本周三(7月15日),包括喬·拜登、貝拉克·奧巴馬、埃隆·馬斯克、比爾·蓋茨、杰夫·貝佐斯和蘋(píng)果公司在內(nèi)的重要公眾人物和企業(yè)的推特賬戶被黑客攻陷,令人震驚。
Twitter said it was aware of "a security incident" and "taking steps to fix it", but provided no further information hours after the hack began.
在黑客攻擊開(kāi)始幾個(gè)小時(shí)后,推特公司表示,已經(jīng)知曉這起“安全事件”,并“正在采取措施修復(fù)漏洞”,但沒(méi)有提供進(jìn)一步的信息。
The hack unfolded over the course of several hours, and it appeared that Twitter was only able to stop it by preventing verified accounts from tweeting at all – an unprecedented measure.
這次黑客入侵持續(xù)了幾個(gè)小時(shí),推特公司似乎只能通過(guò)禁止認(rèn)證賬戶發(fā)布推文來(lái)加以阻止,這一舉措前所未有。
The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted by some of the compromised accounts over the course of Wednesday afternoon.
這些被入侵的賬戶發(fā)出的推文包括一個(gè)比特幣錢包的地址,隨著騙局的蔓延,這個(gè)錢包的余額迅速增長(zhǎng)到超過(guò)11個(gè)比特幣(超過(guò)10萬(wàn)美元,約合人民幣69.8萬(wàn)元)。本周三下午,類似的推文被一些被入侵的賬戶反復(fù)刪除和轉(zhuǎn)發(fā)。
While the motives and source of the attack are not yet known, the coordinated hijacking of the verified communications streams of world leaders, celebrities and major corporate accounts was a frightening prospect. Twitter has become a de facto wire service for the world and is used for official communications by governments during emergencies; a hack on the scale of Wednesday's attack could have been more disruptive or even dangerous.
雖然此次黑客入侵的動(dòng)機(jī)和來(lái)源尚不清楚,但合作入侵世界領(lǐng)導(dǎo)人、名人和大公司已認(rèn)證賬戶的做法令人恐懼。推特已經(jīng)成為事實(shí)上的全球通訊機(jī)構(gòu),在緊急情況下被各國(guó)政府用于官方信息往來(lái),像周三這樣規(guī)模的黑客攻擊可能更具破壞性,甚至更危險(xiǎn)。
"The amount of damage this could cause is very high," said Douglas Schmidt, a computer science professor at Vanderbilt University. "These people could hold information gleaned from the hack for ransom in the future."
范德比爾特大學(xué)計(jì)算機(jī)科學(xué)教授道格拉斯·施密特說(shuō):“這可能造成非常大的損害。這些人可以保存從此次入侵事件中收集到的信息,以便將來(lái)索取贖金。”
Twitter issued a statement approximately 90 minutes after scam messages began being sent out by Musk's and Gates' accounts, as the attack was ongoing.
在馬斯克和蓋茨的賬戶開(kāi)始發(fā)送詐騙信息大約90分鐘后,推特公司發(fā)布了一份聲明,當(dāng)時(shí)攻擊仍在進(jìn)行。
"We are aware of a security incident impacting accounts on Twitter," the company said on Twitter. "We are investigating and taking steps to fix it. We will update everyone shortly."
推特公司發(fā)推文表示:“我們注意到一起安全事件影響了推特上的賬戶。我們正在調(diào)查并采取措施修復(fù)。我們很快就會(huì)向大家發(fā)布最新消息。”
The company subsequently warned that some users would be unable to tweet or change their passwords as it worked to address the issue. The company appeared to be blocking verified users, whose accounts feature a blue checkmark to denote that Twitter has confirmed their identities, from tweeting.
該公司隨后警告說(shuō),在解決這個(gè)問(wèn)題的過(guò)程中,一些用戶可能無(wú)法發(fā)推文或更改密碼。該公司似乎在屏蔽已驗(yàn)證用戶的賬戶,這些用戶的賬戶上有一個(gè)藍(lán)色的標(biāo)記,表示推特公司已經(jīng)確認(rèn)了他們的身份。
Twitter's stock price tumbled more than 3% in after hours trading.
推特股價(jià)在盤(pán)后交易中下跌超過(guò)3%。
The hack probably targeted a vulnerability on Twitter's end rather than those of the individual account holders, said John Ozbay, the chief executive of the privacy and security tool Cryptee. Most high-profile users probably engage two-factor authentication, Ozbay said, and the hackers appeared to have enough control over the compromised accounts to "pin" a tweet. That would not have been possible if a hacked account were being controlled by SMS, as occurred when the Twitter CEO Jack Dorsey's own account was hijacked in 2019.
隱私和安全工具Cryptee公司的首席執(zhí)行官約翰·奧茲貝說(shuō),黑客攻擊的目標(biāo)可能是推特終端的一個(gè)漏洞,而不是個(gè)人賬戶持有人的漏洞。奧茲貝說(shuō),大多數(shù)名人用戶可能會(huì)采用雙因素身份驗(yàn)證,黑客似乎有足夠的控制權(quán)來(lái)控制被入侵的賬戶,“鎖定”一條推文。如果一個(gè)被黑的賬戶被用戶管理系統(tǒng)控制,這是不可能的,就像推特首席執(zhí)行官杰克·多爾西自己的賬戶在2019年被入侵時(shí)一樣。
Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronavirus pandemic.
施密特說(shuō),這些攻擊可能與這樣一個(gè)事實(shí)有關(guān),即在新冠肺炎疫情期間,推特公司像其他許多科技行業(yè)的公司一樣,已經(jīng)轉(zhuǎn)向遠(yuǎn)程工作。
"The likelihood of attacks like this increase when people are working remotely it is much easier for bad actors to impersonate someone through an email and gain access to their accounts," said Schmidt. "Assuming this wasn't someone inside Twitter trying to take revenge, it appears to be a spear phishing attack – someone who has access to admin privileges that can override two-factor authentication and strong passwords fell victim to a hack".
施密特說(shuō):“當(dāng)人們遠(yuǎn)程工作時(shí),這種攻擊的可能性會(huì)增加,惡意攻擊者更容易通過(guò)電子郵件冒充他人入侵他們的賬戶。假設(shè)這不是推特內(nèi)部員工蓄意報(bào)復(fù),那這似乎是一種魚(yú)叉式網(wǎng)絡(luò)釣魚(yú)攻擊,一個(gè)擁有管理權(quán)限、可以推翻雙因素認(rèn)證和強(qiáng)密碼的人最終成為黑客攻擊的受害者。