美国国家公共电台 NPR 推特遭大规模黑客入侵 多位重量级人物中招（在线收听）

You may have seen a tweet this week that made you ask, why is Bill Gates asking me for Bitcoin? Well, he wasn't. Twitter suffered a big cyberattack this week, a scam involving high-profile accounts. The company says it's investigating, but it's already clear that this has exposed a big vulnerability in the way many Americans get and share information. NPR election security editor Phil Ewing is here with us now.

大家本周可能看到过一条推特，让你想问：为什么比尔·盖茨让我捐比特币？他并没有。本周，推特遭遇了一起大规模网络攻击，这起网络诈骗牵连了多个备受关注的账号。推特表示，其正在进行调查，但他们已经能确定的是，这暴露了许多美国人获取和分享信息的一大弱点。NPR新闻的选举安全编辑菲尔·尤因将和我们连线。

Hi, Phil.

你好，菲尔。

PHIL EWING, BYLINE: Hi, Sarah.

菲尔·尤因连线：你好，萨拉。

MCCAMMON: What can you tell us about what actually happened?

麦卡蒙：你能介绍一下发生了什么吗？

EWING: Well, these attackers were able to take control of big accounts with millions of followers, including those of Joe Biden, who's likely going to be the Democrat nominee for president; former President Obama; technology heavyweights like Elon Musk and others. And they posted messages — you described — asking to be sent an electric cryptocurrency called Bitcoin and promising to double people's money. But, of course, that was a big scam.

尤因：这些攻击者能控制拥有百万名粉丝的重要账号，这包括很可能成为民主党总统候选人的乔·拜登、前总统奥巴马、科技界重量级人物埃隆·马斯克等。如你所说，攻击者发布信息让人们寄出电子加密货币比特币，并承诺寄回双倍的比特币。当然，这是一场大骗局。

MCCAMMON: Sure enough. And how did the scammers get into these accounts?

麦卡蒙：好。那骗子是怎么进入这些账号的？

EWING: We don't know exactly the answer to that question. But Twitter has said they used what it describes as social engineering, which basically means targeting someone you know has the privileges inside a target network and then trying to talk your way in. And so I might say, oh, Sarah, you know Mary Louise Kelly, too. I love her. She's a friend of mine.

尤因：我们尚不知道这个问题的确切答案。但推特表示，骗子使用了所谓的“社会工程”，基本上就是瞄准你知道在某个目标网络中拥有特权的人，然后试图用嘴上功夫进入。我可能会说，哦，萨拉，你也认识玛丽·路易丝·凯利。我喜欢她。她是我的朋友。

MCCAMMON: Absolutely.

麦卡蒙：当然。

EWING: Here's a Google Photos album of our kids playing together. Why don't you click on it? You can look at these pictures. And I would try to get you using those connections that you thought we had to click on a link, and that might take you to a suspicious website or download malware. Twitter says it's investigating. So is the FBI. And members of Congress also have asked for briefings from Twitter on this, so we may learn more as those investigations move on.

尤因：这是我们的孩子一起玩耍时拍摄的谷歌相册。你为什么不点开看看呢？你可以看到这些照片。我会试图让你使用那些连接，你可能认为我们要点击链接，而那会将你带到一个可疑网络或让你下载恶意软件。推特表示，他们正在调查。联邦调查局也已展开调查。国会议员也要求推特就这件事进行说明，因此随着调查的深入，我们可能了解到更多信息。

MCCAMMON: And there have been other hacks, of course, Phil, in which people's accounts were compromised. Is this one any different?

麦卡蒙：菲尔，当然还有其他黑客攻击，这些攻击致人们的账号遭泄露。那这起攻击有什么不同吗？

EWING: It is. The story we're used to seeing with Twitter is somebody compromising an account at the user level. So if I did that little scam that you and I just did a minute ago, I might be able to take control of your account and post and pretend to be you, at least for a while. But with this cyberattack, the hackers attacked Twitter at the headquarters level. They got the keys to the kingdom, basically, at least for a time. And so they could take control of many of these big accounts from the server level, at the headquarters level and post from there. So even if you had a strong password or multi-factor authentication, that wouldn't have made a difference here.

