您现在的位置: 纽约时报中英文网 >> 纽约时报中英文版 >> 国际 >> 正文

蔓延全球的勒索软件或与朝鲜有关

更新时间:2017-5-16 18:29:45 来源:纽约时报中文网 作者:佚名

In Computer Attacks, Clues Point to Frequent Culprit: North Korea
蔓延全球的勒索软件或与朝鲜有关

SAN FRANCISCO — Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks that have crippled computer systems around the world.

旧金山——情报官员和私企安全专家说,新的数字线索表明,开展大规模勒索软件攻击并导致世界各地电脑系统瘫痪的嫌疑人,有可能是与朝鲜有关联的黑客。

The indicators are far from conclusive, the researchers warned, and it could be weeks, if not months, before investigators are confident enough in their findings to officially point the finger at Pyongyang’s increasingly bold corps of digital hackers. The attackers based their weapon on vulnerabilities that were stolen from the National Security Agency and published last month.

研究人员警告说,这些线索远远谈不上具有决定性,可能要再过数周乃至数月,调查人员才会对它们的结论有足够的信心,并正式把矛头指向日益大胆的平壤数字黑客军团。袭击者的武器的基础是从国家安全局(National Security Agency)窃取并于上月被发布的漏洞。

Security experts at Symantec, which in the past has accurately identified attacks mounted by the United States, Israel and North Korea, found early versions of the ransomware, called WannaCry, that used tools that were also deployed against Sony Pictures Entertainment, a Bangladesh Central Bank last year and a Polish bank in February. American officials said on Monday they have seen the same similarities.

赛门铁克(Symantec)的安全专家发现这种名为“想哭”(WannaCry)的勒索软件的早期版本所用的一些工具,曾被用于攻击索尼影业(Sony Pictures),还曾在去年被用于攻击孟加拉国央行,在今年2月被用于攻击波兰的一家银行。该公司过去曾准确识别由美国、以色列以及朝鲜发起的攻击。美国官员周一表示,他们也发现了同样的相似之处。

All of those were attacks were ultimately linked to North Korea; President Barack Obama formally charged the North in late 2014 with destroying computers at Sony in retaliation for a comedy, “The Interview,’’ that envisioned a C.I.A. plot to kill Kim Jung-un, the country’s president.

所有这些攻击的源头最终都指向了朝鲜。贝拉克·奥巴马(Barack Obama)总统于2014年末正式指责朝鲜为了就索尼出品的喜剧片《刺杀金正恩》(The Interview)实施报复,破坏了该公司的计算机系统。该片杜撰了一个中情局(CIA)刺杀朝鲜领导人金正恩(Kim Jung-un)的阴谋。

The computer code used in the ransomware bore some striking similarities to the code used in those three attacks. That code has not been widely used, and has been seen only in attacks by North Korean-linked hackers. Researchers at Google and Kaspersky, a Moscow-based cybersecurity firm, confirmed the coding similarities.

“想哭”使用的计算机代码和被用于这三场攻击的代码有着惊人的相似。该代码尚未得到大范围使用,人们只在与朝鲜有关联的黑客发起的攻击中见过。谷歌(Google)和总部位于莫斯科的网络安全公司卡巴斯基(Kaspersky)的研究人员确认了代码的相似性。

Those clues alone are not definitive, however. Hackers often borrow and retrofit one another’s attack methods, and government agencies are known to plant “false flags” in their code to throw off forensic investigators.

不过,单单凭借这些线索还不能得出确定的结论。黑客常常相互借用并翻新攻击方法;人们还知道政府机构会在代码中植入“假旗”,以蒙蔽取证调查人员。

“At this time, all we have is a temporal link,” said Eric Chien, an investigator at Symantec who was among the first to identify the Stuxnet worm, the American- and Israeli-led attacks on Iran’s nuclear program, and North Korea’s effort to steal millions from the Bangladeshi bank. “We want to see more coding similarities,’’ he said, “to give us more confidence.’’

