黑客的阴暗面：网络犯罪日益猖獗

《经济学人》。大家好，欢迎收听《经济学人》的“情报”栏目。我是杰森·帕尔默。

The Economist. Hello, and welcome to the intelligence from The Economist. I'm Jason Palmer.

我是罗茜·布鲁尔。每个工作日，我们都会为您提供塑造世界事件的新视角。作为记者，我们分析数据并解读其含义。但我们的非洲通讯员遇到了一个问题：在他报道的国家，统计死亡人数变得越来越困难，因此难以了解实际情况。

And I'm Rosie Bloor. Every weekday, we provide a fresh perspective on the events shaping your world. As journalists, we analyze data and explain what it means. But our Africa correspondent has a problem. In the countries he reports from, it's getting ever harder to count the number of deaths and therefore to know what's happening.

您可能听说过黑巧克力不仅比牛奶巧克力更健康，而且本身就对身体有益。我们审视了相关证据，但正如科学和医学领域常见的那样，实际情况要复杂得多。

And you may have heard that dark chocolate is not only better for you than the milky kind, but just good for you, full stop. We look at the evidence, and as so often with science and medicine, it's more complicated than that.

但首先。过去对许多企业来说，最大的安全隐患是收银机被抢劫。但和其他人一样，犯罪分子也在与时俱进。英国国家网络安全中心在今天发布的年度报告中称，过去一年重大网络攻击增加了50%。这是一个全球性问题。

But first. Back in the day, for many businesses, the biggest security concern was having the cash register robbed. But like everyone else, criminals have moved with the times. In its annual review released today, Britain's National Cyber Security Centre says in the past year, highly significant attacks have increased 50%. And it's a worldwide problem.

晚上好。米高梅度假村遭遇大规模网络攻击已超过三周。捷豹路虎遭遇重大网络安全事件。今天是伦敦药店的最后期限之夜，零售巨头玛莎百货网络安全方面出现多项新进展。我们遭到攻击 网络安全攻击 网络攻击 企业几乎无力应对 上月日本酿酒商朝日遭受攻击后，不得不通过传真接收订单。

Good evening. It's been more than three weeks since MGM Resorts was hit with that massive cyber attack. Jaguar Land Rover has been hit by a major cyber incident. Today is deadline day for London Drugs Tonight, a number of new developments The retail giant Marks and Spencer is cyber security. We're attacked Cyber security attack Cyber attack Companies have proved almost powerless to respond An attack last month on the Japanese brewer, Asahi, saw it resorting to taking orders by fax.

那么该如何应对这个问题呢？

So what can be done about it?

拿着棒球棍上门就能让人乖乖掏钱。

Turning up with a baseball bat gets people to open their wallet.

亚历克斯·赫恩是《经济学人》的科技记者。

Alex Hearn is a tech correspondent for The Economist.

过去，如果你是一个勒索软件组织，你会偷偷摸摸、悄无声息地行动。你会试图悄悄潜入，安装勒索软件，然后等待付款。如果你运气不好，对方会从备份中恢复数据，无视你。如果你运气好，你会收到一大笔比特币，然后继续你的日子。

It used to be that if you were a ransomware outfit, you used to do that sneakily, subtly. You would try and worm your way in. You'd install this ransomware, and then you'd wait for the payment. And if you're unlucky, they'd restore from backup and ignore you. If you were lucky, you'd take a load of cash in Bitcoin and move on with your day.

最近发生的情况是，从事这种犯罪的团伙——大多位于俄罗斯及其周边地区，但也有少数但重要的群体在英国——意识到，如果你不采取隐蔽的方式，更容易让人们付钱。与其偷偷潜入并窃取他们的数据，不如直接数字上摧毁他们的系统，然后要求付款，否则就继续攻击。

What's happened recently is the criminal gangs that do this, mostly based in and around Russia, but there's a small but important cohort based here in England, have realized that it's easier to get people to pay up if you don't do it subtly. If rather than sneaking in and lifting data from their stores, you instead just smash their systems up digitally and then demand payment or you'll carry on doing it.

让我们先退一步。网络攻击的频率一直在增加，对吧？

So let's just back up for a minute. We've had a growing frequency of cyber attacks. Right?

