蚂蚁彩票欢迎您的到来!

资讯动态
联系方式

南宁译心翻译有限公司
地址:广西南宁市科园大道31号财智时代A座1111室

翻译热线:0771-3219202

值班手机:13878778117   18977972495

微信:13878778117

发送稿件:yxfy186@163.com
英才加盟:yxfy188@163.com

您现在的位置 : 首页 > 资讯动态 > 双语文摘

<纽约时报>:长期的黑客攻击可能来自于中国

By NICOLE PERLROTH  Published: March 29, 2012
作者:NICOLE PERLROTH  2012年3月29日
 
SAN FRANCISCO — A breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university — putting a face on the persistent espionage by Chinese hackers against foreign companies and groups.
Nart Villeneuve of Trend Micro said the attacks were part of a continuous campaign in which hackers “are busy and stay busy.”
The attacks were connected to an online alias, according to a report to be released on Friday by Trend Micro, a computer security firm with headquarters in Tokyo.
The owner of the alias, according to online records, is Gu Kaiyuan, a former graduate student at Sichuan University, in Chengdu, China, which receives government financing for its research in computer network defense.
Mr. Gu is now apparently an employee at Tencent, China’s leading Internet portal company, also according to online records. According to the report, he may have recruited students to work on the university’s research involving computer attacks and defense.
The researchers did not link the attacks directly to government-employed hackers. But security experts and other researchers say the techniques and the victims point to a state-sponsored campaign.
“The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement,” said James A. Lewis, a former diplomat and expert in computer security who is a director and senior fellow at the Center for Strategic and International Studies in Washington. “A private Chinese hacker may go after economic data but not a political organization.”
Neither the Chinese embassy in Washington nor the Chinese consulate in New York answered requests for comment.
The Trend Micro report describes systematic attacks on at least 233 personal computers. The victims include Indian military research organizations and shipping companies; aerospace, energy and engineering companies in Japan; and at least 30 computer systems of Tibetan advocacy groups, according to both the report and interviews with experts connected to the research. The espionage has been going on for at least 10 months and is continuing, the report says.
In the report, the researchers detailed how they had traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks. They mapped that address to a QQ number — China’s equivalent of an online instant messaging screen name — and from there to an online alias.
The person who used the alias, “scuhkr” — the researchers said in an interview that it could be shorthand for Sichuan University hacker — wrote articles about hacking, which were posted to online hacking forums and, in one case, recruited students to a computer network and defense research program at Sichuan University’s Institute of Information Security in 2005, the report said.
The New York Times traced that alias to Mr. Gu. According to online records, Mr. Gu studied at Sichuan University from 2003 to 2006, when he wrote numerous articles about hacking under the names of “scuhkr” and Gu Kaiyuan. Those included a master’s thesis about computer attacks and prevention strategies. The Times connected Mr. Gu to Tencent first through an online university forum, which listed where students found jobs, and then through a call to Tencent.
Reached at Tencent and asked about the attacks, Mr. Gu said, “I have nothing to say.”
Tencent, which is a privately managed and stock market-listed Internet company, did not respond to several later inquiries seeking comment.
The attacks are technically similar to a spy operation known as the Shadow Network, which since 2009 has targeted the government of India and also pilfered a year’s worth of the Dalai Lama’s personal e-mails. Trend Micro’s researchers found that the command-and-control servers directing the Shadow Network attacks also directed the espionage in its report.
The Shadow Network attacks were believed to be the work of hackers who studied in China’s Sichuan Province at the University of Electronic Science and Technology, another university in Chengdu, that also receives government financing for computer network defense research. The People’s Liberation Army has an online reconnaissance bureau in the city.
Some security researchers suggest that the Chinese government may use people not affiliated with the government in hacking operations — what security professionals call a campaign.
For example, earlier this year, Joe Stewart, a security expert at Dell SecureWorks, traced a campaign against the Vietnam government and oil exploration companies to an e-mail address that belonged to an Internet marketer in China.
“It suggested there may be a marketplace for freelance work — that this is not a 9-to-5 work environment,” Mr. Stewart said. “It’s a smart way to do business. If you are a country attacking a foreign government and you don’t want it tied back, it would make sense to outsource the work to actors who can collect the data for you.”
The campaign detailed in the Trend Micro report was first documented two weeks ago by Symantec, a security firm based in Mountain View, Calif. It called the operation “Luckycat,” after the login name of one of the other attackers, and issued its own report. But Trend Micro’s report provides far more details. The two firms were unaware that they were both studying the same operation.
Trend Micro’s researchers said they were first tipped off to the campaign three months ago when they received two malware samples from two separate computer attacks — one in Japan and another in Tibet — and found that they were both being directed from the same command-and-control servers. Over the next several months, they traced more than 90 different malware attacks back to those servers.
Each attack began, as is often the case, with an e-mail intended to lure victims into opening an attachment. Indian victims were sent an e-mail about India’s ballistic missile defense program. Tibetan advocates received e-mails about self-immolation or, in one case, a job opening at the Tibet Fund, a nonprofit based in New York City. After Japan’s earthquake and nuclear disaster, victims in Japan received an e-mail about radiation measurements.
Each e-mail contained an attachment that, when clicked, automatically created a backdoor from the victim’s computer to the attackers’ servers. To do this, the hackers exploited security holes in Microsoft Office and Adobe software. Almost immediately, they uploaded a directory of the victims’ machines to their servers. If the files looked enticing, hackers installed a remote-access tool, or rat, which gave them real-time control of their target’s machine. As long as a victim’s computer was connected to the Internet, attackers had the ability to record their keystrokes and passwords, grab screenshots and even crawl from that machine to other computers in the victim’s network.
Trend Micro’s researchers would not identify the names of the victims in the attacks detailed in its report, but said that they had alerted the victims, and that many were working to remediate their systems.
A spokesman for India’s Defense Ministry, Sitanshu Kar, said he was not aware of the report or of the attacks it described. Fumio Iwai, a deputy consul at the Japanese consulate in New York, declined to comment.
As of Thursday, the campaign’s servers were still operating and computers continue to leak information.
“This was not an individual attack that started and stopped,” said Nart Villeneuve, a researcher that helped lead Trend Micro’s efforts. “It’s a continuous campaign that has been going on for a long time. There are constant compromises going on all time. These guys are busy and stay busy.”
Vikas Bajaj contributed reporting from Mumbai and David Barboza from Shanghai. Xu Yan contributed research from Shanghai.
A version of this article appeared in print on March 30, 2012, on page A1 of the New York edition with the headline: Hacking Case Based in China Is Given a Face.
 

