7月15日,美国大批知名人士和公司的推特账户被黑客攻陷,这些推特账户发布消息,要求粉丝向特定的比特币钱包转账,并承诺粉丝将得到双倍回报。推特公司表示正在调查并采取措施加以解决。
Traders work in the New York Stock Exchange (NYSE) in New York, US, No. 7, 2013. Social network giant Twitter Inc. began trading under the symbol “TWTR” on the New York Stock Exchange and closed at 44.9 dollars on Thursday. [Photo/Xinhua]
The Twitter accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple were hijacked Wednesday, in a stunning show of force by hackers.
本周三(7月15日),包括乔·拜登、贝拉克·奥巴马、埃隆·马斯克、比尔·盖茨、杰夫·贝佐斯和苹果公司在内的重要公众人物和企业的推特账户被黑客攻陷,令人震惊。
Twitter said it was aware of “a security incident”and “taking steps to fix it”, but proided no further information hours after the hack began.
在黑客攻击开始几个小时后,推特公司表示,已经知晓这起“安全事件”,并“正在采取措施修复漏洞”,但没有提供进一步的信息。
The hack unfolded oer the course of seeral hours, and it appeared that Twitter was on able to stop it by preenting erified accounts from tweeting at all – an unprecedented measure.
这次黑客入侵持续了几个小时,推特公司似乎只能通过禁止认证账户发布推文来加以阻止,这一举措前所未有。
黑客推文的内容大致都是:“由于新冠疫情,我在回馈社区。所有寄往以下地址的比特币将加倍退回!如果你寄1000美元,我就回寄2000美元。这个信息只在30分钟内有效。”
以下是一些名人推特账户被黑的截图:
苹果公司和优步公司等知名公司的账户也被入侵:
The messages included the address of a bitcoin wallet whose balance grew rapid to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeated deleted and re-posted by some of the compromised accounts oer the course of Wednesday afternoon.
这些被入侵的账户发出的推文包括一个比特币钱包的地址,随着骗局的蔓延,这个钱包的余额迅速增长到超过11个比特币(超过10万美元,约合人民币69.8万元)。本周三下午,类似的推文被一些被入侵的账户反复删除和转发。
While the moties and source of the attack are not yet known, the coordinated hijacking of the erified communications streams of world leaders, celebrities and major corporate accounts was a frightening prospect. Twitter has become a de facto wire serice for the world and is used for official communications by goernments during emergencies; a hack on the scale of Wednesday’s attack could hae been more disruptie or een dangerous.
虽然此次黑客入侵的动机和来源尚不清楚,但合作入侵世界领导人、名人和大公司已认证账户的做法令人恐惧。推特已经成为事实上的全球通讯机构,在紧急情况下被各国政府用于官方信息往来,像周三这样规模的黑客攻击可能更具破坏性,甚至更危险。
“The amount of damage this could cause is ery high,” said Douglas Schmidt, a computer science professor at Vanderbilt Uniersity. “These people could hold information gleaned from the hack for ransom in the future.”
范德比尔特大学计算机科学教授道格拉斯·施密特说:“这可能造成非常大的损害。这些人可以保存从此次入侵事件中收集到的信息,以便将来索取赎金。”
Twitter issued a statement approximate 90 minutes after scam messages began being sent out by Musk’s and Gates’ accounts, as the attack was ongoing.
在马斯克和盖茨的账户开始发送诈骗信息大约90分钟后,推特公司发布了一份声明,当时攻击仍在进行。
“We are aware of a security incident impacting accounts on Twitter,” the company said on Twitter. “We are inestigating and taking steps to fix it. We will update eeryone short.”
推特公司发推文表示:“我们注意到一起安全事件影响了推特上的账户。我们正在调查并采取措施修复。我们很快就会向大家发布**消息。”
The company subsequent warned that some users would be unable to tweet or change their passwords as it worked to address the issue. The company appeared to be blocking erified users, whose accounts feature a blue checkmark to denote that Twitter has confirmed their identities, from tweeting.
该公司随后警告说,在解决这个问题的过程中,一些用户可能无法发推文或更改密码。该公司似乎在屏蔽已验证用户的账户,这些用户的账户上有一个蓝色的标记,表示推特公司已经确认了他们的身份。
Twitter’s stock price tumbled more than 3% in after hours trading.
推特股价在盘后交易中下跌超过3%。
The hack probab targeted a ulnerability on Twitter’s end rather than those of the indiidual account holders, said John Ozbay, the chief executie of the priacy and security tool Cryptee. Most high-profile users probab engage two-factor authentication, Ozbay said, and the hackers appeared to hae enough control oer the compromised accounts to “pin” a tweet. That would not hae been possible if a hacked account were being controlled by S, as occurred when the Twitter CEO Jack Dorsey’s own account was hijacked in 2019.
隐私和安全工具Cryptee公司的首席执行官约翰·奥兹贝说,黑客攻击的目标可能是推特终端的一个漏洞,而不是个人账户持有人的漏洞。奥兹贝说,大多数名人用户可能会采用双因素身份验证,黑客似乎有足够的控制权来控制被入侵的账户,“锁定”一条推文。如果一个被黑的账户被用户管理系统控制,这是不可能的,就像推特首席执行官杰克·多尔西自己的账户在2019年被入侵时一样。
Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronairus pandemic.
施密特说,这些攻击可能与这样一个事实有关,即在新冠肺炎疫情期间,推特公司像其他许多科技行业的公司一样,已经转向远程工作。
“The likelihood of attacks like this increase when people are working remote it is much easier for bad actors to impersonate someone through an email and gain access to their accounts,” said Schmidt. “Assuming this wasn’t someone inside Twitter trying to take reenge, it appears to be a spear phishing attack – someone who has access to admin priileges that can oerride two-factor authentication and strong passwords fell ictim to a hack”.
施密特说:“当人们远程工作时,这种攻击的可能性会增加,恶意攻击者更容易通过电子邮件冒充他人入侵他们的账户。假设这不是推特内部员工蓄意报复,那这似乎是一种鱼叉式网络钓鱼攻击,一个拥有管理权限、可以推翻双因素认证和强密码的人最终成为黑客攻击的受害者。
impersonate [ɪmˈpɜːsəneɪt]:t.扮演;模仿;
spear phishing:鱼叉式网络钓鱼是面向特定组织的欺诈行为,目的是不通过授权访问机密数据。
英文来源:卫报
翻译AMPL编辑:yaning
来源:中国日报网
文章链接:https://www.btchangqing.cn/65355.html
更新时间:2023年04月06日
本站大部分内容均收集于网络,若内容若侵犯到您的权益,请联系我们,我们将第一时间处理。