資訊動態
聯系方式

南昌譯心翻譯有限公司
地址:
南昌市陽明東路66號央央春天投資大廈1503

翻譯熱線:0791-86282887

值班手機:15970660847

微信號:15970660847(歡迎微信咨詢)
發送稿件:[email protected]
英才加盟[email protected]

溫馨提示:市內客戶翻譯蓋章件可包送上門,省內客戶快遞免郵。

您現在的位置 : 首頁 > 資訊動態 > 雙語文摘

<紐約時報>:長期的黑客攻擊可能來自于中國

By NICOLE PERLROTH  Published: March 29, 2012
作者:NICOLE PERLROTH  2012年3月29日
 
SAN FRANCISCO — A breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university — putting a face on the persistent espionage by Chinese hackers against foreign companies and groups.
Nart Villeneuve of Trend Micro said the attacks were part of a continuous campaign in which hackers “are busy and stay busy.”
The attacks were connected to an online alias, according to a report to be released on Friday by Trend Micro, a computer security firm with headquarters in Tokyo.
The owner of the alias, according to online records, is Gu Kaiyuan, a former graduate student at Sichuan University, in Chengdu, China, which receives government financing for its research in computer network defense.
Mr. Gu is now apparently an employee at Tencent, China’s leading Internet portal company, also according to online records. According to the report, he may have recruited students to work on the university’s research involving computer attacks and defense.
The researchers did not link the attacks directly to government-employed hackers. But security experts and other researchers say the techniques and the victims point to a state-sponsored campaign.
“The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement,” said James A. Lewis, a former diplomat and expert in computer security who is a director and senior fellow at the Center for Strategic and International Studies in Washington. “A private Chinese hacker may go after economic data but not a political organization.”
Neither the Chinese embassy in Washington nor the Chinese consulate in New York answered requests for comment.
The Trend Micro report describes systematic attacks on at least 233 personal computers. The victims include Indian military research organizations and shipping companies; aerospace, energy and engineering companies in Japan; and at least 30 computer systems of Tibetan advocacy groups, according to both the report and interviews with experts connected to the research. The espionage has been going on for at least 10 months and is continuing, the report says.
In the report, the researchers detailed how they had traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks. They mapped that address to a QQ number — China’s equivalent of an online instant messaging screen name — and from there to an online alias.
The person who used the alias, “scuhkr” — the researchers said in an interview that it could be shorthand for Sichuan University hacker — wrote articles about hacking, which were posted to online hacking forums and, in one case, recruited students to a computer network and defense research program at Sichuan University’s Institute of Information Security in 2005, the report said.
The New York Times traced that alias to Mr. Gu. According to online records, Mr. Gu studied at Sichuan University from 2003 to 2006, when he wrote numerous articles about hacking under the names of “scuhkr” and Gu Kaiyuan. Those included a master’s thesis about computer attacks and prevention strategies. The Times connected Mr. Gu to Tencent first through an online university forum, which listed where students found jobs, and then through a call to Tencent.
Reached at Tencent and asked about the attacks, Mr. Gu said, “I have nothing to say.”
Tencent, which is a privately managed and stock market-listed Internet company, did not respond to several later inquiries seeking comment.
The attacks are technically similar to a spy operation known as the Shadow Network, which since 2009 has targeted the government of India and also pilfered a year’s worth of the Dalai Lama’s personal e-mails. Trend Micro’s researchers found that the command-and-control servers directing the Shadow Network attacks also directed the espionage in its report.
The Shadow Network attacks were believed to be the work of hackers who studied in China’s Sichuan Province at the University of Electronic Science and Technology, another university in Chengdu, that also receives government financing for computer network defense research. The People’s Liberation Army has an online reconnaissance bureau in the city.
Some security researchers suggest that the Chinese government may use people not affiliated with the government in hacking operations — what security professionals call a campaign.
For example, earlier this year, Joe Stewart, a security expert at Dell SecureWorks, traced a campaign against the Vietnam government and oil exploration companies to an e-mail address that belonged to an Internet marketer in China.
“It suggested there may be a marketplace for freelance work — that this is not a 9-to-5 work environment,” Mr. Stewart said. “It’s a smart way to do business. If you are a country attacking a foreign government and you don’t want it tied back, it would make sense to outsource the work to actors who can collect the data for you.”
The campaign detailed in the Trend Micro report was first documented two weeks ago by Symantec, a security firm based in Mountain View, Calif. It called the operation “Luckycat,” after the login name of one of the other attackers, and issued its own report. But Trend Micro’s report provides far more details. The two firms were unaware that they were both studying the same operation.
Trend Micro’s researchers said they were first tipped off to the campaign three months ago when they received two malware samples from two separate computer attacks — one in Japan and another in Tibet — and found that they were both being directed from the same command-and-control servers. Over the next several months, they traced more than 90 different malware attacks back to those servers.
Each attack began, as is often the case, with an e-mail intended to lure victims into opening an attachment. Indian victims were sent an e-mail about India’s ballistic missile defense program. Tibetan advocates received e-mails about self-immolation or, in one case, a job opening at the Tibet Fund, a nonprofit based in New York City. After Japan’s earthquake and nuclear disaster, victims in Japan received an e-mail about radiation measurements.
Each e-mail contained an attachment that, when clicked, automatically created a backdoor from the victim’s computer to the attackers’ servers. To do this, the hackers exploited security holes in Microsoft Office and Adobe software. Almost immediately, they uploaded a directory of the victims’ machines to their servers. If the files looked enticing, hackers installed a remote-access tool, or rat, which gave them real-time control of their target’s machine. As long as a victim’s computer was connected to the Internet, attackers had the ability to record their keystrokes and passwords, grab screenshots and even crawl from that machine to other computers in the victim’s network.
Trend Micro’s researchers would not identify the names of the victims in the attacks detailed in its report, but said that they had alerted the victims, and that many were working to remediate their systems.
A spokesman for India’s Defense Ministry, Sitanshu Kar, said he was not aware of the report or of the attacks it described. Fumio Iwai, a deputy consul at the Japanese consulate in New York, declined to comment.
As of Thursday, the campaign’s servers were still operating and computers continue to leak information.
“This was not an individual attack that started and stopped,” said Nart Villeneuve, a researcher that helped lead Trend Micro’s efforts. “It’s a continuous campaign that has been going on for a long time. There are constant compromises going on all time. These guys are busy and stay busy.”
Vikas Bajaj contributed reporting from Mumbai and David Barboza from Shanghai. Xu Yan contributed research from Shanghai.
A version of this article appeared in print on March 30, 2012, on page A1 of the New York edition with the headline: Hacking Case Based in China Is Given a Face.
 

