2017年，康拉德·沃伊特入侵了密歇根州沃什特諾縣監(jiān)獄的IT系統(tǒng)。沃伊特的一位朋友在那里服刑，于是他篡改了該縣的電子監(jiān)獄記錄，把他的釋放日期提前。幸運的是，監(jiān)獄工作人員找到了能證實這一騙局的書面記錄，立即通知了聯(lián)邦調(diào)查局和國土安全部。沃伊特現(xiàn)在和他的朋友一起服刑。

這個數(shù)據(jù)操縱的例子展示了網(wǎng)絡(luò)攻擊的一個新戰(zhàn)場：這種攻擊破壞了人們對數(shù)據(jù)可靠性的信任，而正是這種信任驅(qū)動著日益數(shù)字化的世界前行。

新聞里的網(wǎng)絡(luò)攻擊往往分為兩類：竊取敏感數(shù)據(jù)、切斷數(shù)據(jù)訪問的勒索軟件攻擊。然而，高級軍事和情報官員認為，操縱數(shù)據(jù)本身構(gòu)成的威脅可能最大。曾任美國網(wǎng)絡(luò)司令部（Cyber Command）和國家安全局（National Security Agency）局長的羅杰斯上將曾作證說，他認為最糟糕的網(wǎng)絡(luò)事件是“大規(guī)模的數(shù)據(jù)操縱”。由于幾乎所有東西都已經(jīng)數(shù)字化，大量數(shù)據(jù)在全球范圍內(nèi)相互關(guān)聯(lián)，數(shù)據(jù)操縱造成的威脅幾乎覆蓋了所有行業(yè)和部門。

據(jù)《華爾街日報》（Wall Street Journal）報道，如今，多達85%的股票交易是在“自動駕駛”模式下進行的，“由機器、模型或被動的投資公式控制”。事實上，快速、自動化的交易模式遍及整個金融市場和各大交易所。這種模式依賴復(fù)雜的算法，需要輸入來自于多個數(shù)據(jù)源的數(shù)據(jù)，包括股價和其他市場的趨勢等。如果黑客暗中改變輸入算法的基礎(chǔ)數(shù)據(jù)，就可以誘使計算機程序執(zhí)行能夠?qū)е隆八查g暴跌”的交易，給整個市場造成嚴(yán)重破壞。

工業(yè)生產(chǎn)也同樣容易受到影響。2017年，黑客部署了一種新型惡意軟件Triton侵入沙特阿拉伯的一家石油化工廠。黑客入侵了工廠的技術(shù)操作系統(tǒng)，更重要的是，入侵了工廠的安全控制系統(tǒng)——這是防止設(shè)備故障和潛在災(zāi)難性爆炸或火災(zāi)的最后一道防線。Triton內(nèi)置自毀程序，該程序?qū)?chuàng)建“無效數(shù)據(jù)，以覆蓋其操作痕跡”。幸運的是，Triton的操作軟件僅導(dǎo)致工廠關(guān)閉，而沒有引起爆炸。

與此同時，深度造假正在改變?nèi)蛘巍Ｄ切┍淮鄹牡囊粢曨l逼真地展示著那些從未發(fā)生過的事情，從未說過的話。他們使用機器學(xué)習(xí)算法和人臉映射軟件來模擬真人。把邁克·泰森的臉換成奧普拉·溫弗瑞或把尼古拉斯·凱奇的臉換成艾米·亞當(dāng)斯（飾演超人女友露易絲·萊恩），可能會挺有趣。

但美國國防部卻笑不出來，因為有可能會出現(xiàn)一段假的但相當(dāng)可信的視頻，視頻中某位世界領(lǐng)導(dǎo)人或許正在煽動暴力或宣戰(zhàn)。美國國防部先進研究項目局（Defense Advanced Research Projects Agency）推出了一項重大舉措，以打擊“大規(guī)模自動化虛假信息攻擊”。他們的想法是利用算法和機器學(xué)習(xí)來實時處理成千上萬的視頻和圖像，尋找“不一致語義檢測器”。

