| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
|
| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
| [英文] [中文] [双语对照] [双语交替] [] |
| WASHINGTON — Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China. | 华盛顿——在计划就俄罗斯对美国政府机构和公司进行大规模黑客攻击展开报复之时,拜登政府又面临新的网络攻击,这引发了一个问题:要不要反击另一个主要对手——中国。 |
| Taken together, the responses will start to define how President Biden fashions his new administration’s response to escalating cyberconflict and whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation’s infrastructure. | 综合看来,这些反应将开始塑造拜登总统的新政府对不断升级的网络冲突的反应策略,以及他是否能找到办法,对那些经常利用政府和企业防御系统漏洞进行间谍活动、窃取信息,并可能破坏国家基础设施重要组成部分的对手施加更严厉的惩罚。 |
| The first major move is expected over the next three weeks, officials said, with a series of covert counterstrikes on Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world. | 官员们表示,首个重大行动预计将在未来三周内展开,对俄罗斯网络进行一系列隐蔽的反击,目的是让弗拉基米尔·V·普京(Vladimir V. Putin)总统及其情报部门和军队看到,但不展示给更广泛的世界。 |
| The officials said the strikes would be combined with some kind of economic sanctions — though there are few truly effective sanctions left to impose — and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm. | 官员们表示,这些打击将会结合一些经济制裁——尽管真正有效的制裁已经所剩无几。在俄罗斯黑客攻击事件发生后,拜登的一项行政命令要求加紧巩固联邦政府网络,该攻击事件几个月来一直未被察觉,直到被一家私人网络安全公司发现。 |
| The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors. | 在小企业、地方政府以及一些主要军事承包商使用的微软(Microsoft)电子邮件系统遭到严重入侵一事近日曝光后,这个问题在白宫、五角大楼和情报机构显得更加紧迫。 |
| Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability. | 微软确认入侵者为一家得到政府支持的中国团队,并迅速采取行动发布补丁,让其软件用户关闭该漏洞。 |
| But that touched off a race between those responsible for patching the systems and a raft of new attackers — including seven new Chinese groups, according to Microsoft — seeking to exploit the holes in the system while they could. | 但这引发了系统修补者与大批新的攻击者之间的竞赛——据微软称,其中包括七个新出现的中国攻击团体——这些攻击者试图趁系统还未修复时利用漏洞。 |
| The United States government has not made public any formal determination of who was responsible for the hacking, but at the White House and on Microsoft’s campus in Redmond, Wash., the fear is that espionage and theft may be a prelude to far more destructive activity, such as changing data or wiping it out. | 美国政府尚未正式公布谁应对这次黑客袭击负责的认定,但在白宫以及微软位于华盛顿州雷德蒙德的总部,人们担心间谍活动和盗窃可能只是更具破坏性活动的前奏,比如更改或销毁数据。 |
| The White House underscored the seriousness of the situation in a statement on Sunday from the National Security Council. | 白宫在国家安全委员会(National Security Council)周日的一份声明中强调了局势的严重性。 |
| “The White House is undertaking a whole of government response to assess and address the impact” of the Microsoft intrusion, the statement said. It said the response was being led by Anne Neuberger, a former senior National Security Agency official who is the first occupant of a newly created post: deputy national security adviser for cyber and emerging technologies. | “白宫正在采取一系列政府应对措施,评估和解决微软入侵事件的影响,”声明称。该机构表示,应对措施由前国家安全局(National Security Agency)高级官员安·纽伯格(Anne Neuberger)领导,她是一个新设职位的首位任职者——负责网络和新兴技术的副国家安全顾问。 |
| The statement said that national security officials were working throughout the weekend to address the hacking and that “this is an active threat still developing, and we urge network operators to take it very seriously.” | 声明称,国家安全官员整个周末都在努力解决黑客攻击问题,“这是一个仍在活跃的威胁,我们敦促网络运营商非常认真地对待它。” |