是的。自2013年左右以来，这确实是一个问题。CryptoLocker是最早的加密勒索软件之一，这种特定类型的恶意软件会加密数据，将其作为人质，并要求通常以比特币支付赎金以获取密钥。这是一个真正的技术飞跃，并且由于加密货币的出现而成为可能。在此之前，也曾有人尝试开发这类软件，但由于支付可追踪而失败了。

Yeah. It's been a real issue since around 2013. CryptoLocker was one of the first pieces of crypto ransomware, this particular type of malicious software that encrypts data, holds it ransom, and demands payment in, usually, Bitcoin to get the keys. That was a real technological leap, and it was enabled because of cryptocurrency. Before then, there had been efforts to build software of that sort, but they fell down in the fact that payments were traceable.

你知道，如果你要求某人寄一张支票，然后你才解密他们的电脑，嗯，联邦调查局可以很容易地追踪那个银行账户，并且在几个案例中确实这么做了。加密货币的兴起意味着这是一个可行的商业模式，我们看到软件和使用它的团伙激增。但有一段时间，这仍然是一种相当小规模的、一对一的事情。犯罪团伙没有进行大规模针对性攻击的部分原因是，他们通常位于俄罗斯，并不真正知道他们在攻击谁。最近的变化是，首先，出现了一群非常有趣的英语系黑客，他们似乎拥有本地知识。

You know, if you ask someone to post a check and you'll unencrypt their computer, well, the FBI can follow that bank account quite easily and did in a couple of cases. The rise of cryptocurrency meant that this was a viable business model, and we saw an explosion in the software and the gangs that would use it. But for a while, it was still quite a small, like, one on one thing. The criminal gangs weren't doing big targeted attacks in part because they were usually based in Russia, didn't really know who they were hacking. What's changed recently is, a, there's been a really interesting group of Anglophonic hackers who seem to have local knowledge.

当我们逮捕他们通常相当次要的成员时，他们往往是17到20岁的年轻男子，常驻英国。他们仍然使用这些俄罗斯犯罪团伙提供的工具和技术，但他们拥有本地知识，使他们能够选择目标，猛烈攻击，然后不退缩，不仅要求付款以释放文件，还要求实际退出网络，让企业恢复盈利运营。

When we arrest usually quite minor members of them, they're young men, 17 to 20 year olds based in Britain often. They still work with tooling and technology provided by these Russian crime gangs, but they have the local knowledge that lets them pick targets, hit them hard, and then not back down, demand payment not just for releasing the files, but also for actually stepping away from the network and letting the business return to profitable operation.

那么他们选择的一些目标是哪些呢？

And what are some of

最近，我们看到针对像Co op和玛莎百货这样的食品零售商、伦敦交通局的大规模破坏性黑客攻击。而我们认为最大的一起是针对捷豹路虎的，至少从它造成的破坏程度来衡量是这样。

the targets they've picked? So recently, we've seen massive crippling hacks on grocers like Co op and Marks and Spencer's, on Transport for London. And the biggest one, we think ever, in Jaguar Land Rover, at least when you measure it by the disruption it's caused.

你这么说是什么意思？为什么在那个情况下损失如此惨重？

So what do you mean by that? Why was it so costly in that situation?

因为捷豹路虎是一家大公司。仅在英国就雇佣了3万1千人，并且是一个更广泛的供应商网络的一部分，该网络雇佣了数十万人，主要分布在默西塞德郡和西米德兰兹郡。当它的生产线陷入停顿时，所有这些公司都受到了影响。几周之内，其中一些公司就表示它们几乎要倒闭了。而且，你知道，一旦一家公司倒闭，它不可能在生产线重启时就重新恢复。

Because JLR is a huge company. It employs 31,000 people across Britain alone and part of a wider network of suppliers that employs hundreds of thousands of people, largely in Merseyside and the West Midlands. When its production lines fell silent, all of those companies were impacted. And within weeks, some of them were saying they were nearly folding. And, you know, once a company goes under, it can't just come back when the production lines restart.

这可能对英国经济的相当一部分造成了永久性损害。因此，英国政府认为必须提供15亿英镑的贷款担保，以维持这些公司的运营。这也是一个很好的例子，说明了勒索软件公司所追求的金额与他们所造成的损害之间的差距。2024年，全球支付给勒索软件公司的赎金不到10亿美元。所以，在全球范围内，他们仅用10亿美元，就对一家公司造成了15亿英镑的损失，而且他们一次又一次地这样做。

It could have caused permanent damage to a significant chunk of the British economy. As a result, the UK government felt it had to underwrite a £1,500,000,000 loan to keep those companies afloat. It's a good example also of the discrepancy here between the money that ransomware companies are operating for and the damage they do. Globally, less than a billion dollars in ransoms were paid to ransomware companies in 2024. So for a billion dollars everywhere, they're causing 1 and a half billion pounds worth of damage to one company alone, and they're doing that again and again and again.