在今天這個新的數(shù)字世界里，我們無法完全相信自己的眼睛和耳朵。對企業(yè)而言，這種風(fēng)險已經(jīng)成為現(xiàn)實，不再僅僅是理論：最近，一名利用深度偽造技術(shù)冒充的首席執(zhí)行官在電話中成功指導(dǎo)下屬進行欺詐交易，令企業(yè)領(lǐng)導(dǎo)人和執(zhí)法部門深感不安。

是時候讓所有組織都適應(yīng)這一現(xiàn)實了，是時候讓普通人在自己的數(shù)字生活中加入一個新問題：“如何確保我看到的是真實的？”網(wǎng)絡(luò)安全最重要的是對分割后又重新編目的網(wǎng)絡(luò)和數(shù)據(jù)保持警惕。為了提防數(shù)據(jù)操縱，有三點最重要：指紋識別、終端可見性和備份。

數(shù)據(jù)完整性的基礎(chǔ)是對文檔和數(shù)據(jù)進行指紋識別。在此過程中，通過軟件嵌入一個惟一的、與組織的數(shù)據(jù)清單匹配的文本串來驗證數(shù)據(jù)。這在外人看來無害，同時讓信息所有者能夠驗證自己的數(shù)據(jù)。

除了在創(chuàng)建信息時就做好信息驗證外，組織還需要保護好信息的存儲和訪問。組織中使用的每一種設(shè)備都需要設(shè)立專門賬戶和規(guī)劃方案——不僅是計算機和智能手機，還有存儲驅(qū)動器、接入的顯示器和設(shè)備。這些“終端”中的每一臺設(shè)備都可以成為進入門戶的門戶——也可以成為早期預(yù)警系統(tǒng)，從而保護組織中更大的網(wǎng)絡(luò)不受侵害。終端安全可靠是防范數(shù)據(jù)操縱攻擊的重要手段。

任何曾因軟件崩潰丟失文件、將筆記本電腦落在機場安檢處或手機被盜的人都知道數(shù)據(jù)備份有多重要。同樣的原則也適用于網(wǎng)絡(luò)被破壞的銀行，所有的客戶和賬戶記錄都被替換成了篡改后的數(shù)據(jù)。為了重新生成幾十萬條準(zhǔn)確的記錄，銀行需要有之前的（但是最近的）未被損壞的數(shù)據(jù)組。與之類似，組織需要不斷地備份和保存重要的數(shù)據(jù)和文檔——保存在單獨的網(wǎng)絡(luò)中，這些數(shù)據(jù)和文檔可以用來進行數(shù)據(jù)和流程的交叉檢查，還可以快速重建損壞的系統(tǒng)。

縱觀歷史，技術(shù)變革迫使社會為了追求真相和信任做斗爭。印刷機、攝影、無線電、移動圖像和PS技術(shù)都改變了人們對真實、想象和偽造的理解。在這個新時代，網(wǎng)絡(luò)不法行為正在侵蝕人們對金融、工業(yè)和政治體系的信心，公共部門和私營部門都有責(zé)任在一個欺騙日益增多的時代，努力維護人們的信任。

皮特·J·貝沙是威達信集團（Marsh & McLennan Companies）的執(zhí)行副總裁兼總法律顧問，經(jīng)常就網(wǎng)絡(luò)安全問題在美國國會作證。阿里·馬海拉斯是美國聯(lián)邦調(diào)查局紐約外勤辦公室負責(zé)反情報和網(wǎng)絡(luò)行動的特工。

?

In 2017, Konrads Voits hacked the IT system of the Washtenaw County Jail in Michigan. A friend was serving a sentence there, so Voits digitally altered the county’s electronic prison records to accelerate his scheduled release date. Fortunately, jail staff found paper records proving the deception and promptly notified the FBI and Department of Homeland Security. Voits has now joined his friend serving time behind bars.

This example of digital data manipulation is a harbinger of a new frontier in cyber attacks: a breach of trust in the integrity of the data that powers the increasingly digitized world.