| Jake Sullivan, Mr. Biden’s national security adviser, said on Twitter on Thursday that the White House was “closely tracking” the reports that the vulnerabilities in Microsoft Exchange were being used in “potential compromises of U.S. think tanks and defense industrial base entities.” | 拜登的国家安全顾问杰克·沙利文(Jake Sullivan)周四在Twitter上表示,白宫正在“密切关注”有关微软Exchange的漏洞“可能对美国智库和国防工业基地实体构成损害”的报道。 |
| The discovery came as Mr. Biden’s national security team, led by Mr. Sullivan and Ms. Neuberger, has moved to the top of its agenda an effort to deter attacks, whether their intent is theft, altering data or shutting down networks entirely. For the president, who promised that the Russian attack would not “go unanswered,” the administration’s reactions in the coming weeks will be a test of his ability to assert American power in an often unseen but increasingly high-stakes battle among major powers in cyberspace. | 在发现这些攻击的同时,沙利文和纽伯格领导的拜登国家安全团队正在将阻止网络攻击列为首要任务,不管攻击目的是盗窃、修改数据还是完全关闭网络。总统曾承诺不会对俄罗斯的攻击“置之不理”,对于他来说,政府未来几周的反应将是对他的考验,看他是否有能力,在往往看不见但越来越重大的大国网络空间战斗中维护美国的实力。 |
| From the first day of the new administration, Mr. Sullivan has been reorganizing the White House to fashion such responses. The same order he issued on Jan. 20, requiring the military to advise the White House before conducting drone strikes outside war zones, contained a paragraph with separate instructions for dealing with major cyberoperations that risk escalating conflict. | 从新政府成立的第一天起,沙利文就一直在整顿白宫力量,以制定这样的应对措施。1月20日发布的这道命令要求军方在战区以外进行无人机袭击前请示白宫,同时单列了一段就可能导致冲突升级的重大网络行动做出的指示。 |
| The order left in place, however, a still secret document signed by President Donald J. Trump in August 2018 giving the United States Cyber Command broader authorities than it had during the Obama administration to conduct day-to-day, short-of-war skirmishes in cyberspace, often without explicit presidential authorization. | 然而,该命令维持了一份仍然保密的文件的效力,该文件由唐纳德·J·特朗普(Donald J. Trump)总统在2018年8月签署,赋予美国网络司令部(United States Cyber Command)比奥巴马政府时期更大的权力,可以在网络空间里进行日常的、短期的小规模战斗,通常不需要明确的总统授权。 |
| Under the new order, Cyber Command will have to bring operations of significant size and scope to the White House and allow the National Security Council to review or adjust those operations, according to officials briefed on the memo. The forthcoming operation against Russia, and any potential response to China, is likely to fall in this category. | 据了解备忘录内容的官员透露,根据新命令,网络司令部将必须把规模和范围较大的行动提交给白宫,并允许国家安全委员会对这些行动进行审查或调整。即将对俄罗斯采取的行动,以及任何可能对中国做出的回应,都可能属于这一类别。 |
| American officials continue to try to better understand the scope and damage done by the Chinese attack, but every day since its revelation has suggested that it is bigger, and potentially more harmful, than first thought. | 美国官员仍在努力了解中国攻击的范围和造成的损害,但自此事披露以来,他们每一天都会发现攻击的规模比之前想象的更大,潜在危害也更大。 |
| “This is a crazy huge hack,” Christopher C. Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, wrote on Twitter on Friday. | “这是一次疯狂的大规模黑客攻击,”网络安全与基础设施安全局(Cybersecurity and Infrastructure Security Agency)前局长克里斯托弗·C·克雷布斯(Christopher C. Krebs)周五在Twitter上写道。 |
| The initial estimates were that 30,000 or so systems were affected, mostly those operated by businesses or government agencies that use Microsoft software and run their email systems in-house. (Email and others systems run on Microsoft’s cloud were not affected.) | 初步估计约有3万个系统受到影响,其中大部分是使用微软软件并在内部运行电子邮件系统的企业或政府机构所运营的系统。在微软云端运行的电子邮件和其他系统没有受到影响。 |
| But the breadth of the intrusion and the identities of the victims are still unclear. And while the Chinese deployed it widely, they might have sought only to take information from a narrow group of targets in which they have the highest interest. | 但入侵的范围和受害者的身份仍不清楚。中国人部署的范围虽然很广,但他们可能只是想从他们最感兴趣的一小群目标中获取信息。 |
