返回首页
[登录] [注册]
网站首页 >> 微博营销 >> 黑客攻防 >> 文章内容

危险:提防正在攻击的黑客

[日期:2011-06-24]   来源:碧波荡漾网  作者:网络   [字体:五分PK10官网 五分PK10 五分PK10官网]


谷歌、索尼、花旗银行,甚至CIA。。。他们都曾遭受日益增多、无法无天黑客的攻击。在这些黑客攻击中有哪些手段、情况都是有共性的呢?

  
Hackers are using increasingly sophisticated means to access data, but for what ends?

黑客正使用日益丰富的手段去非法访问数据,什么才能终结掉他们?

  
In late May, the US media group PBS ran a strange story on its website. "Prominent rapper Tupac has been found alive and well in a small resort in New Zealand," it reported. "The small town – unnamed due to security risks –  allegedly housed Tupac and Biggie Smalls (another rapper) for several years."

去年五月,美国PBS新闻的官网上突然出现一条消息。"杰出的Rap歌手Tupac被证实在新西兰一个小的度假胜地过着舒适的日子"消息称,“这个小镇的名字保密--考虑到安全原因--据说黑客Tupac和Biggie Smalls在那都住了几年。”(Tupac Shakur: June 16, 1971 – September 13, 1996,一名很吊的饶舌歌手,他的歌很黄很暴力,也带有种族主义,更反应当时社会问题,总之很反叛

  
For two reasons, this was a surprising piece of journalism. First, Tupac died in 1996. Second, the piece wasn't written by PBS. It had been planted on their site by a group called Lulz Security, a loose collective of anonymous hackers who wanted revenge for a recent PBS programme that criticised WikiLeaks. "Greetings, Internets," Lulz wrote on their own website, by way of explanation. "We just finished watching WikiSecrets and were less than impressed. We decided to sail our Lulz Boat over to the PBS servers for further . . . perusing." Above the message read the tagline: "Set sail for fail!"

两个因素让新闻媒体吃惊。首先,Tupac在1996年就死了。其次,这条消息可不是PBS写的。消息是被一个叫做Lulz Security的黑客组织植入PBS官网的,这个组织是由匿名团体的黑客组成,他们是对最近PBS节目批评Wikeleaks网站的事进行报复。“你好,因特网”Lulz在他们自己的网站上写到,并通过这种方式来宣战。“我们刚看完了WikeSecrets的所有内容,那没什么值得一看的。我们所以决定开启我们Lulz的黑客之船到PBS官网服务器上去玩玩,窃取更多的信息”在这条消息的标题是:“但求一败!”

  
It was an extraordinary episode, but by no means isolated. In March, hackers stole a database of email addresses from the marketing group Epsilon, in what one commentator called the largest email address heist in history. Then computer security firm RSA had their servers breached, an attack that may have led to the hacking of defence giant Lockheed Martin, an RSA client. In April, person unknown cracked Sony's PlayStation network, and stole 77 million users' data. And in the past month, the IMF, CitiBank, the Spanish police, Google, the Turkish and Malaysian governments, the US Senate, and, just two nights ago, the CIA have all been hacked in one form or other.

这是个特殊的宣言,但是世上不仅仅就这一个。在3月,黑客从Epsilon公司窃取email地址的数据库资料,评论员说那是史上最大的email资料被盗取事件。然后从事电脑安全的企业RSA,它的服务器被黑客破坏,这个攻击或许导致RSA大客户Lockheed Martin电脑防御系统失效。四月份,人所共知的Sony PlayStation网络遭到攻击,七千八百万的用户数据被盗取。上个月,国际货币基金组织,花旗银行,西班牙警署,谷歌,土耳其和马来西亚的政府,美国参议员,还有两天前的CIA都被黑客攻击过至少一次

  
It is tempting to consider this a kind of hackers' high noon. But, says Richard Clayton, a prominent computer scientist at Cambridge University, conflating these different attacks is a "bit like treating knife crime as the same as burglary". In simple terms, there are three kinds of attack taking place. Hacktivism is the most xprominent: raids by amateur groups such as Lulz (who took down sites belonging to the CIA, the Senate, and the Spanish police) or Anonymous (PayPal, PlayStation, MasterCard, and Visa), either for fun, "for the lulz" – or, increasingly, as an act of political protest. Then there's the criminal kind – professionals hunting for credit card details, or email address directories, with the aim of selling them on for profit. While the PlayStation systems were first hacked by hactivists, a second breach was made by cyber criminals who had more commercial ends. And finally, there's state-sponsored espionage, or even cyber-warfare. "Google, RSA, Lockheed Martin, IMF – the strong suspicion is that all those were state-sponsored, or state-approved," says Dave Clemente, a cyber security expert at Chatham House, the international affairs thinktank. "Whether it's Chinese, or Russian, or eastern European, a lot of these hacks seem to have been given a wink and a nod of tacit approval from states."

