-
(单词翻译:双击或拖选)
Cybercrime
网络犯罪
Black hats, grey hairs
黑客之伤:白了少年头
A shake-up in the hacker1 underground and fresh attacks suggest change is coming to computer security
地下黑客组织受到打击,新式攻击预示着计算机安全将有所改变
Aug 6th 2011 | from the print edition
AN 18-YEAR-OLD with 16 computers in a small house in the Shetland Islands: that is where a police hunt ended for the global nerve centre of LulzSec, a group of hackers3 whose exploits include defacing or disabling the websites of Rupert Murdoch’s media empire, the CIA, a bunch of gay-bashing American Baptists, and Britain’s Serious Organised Crime Agency. Active from May to late June, when it claims to have disbanded, LulzSec’s hallmark was prankish4 attacks accompanied by public mockery. As well as officialdom, its targets included computer-security and online-gaming companies regarded as pompous5, complacent6 or hypocritical.
在英国设德兰群岛上的一间小屋里,有一个十八岁的孩子守着十六台计算机,这就是警察搜寻到的LulzSec 的全球控制总部。这个名叫Lulzsec 黑客组织的战绩包括,攻击破坏罗伯特默多克媒体帝国的网站,美国中央情报局网站,美国浸信会中攻击同性恋的网站,还有英国重大组织犯罪署的网站。一直从五月活跃到七月末,它忽然宣布解散。LulzSec特点就是在公众的嘲笑下恶作剧般的攻击。它的目标包括那些自大骄傲虚伪的计算机安全公司和在线游戏公司,还有官僚做派的组织。
In geekspeak “lulz” means to laugh at a victim; “sec” is for “security”. But lately the misfortune has mostly been the hackers’ own. Of LulzSec’s six presumed core members, police have arrested at least two, including, in late July, the (now bailed) Scottish teenager Jake Davis. The most expert, who goes by the alias7 Sabu, is still at large. About 15 members of Anonymous8, a shadowy collective of skilled, politically motivated hackers, are also in police custody9 worldwide, according to Gregg Housh, a Boston man who ran computer servers for it but denies involvement in illegal hacks10.
在奇客语言中,“lulz”是嘲笑受害者的意思。“sec”的意思是安全。但是最近这种厄运降临到黑客自己身上。警察已经逮捕了LulzSec的前任六名核心成员中的两名,其中有一名苏格兰少年杰克?戴维斯(现已保释)。组织核心,化名为萨布的成员仍然在逃。根据一个名叫格列哥?豪斯的波士顿人称,“匿名”组织有大约十五名技术精湛的骇客在世界范围被监禁。这个组织的成员一般因为政治原因行动,格列哥?豪斯为此组织运营计算机服务器,但是他否认参与了非法攻击。
Authorities in America, Australia, Britain, France, the Netherlands, Norway and elsewhere are arresting high-profile hacktivists and threatening them with real-life jail (without, horrors, internet access). Old-fashioned policing, such as less severe sentences for those who snitch, is proving effective: “These are criminal networks and there are known techniques for dealing11 with criminal networks,” says Nils Gilman of Monitor 360, a consultancy.
美国,澳大利亚,英国,法国,荷兰,挪威等国的当局都在高调追捕那些骇客,并且以拘留(没有,恐怖,没有网上)为挟。这种旧式整顿,比如说轻微的判刑对于这些小偷小摸的人说,有效果。360监控的咨询师尼尔斯?吉尔曼说“这些就是犯罪网络,但是已经有对付犯罪网络的技术了”。
Amid this pressure the hacker underground, riven by squabbles and splits over personality and policy, has turned on itself. Cyber civil wars have broken out, with rivals attacking each others’ computers and attempting to discover and reveal their real-world identities. LulzSec itself emerged from such a row a little more than three months ago when it broke off from Anonymous. The quarrel, about which targets deserved attack, was particularly bitter, says Mr Housh.