| But there is little doubt that the scope of the attack has American officials considering whether they will have to retaliate against China as well. That would put them in the position of engaging in a potentially escalating conflict with two countries that are also its biggest nuclear-armed adversaries. | 但毫无疑问,此次袭击的规模让美国官员考虑是否也要对中国进行报复。这意味着,他们要与两个最大的持核对手开始一场可能会升级的冲突。 |
| It has become increasingly clear in recent days that the hacking that Microsoft has attributed to Beijing poses many of the same challenges as the SolarWinds attack conducted by the Russians, although the targets and the methodology are significantly different. | 最近几天,越来越明显的一点是,被微软归咎于中国的黑客攻击与俄罗斯的“太阳风”(SolarWinds)攻击构成了许多相同的挑战,尽管攻击目标和方法有明显不同。 |
| Like the Russians, the Chinese attackers initiated their campaign against Microsoft from computer servers — essentially cloud services — that they rented under assumed identities in the United States. Both countries know that American law prohibits intelligence agencies from looking in systems based in the United States, and they are exploiting that legal restriction. | 和俄罗斯人一样,中国攻击者也从他们在美国以假名租用的计算机服务器(本质上是云服务)发起对微软的攻击。这两个国家都知道,美国法律禁止情报机构查看位于美国的系统,他们正在利用这一法律限制。 |
| “The Chinese actor apparently spent the time to research the legal authorities and recognized that if they could operate from inside the United States, it takes some of the government’s best threat-hunters off the field,” Tom Burt, the Microsoft executive overseeing the investigation, said on Friday. | “中国行为者显然花了时间去研究法律部门,并认识到,如果他们可以在美国境内开展活动,就能摆脱政府的一些最优秀的威胁追踪者,”负责调查的微软高管汤姆·伯特(Tom Burt)周五表示。 |
| The result was that in both the SolarWinds and the more recent Chinese hacking, American intelligence agencies appeared to have missed the evidence of what was happening until a private company saw it and alerted the authorities. | 其结果是,无论是“太阳风”事件,还是最近的中国黑客攻击,美国情报机构似乎都忽略了事件发生的迹象,直到一家私营公司看到后向当局发出了警报。 |
| The debate preoccupying the White House is how to respond. Mr. Sullivan served as Mr. Biden’s national security adviser while he was vice president, as the Obama administration struggled to respond to a series of attacks. | 白宫目前的讨论集中在应对方式上。在拜登担任副总统期间,沙利文曾担任拜登的国家安全顾问,当时奥巴马政府也曾努力应对一系列攻击。 |
| Those included the Chinese effort that stole 22.5 million security-clearance records from the Office of Personnel Management in 2014 and the Russian attack on the 2016 presidential election. | 其中包括中国在2014年从人事管理办公室窃取2250万份保密文件,以及俄罗斯对2016年总统大选发起的攻击。 |
| In writings and talks over the past four years, Mr. Sullivan has made clear that he believes traditional sanctions alone do not sufficiently raise the cost to force powers like Russia or China to begin to talk about new rules of the road for cyberspace. | 在过去四年中,沙利文通过书面和口头形式多次明确表示,他认为仅靠传统的制裁,不足以迫使俄罗斯或者中国这样的大国开始就网络空间的新规则展开谈判。 |
| But government officials often fear that too strong a response risks escalation. | 但是政府官员往往担心,过于强烈的回应可能会导致事态升级。 |
| That is a particular concern in the Russian and Chinese attacks, where both countries have clearly planted “back doors” to American systems that could be used for more destructive purposes. | 来自俄罗斯和中国的攻击尤其令人担忧,两国显然都在美国的各系统里植入了“后门”,可能被用于更具破坏性的目的。 |
