Loading

中共国涉嫌利用系统漏洞攻击美国联邦薪金支付机构 【中英对照翻译】

新闻来源:《零对冲》| 作者:TYLER DURDEN | 发布时间:Feb.2 2021 /2021年2月2日

翻译/简评:新街口 | 校对:SilverSpurs7 | 审核:万人往 | Page:拱卒

简评:

中共使用整个国家的力量对其他国家和个人进行网络攻击的案例已经数不胜数。

中共不仅把代理郭文贵先生的律师事务所的500台电脑黑掉,要求其不得做郭先生的政治庇护,还在哈德逊河上,运用黑客手段控制牵引郭先生的游艇,试图造成伤亡事故。

在澳洲,中共黑客多次对国会、国防部和国立大学等机构的信息系统进行攻击,澳洲政府被迫在2020年6月,计划投资10亿澳元,雇佣500名左右的系统安全专家,来应对日益猖獗的中共网络入侵。

中共对美国政府和企业的黑客入侵更是多大无法统计。最著名的实锤案例就是 2020年2月美国宣布对中共军方4名成员提起诉讼,他们涉嫌参与对信用评级机构巨头Equifax的数据库进行大规模黑客攻击,并窃取了近1.5亿美国人的敏感数据。

而这次报道出来的受害者,SolarWinds是一家为许多美国政府部门提供软件系统监控、管理和安全服务的企业,其客户包括了国防部、联邦调查局、等等重要部门。此次报道出的中共对SolarWinds的联邦薪金支付机构系统进行政府级别的黑客行为,进一步证明了中共就是一个犯罪集团的事实。

原文翻译:

China Suspected In Hack Of US Federal Payroll Agency Using SolarWind Exploit

中共国涉嫌利用SolarWinds漏洞攻击美国联邦薪金支付代理机构

Just days after China sent a not-so-subtle warning to Taiwan regarding independence (and by extension, to US President Joe Biden), inside sources at the FBI are leaking details about another cyberattack linked to SolarWinds, which made headlines in December after operatives believed to be sponsored by the Russian government used an exploit to compromise classified systems.

就在中共国向台湾发出有关独立的严重警告(其实是针对美国总统拜登)几天后,联邦调查局内部消息人士就披露了与SolarWinds有关的另外一起网络攻击的细节。上一次的网络攻击在去年12月上了头条,据信俄罗斯政府进行了参与,它利用了一种程序漏洞来入侵机密信息系统。

This time, however, the villain is China - which federal agents believe used the same SolarWinds exploit as the suspected Russians to break into US government computers and access an unknown quantity of data, according to "five people familiar with the matter."

然而,这一次的罪犯是中共国。据“五名知情人士”称,美国联邦特工认为,这次的嫌疑人使用了与俄罗斯黑客相同的SolarWinds漏洞,入侵了美国政府的计算机并访问了未知数量的数据。

One of the agencies believed to have been hacked by China is the National Finance Center, an obscure agency in the federal government that handles payroll and other sensitive data. It's housed within the Department of Agriculture, but contains information from employees across the federal government.

一位联邦特工认为,被中共黑客入侵的机构之一是国家金融中心,这是联邦政府中一个不引人注意的机构,负责处理工资单和其他敏感数据。它位于农业部内,但包含来自联邦政府雇员的信息。

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.

两位人士在通报此案情况时说,联邦调查局的调查人员最近发现,受影响的机构包括位于美国农业部内部的联邦薪资管理机构——国家金融中心,这使人们担心数千名政府雇员的数据可能被泄露。

The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software. -Reuters

据路透社报告,此次被中共黑客小组利用的软件漏洞与上一次被俄罗斯特工使用的不同。上一次美国指责俄罗斯政府的特工通过劫持该公司的Orion网络监控软件盗窃了多达18000名SolarWinds客户资料(包括敏感的联邦机构)。

Security experts have long suspected a second actor was involved in the series of SolarWinds breaches, however this is the first report naming China as another bad actor.

长期以来,安全专家一直怀疑有其他嫌疑人参与了一系列SolarWinds的黑客事件,但这一次是首次是将中共列为嫌疑人的报道。

The USDA acknowledged the hack to Reuters, while the Chinese foreign ministry parried - instead claiming that the hack was a "complex technical issue," and any allegations should be supported with evidence. "China resolutely opposes and combats any form of cyberattacks and cyber theft," the Chinese Foreign Ministry said in a statement.