现在趋于黑客攻击的高峰期。但是Richard Clayton,他是剑桥大学的杰出电脑科学家,他总结这些不同的攻击事件为“有点像把持刀行凶当成入室盗窃一样轻微”。基本上,总共有三种黑客攻击方式。大部分的黑客行为并没有什么杰出技能:业余组织如Lulz(他们曾攻击过CIA,参议员和西班牙警局的网站)或匿名(Paypal,Playstation,Mastercard,Visa),一方面只是觉得好玩,另一方面则是作为政治抗议的举动,还有就是email地址的窃取则是为商业利益而为。当PlayStation系统首次被黑以后,接踵而来的攻击就是职业罪犯,他们通过窃取的信息来获得非法利益。最后,这里还有国家政策的层面,甚至国家间的网络攻击大战。“Google, RSA, Lockheed Martin, 国际货币基金组织--它们都被大家质疑为国家操控或国家支持的企业或组织”Dave Clemente说,他是查塔姆(宫)研究所的专业安全专家(查塔姆(宫)研究所:英国皇家国际事务研究所),国际事务的纠纷导致后续的黑客事件,“是否那是中国人、俄国人,东欧人,很多的黑客仿佛得到自己国家的赞许和支持去做跨国攻击”

  
Are all three categories really on the rise? Well, possibly. "It's difficult to substantiate whether there's more going on or not," says Rik Ferguson, director of security research at computer protection firm, TrendMicro. "What's certainly true to say is that more attacks are being publicly disclosed. Victims are more willing to come forward and say 'something bad happened to us'." Disclosure laws obliging companies to come clean about data breaches have been in place in many parts of the US for several years. But the real turning point, says Ferguson, came only a year ago, when Google went public with the news that it had been hacked by Chinese sources. "That got the ball rolling," says Clemente. "It suddenly seemed more permissible to report a hack. Getting hacked doesn't seem to have the stigma that it did several years ago, and there's not a feeling now that you're on your own if you get hit."

所有这些攻击类型都真的在增加吗?是的,那是非常可能的。“我们很难确认黑客攻击的数量是否正在增加”Rik Ferguson说,他是电脑安全公司TrendMicro的安全研发部门的主管,“能够被证明的是更多的攻击能够被公众发现。现在受害者更愿意站出来承认被攻击”在美国很多地区,美国公开信息法律条款已经立法,迫使公司必须澄清被攻击的数据。但真的立法效果显现在去年,Ferguson说,当Google向公众发布新闻承认,它被来自中国的黑客攻击。“那像滚雪球一样”Clemente说,“突然更多的公司报道攻击事件。被攻击看上去并不是什么丢脸的事,前几年大家会觉得丢面子,即使公司在自己的安全业务上面遭到攻击,却没什么丢人的感觉。”

  
But even if increased openness is in part to thank for the apparent hike in hacking, there has still been an exponential rise in the number of cyber threats. In 2008, security giant Symantec counted 120m malware variants; last year, that figure had risen to 286m. Symantec security strategist Sian John has also noted a large increase in what are known as "targeted attacks". A decade ago, a hacker would usually have intended a single virus to reach millions of people. Today, the average number of computers infected by an individual malware is just 15, and that is because hackers are using a new tackle called spear-fishing, which enables them to be more specific about who they target. "In the past, if you got a phish attack, it would be from a Nigerian offering you lots of money," says John. "Now it'll be from someone saying: 'Oh, we saw you at that conference last week. Here's some minutes of that conference.'" And contained within those minutes will be a virus.

但是即使增长的公开性,部分来源普通的失误被业余黑客抓到,职业的黑客攻击数量仍在增加。2008年安全杀毒公司赛门铁克统计有120个恶意攻击软件的变种;去年,这个数量增加到286个,赛门铁克安全战略部主管Sian John也曾提到有大量关于“有目的攻击”数量的增长。10年前,黑客只是发明一个病毒去毒害百万人的电脑。今天,电脑被个人恶意软件感染的感染率平均只是15,那是因为现在的黑客用了新的追踪方式叫做“鱼叉式网路钓鱼”,那能使他们更加专业的攻击他们想攻击的对象。“过去,如果你收到一次黑客攻击,就像一个尼日利亚人给你很多钱一样不可能”John说。“现在就会有个人在网上跟你说:‘Oh,我们上周在会上见过你。这里有个几分钟的会谈’”然后再这几分钟里,就会有病毒攻击。