| American officials say publicly that the current evidence suggests that the Russian intention in the SolarWinds attack was merely data theft. But several senior officials, when speaking not for attribution, said they believed the size, scope and expense of the operation suggested that they might have had much broader motives. | 美国官员公开表示,目前的证据表明,俄罗斯“太阳风”袭击仅仅是为了窃取数据。但几位不愿公开身份的高级官员表示,他们相信这次行动的规模、范围和开支表明,俄国人的动机可能不止于此。 |
| “I’m struck by how many of these attacks undercut trust in our systems,” Mr. Burt said, “just as there are efforts to make the country distrust the voting infrastructure, which is a core component of our democracy.” | “让我震惊的是有多少攻击对我们系统的信誉构成了损害,”伯特说,“就像有人试图让这个国家不信任投票基础设施一样,而那是我们民主制度的核心组成部分。” |
| Russia broke into the Democratic National Committee and state voter-registration systems in 2016 largely by guessing or obtaining passwords. But they used a far more sophisticated method in the SolarWinds hacking, inserting code into the company’s software updates, which ushered them deep into about 18,000 systems that used the network management software. Once inside, the Russians had high-level access to the systems, with no passwords required. | 2016年,俄罗斯主要通过猜测或获取密码,进入了民主党全国委员会和州选民登记系统。但他们在“太阳风”黑客攻击中使用了一种更为复杂的方法,将代码插入该公司的软件更新中,这让他们得以深入到大约1.8万个使用该网络管理软件的系统中。一旦进入后,俄罗斯人就有了高级别的系统访问权限,无需密码。 |
| Similarly, four years ago, a vast majority of Chinese government hacking was conducted via email spear-phishing campaigns. But over the past few years, China’s military hacking divisions have been consolidating into a new strategic support force, similar to the Pentagon’s Cyber Command. Some of the most important hacking operations are run by the stealthier Ministry of State Security, China’s premier intelligence agency, which maintains a satellite network of contractors. | 同样,四年前,中国政府的黑客活动绝大多数是通过电子邮件进行网络钓鱼。但在过去几年里,中国军方的黑客部门整合为一支新的战略支援部队,类似于五角大楼的网络司令部。一些最重要的黑客行动由更为隐秘的国家安全部运作,作为中国主要的情报部门,该机构维护着一个由承包商组成的卫星网络。 |
| Beijing also started hoarding so-called zero-days, flaws in code unknown to software vendors and for which a patch does not exist. | 北京还开始囤积所谓的“零日”(zero-days),即软件供应商不知道的、尚无补丁的代码缺陷。 |
| In August 2019, security researchers got their first glimpse of how these undisclosed zero-day flaws were being used: Security researchers at Google’s Project Zero and Volexity — the same company in Reston, Va., that discovered the Microsoft attack — found that Chinese hackers were using a software vulnerability to spy on anyone who visited a website read by Uighurs, an ethnic minority group whose persecution has drawn international condemnation. | 2019年8月,安全研究人员第一次见识了这些未公开的零日漏洞是如何被利用的:谷歌零日计划(Project Zero)和Volexity(发现微软攻击的也是这家位于弗吉尼亚州雷斯顿的公司)的研究人员发现,中国黑客利用一个软件漏洞,可以监视维吾尔族网站的访问者。维吾尔族是一个遭受迫害的少数民族,国际社会已对迫害予以谴责。 |
| For two years, until the campaign was discovered, anyone who visited the sites unwittingly downloaded Chinese implants onto their smartphones, allowing Beijing to monitor their communications in real-time. | 在该行动被发现之前的两年时间里,访问这些网站的人都在不知情的情况下,将中国的植入代码下载到了自己的智能手机上,这使得北京方面能够实时监控他们的通讯。 |
| The Chinese attack on Microsoft’s servers used four zero-days flaws in the email software. Security experts estimated on Friday that as many as 30,000 organizations were affected by the hacking, a detail first reported by the security writer Brian Krebs. But there is some evidence that the number could be much higher. | 中国对微软服务器的攻击,利用的是电子邮件软件中的四个零日漏洞。安全专家在周五估计,有多达3万个组织受到了黑客攻击的影响,安全问题方面的作者布莱恩·克雷布斯(Brian Krebs)首先报道了这个细节。但有证据表明,实际的数字可能会高得多。 |
OK阅读网 版权所有(C)2017 | 联系我们