“截至目前,我们只掌握时间上的联系,”赛门铁克的调查人员埃里克·钱(Eric Chien)说。钱是首先识别出“震网”(Stuxnet)蠕虫的人之一。这种蠕虫曾被用于由美国和以色列主导的针对伊朗核计划的攻击;朝鲜曾借助它的力量从孟加拉国央行窃取数以百万美元计的资金。“我们希望看到更多的代码相似性,”他说,“这样才会更有把握。”

The new leads about the source of the attacks came as technology executives d raised an alarm about another feature of the attacks: They were based on vulnerabilities in Microsoft systems that were found by the N.S.A. and apparently stolen from it.

攻击源头的新线索,出现在科技行业高管就攻击的另一个特征发出警示之时。他们说:这些攻击的基础是NSA在微软系统中发现的一些漏洞,看起来这些漏洞是被人从NSA偷走的。

In a blog post on Microsoft’s website over the weekend, Brad Smith, the company’s president, asked what would happen if the United States military lost control of “some of its Tomahawk missiles” and discovered that a criminal group was using them to threaten a damaging strike. It was a potent analogy, and an unusually public airing of the newest split in the Silicon Valley-Washington divide.

上周末,微软总裁布拉德·史密斯(Brad Smith)在公司官网上的一篇博文中提出,如果美国军方失去对“它的某些‘战斧’导弹”的控制,发现一个犯罪集团正把它们当成工具,扬言要发起一场具有破坏性的攻击,会发生什么。这是一个有说服力的类比,同时也罕见地公开展现了硅谷和华盛顿之间由来已久的矛盾的最新进展。

Over the past few months, it has become clear that the intelligence community’s version of Tomahawks — the “vulnerabilities” the N.S.A. and C.I.A. have spent billions of dollars to develop to break into foreign computers and foil Iranian nuclear programs or North Korean missiles — are being turned against everyday computer users around the world.

过去几个月间,事情变得越来越清楚:情报界的“战斧”——也就是NSA和CIA为了入侵外国计算机、挫败伊朗或朝鲜核计划,耗费数以十亿美元计的资金找出的“漏洞”——正被用于对付世界各地的普通计算机用户。

“We have seen vulnerabilities stored by the C.I.A. show up on WikiLeaks,” Mr. Smith wrote, “and now this vulnerability stolen from the N.S.A. has affected customers around the world.”

“我们曾看到CIA储存的漏洞出现在维基解密(WikiLeaks)上,”史密斯写道,“而眼下,这种窃取自NSA的漏洞已经影响到了世界各地的消费者。”

The N.S.A.’s tools were published last month by a hacking group calling itself The Shadow Brokers, which enabled hackers to bake them into their ransomware, which then spread rapidly through unpatched Microsoft computers, locking up everything in its wake.

NSA的一些工具于上月被一个自称“影子经纪人”(The Shadow Brokers)的黑客组织公之于众,从而让黑客得以将其改造成勒索软件,该勒索软件随即快速肆虐于那些使用微软系统但未打补丁的计算机中,将其全部锁定。

There is no evidence that the North Koreans were involved in the actual theft of the N.S.A. hacking tools. There are many theories, but the favorite hypothesis among intelligence officials is that an insider, probably a contractor, stole the information, much as Edward J. Snowden lifted a different trove of information from the N.S.A. four years ago.

没有证据显示朝鲜人卷入了窃取NSA黑客工具的实际行动。情报官员中间流传着很多种说法,但最有市场的一种假设是,一名内线——可能是一名承包商——窃取了相关信息,跟四年前爱德华·J·斯诺登(Edward J. Snowden)从NSA窃据另一批信息的情況很像。

But hackers quickly seized on the published vulnerabilities to wreak havoc on computer systems that were not “patched’’ in recent months, after the N.S.A. quietly told Microsoft about the flaw in their systems. The damage wreaked in recent days could well escalate into the billions of dollars, security experts say, particularly now that any criminal, terrorist, or nation state has the ability to tease the tools apart and retrofit them into their own hacking tools.