  
This kind of targeted attack – known as spear-phishing – has become so dangerous because of the amount of information we divulge on the internet. "One of the first places a hacker will visit is LinkedIn," says Ferguson. "What do we do on there? We make our entire CV available for the world to see. You can see everywhere I've worked in the past. You can see all my connections, see everyone I've worked with, everyone I know. So a hacker can assume one of those people's identities and reference things that have happened in my professional life. And I'm far more likely to open an attachment from your email, because it's far more credible." Unsurprisingly, then, Ferguson's job involves not just infiltrating black-hat hacking communities online, but training office workers to be more aware of social engineering ruses such as these. (Security experts have also been known to test a company's defences by leaving infected USB sticks lying around and seeing whether anyone picks them up out of curiosity. In 2008, US military computers were breached in this way, according to rumour, after hackers scattered USBs across a car park at a US base in the Middle East.)

这样带有目标性的攻击--叫做鱼叉式网路钓鱼--已经变得很危险,因为我们通常会在因特网上泄露大量的信息。“黑客通常访问的第一个网址是LinkedIn,链接请进,”Ferguson说。“我们在哪儿干了些什么呢?我们几乎把我们所有的个人基本信息放在那等全世界来浏览。你能知道我过去在哪些企业工作过。你能知道我所有的联系人,我所有的同事,所有我认识的人。这样,黑客能猜想到部分这些人的特点和关于个人安全信息,那也就是我专业的部分内容。我也就能更进一步促使你打开你email里附件,因为取得你更多的信任”不必感到奇怪,Ferguson的工作不仅渗透到black-hat的黑客社区论坛,并且训练办公室工作人员警惕类似这样的黑客攻击诡计。(大家或许听说,信息安全专家也曾测试过公司的防御系统通过下面的方式,把一个感染病毒的U盘丢落一旁,看看是否有人由于好奇心去捡起它。2008年,有传闻说,在黑客把U盘散落在中东美方基地的停车场,美国军方电脑就是这样被攻击的。)

  
Targeted attacks are also popular because they enable cyber-criminals to go after individuals with access to large banks of information. "Criminals," says Ferguson, "have realised they can get more bang for their buck if they can penetrate a large aggregation of data in one single successful attack, rather than trying to compromise multiple individual PCs." Hence the hacking of Epsilon, which at a single stroke may have given hackers access to millions of email addresses.

带有目标性的攻击变得普遍,也是因为他们让职业的犯罪者能够追踪到个人的大量银行信息。“犯罪者,”Ferguson说,“他们意识到如果他们能做一次完全的个人信息收集,他们就能得到丰厚的回报,而不是尝试攻击多台个人电脑。”因此Epsilon遭到的攻击,会让黑客有机会访问百万个电子邮箱地址。

  
The most audacious example of a targeted attack is thought to be an act of espionage rather than criminal activity. Last year's Stuxnet worm supposedly worked its way through the Iranian military computer system with a single goal: to damage the centrifuges that controlled the country's uranium enrichment programme. But while, according to John, "Stuxnet is the most sophisticated piece of malware we've ever seen", most hacking techniques have not necessarily changed much in recent years.

关于带有目标性的攻击,最耸人听闻的案例是用于间谍活动,而不是商业罪犯。去年的Stuxnet蠕虫病毒就是这样,它进入伊朗的军事电脑系统只为一个目的:破坏伊朗控制铀浓缩程序的离心机。然而,John说,“Stuxnet是我们目前见到最复杂的恶意攻击软件”,大部分的黑客核心技术在过去几年里并没有多大的变化。

  
"They sound rather complicated," says David Whitelegg, who blogs at ITSecurityExpert.co.uk, "but really they are often no more sophisticated than they've ever been." The malware that led to the hacking of security giant RSA may have been a "zero-day attack" – ie, it had never been seen before – but the method of infection was nothing new. "At the end of the day, a user within that company opened an email. It went into his spam box, he opened it, and that launched the attack. And that's the way it's always been."

“技术手段看上去多了,”David Whitelegg说,他在ITSecurityExpert.co.uk上发表博客,“但实际上黑客们现在的技术并没有比以前丰富。”恶意软件导致安全巨人RSA公司遭到“zero-day attack”攻击(指系统有缺陷,被黑客抓住而发起的攻击)--通过IE,以前没有发生过这种事--但是攻击的技术却是老套。“在当天工作时间快要结束的时候,一个公司里的用户打开了一个垃圾邮箱里的邮件,他打开了它,然后程序的攻击开始了。这样的技术手段从来都有。”

  
Distributed denial of service attacks (DDoS) – the method employed by Anonymous to take out PayPal, Mastercard and Visa by overloading them with hits – are also nothing new. "DDoS has been around for years," Whitelegg says. "There's nothing you can do about it."

