評論
打印
The campaign showed “top-tier operational tradecraft”, says FireEye, a cyber-security firm that was itself a victim. Orion’s ubiquity explains why so many organisations were affected. SolarWinds says that “fewer than 18,000” customers may have been struck, though most would have been collateral damage.
網絡安全公司火眼(FireEye)稱,此次運動展示了“頂級的諜務操作技術”,而火眼本身就是此次運動的受害者。Orion軟件的普及性解釋了為什么有這么多組織受到影響。SolarWinds公司表示,“不到1.8萬”的客戶可能會受到影響,盡管大多數都是受到附帶損害。
America’s ability to muster a response is unlikely to be helped by President Donald Trump’s dismissal, on November17th, of Chris Krebs, the head of the Cyber-security and Infrastructure Security Agency (CISA), for publicly affirming the integrity of the presidential election. CISA has struggled to cope with the onslaught.
11月17日,美國總統唐納德·特朗普辭退了克里斯·克雷布斯,這不太可能有助于美國做出回應。克里斯·克雷布斯是美國網絡安全和基礎設施安全局(CISA)局長,他因公開肯定了總統選舉的公正性而遭到解雇。網絡安全和基礎設施安全局一直在努力應對解雇帶來的沖擊。
Over the past decade, America has tended to categorise and respond to cyber-attacks according to their aims. It regarded intrusions intended to steal secrets—in other words, old-fashioned espionage—as fair game, not least because its own National Security Agency (NSA) is a prolific thief. After China stole 22m security-clearance records from America’s Office of Personnel Management (OPM) in 2015, Michael Hayden, a former NSA chief, conceded that it was “honourable espionage work”. In contrast, attacks intended to cause harm, like North Korea’s assault on Sony Pictures in 2014, or those with commercial aims, like China’s theft of industrial secrets, were thought to cross a line. America has accordingly indicted and imposed sanctions on scores of Russian, Chinese, North Korean and Iranian hackers.
在過去十年中,美國傾向于根據網絡攻擊的目的對其進行分類和回應。美國把企圖竊取機密的入侵(換句話說是老式的間諜活動)視為公平的游戲,尤其是因為美國國家安全局(NSA)恰是一個多產的慣犯。2015年,中國從美國人事管理辦公室(OPM)竊取了2200萬份安全許可記錄后,美國國家安全局前局長邁克爾·海登承認,這是“光榮的間諜活動”。相比之下,意圖造成傷害的黑客攻擊,比如朝鮮2014年對索尼影業的攻擊,或者那些具有商業目的的黑客攻擊,比如中國竊取工業機密,這樣的入侵活動都被認為是越界的。因此,美國起訴并制裁了數十名俄羅斯、中國、朝鮮和伊朗的黑客。
譯文由可可原創,僅供學習交流使用,未經許可請勿轉載。