旧金山——日本和印度公司以及西藏流亡组织的电脑和中国大学一名已毕业学生有信息交互——这可能是中国黑客对国外公司和组织的长期入侵行为。
 趋势科技的一名专家称这是黑客“长期致力并一直进行的”攻击行为中的一部分。
 根据总部在东京的计算机安全企业趋势科技周五披露的一份报告,攻击被怀疑是和一个联网的账号有关。
 据这份报告称,该账号的拥有者是古开元,中国成都的四川大学一名毕业生。古接受政府赞助从事计算机网络防护方面的研究。
 同样据报告称,古先生现在表面上是中国在线交流平台龙头腾迅公司的员工。根据这份报告,谷可能曾招募学生在大学期间从事包括计算机攻击和防护在内的研究工作。
 研究者没有直接将攻击行为和政府雇用的黑客联系起来。但是安全专家和其他研究者称从入侵手法和受害者来看,矛头指向政府指使的行为。
 “针对西藏流亡组织的行为强烈暗示了中国政府的参与”,前计算机领域公关人员和专家,现华盛顿国际战略和研究中心主任和资深员工吉姆利维斯称,“一个中国个人入侵者可能更关心商业数据而不是一个政治组织”。
 中国驻华盛顿大使馆和驻纽约总领馆对此事都没有发表评论。
 趋势科技的报告披露了至少针对233个个人电脑的系统攻击。受害者包括印度军方研究组织、船运公司、航空航天;日本的能源和工程公司;西藏流亡组织的至少30个计算机系统。报道和对专家的采访都证实了上述这些。报告称攻击行为至少持续了10个月并仍在继续。
 在报告中,研究者详细描述了他们如何通过注册并进行控制的邮件抵制追踪到攻击源头的。他们跟踪并追查到一个QQ账户—中国在线桌面交流软件—并从这追查到一个在线账户。
 “scuhkr”—研究者在一次采访中称这可能是四川大学黑客的简写—这个账户的使用者撰写了关于如何进行攻击的文章并发布在黑客论坛,并且在2005年曾经招募学生在四川大学计算机安全研究所从事计算机网络和防护研究。
 纽约时报从该账户追查到谷先生。根据联网纪录,谷先生2003-2006年在四川大学上学,在此期间他以该账户撰写了很多计算机入侵的技术文章,其中包括计算机攻击和防护的硕士论文。时报是通过一个大学论坛查到谷先生和腾迅公司的关系的,该论坛记录了学生从哪里找到工作,并从腾迅公司得到了证实。
 当在腾迅公司被时报问及攻击行为时,谷先生说“无可奉告”。
 上市并隐秘运营的腾迅公司在随后被问及时也未作出回应。

原创翻译:龙腾网 http://www.ltaaa.com 翻译:福禄寿禧 转载请注明出处
原帖链接:http://www.nytimes.com/2012/03/30/technology/hacking-in-asia-is-linked-to-chinese-ex-graduate-student.html?_r=1&pagewanted=all
分享到:
点击次数:  更新时间:2012-04-02  【打印此页】  【关闭