分布式的服务拒绝--这个攻击的方法被匿名团体用来攻击PayPal, Mastercard 和Visa,Anonymous团体的黑客通过对官方服务器程序进行过载的攻击--那也没有什么新鲜的。“DDoS攻击好多年前就有”Whitelegg说,“关于它,没有什么新鲜的。”

  
But even if their methods are old, the arrival of groups such as Anonymous and its offshoot Lulz Sec does mark a changing of the guard. "Hactivism is definitely on the rise," says Ferguson. "Anonymous were previously quite a cliquey underground community. But as the WikiLeaks thing unfolded, and they gave their support to Julian Assange, and they began to attack organisations they felt were treating WikiLeaks unfairly, they have garnered a lot of coverage. They've associated themselves very cleverly to V for Vendetta, a popular film with a popular image and well-known taglines such as 'We are Legion'." New members have also realised how simple it is to join the group. "If they want to participate, it's very easy for them to download a tool that hands over your computer to Anonymous" – and which then allows them to take part in DDoS attacks.

但即使他们的方法很老,新的黑客组织,如Anonymous和他的分支Lulz Sec却记录对此攻击方法的防御手段。“黑客确实在增加,”Ferguson说,“Anonymous团体原来是个地下组织。但当WikiLeak的事件发生后,他们开始支持Julian Assange,并且他们开始攻击很多他们认为对WikiLeak不公的公司,他们曾搜集大量的新闻消息。他们也非常精明的自发组织攻击,像V for Vendetta一样,那是一部很流行的电影,有着流行的图片和著名的台头,如‘我们是古罗马战士’。”新的黑客成员也意识到加入组织很容易。“如果他们想加入,是非常容易的下载黑客软件工具,并把自己的电脑加入到Anonymous”--然后运行,加入到集体DDos攻击中来。

  
Yet if their rise is partly down to greater exposure and clever associations, it is also undeniably linked to a growing political consciousness throughout the cyberspace community. The anarchist collective Deterritorial Support Group recently posted an essay entitled "Twenty Reasons Why it's Kicking Off in Cyberspace", which aimed to explain the recent rise of Anonymous and Lulz. "Make no mistake," they wrote, "this is not a minor struggle between state nerds and rogue geeks – this is the battlefield of the 21st century, with the terms and conditions of war being configured before our very eyes . . . At the heart of it is a newly politicised generation of hackers who have moved from a lulz-based psychic-economy to an engaged, socially aware and politically active attitude towards world events, primarily as a reaction to the way governments and multinationals dealt with the fallout of WikiLeaks."

如果他们的崛起部分归功于更多的曝光炫耀和更精明的组织,但也不可否认在专业的黑客空间里,有日益增长的政治目的攻击。无政府主义者共同在Deterritorial Support Group(Deterritorial Support Group是一个匿名的政治社区论坛)发表了随笔“二十个为什么在网络世界展开攻击的原因”,文章解释最近Anonymous和Lulz组织攻击次数增加的原因。“没有搞错”他们写到,“这并不是国家间或流氓团体间的小摩擦--这是21世纪的新战争领域,和以前在我们眼里浮现的战争一样...他的内心深处是新一代黑客的政治观点情节,他们完成从黑客对技术的炫耀或非法获利,转变到带有政治目的黑客行为,对社会敏感并对世界政治事件有自己的政治观点,有代表性的就是对政府发起的黑客战和各国对WikeLeak的处理方式。”

  
Such political development engagement raises new moral questions. A Lulz attack on, say, the CIA, is primarily an act of protest – a web-based sit-in, if you like. "And if the police are wary of arresting people for taking part in a real-life sit-in," asks Ferguson, "then why are they so willing to arrest people for the digital equivalent?" In other circles, however, such actions are considered less protest, and more acts of war. "Cyberspace," read a Chatham House cyber security report from last year, "should be viewed as the 'fifth battlespace', alongside the more traditional arenas of land, air, sea and space". Significantly, the report also noted that "in cyberspace the boundaries are blurred between the military and the civilian, and between the physical and the virtual; and power can be exerted by states or non-state actors, or by proxy . . ."