尤因：有。推特遭遇黑客攻击时，我们习惯看到的情况是，有人在用户级别危害账号。如果我使用的是一分钟前我们提到的那种骗局，那我也许可以控制你的账号，发布消息，至少在一段时间里假装成你。但这次网络攻击，黑客在管理级别攻击了推特。基本上来说，他们拿到了通往王国的钥匙，至少一段时间里如此。他们能从服务器级别和管理级别控制多个重要账号，并在这一级别发帖。即使你设置了强密码或多因素身份验证，也不会有什么不同。

MCCAMMON: And, of course, this was a cryptocurrency scam, but it seems like the ability to take control of these big official Twitter accounts could really be a big deal.

麦卡蒙：当然，这是一场加密货币骗局，但有能力控制这些重要的官方推特账号似乎真的是件大事。

EWING: Yeah — potentially, a very big deal. You can imagine what kind of chaos somebody might be able to cause with a single compromised account or many of them, like in this case. You know, they could make it appear there was a crisis when there really wasn't or spread false information about polling places, for example, or any number of things.

尤因：对，可能是个大问题。你可以想象某人能用一个或多个遭泄漏的账号造成什么样的混乱，就像这起事件一样。他们可能会让人们觉得似乎发生了一场危机，但事实上并没有，或是传播有关投票站的虚假信息，或其他事情。

You know, talking to people this week in the election security and cybersecurity world, the other theme coming back up is how much of the infrastructure in our elections depend on that which exists outside the government — companies that make voting machines, vendors that handle registration or records, et cetera. In normal times, it adds up to a system that helps us run elections. But we haven't really been living in normal times for the past few years. And there were cyberattacks that targeted these kinds of systems in the 2016 presidential race, and then we had this incident with Twitter. So we're just probably going to continue to live in that world in which adversaries are always testing and targeting these kinds of networks.

本周，我和选举安全和网络安全领域相关人士进行了交谈，另一个重新提起的话题是选举中的基础设施在多大程度上依赖于政府以外的设施，比如制造投票机的公司、处理登记或记录的供应商等等。在正常情况下，这会形成帮助我们运行选举的系统。但过去几年来，我们并未生活在正常情况中。2016年美国总统大选期间，发生了针对这类系统的网络攻击，之后又生了推特遭攻击的事件。因此我们可能会继续生活在这样的世界里，对手一直在测试并瞄准这些网络。

MCCAMMON: Not to mention that during the response this week, for a lot of people who had verified accounts on Twitter, they couldn't tweet.

麦卡蒙：更不用说本周推特在应对问题时，许多在推特上验证过账号的人无法使用推特。

EWING: Yeah. That's an excellent point. And that may be one unexpected proof of concept out of this whole thing. This showed that, for at least a couple of hours while Twitter was working to get this under control, many of the people who have these accounts couldn't post. That means members of Congress, government agencies and — certainly the best-known Twitter user — President Trump either couldn't say anything if they wanted to, or they had to go someplace else to talk to the audience they wanted to reach. You know, it was an inconvenience this time, but the prospect this raises is that in the critical hours ahead of a big event like a debate or Election Day itself, there could be big disruptions.

尤因：对。这一点提得非常好。这可能是有关整件事的概念的意外证据。这表明，在推特努力控制情况的至少几个小时内，许多推特用户无法发帖。这意味着国会成员、政府机构以及最知名的推特用户特朗普总统，要么无法说出他们想说的话，要么必须去其他平台和他们想接触的受众交谈。这造成了不便，但这也提出了一种可能性，即在辩论或选举日等重大事件之前的关键时刻，可能会出现严重混乱。

MCCAMMON: Very interesting — that's NPR's Phil Ewing.

麦卡蒙：这非常值得关注，以上是NPR新闻的菲尔·尤因带来的报道。

Thanks so much, Phil.

非常谢谢你，菲尔。

EWING: Thank you.

尤因：谢谢。