但在NSA悄悄将微软系统的瑕疵告知该公司后,黑客们迅速利用被公开的漏洞,严重破坏了最近几个月间没有打过补丁的计算机系统。安全专家称,近日的破坏很有可能升级为数以十亿美元计的损失,尤其是考虑到眼下任何罪犯、恐怖分子或国家都可以对这些工具进行拆解,并将其改造成他们自己的黑客工具。

Not surprisingly, government officials say it is not entirely their fault. They will not confirm or deny what Mr. Smith says outright: That these “vulnerabilities” come out of America’s growing cyberarsenal. At a news conference at the White House on Monday, Thomas Bossert, President Trump’s Homeland Security adviser, told reporters, “This was not an exploit developed by the N.S.A. to hold organizations ransom,” he said. “This was a vulnerability exploit that was part of a much larger tool put together by the culpable parties.”

不出意料的是,政府官员称这不全是他们的错。他们不打算确认或否认史密斯的话,即这些“漏洞”来自美国日益壮大的网络武器库。在白宫周一的新闻发布会上,特朗普总统的国土安全顾问托马斯·博塞特(Thomas Bossert)告诉记者,“这个漏洞不是NSA为了勒索一些机构而找出来的,”他说。“它只是一个更大的工具的一部分,而那个工具是作奸犯科的人制造的。”

“The provenance of the underlying vulnerability is not of as much concern to me,” Mr. Bossert said, stepping around the delicate question of the N.S.A.’s role.

“我不是很关心这些潜在漏洞的来源,”博塞特回避了NSA的角色这个敏感问题。

The weapons used in the attacks that started Friday, government officials insist, were cobbled together from many sources. And the fault, they argue, lies with whoever turned them into weapons — or maybe with Microsoft itself, for not having a system in place to make sure that when they issue a patch that neutralizes such attacks, everyone around the world takes the time to fix their systems. Or with the victims, who failed to run their security updates made available two months ago, or who continue to use so-called “legacy” software that Microsoft no longer supports.

政府官员强调,周五开始的袭击所用的工具拼凑自很多来源。他们认为,责任在于那些将它们变成武器的人,或者在于微软本身,因为在公司发布遏制此类攻击的补丁时,它的系统不能确保世界各地的用户都会花时间修复自己的系统。或者,责任在于那些受害者,他们没有运行两个月前就已经推出的安全更新,或者继续使用微软不再支持的“古董”软件。

When asked about the source of the attack, Mr. Bossert said on Monday, “We don’t know.’’ He told reporters at the White House. “Attribution can be difficult. I don’t want to say we have no clues. But I stand assured that the best and brightest are working on this hack.”

周一,当被问及袭击的来源时,博塞特说:“我们不知道。”他在白宫对记者说:“可能很难找出攻击者。我不想说我们毫无线索。但我确信,这次袭击的发起者是最有能力、最聪明的一些人。”

As Mr. Bossert was speaking to reporters, yet another N.S.A. hacking tool, very similar to the one used in the weekend’s ransomware attacks, was being retrofitted by cybercriminals and put up for sale on the underground dark web. In private hacking forums, cybercriminals were discussing how to develop more than a dozen other N.S.A. hacking tools for criminal use.

就在博塞特向记者们讲话时,另一个酷似周末勒索软件攻击所使用工具的NSA黑客工具,正在被网络犯罪分子改造,并在网络黑市上出售。在私密的黑客论坛上,网络犯罪分子正在讨论如何对NSA的其他十多个黑客工具进行开发,用于犯罪用途。

Another round of attacks using the N.S.A. tools could well affect another big issue that the Obama administration debated and never resolved when it left office: whether the government can demand that all companies assure that investigators can “unlock” encrypted communications. Before he was fired last week, James B. Comey, the F.B.I. director, often complained that the government was “going dark,” and that intelligence agencies and local police needed a way to crack the encrypted mobile conversations of terrorists or kidnappers.