这类政治行为的发展引发了很多关于道德的疑问。一个Lulz成员攻击CIA的事件,其实是类似“网页型的示威静坐”的行为。“如果警察逮捕示威静坐的人时慎重考虑的话,”Ferguson问道“他们还会对政治抗议的网络攻击而苦恼吗?”另外,这些网络抗议的攻击不会被认为只是抗议那么简单,更像战争行为。“计算机网络的空间战”去年查塔姆(宫)研究所的报道说“这种黑客行为应该被当做第五次空间战争,对比传统战争领域,如陆地,空中,海洋,外太空。”重点部分,报道也提到“网络的空间战也淡化了军方和平民的边界,淡化了现实与虚拟的边界;力量能被国家或非国家组织所掌握,代理。。。”

  
It is tempting to think of this kind of debate as irrelevant to our everyday lives. Symantec says mobile phone technologies will be hacking's next target, and perhaps it is physical problems such as this that we should be more concerned about. But as we increasingly live more of our lives online, and as that boundary "between the physical and the virtual" is increasingly blurred, perhaps it is the conceptual questions posed by hacking that will ultimately prove more significant.

这好像是让我们参与跟我们生活不相关的讨论。赛门铁克说,移动手机技术将是黑客的下一个目标,也许这样的问题更加现实一点,现实到每个人都会关注。但是当我们在网上的生活越来越多,当“现实与虚拟”的边界被逐渐埋葬,这是一个黑客们提出的观念性问题,它最终会被证明它变得更加意义重大了。

  
A hacking glossary

黑客词汇表

  
Know your malware from your DDoS

了解一点关于DDoS攻击的恶意软件

  
Anonymous Anarchic coalition of hackers who rose to prominence after committing DDoS attacks (see below) against MasterCard, Visa, and PayPal last year. Previous targets included the Church of Scientology and the government of Zimbabwe.

Anonymous组织的无政府主义黑客联盟,去年在利用DDoS攻击MasterCard, Visa, 和 PayPal后,变得名声鹤起。以前的攻击目标包括教会的学术组织和津巴布韦政府。

  
DDoS – distributed denial of service

分布式服务拒绝攻击

  
Bombardment of a website with internet traffic, until it stops being able to cope and crashes.

对网站进行因特网的流量攻击,直到网站停止工作并崩溃掉。

  
Hacking Commonly refers to those who attempt to breach computing systems, but is also a catch-all term for people who simply try to adapt or enhance computer programs.

黑客行为通常指那些尽力破坏电脑系统的行为,但也指全身心投入到调试或改进电脑程序的人。

  
Lulz Security Prolific new hacking collective whose targets have included the US Senate, the CIA, Sony and PBS. Their actions are characterised by humour: their name is a neologistic twist on the slang-term "lol", meaning "laugh out loud".

Lulz Security滋生了新的黑客团体,他的目标包括美国参议员,CIA,索尼和PBS新闻网。他们的行为常很搞笑:他们的名字常是简写的组合,如“lol”,其实是"laugh out loud"。

  
Malware Catch-all term applied to malicious forms of software that are created to disrupt operating systems.

恶意软件的关键作用就是去摧毁操作系统。

  
Spear-phishing Emails that target specific individuals. They use social engineering techniques to get recipients to open infected attachments.

“鱼叉式网路钓鱼”是通过给目标个人发email。接收者用普通的email工具打开邮件里带病毒的附件,从而被“钓到”。

  
Rootkit Software that hides the fact that a computing system has been hacked.

Rootkit (一种特殊类型的恶意软件)帮助掩盖电脑被黑客黑过的痕迹。

  
Trojan horse Malware that masquerades as non-malicious software.

特洛伊木马软件,经常伪装成无害软件。

  
White-hat hacking Experts hired by companies to test their websites or email systems for vulnerabilities. Conversely, black-hat hackers hack for dishonest reasons; grey-hats hack systems illegally, but with the intention of notifying the system administrator of the flaws in their network.

白帽黑客专家,指公司雇佣专家去测试他们的官网网站或email系统是否易受攻击。相反,黑帽黑客攻击,则是非法行为;灰帽黑客,他也非法进入他人系统,但是只是提醒系统管理员他们网络系统有缺陷。

  
Virus Software that can replicate itself and compromise a computer.

病毒软件能反复复制自己,从而损坏一台电脑。

  
Zero-day attack Computer threats that prey on software weaknesses developers had not identified.

Zero-day attack,是指电脑被攻击是因为电脑软件上有开发者没有发现的缺陷,从而被黑客利用;

  
4Chan Notorious internet chatroom from where Anonymous supposedly originates. Famous for its /b/board, where users post random and often offensive images and comments – most incomprehensible to outsiders.

4Chan ,是臭名昭著的因特网聊天室,那儿有很多匿名的信息发到聊天版,经常有网友在那发一些攻击性的图片和内容--很多是常人很难理解的。

相关评论