双语:六类顶级黑客大盘点

2013-03-06 00:00:00来源:可可英语

\

  If the Internet has one enduring constant, it's that somewhere, somehow, somebody is being hacked. Last month cyberassaults on banks, including BB&T (BBT, Fortune 500), Citigroup(C, Fortune 500), and SunTrust (STI, Fortune 500), made headlines. But a recent Ponemon Institute survey reported that the average company is attacked twice a week and loses $8.9 million a year to cybercrime. Security analysts say the first thing businesses must know is just what types of threats are lurking in the shadows. While many hackers use relatively basic tools, such as phishing or malware, they often wield them with different motives. Here are six of the most effective actors.

  如果说互联网有一个永恒的主题的话,那就是总有某些人在某处被黑客以某种方式攻击了。上个月,针对银行发起的网络攻击再次成为头条新闻,受害者包括BB&T公司、花旗集团(Citigroup)和太阳信托银行(SunTrust)。不过最近由波尼蒙研究所(Ponemon Institute)所做的一项调研显示,各公司每周平均受到两次攻击,每年由于网络犯罪损失的金额高达890万美元。安全分析师称,企业首先要了解藏在暗处的到底是何种威胁。尽管许多黑客用的只是相对基础的工具,比如网络钓鱼或恶意软件,但他们运用这些工具的目的各有不同。下面我们为大家盘点了六类最有攻击力的黑客。

  1. State sponsored

  政府撑腰的黑客

  Who: Iran, Israel, Russia, U.S.

  身份:伊朗,以色列,俄罗斯,美国

  Objectives: Intelligence, state secrets, sabotage

  目的:情报,国家机密,破坏活动

  Targets: Foreign governments, terrorists, industry

  目标:外国政府,恐怖分子,各种产业

  Signature: Multi-tiered, precisely orchestrated attacks that breach computer systems

  特征:精心组织的破坏计算机系统的多层次攻击

  Classic Case: One-fifth of Iran's nuclear centrifuges crashed after Stuxnet, a worm reportedly developed by U.S. and Israeli intelligence, penetrated computers at an Iranian enrichment facility. Iran allegedly retaliated by disrupting access to the websites of J.P.Morgan (JPM, Fortune 500), PNC (PNC, Fortune 500), Wells Fargo (WFC, Fortune 500), and others.

  经典案例:受到震网病毒攻击后,伊朗核工厂五分之一的离心机崩溃了。它是一种蠕虫病毒,据称由美国和以色列情报机构开发,能侵入控制伊朗浓缩装置的电脑。而伊朗随后就发起了反击,使用户无法访问摩根大通银行(J.P.Morgan)、PNC银行,富国银行(Wells Fargo)及其他金融机构的网站。

  2. Hacktivist

  维权黑客

  Who: Anonymous, AntiSec, LulzSec

  身份:匿名组织,反安全组织,鲁兹安全

  Objectives: Righting perceived wrongs, publicity, protecting Internet freedoms

  目的:修正已知错误,推广自身,保护互联网自由

  Targets: Bullies, Scientologists, corporations, governments

  目标:网络坏分子,科学论派,公司,政府

  Signature: Leaking sensitive information, public shaming, creepy YouTube videos

  特征:泄露敏感信息,公开羞辱,潜入YouTube视频

  Classic Case: The websites of PayPal, Visa (V, Fortune 500), and MasterCard (MA,Fortune 500) were disrupted during Operation Payback, an Anonymous-led effort to punish companies that suspended the accounts of WikiLeaks in 2010. Some $5.6 million was lost by PayPal alone.

  经典案例:在所谓的“报复行动”(Operation Payback)中,贝宝(PayPal)、维萨信用卡(Visa)和万事达信用卡(MasterCard)的网站都遭到了破坏。这是一次由匿名组织发起的行动,旨在惩罚那些2010年冻结维基解密(WikiLeaks)账户的公司。仅贝宝一家公司就因此损失了560万美元。

  3. Cyber-Criminal

  网络犯罪

  Who: Nigerian "princes," carders, identity thieves, spammers

  身份:尼日利亚“王子”,信用卡盗用者,身份窃贼,垃圾邮件制造者

  Objective: Treasure

  目的:劫财

  Targets: The gullible, online shoppers, small businesses, data-rich health care and retail companies

  目标:容易上当的人,在线购物者,小企业,拥有大量数据的保健机构和零售企业

  Signature: Stealing data, looting bank accounts

  特征:盗窃数据,洗劫银行账户

  Classic Case: Coreflood, malicious software that records keystrokes and passwords, infected 2.3 million computers in 2009, some in police departments, airports, banks, hospitals, and universities. Affected companies suffered six-figure fraudulent wire transfers.

