您现在的位置: 纽约时报中英文网 >> 纽约时报中英文版 >> 国际 >> 正文

勒索软件袭击引发对朝鲜潜伏黑客的关注

更新时间:2017-5-17 19:06:27 来源:纽约时报中文网 作者:佚名

Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack
勒索软件袭击引发对朝鲜潜伏黑客的关注

SEOUL, South Korea — They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.

韩国首尔——他们在祖国朝鲜的邻国做软件工程师等合法的工作。当平壤传来要求实施黑客袭击的指令,他们就分成三人或六人一组,四处转移,以免被发现。

Since the 1980s, the reclusive North has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.

自上世纪80年代以来,与世隔绝的朝鲜就被认为在训练数字兵骨干,进行电子战,攫取暴利,打击他们所认定的敌人,这里主要是指韩国和美国。网络安全专家表示,最近几年,朝鲜将这些特工派往中国等亚洲国家,以掩盖其身份。若朝鲜本土受到袭击,这项战略也可以用作战争应急计划。

Now, this force of North Korean hacker sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days.

现在,这支潜伏的朝鲜黑客力量开始受到新的审视,这与过去四天搅动世界很多地方的勒索软件袭击有关。

While there is still nothing definitive to link the attacks to North Korea, similarities exist between the ransomware used to extort computer users into paying the hackers and previously deployed North Korean malware codes.

尽管目前还没有什么明确的证据可以将这次袭击与朝鲜联系起来,但这次被用来敲诈计算机用户、给黑客付费的勒索软件,与朝鲜之前使用过的恶意软件存在相似之处。

Moreover, North Korea has in the past deliberately timed cyberattacks to coincide with its banned weapons tests — like the ballistic missile launched on Sunday — as a way of subtly flaunting the country’s technological advances despite its global isolation.

而且,朝鲜过去曾有意将网络袭击的时间设在被禁武器进行测试的时候——比如上周日发射的弹道导弹,以此作为一种以不易察觉地方式炫耀该国虽然与世界孤立,但技术仍在进步的手段。

Unlike its missile and nuclear weapons tests, however, North Korea has never announced or acknowledged its computer hacking abilities — if anything, the country has denied responsibility for hacking and other forms of computerized crimes.

然而,与本国的导弹与核武器测试不同,朝鲜从来不曾宣布或承认它的计算机黑客能力——即便提起,也是否认对黑客袭击及其他形式的计算机犯罪负有责任。

It also is possible that North Korea had no role in the attacks, which exploited a stolen hacking tool developed by the National Security Agency of the United States. Early Tuesday, the Shadow Brokers, the hacking group that spread the tool and is not believed to be linked with North Korea, threatened in an online post to start a “Data Dump of the Month” club, in which it would release more N.S.A. hacking methods to paying subscribers.

还有一种可能是,朝鲜与这次袭击无关——该袭击是利用了美国国家安全局(National Security Agency,简称NSA)开发的一个被窃黑客工具。周二早些时候,传播该工具的黑客组织“影子经纪人”(Shadow Brokers)在网上发帖(该组织据信与朝鲜没有关联),威胁要开启一个“数据转储月”(Data Dump of the Month)俱乐部,通过这种方式公开更多NSA的黑客方法给付费订阅者。

Security officials in South Korea, the United States and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers, both to sabotage computers of adversaries and make money for the government, including through the use of ransomware — malicious software that blackmails victims into paying to release seized files.

韩国、美国等国家的安全官员表示,众所周知朝鲜当局一直在大量训练黑客和程序员,他们一方面破坏对手的计算机,一方面为政府谋取资金,其中包括通过使用勒索软件,即敲诈受害者、使之付费来解锁被控文件的流氓软件。

Choi Sang-myung, an adviser to South Korea’s cyberwar command and a security researcher at Hauri Inc., said that the arithmetic logic in the ransomware attacks that began on Friday and have hit more than 100 countries, including China, is similar to that used in previous attacks against Sony Pictures and the Swift international bank messaging system — both of them traced to North Korea.