美国农业部向路透社承认了黑客入侵,而中共外交部则对此指控进行了回应,声称该黑客入侵是“复杂的技术问题”,任何指控都应有证据支持。中共外交部在一份声明中说:“中国坚决反对和打击任何形式的网络攻击和网络盗窃。”

SolarWinds, meanwhile, said it was aware of a single customer that was compromised by the second set of hackers but that it had “not found anything conclusive” to suggest who was responsible.

同时,SolarWinds说它知道有一个客户受到第二组黑客的攻击,但是“没有发现任何结论”来断定谁是幕后黑手。

Authorities only fingered the Chinese hackers within the past few weeks, adding to the body of evidence that SolarWinds' cybersecurity was seriously lacking - which is disturbing for a company with such a powerful list of corporate and government clients.

当局在过去的几周指责中共国黑客,这进一步增加了证据表明SolarWinds的网络安全性严重缺乏,这对于一家拥有如此庞大的公司和政府客户名单的公司来说是不安的。

And although Reuters couldn't say for certain what data were accessed, the report suggests that, as with most prior high-profile data breaches involving the federal government, whoever organized it was trying to compile data on federal employees across a wide range of departments, since the NFC handles payroll and other mundane personnel-related tasks for the federal government.

而且尽管路透社无法确定黑客到底访问了哪些数据,但该报告表明,与以往涉及联邦政府的众多引人注目的数据泄露一样,无论是谁组织的,它都试图收集有关各个部门的联邦雇员的数据。因为国家金融中心为联邦政府处理工资单和其他与普通人事相关的任务。

And as with prior attacks, it seems the CCP - or whoever did this - was fishing for private data on American government employees.

就像以前的袭击一样,中共——或其它这样做的人——都在试图钓取美国政府雇员的私人数据。

Reuters could not determine what information the attackers were able to steal from the National Finance Center (NFC) or how deep they burrowed into its systems. But the potential impact could be “massive,” former U.S. government officials told Reuters.

路透社无法确定攻击者能够从国家金融中心(NFC)窃取哪些信息,或者他们入侵其系统的程度。但是,前美国政府官员告诉路透社,其潜在影响可能是“巨大的”。

The NFC is responsible for handling the payroll of multiple government agencies, including several involved in national security, such as the FBI, State Department, Homeland Security Department and Treasury Department, the former officials said.

该前官员说,NFC负责处理多个政府机构的工资单,包括一些参与国家安全的机构,例如联邦调查局、国务院、国土安全部和财政部。

Records held by the NFC include federal employee social security numbers, phone numbers and personal email addresses as well as banking information. On its website, the NFC says it “services more than 160 diverse agencies, providing payroll services to more than 600,000 Federal employees.” The USDA spokesman said in an email: “USDA has notified all customers (including individuals and organizations) whose data has been affected."

NFC持有的记录包括联邦雇员的社会安全号码,电话号码和个人电子邮件地址以及银行信息。NFC在其网站上表示:“为160多个不同的机构提供服务,为超过60万名联邦雇员提供薪资服务。”美国农业部发言人在一封电子邮件中说:“美国农业部已经通知了数据受到影响的所有客户(包括个人和组织)。”

"Depending on what data were compromised, this could be an extremely serious breach of security,” said Tom Warrick, a former senior official at the U.S Department of Homeland Security. "It could allow adversaries to know more about U.S. officials, improving their ability to collect intelligence." -Reuters

美国国土安全部前高级官员汤姆·沃里克(Tom Warrick)表示:“视泄露的数据而定,这可能是严重的安全破坏。这可能使对手更加了解美国官员,从而提高他们的收集情报的能力。”——路透社

One has to wonder if the Biden administration will now slap aggressive sanctions on China, as both Obama and the Trump administration did over 2016 US election meddling.

人们不得不怀疑,拜登政府是否会像奥巴马和川普政府对待俄罗斯2016年干预美国大选时所做的那样,对中共国实施积极制裁行动。

🔗原文链接

编辑:【英国伦敦喜庄园编辑部】Edited by:【Himalaya London Club UK】