The cyber breaches that make the news tend to fall into two categories: the theft of sensitive data and ransomware attacks that cut off access to data. Yet, senior military and intelligence officials believe that manipulating the data itself may pose the greatest threat of all. Admiral Mike Rogers, former head of the U.S. Cyber Command and the National Security Agency, once testified that his worst-case cyber scenario involved “data manipulation on a massive scale.” As virtually everything becomes digitized and globally interconnected by vast volumes of data, the threat posed by data manipulation spans virtually every sector and industry.

Today, as much as 85% of stock market trades happen “on autopilot,” as the Wall Street Journal reported, “controlled by machines, models, or passive investing formulas.” Indeed, rapid-fire, automated trading cascades across financial markets and exchanges. It relies on complex algorithms using inputs from multiple data sources, including share prices and other market trends. If hackers surreptitiously alter the underlying data feeding the algorithms, they can induce the computer programs to execute trades that precipitate so-called flash crashes that cause havoc in the markets.

Industrial production is similarly susceptible. In 2017, hackers deployed Triton, a new form of malware, to penetrate a petrochemical plant in Saudi Arabia. The hackers gained access to the plant’s operational technology systems and, critically, its safety controls—the last line of defense against equipment failure and potentially catastrophic explosions or fires. Triton included a built-in self-destruct program that would create “invalid data to cover its tracks.” Fortunately, Triton’s operational malware caused the plant to shut down rather than explode.

Meanwhile, deepfakes are altering global politics. These manipulated bits of video and audio realistically display something that never happened or was never said. They use machine learning algorithms and facial-mapping software to animate real people. It may be funny when it’s blending Oprah Winfrey into Mike Tyson or Amy Adams (as Lois Lane) into Nicolas Cage.

But the Department of Defense (DoD) isn’t laughing so much, given the possibility of a fake but believable video of a world leader inciting violence or declaring war. The DoD’s Defense Advanced Research Projects Agency has undertaken a significant initiative to combat “l(fā)arge-scale automated disinformation attacks.” The idea is to deploy algorithms and machine learning to instantaneously process hundreds of thousands of videos and images searching for “semantic inconsistency detectors.”

In today’s new digital world, we can’t always believe our own eyes and ears. The risk is no longer theoretical for companies: Corporate leaders and law enforcement were recently rattled by a deepfake impersonating a CEO successfully directing a fraudulent transaction over the phone.

It’s time for all organizations to adapt to this reality and for individuals to add a new question to their own digital lives: “How do I know what I’m seeing is real?” The most important cybersecurity practices require the constant vigilance of segmented and inventoried networks and data. For data manipulation, three aspects rise to the top: fingerprinting, endpoint visibility, and back ups.

The foundation of data integrity will be fingerprinting documents and data. The process uses software that authenticates data by embedding a unique, identifying text string that matches to the organization’s data inventory. While it looks benign to outsiders, it gives the owners of the information the ability to validate their data.

In addition to verifying information at its creation, organizations need to secure it where it’s stored and accessed. Every device used in an organization needs to be specifically accounted and planned for—not just computers and smartphones, but storage drives and connected monitors and devices. Each of these "endpoints" can really be gateways into a network—or early warning systems to protect an organization's larger network from being compromised. Sound endpoint security can be a vital guard against data manipulation attacks.

Anyone who’s lost a document to a software crash, left their laptop at airport security, or had a phone stolen knows how important it is to back up their data. The same applies to a bank where the network’s been compromised, and all customer and account records replaced with altered data. To regenerate hundreds of thousands of accurate records, the bank needs an earlier (but recent) set of uncorrupted data. Similarly, organizations need to be able to constantly back up and preserve, in separate networks, vital data and documents that can be called on to crosscheck data and processes, and quickly rebuild corrupted systems.

Throughout history, technological changes have forced society to grapple with truth and trust. The printing press, photography, radio, moving images, and Photoshop all precipitated shifts in what can be understood to be real, imagined, or counterfeit. In this new era of cyber malfeasance that threatens to erode confidence in financial, industrial, and political systems, it’s up to both the public and private sectors to focus on safeguarding trust in a time of increasing deceit.

Peter J. Beshar is executive vice president and general counsel of Marsh & McLennan Companies and has testified frequently before Congress on cybersecurity matters. Ari Mahairas is the special agent in charge of counterintelligence and cyber operations at the FBI’s New York Field Office.