您现在的位置: 纽约时报中英文网 >> 纽约时报中英文版 >> 商业 >> 正文

亚洲多家银家遭网络攻击,疑是朝鲜所为

更新时间:2016-5-28 10:44:48 来源:纽约时报中文网 作者:佚名

North Korea Linked to Digital Attacks on Global Banks
亚洲多家银家遭网络攻击,疑是朝鲜所为

Security researchers have tied the recent spate of digital breaches on Asian banks to North Korea, in what they say appears to be the first known case of a nation using digital attacks for financial gain.

安全研究人员认为,近期涌现的多起亚洲银行网络泄露事件与朝鲜有关。他们表示,这似乎是已知的首桩此类案件,即一国利用网络攻击来获取金融利益。

In three recent attacks on banks, researchers working for the digital security firm Symantec said, the thieves deployed a rare piece of code that had been seen in only two previous cases: the hacking attack at Sony Pictures in December 2014, and attacks on banks and media companies in South Korea in 2013. Government officials in the United States and South Korea have blamed those attacks on North Korea, though they have not provided independent verification.

数字安全企业赛门铁克(Symantec)的研究人员称,在近期针对银行的三次攻击中,窃贼使用的一段不同寻常的代码仅见于过去的两桩案件:一是2014年12月索尼电影娱乐公司(Sony Pictures)遭受的黑客攻击;二是2013年韩国的多家银行和媒体公司遭受的攻击。美国和韩国的政府官员将这两次攻击归咎于朝鲜,不过他们并未提供独立验证。

On Thursday, the Symantec researchers said they had uncovered evidence linking an October attack at a bank in the Philippines with attacks on Tien Phong Bank in Vietnam in December and one in February on the central bank of Bangladesh that resulted in the theft of more than $81 million.

周四,赛门铁克的研究人员表示,他们发现了一些证据,能将三起攻击事件联系起来。它们分别是去年10月菲律宾的一家银行遭受的攻击、去年12月越南先锋银行(Tien Phong Bank)受到的攻击,以及今年2月让孟加拉国中央银行损失逾8100万美元的攻击。

“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” said Eric Chien, a security researcher at Symantec, who found that the identical code was used across all three attacks.

“如果相信之前那两次攻击是朝鲜干的,那么针对银行的这几次攻击就也是朝鲜所为,”在赛门铁克进行安全研究的埃里克·钱(Eric Chien)说。他发现了这三次攻击使用了相同代码。

“We’ve never seen an attack where a nation-state has gone in and stolen money,” Chien added. “This is a first.”

“我们还从来没有见过哪回的攻击是国家进去偷钱,”他还说。“这是头一遭。”

The attacks have raised alarms in the global banking industry because the thieves gained access to Swift, a Brussels-based banking consortium that runs what is considered the world’s most secure payment messaging system. Swift’s system is used by 11,000 banks and companies to move money from one country to another — one reason that it is a tempting target for criminals.

这些攻击引起了全世界银行业的警觉,因为窃贼把手伸向了环球银行金融电信协会(Swift)。这是一个总部位于布鲁塞尔的银行业团体,运行着大家认为是世界上最安全的支付电文系统。有逾1.1万家银行与企业使用该系统,以将资金从一国转移到另一国,而这恰好是它成为罪犯眼中诱人目标的一个原因。

Swift has warned publicly that the attacks are part of a broad coordinated assault on banks, though it has not assigned blame. It has also emphasized that it was the banks’ connection points to its network — and not the core Swift messaging network itself — that the attackers were able to breach. Also, U.S. bankers have noted that the security lapses all occurred at banks in third-world countries, which may give some comfort to banking customers in the United States.

Swift公开警告,这几次事件属于针对银行的大范围协同攻击的一部分,不过它并未将其归咎于谁。它还强调,攻击者打开缺口的地方是银行进入Swift系统的连接点,而非Swift本身的核心电文网络。而且,美国的银行界高层指出,这几次安全漏洞都发生在第三世界国家的银行身上。这一点或许会让美国的银行客户感到些许安慰。

Security researchers and U.S. government officials have tied thousands of attacks to nations in the past. They have linked the United States and Israel to an attack that destroyed Iranian centrifuges.

安全研究人员和美国政府官员过去曾将数以千计的攻击归结到国家身上。一些人认为,美国和以色列与摧毁伊朗离心机的一次攻击有关。

But the latest spate of attacks on banks in Bangladesh and Southeast Asia would be the first time, security researchers say, that a nation has used malicious code to steal purely for financial profit.

不过,安全研究人员表示,近期涌现的针对孟加拉国与东南亚国家银行的攻击,是首次由一个国家使用恶意代码来纯粹窃取钱财。

The idea that Pyongyang had turned to digital theft would not be surprising. North Korea’s economy has been ravaged by sanctions, food shortages and other deprivations. Pyongyang does not publish economic data, but estimates have put North Korea’s gross domestic product between $12 billion and $40 billion, tiny when compared with South Korea’s economic output of more than $1.4 trillion.

平壤诉诸网络盗窃的想法并不令人意外。朝鲜经济因制裁和粮食短缺等物资匮乏而遭受重创。平壤并不公布经济数据,不过外界估算,朝鲜的国内生产总值在120亿到400亿美元之间。与韩国的1.4万亿美元相比,可谓微不足道。

In the attack at Bangladesh’s central bank in February, the thieves tried to transfer $1 billion in funds from an account at the Federal Reserve Bank of New York. Fed officials became suspicious of the some of requested transfers and released only $81 million to accounts in the Philippines.