所有的犯罪都是破坏价值的，但这确实相当糟糕。

All crime is value destroying, but this is pretty bad.

我们能从这些攻击中学到什么？

And what can we learn from those attacks?

我们可以了解到，这种盗贼与暴徒的二分法似乎正在迅速流行起来。这些并非小规模攻击，也不是试图扣押硬盘以获取少量赎金的行为，而是蓄意破坏。他们并不顾忌自己负有数据保护义务，也不在乎客户名单泄露会带来的尴尬。

We can learn that this thief thug dichotomy seems to be really picking up steam. These are not small attacks. These are not efforts to hold a hard drive hostage and get a small amount of cash. These are deliberately destructive. It's not taking the fact that they have data protection obligations and that they'll be embarrassed if their customer lists leak.

他们利用的是这样一个事实：当这些系统遭到严重破坏和锁定时，玛莎百货无法运行其物流链并将新鲜食品上架，无法进行任何点击取货订单。捷豹路虎不得不关闭生产线，因为操作这些复杂机械的设备无法运行。

It's using the fact that when these systems are so damaged and so locked up that Marks and Spencer can't run its logistics chain and get fresh food on the shelves. It can't do any click and collect ordering. Jaguar Land Rover has to just shut down the production line because the complex machinery that operates it can't run.

那么公司应该怎么做呢？

So what should companies be doing?

这很难说。许多企业做了简单的事情，却对困难的部分视而不见，无论是机器人手臂中的嵌入式系统，甚至是像《经济学人》这样的公司在办公室里设置的会议室预订屏幕。他们心想，哦，也许我们不必处理那些。但事实证明你必须处理。你必须修复一切，因为任何东西都可能成为入侵的途径。

It's difficult to say. A lot of businesses did the easy stuff and stared at the hard stuff, be that embedded systems in robotic arms or even things like the room booking screens that companies like The Economist have around the office. And when, oh, maybe we don't have to do that. And it turns out you do. You have to fix everything because anything can be a way in.

另一个问题是，用疫情来类比，当一切变得糟糕时，我们学到的是在系统中保留一点冗余是有好处的，拥有韧性是好的，而且当真正需要额外韧性时，将社会的某些部分外包给最便宜的供应商可能并不奏效。我认为一些企业正在认识到，将其IT安全的核心部分外包给最便宜的供应商同样存在问题。似乎勒索软件普遍流行的入侵方式之一是呼叫大型外包IT安全中心，一直打到第四十、第五十个呼叫中心处理员，他们错误地遵循脚本，在不应该的情况下交出了凭证。这往往成为攻击者侵入更广泛网络所需的立足点。因此，或许不寻求运行IT的最廉价方式可能是企业应该吸取的教训之一。

The other problem is that, to draw an analogy from the pandemic, we learn when everything went crap that actually having a little bit of slack in the system is good, having resilience is good, and that maybe having run parts of society on outsourcing to the cheapest provider didn't work so well when you really needed extra resilience. What I think some businesses are learning is that outsourcing core parts of their IT security to the cheapest provider is similarly having a problem. And it seems like one of the popular ways into ransomware in general is to call a large outsourced IT security hub and just keep going until you find the fortieth, fiftieth call center handler who follows the script the wrong way and hands over credentials when they shouldn't. That can often be the toehold that an attacker needs to break into the wider network. So perhaps not looking for the cheapest way of running your IT can be one of the things that businesses should learn.

听起来另一个教训是公司实际上无法保护自己。政府能帮忙吗？政府应该帮忙吗？

It sounds like one of the other lessons is that companies actually can't protect themselves. Can governments help? Should governments help?

政府可以提供帮助。政府能做的一件大事是将此视为供给侧问题来打击。犯罪性黑客攻击是一门生意。如果让运营恢复的最便宜方式是向罪犯支付赎金，那么你就会这么做。但作为一个集体行动问题，这很糟糕，因为它意味着这门生意有市场存在。

Governments can help. One of the big things that governments can do is attack this as a supply side problem. Criminal hacking is a business. If the cheapest way of getting your operations back up and running is to pay the criminal, then you will. But as a collective action problem, it sucks because it means that there is a market for this business.

