来自联邦调查局(FBI)的录音带,其中高佛尔的一个同谋贾森•高德法伯惊慌地要求高佛尔替他买新的预付费手机。因为他的预付费手机是匿名的,但有人在给他的这部手机打电话的时候叫出了他的名字。唉,高德法伯虽然安全意识不错,可惜还是晚了一步——高佛尔的电话线已经被执法机关录音了。

    一位安全性公司的代表告诉《财富》杂志,不光只有对冲基金在保护他们的电话线路。至少有两家主要的信用卡公司,以及四家美国排名前十的银行都购买了手机加密软件。

    Meganet的贝加尔指出:“我们曾经见过有些大型的(金融)机构,要求所有高层管理人员都要求必须使用经过加密的手机。凡是参与公司‘财务方面’的人员,包括交易人员,也都要求使用加密手机。”

    一位基金经理告诉《财富》,他的一位同行供职于在今年夏天的内幕交易侦讯中受到传唤的某家公司。这位同行很久以前告诉他,他们公司的电话很“安全”。值得注意的是,这家公司现在尚未受到指控。

    译者:朴成奎

    What's all the rage on Wall Street these days? Not derivatives, mortgage-backed securities or even job security. It's encrypted phone lines.

    Wire taps are at the center of the Justice Department's latest crackdown on financial crimes -- it was evidence collected from them that helped U.S. attorney Preet Bharara win a rare insider trader victory over hedge fund manager Raj Rajaratnam. On encrypted phone lines, the speech of both parties is scrambled to prevent eavesdropping -- by the Feds or anyone else.

    Like our own landlines, encrypted phones used to be a low-tech affair -- special agents for the State Department in the 1980s and 1990s would carry their phones in a briefcase and plug them into a wall to make a call. These days, neither special handsets nor repurposed Max Smart-style shoes are required, says Saul Backal, chief executive of Meganet, which makes encryption software for almost any kind of cell phone. Typically the phones on both ends of the conversation must be enabled to encrypt and decipher the speech, although some software enables phone calls to be encoded one way and then decoded when they reach the recipient's network.

    Backal says his company's revenue from customers in the financial sector grew from almost nothing to $20 million in the last two years. During that time frame, one financial client alone activated 19,000 encrypted cell phones with Meganet software. Backal says the growth in the company's commercial business, led by the financial industry and the oil-and-gas sector, is helping Meganet prepare for an IPO. Neither Backal nor the other security professionals interviewed for this story would name their clients.

    Internet-and-voice security software maker Fortinet (FTNT) is seeing similar demand for encrypted phones from corporate clients. The Sunnyvale, Calif.-based company is developing its first product that would "interact" with encryption software, says vice president of product development Patrick Bedwell. Fortinet's software is designed to protect phones -- and data -- at network "gateways" rather than on individual lines. But clients are encountering voice encryption so much, Fortinet wants to allow IT security personnel to intercept calls at these gateways and decrypt them.

    Demand for such capabilities is particularly strong in the financial sector. "In financial services, they are trying to improve the level of protection for voice content," says Bedwell. "The financial sector is extremely important to us -- they are often the early adopters of more advanced security techniques. Partly because they're the target of often more advanced security attacks, they're the sharp end of the stick."

    Fortinet and Meganet are smaller players in the phone-security industry that includes closely held Tripleton and General Dynamics (GD).

    In many ways, says Fred Burton, a counterterrorism authority at the intelligence consulting firm Stratfor, phone security is just an extension of Internet security. Most corporations use voice-over Internet protocol, meaning their phone lines go through the same "pipe" as their Internet connection. While the corporation worries about its Internet data security, computer hackers – or tabloid newspaper reporters, as in the case of News of the World – could be busy eavesdropping on phone calls.

    And then there's the threat of corporate espionage. "Let's say you have a CEO that's traveling to places where there are high rates of industrial-espionage type activities, such as China, Russia, India or Israel, and they want ability to communicate back with HQ," says Burton. All the more reason to encrypt.

    For most financial institutions, of course, another major worry is the prying ears of law enforcement. As phone-encryption and satellite-telephone technology develops, says Burton, investigators are finding it tougher to make cases using phone surveillance and phone records.

    Telephone-security consciousness among some parties on Wall Street became clear during the trial of ex-Galleon Group trader Zvi Goffer for insider trading earlier this summer, which resulted in a conviction. In one particularly damning piece of evidence, the court heard a tape from the FBI that featured one of Goffer's accomplices, Jason Goldfarb, calling him with a panicky request for new prepaid cellphones. Goldfarb feared that a third party had compromised the supposed anonymity of his prepaid phone by calling him on it. Alas, Goldfarb was a little late with his security consciousness -- Goffer's line had already been tapped by law enforcement.

    It's not just hedge funds that are protecting their lines. At least two major credit card companies and four of the top ten U.S. banks have bought phone-encryption software, a security firm representative told Fortune.

    "We have seen in large [financial] corporations [where] all upper management members were required to carry encrypted cell phones," says Meganet's Backal. With some clients, anyone involved in any "financial aspect" of the firm's business, including trading, uses encrypted cell phones, he says.

    One hedge-fund manager told Fortune that a colleague inside one of the largest firms subpoenaed during the sweeping insider-trading investigation had told him long ago that the phones at that firm were "secure." Notably, that firm has yet to be charged.

阅读全文
返回顶部