韩国网络战司令部顾问、Hauri Inc公司安全研究员崔相明(Choi Sang-myung,音)表示,这场从周五开始、影响包括中国在内100多个国家的勒索软件袭击使用的算法,与索尼影业(Sony Pictures)和国际银行即时通讯系统Swift之前遭遇的袭击中使用的算法类似——那两次袭击的源头都追溯至朝鲜。

He also said the technique used by the ransomware to erase a computer’s files resembled that used by the Lazarus Group, the name experts use to identify a North Korea group deemed responsible for the Sony assault.

他还提到,这个勒索软件用来删除计算机文件的技术,与“拉撒路集团”(Lazarus Group)使用的技术有些相似——专家们用这个名字指代被认应为对索尼公司那次袭击负责的朝鲜组织。

This would not be the first time North Korean hackers have resorted to ransomware attacks. In a hack last year of Interpark, a South Korean e-commerce provider, North Korean hackers used ransomware to hijack its systems and demanded payment in Bitcoin, a digital currency.

这不会是朝鲜黑客第一次使用勒索软件发起袭击。在去年对韩国电子商务公司Interpark实施的袭击中,朝鲜黑客曾用勒索软件劫持该公司的系统,要求它用数字货币——比特币支付赎金。

Boo Hyeong-wook, a research fellow at the government-financed Korea Institute for Defense Analyses in Seoul, said that the scale of the most recent attacks was large enough that it was likely to have been supported on a national level.

政府资助的韩国国防分析研究所(Korea Institute for Defense Analyses)的研究员富赫旭(Boo Hyeong-wook,音)表示,最近这次袭击的范围十分广,足以令人怀疑它得到了国家层面的支持。

He also said it would be a logical extension of the growing boldness of North Korean hackers to exploit their abilities to raise much-needed funds for the government, which has been starved of cash by international sanctions.

他还提到,朝鲜黑客利用自己的能力为政府筹集急需的资金,符合他们变得日益胆大妄为的延伸逻辑。因为受到国际制裁,这个国家一直资金短缺。

While North Korean hackers have for years operated out of China, defectors and South Korean officials say they have been spreading to Southeast Asian countries.

朝鲜黑客多年来不曾在中国采取行动,脱北者与韩国官员表示,他们一直在向东南亚国家扩散。

In countries like Malaysia, many North Korea hackers are believed to work undercover at information-technology companies and other jobs with the veneer of respectability. Sometimes, the hackers will also run online gambling sites or even make use of ransomware to raise funds for themselves.

据信在马来西亚等国家,有许多朝鲜黑客在信息技术公司做卧底,或用其他体面的工作掩盖自己的身份。有时,这些黑客也会运营在线赌博网站,甚至利用勒索软件为自己筹集资金。

Cybersecurity officials in South Korea and elsewhere say that when instructions come from their superiors in North Korea, these hackers are activated to attack targets.

韩国等国家的网络安全官员表示,当他们在朝鲜的上级发来指令时,这些黑客就会采取行动,对目标发起袭击。

North Korea began training electronic warfare soldiers well before the internet era, according to defectors and South Korean officials. They selected mathematical prodigies when they were 12 or 13 and trained them to become software developers, online psychological warfare experts and hackers.

据脱北者与韩国官员透露,朝鲜早在互联网时代之前就开始训练电子战兵。他们选拔有数学天分、十二三岁的神童,将他们训练成软件开发者、网络心理战专家和黑客。

They were also trained in foreign languages so that they could operate abroad. North Korea sends students to study in Russia and China, and more recently India, to learn software and programming techniques. They return home and some are hired as hackers.

这些人也会接受外语培训,以便在国外开展行动。朝鲜将学生送到俄罗斯、中国,更近一些时候也送往印度,学习软件与编程技术。之后他们回到朝鲜,有些被聘为黑客。

The Workers’ Party and the Korean People’s Army are believed to run their own hacking operations, creating competition. That has led some to speculate that North Korean hackers sometimes leave clues behind, in part to ensure they get credit and win promotions in North Korea.

劳动党和朝鲜人民军被认为在进行各自的黑客行动,相互竞争。这使一些人猜测,朝鲜黑客有时可能会留下一些线索——部分是为了确保自己在朝鲜拿到这部分功劳,获得晋升。

“全文请访问纽约时报中文网,本文发表于纽约时报中文网(http://cn.nytimes.com),版权归纽约时报公司所有。任何单位及个人未经许可,不得擅自转载或翻译。订阅纽约时报中文网新闻电邮:http://nytcn.me/subscription/”

相关文章列表