  经典案例:2009年,专门记录击键动作和密码的恶意软件Coreflood感染了230万台电脑,其中包括一些警察局、机场、银行、医院和大学的电脑。受害公司遭到高达6位数的虚假电子转账侵袭。

  4. Insider (You)

  内鬼

  Who: Disgruntled employees, contractors, whistleblowers

  身份:心怀不满的员工,承包商,举报人

  Objectives: Score-settling, leaks, public good

  目的:利益之争,泄露信息,公共利益

  Targets: Large companies, governments

  目标:大公司,政府

  Signature: Document theft

  特征:窃取文件

  Classic Case: Maroochy Shire, an Australian district along the Sunshine Coast in Queensland, was inundated with millions of gallons of untreated sewage in 2001 when a contractor hacked and took control of 150 sewage pumping stations. He had been passed over for a job with the district. His dirty work cost Maroochy Shire upwards of $1 million.

  经典案例:马谷志郡位于澳大利亚昆士兰州阳光海岸。2001年,一个承包商用黑客攻击并控制了当地150座污水泵站,导致该地区被上百万吨未处理的污水淹没。他这么干的起因是在该地区的一项业务承包中落选。结果,这次卑鄙行为让马谷志郡损失了超过100万美元。

  5. Script Kiddie

  脚本小子

  Who: Bored youth

  身份:无聊的年轻人

  Objectives: Thrills, notoriety

  目的:寻求刺激,博得恶名

  Targets: Low-hanging fruit such as unprotected websites and e-mail accounts

  目标:容易下手的对象,比如没有保护措施的网站和电子邮件账户

  Signature: Defacing or dismantling websites

  特征:丑化或破坏网站

  Classic Case: An e-mail subject-lined I LOVE YOU duped people -- some of them inside the Pentagon -- in 2001. The virus it contained, which originated in the Philippines, destroyed files and simultaneously replicated itself, seeding in-boxes as it went. The so-called Love Bug caused an estimated $10 billion in digital damage and lost productivity.

  经典案例:2001年,一封主题为“我爱你”的电子邮件把人们弄得晕头转向——包括一些五角大楼的人。这封信含有来自菲律宾的病毒,它在破坏文件的同时进行自我复制,在收件箱里扎根。所谓的“爱虫”所引起的数据破坏和生产力损失估计高达100亿美元。

  6. Vulnerability Broker

  漏洞经纪人

  Who: Endgame, Netragard, Vupen

  身份:Endgame公司,Netragard公司,Vupen公司

  Objective: Hacking as legitimate business

  目的:把黑客行为当成合法生意

  Targets: Agnostic

  目标:未可知

  Signature: Finding so-called zero-day exploits -- ways to hack new software, selling them to governments and other deep-pocketed clients

  特征:找到所谓的“零天攻击”代码(zero-day exploit)——即攻击新软件的方法,再把它们卖给政府和其他财大气粗的客户。

  Classic Case: French firm Vupen hacked Google's (GOOG, Fortune 500) Chrome browser at a security conference last March. Rather than share its technique with the company (and accept a $60,000 award), Vupen has been selling the exploit to higher-paying customers.

  经典案例:去年3月举行的一次安全会议上,法国公司Vupen黑掉了谷歌公司(Google)的Chrome浏览器。这家公司并没有(收下6万美元,)把这项技术和谷歌分享,而是把代码卖给了出价更高的客户。

本文关键字: 黑客

更多>>
更多课程>>
更多>>
更多内容

英语学习资料大礼包

加微信免费领取电子版资料

生活口语流利说
更多>>
更多公开课>>
更多>>
更多课程>>