政府可以做的一件事是，这将是一个大胆的举措，对吧？这会很不寻常。政府不喜欢这样做，但他们可以像处理恐怖主义融资等其他问题那样，禁止支付此类赎金。他们可以说，不允许资助这些人。

One thing governments can do, and, it would be a bold move. Right? It would be unusual. Governments don't like doing this, but they could ban the payment of such ransoms in a way that they do in other issues like terrorist financing. They could say, you are not allowed to fund these people.

如果你这样做就是犯罪行为，你必须停止。短期内会带来痛苦，因为你需要，你知道，给自己戴上枷锁，向黑客证明你是认真的。无论他们造成多大破坏，他们都拿不到钱。政府需要想办法不把所有风险都揽到自己身上。它可能需要接受一些企业倒闭而不是支付赎金。

It is a criminal act if you do, and you have to stop doing it. That will be short term pain because you need to, you know, bind yourself with the mask, prove to the hackers that you're serious. They won't get paid no matter how much damage they do. The government would need to work out ways to not take all of that risk on itself. It would probably need to be happy with some businesses going under rather than paying the ransom.

禁止支付的一个担忧是，它可能会使这类支付转入地下。我认为实际上这不太可能。大企业往往不会故意违法。我认为可以信任大公司的董事不会这样做。但这里也有理由要求更高的透明度，强制人们在确实被黑客攻击时进行披露。

One of the fears of banning the payments is that it could drive this sort of payment underground. I think in practice, that's unlikely. Big businesses tend not to actually deliberately break the law. Directors of large companies can be trusted, I think, not to do this. But there's also a case for greater transparency requirements here, forcing people to disclose when they have actually been hacked.

目前，只要有任何法律要求，他们往往就会拖延。他们在几个月甚至几年后才披露。如果可以蒙混过关，大多数企业根本不想承认自己被黑了。所以他们只是掩盖起来，这意味着我们无法真正了解问题的严重性，无法区分这种无法隐藏的破坏性攻击与那些潜入、索要赎金然后消失在夜色中的狡猾窃贼相比有多罕见。

Currently, they often drag their feet insofar as they have any legal requirements. They disclose it months or even years down the line. And if they can get away with it, most businesses don't want to admit they've been hacked at all. So they just cover it up, which means that we have no real sense of how serious this is, how rare these sort of wrecking maneuvers are that you can't hide versus the subtle thieves who break in, ask for payment, and then disappear into the night.

亚历克斯，非常感谢你。

Alex, thank you so much.

谢谢邀请。

Thanks for having me.

对我来说，能体现这场战争多么无形和可怕的一点是，我们没有可靠的死亡人数统计。我们 literally 不知道死了多少人。之前提到的数字是1.5万到3万。有些人认为达到了15万。我们现在正在支持一些利用方法进行记录和...

One of the things that to me captures just how invisible and horrific this war is is that we don't have a credible death count. We literally don't know how many people have died. The number was mentioned earlier, 15 to 30,000. Some think it's at a 150,000. We are now supporting a couple of efforts to use methodologies to document and

这是时任美国苏丹问题特使汤姆·佩里洛于2024年5月向国会讲述苏丹战争死亡人数时的发言。其中最高的数字——十五万——是最引人注目的。但这仅仅是个估计。

That's Tom Perriello, then America's special envoy to Sudan, speaking to Congress in May 2024 about the death toll in Sudan's war. The highest of those numbers, one hundred and fifty thousand, was the one that stuck. But it was just a guess.

汤姆·加德纳是我们的非洲通讯记者。

Tom Gardner is our Africa correspondent.

这也是一个必要的估计。在此之前，媒体和联合国最常引用的死亡人数是两万，这一数据由武装冲突地点与事件数据项目（ACLED）编制。但ACLED只在有具体数据（如媒体报道）时才统计死亡人数。相比之下，伦敦卫生与热带医学院的一项研究发现，在同一时期，仅苏丹首都喀土穆就有更多人因炸弹和子弹丧生。这不仅仅是苏丹的问题。

It was also a necessary one. Prior to that, the most common death toll cited by media and the UN was twenty thousand, and that was compiled by the Armed Conflict Location and Event Data Project ACLID. But ACLID only counts fatalities when it has specific data for them, such as media reports. By contrast, a study by the London School of Hygiene and Tropical Medicine found more people had been killed by bombs and bullets in Just Khartoum, Sudan's capital, over the same period. It's not just Sudan.