这些地下黑客组织不光面临着外界压力,在个性和政策上的争执分歧也让自己焦头烂额,引火烧身。网络内战已经爆发,竞争对手间互相攻击对方的计算机网络,试图去揭发泄露对方现实身份。LulzSec 同三个月前他和“匿名”断交前相比,现在更多的参与到其中。豪斯先生说,关于攻击目标的争论,尤为激烈。
Upon forming, LulzSec distanced itself from its parent. The older group had been launching computer attacks against MasterCard, Visa, PayPal and others that had blocked donations to WikiLeaks. The LulzSec team of self-described “evil bastards” wrote in a press release that it preferred to abuse more ordinary folks and organisations for “a jolt12 of satisfaction”. Devilry seemingly trumped13 high-minded politics: the aim, says Mr Housh, was entertainment, “screwing with a person until he can’t take it anymore”. But some more puritanical14 hackers have turned vigilante, trying to disrupt LulzSec. Its antics, they say, encourage official crackdowns on internet freedoms.
刚刚组建,LulzSec 就同其母体组织保持距离。旧的团体曾经对万事达,威士卡,贝宝和其它的一些停止对维基泄密提供资金的公司发动攻击。而LulzSec团队自我描述成“魔鬼私生子”曾在发布稿中写过,它更愿意去攻击更普通的平民或者组织,只是为了纯粹的满足感。邪恶好像是高尚的政治正义感更胜一筹。豪斯先生说:纯粹为了娱乐,和一个人死磕到底直到他动弹不得。但是一些清教徒式的黑客成为了治安专员,想要搞垮LulzSec。他们认为,它的各种离经叛道的行径就是在鼓励当局限制网络自由。
Not in it for the money
不是为了钱
Groups such as Anonymous and LulzSec are not motivated by money, but they can still wreak15 financial havoc16. Following the theft of roughly 100m online gamers’ account details in April, Sony shut down its PlayStation Network for nearly a month at a cost of about $171m. A loss in consumer trust has added to that toll17. Anonymous and LulzSec often post stolen data online to brag18 and attract potential recruits. But others can and do attempt to cash in on the loot. David Pérez of Taddong, a Madrid-based consultancy, says stolen bank-account or credit-card details often end up in online black markets. Illicit19 software automates21 many of these bourses, says Gordon Snow, assistant director of the cybercrime division in America’s FBI. Sellers and buyers need not communicate directly, so closing deals is less risky22.
像“匿名”和LulzSec这样的团体不为钱驱使,但是他们仍旧能摆脱经济上困窘。四月大概有一亿在线玩家的账户被盗,之后索尼就将它自己的PSN关了近一个月的时间,花了大概1.71亿美元。由于失去了客户信任,增加了损失。“匿名”和LulzSec 经常在网上展示偷来的数据,用来显摆或者吸引新人眼球。但是其他人可以也尝试利用这些战利品来趁机捞一把。来自马德里一家名叫塔东咨询公司的大卫?佩雷斯说,那些偷来的银行账号或者信用卡详细资料最终都会落到线上黑市交易。美国联邦调查局的网络犯罪部门助理司长戈登?斯诺说,非法软件让许多线上交易所自动交易。卖家和买家不需要直接沟通,做成交易没多大风险。
Lately LulzSec has changed tack2, branding itself a champion of the oppressed, perhaps to shake off accusations23 of political indifference24 and sadism. A grandiloquent25 statement issued after Mr Davis’s arrest said: “We are sick of the twisted corporatocracy that controls us…united, we can stomp26 down our common oppressors and imbue27 ourselves with the power and freedom we deserve.”
最近LulzSec改换了策略,给自己定位为打压受害者,或许是想要摆脱政治冷漠和施虐的帽子。戴维斯先生被捕之后发表了一段大言不惭的讲话:“我们厌倦了那些复杂的公司王国来控制我们,让我们团结,我们能轻易击败普通的压迫者,并且给我们自己我们需要的自由和力量。”
Even as the hacking28 underworld has splintered, new threats are emerging. The agenda for Black Hat USA, a security shindig this week in Las Vegas, ranges from the perennial29 flaws of Microsoft’s software to newly discovered weaknesses in Apple laptops’ batteries, in mobile devices running Google’s Android operating system and in wireless30 water-meters.
