2021年经济学人 美国遇史上最严重黑客入侵,幕后黑手系俄罗斯?(1)（在线收听）

United States

美国版块

Cyber-security

网络安全

Bear hunt

猎熊

Hackers have vaulted into the heart of America’s government

黑客已经潜入美国政府的核心

On september 25th Russia’s president, Vladimir Putin, warned that a “largescale confrontation in the digital sphere” was looming. He offered a solution. Russia and America would “exchange guarantees of non-interference in each other’s internal affairs, including electoral processes, including using ICT”—in short, a cybertruce. Even as he spoke, his hackers were apparently deep inside some of America’s most sensitive networks.

9月25日，俄罗斯总统弗拉基米尔·普京警告称，“数字领域的大规模对抗”一触即发。他提出了一个解决办法。即俄罗斯和美国将“彼此保证不通过信息和通信技术等方式干涉对方的内政，包括选举进程”——简而言之，就是网络休战协议。就在普京讲话的时候，他手下的黑客显然已经深入到美国最敏感的一些网络中。

American officials claim that a group of hackers known as APT29, or more evocatively as Cozy Bear, thought to be part of the SVR, Russia’s foreign intelligence service, penetrated several American government bodies—the list so far includes the Treasury, Commerce, State and Homeland Security Departments, along with the National Institutes of Health—where they could read emails at will. It appears to be one of the largest-ever acts of digital espionage against America.

美国官员声称，美国政府认为名为APT29的黑客组织（或者更能让人想起的舒适熊组织）隶属于俄罗斯对外情报局（SVR），该组织侵入了几个美国政府机构。迄今为止，入侵名单包括美国财政部、商务部、国土安全部，以及国立卫生研究院，黑客组织可以随意浏览这些政府机构的电子邮件。这似乎是有史以来针对美国的最大规模的数字间谍活动之一。

The intrusion took a circuitous route. Between March and June, SolarWinds, a Texan company, pushed out updates to its Orion software, which is widely used to help organisations monitor their networks. The malware hitched a ride on those updates. Once downloaded, it allowed hackers to impersonate an organisation’s system administrators, who typically have the run of the entire network. It cleverly funnelled out data by disguising it as legitimate traffic while parrying anti-virus tools. Once inside, intruders can remain present even if Orion is disconnected.

黑客入侵采取了迂回的方式。今年3月至6月，德州公司SolarWinds推出了旗下Orion软件的更新，该软件被广泛用于帮助组织监控其网络。恶意软件搭上了更新的便车。一旦下载，黑客就可以冒充一个组织的系统管理员，而系统管理员通常负责整个网络的运行。恶意软件巧妙地将数据伪装成合法流量，同时避开反病毒工具。一旦进入，即使Orion被断开连接，入侵者也可以继续存在。