在非洲各地的冲突中，统计死亡人数非常困难，或许尤其困难。而且似乎越来越难。以埃塞俄比亚在提格雷的战争为例。ACLED称至少有五千三百二十五人因直接战斗或针对平民的暴力而死亡。但最常被引用的死亡人数是六十万。

In conflicts across Africa, it is hard, perhaps uniquely hard, to count the dead. And it seems to be getting harder. Take one example, Ethiopia's war in Tigray. Ackled said that at least five thousand three hundred and twenty five people died as a result of direct combat or violence targeting civilians. But the most commonly cited death toll is six hundred thousand.

这比准确估计高出100多倍。然而，一项更近期的研究将死亡人数（包括战争引发的饥饿和疾病所致）定在接近十万两千人。顺便提一下，所有这些统计都排除了提格雷地区以外的死亡人数。这样的差异很常见，有时可能非常巨大。二十年前发表的一项关于第二次刚果战争的开创性研究发现了数百万未被识别的死亡。

That's more than a 100 times the accurate estimate. A more recent study, however, put the number killed, including by war induced hunger and disease, at closer to a hundred and two thousand. All of these tallies, by the way, exclude fatalities outside the region of Tigray. Discrepancies like these are commonplace and sometimes can be vast. One pioneering study published two decades ago on the second Congo war uncovered millions of unrecognized deaths.

在饱受叛乱困扰的中非共和国进行的一项类似研究发现，仅2022年一年，该国就有百分之五点六的人口死亡。这是当年世界上记录到的最高数字，高达联合国此前猜测的四倍。有几个原因解释了为何在非洲冲突中统计死亡人数尤其困难。直接的尸体计数依赖于媒体报道和暴力死亡事件。但可靠的电信接入意味着事件并不总能登上新闻。

A similar study conducted in the insurgency wracked Central African Republic found that five point six percent of the country's people had died in 2022 alone. That's the highest number recorded that year anywhere in the world and up to four times what the UN had previously guessed. Several things explain why it is especially hard to count the dead in African conflicts. Straightforward body counts rely on media reports and violent deaths. But access to reliable telecoms mean that incidents don't always make the news.

例如，在南苏丹，约85%的人口无法上网，因为电信网络不稳定。这可能解释了为何在2024年，ACLED将肯尼亚评为比南苏丹和中非共和国都更危险的国家。包括间接原因（如饥饿或战争引发的疾病）所致死亡在内的死亡率估计，往往能更准确地描绘冲突的全貌。但这些需要基线人口数据，而在非洲这些数据往往缺失。研究人员常常被迫依赖联合国的调查，这些调查可能零散且过时。测量超额死亡——即超出任何正常年份预期死亡人数的部分——需要可靠的记录。

In South Sudan, for example, about 85% of the population is offline because telecoms are ropey, Which probably explains why in 2024 ACLED rated Kenya more dangerous than both South Sudan and the Central African Republic. Mortality estimates that include deaths caused indirectly, for example from hunger or war induced disease, tend to paint a more accurate picture of a conflict. But these require baseline population data, and those are often absent in Africa. Researchers are often forced to rely on UN surveys, which can be fragmentary and out of date. Measuring excess deaths that's the number of deaths beyond those expected in any normal year that requires reliable records.

但根据一项研究，非洲是各大洲中死亡登记最不完整的。为什么这很重要？数字很重要。它们有助于鼓励援助，而许多这些国家迫切需要更多援助。例如，在21世纪初，刚果可能有250万人死亡的消息促使西方援助大幅增加。

But Africa has the most incomplete death registers of any continent according to one study. So why does this matter? Numbers are important. They help encourage aid, which many of these countries urgently need more of. In the early two thousands, for example, the news that two point five million could have died in Congo helped spur a big increase in Western aid.

现在有人担心非洲正进入一个新的数据黑暗时代。战争持续时间更长。捐助者变得更加疲惫。仅在过去几个月里，援助就出现了明显的重大削减。美国的“人口与健康调查”项目今年结束了，该项目在整个非洲大陆进行具有全国代表性的家庭调查。

Some now fear Africa is entering a new data dark age. Wars are lasting longer. Donors are becoming more weary. There have been obviously significant aid cuts in the past few months alone. America's demographic and health surveys, which produce nationally representative household surveys across the continent, those ended this year.

