-
(单词翻译:双击或拖选)
JUDY WOODRUFF: Today's disclosure of a major hacking1 attack on the nation's second-largest health insurer, Anthem2, is setting off alarms about cyber-crime at a new level.
Hackers3 were able to crack a database that included records for 80 million people. The cyber-criminals were able to get names, addresses and e-mails, as well as Social Security numbers and income. But hospital and doctor information related to patients wasn't hacked4.
Bloomberg News reported that investigators5 believe Chinese state-sponsored hackers are involved.
Mark Bower6 is a noted7 expert on these issues. He's also a vice8 president at Voltage Security in California.
Mark Bower, welcome.
MARK BOWER, Voltage Security: Well, certainly, we have just started the year off with a bang in terms of data breaches11; 80 million records is a very substantial amount, so this is quite a serious attack
And the nature of the data, you have got lots of personal data that can potentially be monetized. It's going to be very inconvenient12 for those individuals and also quite costly13 for the organization that this affects.
JUDY WOODRUFF: It is possible to know at this point who is behind this? You — we mentioned the Bloomberg news report that it's potentially the Chinese. They mentioned a group called Deep Panda.
MARK BOWER: It's not clear yet. We only have a couple data points on information like that.
But, fundamentally, there's got to be some organized crime behind this or very well-organized attackers to be able to get into these types of systems and steal this volume of data. And we shouldn't forget that these types of attacks are pretty much expected these days.
We have seen breaches of this nature across the board over the last decade. And, in fact, the volumes of data that have been stolen are actually staggering these days.
MARK BOWER: So, it depends on the — their motive14 in the end. But, ultimately, if you have stolen large amounts of personal information, whether you have got Social Security numbers, name and address, date of birth, all that kind of stuff — and in this case, it seems like there's also employment history and income data — well, you can start to create identity theft situations, where you're actually stealing people's information or identity to commit fraud.
But, more importantly, there is also the risk of side effects, that this type of data can actually result in attacks that are more targeted. So, for example, we might have an individual that is maybe a wealthy individual, and the attacker can go now after them more specifically based on the information that they have about them in what we call a spear phishing attack.
And that might involve going after them with targeted e-mails, even phone calls, to try and get them to reveal more data that then can be used in a compromise or for further identity theft.
JUDY WOODRUFF: So for individuals who either now or did have health coverage15 through Anthem, what should they be on the lookout16 for?
MARK BOWER: So, after these types of attacks, what we often see is a wave of spam e-mails. Those are those fake e-mails that are often trying to lure17 people into Web sites where there may be viruses and malware, the more sinister18 phishing attacks, which might be there to lure people to Web sites to then download malware that will actually steal further information from their own personal computers or maybe even get into their bank accounts and so on with online banking19.
So people have to be vigilant20 to make sure that they're not seeing e-mails that look suspicious and clicking on things there. And also be wary21 of things like phone calls, for instance, from organizations that may be purporting22 to be from service providers that may be related to Anthem, but they're actually criminal gangs trying to get more information from consumers that can then be used for further fraud or accessing their bank account or accessing their computers and so on.
JUDY WOODRUFF: Just quickly, Mark Bower, how would you rank or rate the security system at a company like Anthem? I mean, obviously, it was breached23, but had they taken all the steps that a big company is supposed to take?
MARK BOWER: That's hard to say.
But even the best-prepared organizations can often succumb24 to these types of attacks. What we have found over the last several years is that the attackers are becoming much more sophisticated. The malware is becoming much more advanced. And it just takes one vulnerability to be able to bypass those traditional perimeter25 defenses, the firewalls and the log-in and the intrusion detection, to get into the heart of these systems.
And once they're in there, it's too late. The information can be stolen, monetized. And we see victims, as we have seen today.
JUDY WOODRUFF: Well, it's certainly got a lot of people's attention.
Mark Bower with Voltage Security, we thank you.
MARK BOWER: Thank you very much.
点击
收听单词发音
收听单词发音 |
1
hacking
|
|
| n.非法访问计算机系统和数据库的活动 | |
参考例句: |
|
|
|
|
2
anthem
|
|
| n.圣歌,赞美诗,颂歌 | |
参考例句: |
|
|
|
|
3
hackers
|
|
| n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客” | |
参考例句: |
|
|
|
|
4
hacked
|
|
| 生气 | |
参考例句: |
|
|
|
|
5
investigators
|
|
| n.调查者,审查者( investigator的名词复数 ) | |
参考例句: |
|
|
|
|
6
bower
|
|
| n.凉亭,树荫下凉快之处;闺房;v.荫蔽 | |
参考例句: |
|
|
|
|
7
noted
|
|
| adj.著名的,知名的 | |
参考例句: |
|
|
|
|
8
vice
|
|
| n.坏事;恶习;[pl.]台钳,老虎钳;adj.副的 | |
参考例句: |
|
|
|
|
9
hacks
|
|
| 黑客 | |
参考例句: |
|
|
|
|
10
breach
|
|
| n.违反,不履行;破裂;vt.冲破,攻破 | |
参考例句: |
|
|
|
|
11
breaches
|
|
| 破坏( breach的名词复数 ); 破裂; 缺口; 违背 | |
参考例句: |
|
|
|
|
12
inconvenient
|
|
| adj.不方便的,令人感到麻烦的 | |
参考例句: |
|
|
|
|
13
costly
|
|
| adj.昂贵的,价值高的,豪华的 | |
参考例句: |
|
|
|
|
14
motive
|
|
| n.动机,目的;adv.发动的,运动的 | |
参考例句: |
|
|
|
|
15
coverage
|
|
| n.报导,保险范围,保险额,范围,覆盖 | |
参考例句: |
|
|
|
|
16
lookout
|
|
| n.注意,前途,瞭望台 | |
参考例句: |
|
|
|
|
17
lure
|
|
| n.吸引人的东西,诱惑物;vt.引诱,吸引 | |
参考例句: |
|
|
|
|
18
sinister
|
|
| adj.不吉利的,凶恶的,左边的 | |
参考例句: |
|
|
|
|
19
banking
|
|
| n.银行业,银行学,金融业 | |
参考例句: |
|
|
|
|
20
vigilant
|
|
| adj.警觉的,警戒的,警惕的 | |
参考例句: |
|
|
|
|
21
wary
|
|
| adj.谨慎的,机警的,小心的 | |
参考例句: |
|
|
|
|
22
purporting
|
|
| v.声称是…,(装得)像是…的样子( purport的现在分词 ) | |
参考例句: |
|
|
|
|
23
breached
|
|
| 攻破( breach的现在分词 ); 破坏,违反 | |
参考例句: |
|
|
|
|
24
succumb
|
|
| v.屈服,屈从;死 | |
参考例句: |
|
|
|
|
25
perimeter
|
|
| n.周边,周长,周界 | |
参考例句: |
|
|
|
购买
在百度中搜索