舊金山——日本和印度公司以及西藏流亡組織的電腦和中國大學一名已畢業學生有信息交互——這可能是中國黑客對國外公司和組織的長期入侵行為。
 趨勢科技的一名專家稱這是黑客“長期致力并一直進行的”攻擊行為中的一部分。
 根據總部在東京的計算機安全企業趨勢科技周五披露的一份報告,攻擊被懷疑是和一個聯網的賬號有關。
 據這份報告稱,該賬號的擁有者是古開元,中國成都的四川大學一名畢業生。古接受政府贊助從事計算機網絡防護方面的研究。
 同樣據報告稱,古先生現在表面上是中國在線交流平臺龍頭騰迅公司的員工。根據這份報告,谷可能曾招募學生在大學期間從事包括計算機攻擊和防護在內的研究工作。
 研究者沒有直接將攻擊行為和政府雇用的黑客聯系起來。但是安全專家和其他研究者稱從入侵手法和受害者來看,矛頭指向政府指使的行為。
 “針對西藏流亡組織的行為強烈暗示了中國政府的參與”,前計算機領域公關人員和專家,現華盛頓國際戰略和研究中心主任和資深員工吉姆利維斯稱,“一個中國個人入侵者可能更關心商業數據而不是一個政治組織”。
 中國駐華盛頓大使館和駐紐約總領館對此事都沒有發表評論。
 趨勢科技的報告披露了至少針對233個個人電腦的系統攻擊。受害者包括印度軍方研究組織、船運公司、航空航天;日本的能源和工程公司;西藏流亡組織的至少30個計算機系統。報道和對專家的采訪都證實了上述這些。報告稱攻擊行為至少持續了10個月并仍在繼續。
 在報告中,研究者詳細描述了他們如何通過注冊并進行控制的郵件抵制追蹤到攻擊源頭的。他們跟蹤并追查到一個QQ賬戶—中國在線桌面交流軟件—并從這追查到一個在線賬戶。
 “scuhkr”—研究者在一次采訪中稱這可能是四川大學黑客的簡寫—這個賬戶的使用者撰寫了關于如何進行攻擊的文章并發布在黑客論壇,并且在2005年曾經招募學生在四川大學計算機安全研究所從事計算機網絡和防護研究。
 紐約時報從該賬戶追查到谷先生。根據聯網紀錄,谷先生2003-2006年在四川大學上學,在此期間他以該賬戶撰寫了很多計算機入侵的技術文章,其中包括計算機攻擊和防護的碩士論文。時報是通過一個大學論壇查到谷先生和騰迅公司的關系的,該論壇記錄了學生從哪里找到工作,并從騰迅公司得到了證實。
 當在騰迅公司被時報問及攻擊行為時,谷先生說“無可奉告”。
 上市并隱秘運營的騰迅公司在隨后被問及時也未作出回應。

原創翻譯:龍騰網 http://www.ltaaa.com 翻譯:福祿壽禧 轉載請注明出處
原帖鏈接:http://www.nytimes.com/2012/03/30/technology/hacking-in-asia-is-linked-to-chinese-ex-graduate-student.html?_r=1&pagewanted=all
分享到:
點擊次數:  更新時間:2012-04-02  【打印此頁】  【關閉
体育福建31选7 收稿赚钱 自慰取精赚钱 王者荣耀怎么卖装备赚钱 香河哪里能打字赚钱 弥勒佛直播赚钱 月嫂培训机构怎么赚钱 模拟人生三怎么赚钱 dnf9级炼金术炼什么赚钱 在微信上卖电视剧电影赚钱吗 怎么空手赚钱 证券不能赚钱银行卡 通过投资股权赚钱案例 迅雷 赚钱宝 3代使用说明书 剑网三转服赚钱 举办运动比赛怎么赚钱 09上证指数多少底