更糟糕的是，非洲的几个政府似乎对独立的死亡人数统计变得更加敌视。这意味着一些外部机构可能会避免发表他们的研究，或者干脆不做这些研究。例如，医疗慈善机构无国界医生组织就没有公布其在埃塞俄比亚提格雷地区的死亡率调查，因为担心政府会通过限制进入该地区进行报复。事后看来，这可能拯救了生命，但最终，我们永远无法知道具体有多少。

And then compounding the problem, several governments in Africa appear to be becoming more hostile to independent body counts. That means some outsiders may refrain from publishing their studies or refrain from doing them altogether. So for example, Medecins Sans Frontiers, a medical charity, did not publish its mortality survey in Ethiopia's Tigray region for fear that the government would retaliate by restricting access to the region. This probably, in hindsight, saved lives, but ultimately, we won't ever know how many.

《经济学人》的医疗保健记者Slavea Chankova在演播室里，带着三件有趣的物品。Slavea，你带来了什么？

Slavea Chankova, the economist's health care correspondent, is in the studio with three curious items. What what have you got there, Slavea?

所以我给你带了些巧克力。我有一条牛奶巧克力棒，一条70%的黑巧克力，还有一条100%的黑巧克力棒。我有个问题要问你。你觉得哪一种对你最好？

So I've brought you some chocolates. I have a milk chocolate bar. I have one which is 70% dark, and I've got one which is a 100% dark chocolate bar. And I have a question for you. Which one do you think is best for you?

对健康最好。我的意思是，据我理解的普遍经验法则是，越黑越好。

Best for health. I mean, I I think the the rule of thumb as I've understood it is the darker, the better.

这似乎是大多数人说的，根据我在这里与同事的非正式交谈。老实说，我并不感到惊讶。你可能看过所有那些头条新闻，说巧克力对你非常健康。确实有研究，但是

That seems to be what most people say, just on my informal conversations with colleagues here. And I'm not surprised to be honest. You've probably seen all these headlines of Doctor. Chakrud is very healthy for you. And there is indeed research, but

你语气中带着一丝怀疑，暗示你来是想告诉我那个经验法则可能并非铁律。

There's a note of doubt in your voice that suggests you're here to tell me that that rule of thumb is maybe not ironclad.

所以当你看到标题说巧克力对你有益时，通常会提到某项研究。而且很多时候这并非真正研究巧克力本身，可能是研究可可提取物或只是富含黄烷醇的饮食——黄烷醇可来自多种植物性食物。这类研究常发现有益效果，比如对血压，但总体结果并不一致，且研究通常很短。

So when you see a headline saying chocolate is good for you, usually it talks about some study that has been done. And oftentimes it's not a study of chocolate actually. It's maybe a study of cocoa extracts or just a diet rich in flavanols, which can come from a variety of plant based foods. So such studies have often found beneficial effects, for example, their blood pressure, but the results overall have been inconsistent and they're usually quite short.

那为什么这个联系不牢靠呢？如果黄烷醇在巧克力和实验室中占主导地位，且它们以多种方式对你有益，为什么我不能直接推断巧克力对我有好处？

So why isn't that link secure then? If flavanols are in preponderance in chocolate and in the lab, they're good for you in various ways, why shouldn't I make the jump to chocolate's good for me?

有几个原因。首先，我们不知道一块巧克力棒含有多少黄烷醇。这与加工过程有关，标签上并不标明黄烷醇含量。但另一个原因是，当你吃巧克力时，你也在摄入大量其他成分，比如糖和饱和脂肪。

For several reasons. First of all, we have no idea how much flavonols a chocolate bar has. It has to do with the processing. It doesn't really say in the label how much flavonols there is in the bar. But the other reason is when you eat chocolate, you're also eating lots of other stuff like sugar and saturated fats.

而这些成分含量非常高。举个例子，如果我们参考关于黄烷醇的终极随机对照试验，研究人员给人们服用含500毫克黄烷醇的可可提取物胶囊。这个量很大，要从巧克力中获取这么多，你得吃半块到近300克——相当于三大桶巧克力。

And it's really, really high on those. So if we take, for example, the ultimate randomized controlled trial on flavanols, where researchers gave people capsules with cocoa extract, which contained five hundred milligrams of flavonols. And that's a lot to be able to get that from chocolate. You have to eat anywhere between half a bar, 50 grams to close to 300 grams, which is three of those big barrels of chocolate.