在孟加拉国央行今年2月遭受的攻击中,窃贼试图从纽约联邦储备银行(Federal Reserve Bank of New York)转出10亿美元。联储官员开始对某些汇款请求心生怀疑,仅放出了8100万美元到菲律宾的账户上。

“If you presume it’s North Korea, $1 billion is almost 10 percent of their GDP,” Chien said. “This is not small change for them.”

“假定是朝鲜干的,那么10亿美元就快到他们GDP的10%了,”埃里克·钱(Eric Chien)评价。“这可不是什么小数目。”

Symantec researchers said it was possible that the bank in the Philippines containing the North Korean code was also involved in the Bangladesh bank scheme and the attempted breach on the Vietnamese bank.

赛门铁克的研究人员表示,带有朝鲜代码的那家菲律宾银行有可能也卷入了孟加拉央行盗窃案,以及越南先锋银行遭受的攻击企图。

The researchers would not identify the Philippines bank and did not say whether the thieves had been successful in transferring funds. Researchers were able to confirm only that the attackers had managed to breach the bank and install identical code strings on the bank’s computer systems — the same code that they discovered in Bangladesh, Vietnam and the two previous attacks at Sony in 2014 and South Korea in 2013.

研究人员不准备透露那家菲律宾银行的名字,也没有说出窃贼是否成功地转出了资金。他们只确认,攻击者设法攻破了这家银行,在它的计算机系统中植入了同样的代码串——与他们在孟加拉国、越南及2014年索尼和2013年韩国遭受的那两次攻击中找到的代码一致。

Chien noted that the attackers not only used identical numbers but wrote the code in the same, unusual sequence across all three attacks.

埃里克·钱指出,在这三次针对银行的攻击中,攻击者不仅使用了相同的数字,还采用了同样的独特排序来写这部分代码。

Chien said the evidence pointed to all three attacks being the work of the “Lazarus Group,” a name his team gave to the attackers behind the Sony and South Korean attacks.

他认为,证据指向的是,这三次攻击均为“拉撒路集团”(Lazarus Group)的手笔。他所在的研究团队用这个名字来称呼索尼和韩国事件背后的攻击者。

There is no evidence to date that the thieves have gone after large U.S. or European banks, though new possible attacks are being reported weekly. Last week, evidence emerged that Banco del Austro, an Ecuadorean bank, was infiltrated by hackers who were also able to sneak onto the Swift network. The thieves transferred several million dollars to accounts around the world, according to a lawsuit the bank filed in federal court in the United States against Wells Fargo, which facilitated one of the transfers.

迄今为止,没有证据表明窃贼把目标对准了美国或欧洲的大银行,但每周都有人反映可能出现了新攻击。上周出现的证据表明,入侵厄瓜多尔的Banco Del Austro银行的黑客,也能够偷偷潜入Swift的网络。该银行向美国的联邦法院提起诉讼,控告富国银行(Wells Fargo)。诉讼显示,窃贼将几百万美元转移至全球多个账户,富国银行为其中一笔转账业务提供了协助。

Researchers have yet to unearth any of the code used in the Ecuador attack, but banking analysts say it is probably no coincidence that these attacks are happening in the developing world, where security measures tend not to be as tight as they are in financial hubs like New York and London.

研究人员尚未发现黑客攻击厄瓜多尔这家银行时使用的任何代码,但银行业分析人士称,这些攻击发生在发展中国家可能不是巧合,那些地区的安全措施往往不像纽约和伦敦这种金融中心那么严格。

Swift has issued numerous warnings in recent weeks urging banks to step up their security protocols. Analysts worry that the breaches could have a chilling effect on global finance; larger banks may become reluctant or even refuse to transact with smaller banks in the developing world unless they can have assurances that their networks have not been compromised by thieves and malware.

最近几周,Swift发布了大量警告,敦促银行加强安全规范。分析人士担心,这些入侵可能会给全球金融造成寒蝉效应,大银行可能会不愿,甚或拒绝与发展中国家的小银行进行交易,除非向它们保证,后者的网络未被窃贼和恶意软件入侵。

At a conference on Tuesday in Brussels, Swift’s chief executive, Gottfried Leibbrandt, said the recent attacks could do far more damage than breaches on retailers and telephone companies, which he said suffer largely reputational and legal hits.

周二在布鲁塞尔的一场会议上,Swift的首席执行官戈特弗里德·莱布兰特(Gottfried Leibbrandt)称,最近这些攻击造成的损害,可能远远超出了对零售商和电话公司的入侵。他表示,零售商和电话公司蒙受的主要是声誉和法律方面的损失。

“Banks that are compromised like this can be put out of business,” Leibbrandt said.

“被这样入侵的银行可能会被迫停业,”莱布兰特说。

“全文请访问纽约时报中文网,本文发表于纽约时报中文网(http://cn.nytimes.com),版权归纽约时报公司所有。任何单位及个人未经许可,不得擅自转载或翻译。订阅纽约时报中文网新闻电邮:http://nytcn.me/subscription/”

相关文章列表