就在地下黑客内部四分五裂的时候,新的威胁又出现了。在本周拉斯维加斯的美国黑帽安全峰会上,所议问题包括微软层出不穷的漏洞,还有刚刚发现苹果手提电脑电池,运行谷歌安卓运系统的移动设备,移动水表的各种问题。
The growth of “cloud” computing31 makes life harder for hackers overall (because firms that run cloud systems will on average have better security) but when a breach32 occurs, it offers bigger gains. LulzSec recently claimed (on flimsy evidence) that it had made Apple “our bitch for life” by pillaging33 passwords and source code from the iCloud servers built to dispatch photos, music and other data to customers’ iPhones, iPads and computers. As mischief34 has become easier, the hacker crowd has burgeoned35 and mutated. Ilias Chantzos of Symantec, a computer-security company, says it has far outgrown36 its nerdy roots in a subculture of brainy social outcasts fuelled by pizza deliveries and fizzy drinks.
云计算的成长让黑客雪上加霜(因为运行云系统的公司总的说来有更好的安全水平)但是,一旦出现缺口,黑客就有更多的收获。苹果云服务器是用来将图片,音乐和其它数据发送到顾客的苹果手机,平板电脑,计算机的服务系统,而最近LulzSec宣称(尽管证据不足)它已经把用户密码和资源代码从云系统中盗了出来,将其变成了“我们终身的婊子”。随着内部不和升级,黑客组织生出新芽,产生巨变。计算机安全公司赛门铁克的伊利亚斯?肯兹说,现在黑客群体已经不仅仅局限于它当初的起源人群,那些每天靠吃比萨外卖二氧化碳汽水为生的书呆子,这些社会次文化中头脑活跃的边缘团体。
The lower technological37 barriers to entry—no matter the motive—have led to what the FBI’s Mr Snow refers to as hacking’s “industrialisation”. Supporters of Anonymous and LulzSec have stoked the fire, he says, thanks to the spread of new easy-to-use software called “hacking toolkits”. These automate20 attacks and can be configured to deface or crash a website, or even snatch goodies ranging from credit-card details to industrial designs. Some toolkits also offer “drive-by download”. This turns a website into a trap that hijacks38 visitors’ computers (or phones), even if they have not clicked on anything.
技术门槛低并且不看动机导致了现在如联邦调查局的斯诺先生所说的黑客工业化的情况。他说,由于一个一个简单实用的名为黑客工具包的软件的传播,“匿名”和LulzSec 的支持者们也能跟着煽风点火。这些自动程序可以攻击或者能被设置能破坏或者使网站瘫痪,甚至顺带着攫取一些甜头,从信用卡细节资料到工业设计。一些工具包也提供偷渡下载,这就将网站变成了一个陷阱,只要访客的计算机(或者手机)点击到了网站的任何东西,那就被黑了。
The hacktivists may do most damage by providing cover for more sinister39 efforts. A report this week by McAfee, a computer-security company, reveals the results of a five-year probe called Operation Shady RAT, examining attacks that use “Remote Access Tools” to inveigle40 access to computer networks. It does not name the perpetrator (some fingers are pointed41 at China) but lists 72 victims, from sporting authorities to the governments of America, Canada, India, South Korea, Taiwan, and Vietnam, plus defence contractors42 and many other firms. Dmitri Alperovitch of McAfee describes the intrusions as “the biggest transfer of wealth in terms of intellectual property in history”. Kenneth Geers of NATO’s cyberwar centre in Estonia says the hacking boom makes it easier for cyber-spies to pass off their work as the handiwork of a misguided rebellious43 teenager. Not so funny after all.