到目前为止听起来还不算太糟，但请继续。

Doesn't sound so bad so far, but carry on.

所以当他们进行试验时，每天给人们服用含等量黄烷醇的可可提取物胶囊。大约三年半后，这些研究参与者并未获得显著的健康益处。在新发糖尿病率上没有差异，癌症或认知方面也没有区别。然而，心血管疾病导致的死亡减少了27%。

So when they did the trial, they gave people every day a capsule containing this much flavanols in the forms of cocoa extract. And after about three and a half years, those study participants didn't really have massive health benefits. There was no difference in terms of the rate of new cases of diabetes. There was no difference for cancer or cognition. There was however a twenty seven percent reduction in deaths from cardiovascular disease.

所以心脏病发作和中风。这是一个结果表明，也许，也许这里面有点道理。

So heart attacks and stroke. So that was one result which says that maybe, maybe there is something there.

但建议是，你得吃那么多巧克力，最终会对自己造成另一种伤害。

But the suggestion is you'd have to eat so much chocolate that you'd ultimately be doing yourself a different kind of harm.

你只需通过健康饮食就能获取黄烷醇，比如富含水果、蔬菜、谷物和豆类的饮食。你不需要吃巧克力。

You can get flavanols for just eating a healthy diet that's rich in fruits and veggies and grains and beans. You don't need to eat chocolate.

但我是否需要吃同样大量、甚至荒谬数量的其他食物来获取那些水平的黄烷醇？我只是想知道，如果我要调整饮食的话。

But do I have to eat a similarly large stroke ridiculous amount of other foods to get those levels of flavanols? Just so I know, if I'm tweaking my diet.

不一定。根据一项计算，比如，你可能吃哪些组合来获取研究中那500毫克。一种组合是两个苹果、一份坚果和一大份草莓，或者两到三杯绿茶，绿茶实际上也特别富含黄烷醇。你也可以吃含有某些豆类和谷物的沙拉。所以你其实不需要巧克力来获取这些。

Not necessarily. By one calculation, like, what are the combinations of things you might eat to get those five hundred milligrams that were in the study. One combination is two apples, a portion of nuts, and a large serving of strawberries, Or two to three cups of green tea, which is actually also particularly rich in flavonols. You could also have a salad with certain types of beans and grains. So you don't really need chocolate to get that.

我的意思是，你仍然可以把它当作一种享受。比如我带来的这个闻起来就很香，但吃掉一整块或三块其实没必要。

I mean, you can still eat it as a treat. I mean, what I brought here just smells delicious, but eating the whole bar or three of them isn't really necessary.

在你那三块巧克力中，我可能应该选择最黑的那种。至少这部分还是对的。

Among the three bars you have there, I should probably opt for the darkest possible. That part is at least still true.

我不这么认为。再次说明，已有研究测试了不同种类的巧克力，多项独立研究发现某些牛奶巧克力棒实际上可能比某些黑巧克力棒含有更多的黄烷醇。所以我会说，选择你喜欢的就好。只要确保适量食用，并将其视为一种享受，而不是健康食品。

I don't think so. Again, there's been some research out there testing different types of chocolate and independent studies of all sorts have found that some milk chocolate bars may actually have far more flavanols than some dark chocolate bars. So I would say just go with whatever you like. Just make sure you eat a little bit and you view it as a treat, not as a healthy food.

接下来，你又要进来告诉我，我少量喝的红酒和咖啡也对身体不好。哦，我讨厌这种对话。咖啡是好的。谢谢斯洛文尼亚，非常感谢您的时间。

And next thing, you're gonna come in here and tell me that my small amounts of red wine and coffee are also bad for me. Oh, I hate these conversations. Is good. Coffee is good. Slovenia, thanks very much for your time.

递给我...我不知道。你选哪种巧克力吧。

And pass me I don't know. You choose which chocolate.

我可能来一小块牛奶巧克力吧。闻起来真香。只要一点点。

I may have a little square of the milk, actually. It smells delicious. Just a tiny little bit.

一种享受。

A treat.

本期《情报》节目到此结束。明天再见。

That's it for this episode of The Intelligence. We'll see you back here tomorrow.