使用NSA工具的又一轮攻击,很可能会影响奥巴马政府讨论过但在离任前仍未解决的另一个大问题:政府是否可以要求所有的公司确保调查人员可以“解除”通讯内容的加密。上周FBI局长詹姆斯·B·科米(James B. Comey)被撤职前,经常抱怨政府被“蒙在鼓里”,情报机构和地方警察需要一种方法来破解恐怖分子或绑架者的加密移动通讯内容。

But the N.S.A.’s loss of its own hacking tools has undercut that argument, executives say. If the N.S.A. and the C.I.A. cannot keep their hacking tools locked up, companies like Apple are asking, why should Americans trust them with the keys to unlock every private communication and bank transfer? Won’t those leak, too, meaning that hackers, blackmailers and thieves will all have access to everyone’s private email, health records and financial transactions?

不过,公司高管们表示,NSA自己的黑客工具遭窃这一事实,削弱了这种论点的合理性。苹果(Apple)等公司在问:如果NSA和CIA连自己的黑客工具都看管不好,那么美国人为什么要把解锁所有私人通讯和银行转帐的钥匙交给他们?那些漏洞不也意味着黑客、勒索者和窃贼都可以访问所有人的私人电子邮件、病历和金融交易记录吗?

Nine years ago, the White House created a process for deciding what unpatched holes to disclose to manufacturers like Microsoft and its competitors, and which to keep in its arsenal.

九年前,白宫建立了一套决策程序,以确定有哪些未打补丁的漏洞应该向包括微软及其竞争对手在内的制造商披露,又有哪些应该留在自己的储备中。

That process was refined by Mr. Obama and in 2015, Adm. Michael Rogers, the director of the NSA, said the agency had shared 91 percent of the zero-days it had discovered that year. A zero-day is a previously undisclosed flaw that leaves computer users with zero days to fix the vulnerability.

奥巴马对这个程序做出了改进。2015年,NSA局长迈克尔·罗杰斯(Michael Rogers)表示,该局共享了当年他们发现的91%的零日漏洞。零日漏洞指的是以前未公布的、没给电脑用户留任何时间解决的漏洞。

But, Michael Daniel, the White House cybercoordinator in the Obama administration, noted, “We still don’t have a good rating system for vulnerabilities in terms of their severity. Not all zero-days are created equal,” he said.

不过,奥巴马政府的白宫网络安全协调员迈克尔·丹尼尔(Michael Daniel)曾经指出:“我们依然缺乏一个很好的评定漏洞严重程度的系统。不是所有的零日漏洞都具有同等程度的威胁,”他说。

The N.S.A.’s wormlike tool was leaked online by the Shadow Brokers last month.

NSA的蠕虫工具是上个月被影子经纪人在网上泄露的。

“What happened with the Shadow Brokers in this case is equivalent to a nuclear bomb in cyberspace,” said Zohar Pinhasi, a former cybersecurity intelligence officer for the Israeli military, now the chief executive of MonsterCloud, which helps mitigate ransomware attacks. “This is what happens when you give a tiny little criminal a weapon of mass destruction. This will only go bigger. It’s only the tip of the iceberg.”

“在这个事件中,影子经纪人所做的事相当于在网络空间投下了一枚核弹,”曾任以色列军方网络安全情报官、现任MonsterCloud公司首席执行官的措哈尔·平哈西(Zohar Pinhasi)说。该公司帮助扼制了勒索软件的攻击。“这就是让一个小罪犯得到大规模杀伤性武器时会发生的情况。只会愈演愈烈。这只是冰山一角。”

“全文请访问纽约时报中文网,本文发表于纽约时报中文网(http://cn.nytimes.com),版权归纽约时报公司所有。任何单位及个人未经许可,不得擅自转载或翻译。订阅纽约时报中文网新闻电邮:http://nytcn.me/subscription/”

相关文章列表