黑客活动因为为一些更为恶性的行为提供屏蔽而造成了更多伤害。计算机安全公司迈克菲这周发布的报告发布了一个名叫“Shady RAT”为其五年的调查结果,有哪些攻击是使用“远程访问工具”来诱击计算机网络的。它并没有指出作案者的姓名(一些的指向在中国),但是列举出了72个受害者,包括体育当局,美国,加拿大,引渡,南韩,台湾和越南的政府还有国防承包商其他的许多公司。迈克菲副总裁狄米崔?阿帕罗维奇把这些入侵描述成“历史上最大的知识产权的财富交易”。爱沙尼亚的北约网站肯尼斯?吉尔斯指出,黑客蓬勃发展让网络间谍有机可乘,视工作为误入歧途的叛逆青少年的手工小制作。但是没那么有趣罢了。
点击收听单词发音
1 hacker | |
n.能盗用或偷改电脑中信息的人,电脑黑客 | |
参考例句: |
|
|
2 tack | |
n.大头钉;假缝,粗缝 | |
参考例句: |
|
|
3 hackers | |
n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客” | |
参考例句: |
|
|
4 prankish | |
adj.爱开玩笑的,恶作剧的;开玩笑性质的 | |
参考例句: |
|
|
5 pompous | |
adj.傲慢的,自大的;夸大的;豪华的 | |
参考例句: |
|
|
6 complacent | |
adj.自满的;自鸣得意的 | |
参考例句: |
|
|
7 alias | |
n.化名;别名;adv.又名 | |
参考例句: |
|
|
8 anonymous | |
adj.无名的;匿名的;无特色的 | |
参考例句: |
|
|
9 custody | |
n.监护,照看,羁押,拘留 | |
参考例句: |
|
|
10 hacks | |
黑客 | |
参考例句: |
|
|
11 dealing | |
n.经商方法,待人态度 | |
参考例句: |
|
|
12 jolt | |
v.(使)摇动,(使)震动,(使)颠簸 | |
参考例句: |
|
|
13 trumped | |
v.(牌戏)出王牌赢(一牌或一墩)( trump的过去分词 );吹号公告,吹号庆祝;吹喇叭;捏造 | |
参考例句: |
|
|
14 puritanical | |
adj.极端拘谨的;道德严格的 | |
参考例句: |
|
|
15 wreak | |
v.发泄;报复 | |
参考例句: |
|
|
16 havoc | |
n.大破坏,浩劫,大混乱,大杂乱 | |
参考例句: |
|
|
17 toll | |
n.过路(桥)费;损失,伤亡人数;v.敲(钟) | |
参考例句: |
|
|
18 brag | |
v./n.吹牛,自夸;adj.第一流的 | |
参考例句: |
|
|
19 illicit | |
adj.非法的,禁止的,不正当的 | |
参考例句: |
|
|
20 automate | |
v.自动化;使自动化 | |
参考例句: |
|
|
21 automates | |
(使)自动化( automate的第三人称单数 ) | |
参考例句: |
|
|
22 risky | |
adj.有风险的,冒险的 | |
参考例句: |
|
|
23 accusations | |
n.指责( accusation的名词复数 );指控;控告;(被告发、控告的)罪名 | |
参考例句: |
|
|
24 indifference | |
n.不感兴趣,不关心,冷淡,不在乎 | |
参考例句: |
|
|
25 grandiloquent | |
adj.夸张的 | |
参考例句: |
|
|
26 stomp | |
v.跺(脚),重踩,重踏 | |
参考例句: |
|
|
27 imbue | |
v.灌输(某种强烈的情感或意见),感染 | |
参考例句: |
|
|
28 hacking | |
n.非法访问计算机系统和数据库的活动 | |
参考例句: |
|
|
29 perennial | |
adj.终年的;长久的 | |
参考例句: |
|
|
30 wireless | |
adj.无线的;n.无线电 | |
参考例句: |
|
|
31 computing | |
n.计算 | |
参考例句: |
|
|
32 breach | |
n.违反,不履行;破裂;vt.冲破,攻破 | |
参考例句: |
|
|
33 pillaging | |
v.抢劫,掠夺( pillage的现在分词 ) | |
参考例句: |
|
|
34 mischief | |
n.损害,伤害,危害;恶作剧,捣蛋,胡闹 | |
参考例句: |
|
|
35 burgeoned | |
v.发芽,抽枝( burgeon的过去式和过去分词 );迅速发展;发(芽),抽(枝) | |
参考例句: |
|
|
36 outgrown | |
长[发展] 得超过(某物)的范围( outgrow的过去分词 ); 长[发展]得不能再要(某物); 长得比…快; 生长速度超过 | |
参考例句: |
|
|
37 technological | |
adj.技术的;工艺的 | |
参考例句: |
|
|
38 hijacks | |
劫持( hijack的名词复数 ); 绑架; 拦路抢劫; 操纵(会议等,以推销自己的意图) | |
参考例句: |
|
|
39 sinister | |
adj.不吉利的,凶恶的,左边的 | |
参考例句: |
|
|
40 inveigle | |
v.诱骗 | |
参考例句: |
|
|
41 pointed | |
adj.尖的,直截了当的 | |
参考例句: |
|
|
42 contractors | |
n.(建筑、监造中的)承包人( contractor的名词复数 ) | |
参考例句: |
|
|
43 rebellious | |
adj.造反的,反抗的,难控制的 | |
参考例句: |
|
|