| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
|
| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
| [英文] [中文] [双语对照] [双语交替] [] |
| The Biden administration disclosed previously classified details on Tuesday about the breadth of state-sponsored cyberattacks on American oil and gas pipelines over the past decade, as part of a warning to pipeline owners to increase the security of their systems to stave off future attacks. | 拜登政府周二披露了有关过去十年美国石油和天然气管道网络大范围遭受国家支持的网络攻击的机密细节,这是对能源管道所有者发出的警告的一部分,要求他们提高系统安全性,以避免未来遭受攻击。 |
| From 2011 to 2013, Chinese-backed hackers targeted, and in many cases breached, nearly two dozen companies that own such pipelines, the F.B.I. and the Department of Homeland Security revealed in an alert on Tuesday. For the first time, the agencies said they judged that the “intrusions were likely intended to gain strategic access” to the industrial control networks that run the pipelines “for future operations rather than for intellectual property theft.” In other words, the hackers were preparing to take control of the pipelines, rather than just stealing the technology that allowed them to function. | FBI和国土安全部在周二的警告中透露,从2011年到2013年,中国支持的黑客把近二十多个拥有此类管道的公司作为目标,并多次实施入侵。两个部门首次表示,据它们判断,对运行管道的工业控制系统的“入侵可能是为了获得战略访问权,用于未来的运营,而不是窃取知识产权”。换句话说,黑客正准备控制管道,而不仅仅是窃取让管道发挥功能的技术。 |
| Of 23 operators of natural gas pipelines that were subjected to a form of email fraud known as spear phishing, the agencies said that 13 were successfully compromised, while three were “near misses.” The extent of intrusions into seven operators was unknown because of an absence of data. | 23家天然气管道运营商遭受了一种被称为鱼叉式钓鱼的电子邮件欺诈,其中13家被成功入侵,而三家“险些中招”。由于缺乏数据,尚不清楚七家运营商的入侵程度。 |
| The disclosures come as the federal government tries to galvanize the pipeline industry after a ransomware group based in Russia easily forced the shutdown of a pipeline network that provides nearly half the gasoline, jet fuel and diesel that flows up the East Coast. That attack on Colonial Pipeline — aimed at the company’s business systems, not the operations of the pipeline itself — led the company to shut off its shipments for fear that it did not know what the attackers would be capable of next. Long gasoline lines and shortages followed, underscoring for President Biden the urgency of defending the United States’ pipelines and critical infrastructure from cyberattacks. | 此次披露正值联邦政府试图促使管道行业提高安全性之际,此前,俄罗斯的一个勒索软件组织轻松迫使供应东海岸近一半的汽油、喷气燃料和柴油的管道网络关闭。那次对科洛尼尔管道(Colonial Pipeline)的攻击——针对的是公司的业务系统,而非管道本身的运营——导致其关闭输送,因为担心不知道攻击者下一步会做什么。随之而来的排队加油和能源短缺情况,让拜登总统看到了保护美国管道和关键基础设施免受网络攻击的紧迫性。 |
| The declassified report on China’s activities accompanied a security directive that requires owners and operators of pipelines deemed critical by the Transportation Security Administration to take specific steps to protect against ransomware and other attacks, and to put in place a contingency and recovery plan. The exact steps were not made public, but officials said they sought to address some of the huge deficiencies found as they conducted reviews of the Colonial Pipeline attack. (The company, which is privately held, has said little about the vulnerabilities in its systems that the hackers exploited.) | 这份关于中国活动的解密报告附有一项安全指令,要求运输安全管理局(Transportation Security Administration)认定的重要管道所有者和运营商采取具体措施,防范勒索软件和其他攻击,并制定应急和恢复计划。具体步骤没有公开,但官员们表示,正在试图解决对科洛尼尔管道攻击进行评估时发现的一些巨大缺陷。(这个私人持有的公司对黑客利用其系统漏洞的情况几乎未置一词。) |
| The directive follows another in May that required companies to report significant cyberattacks to the government. But that did nothing to seal the systems up. | 该指令是继5月的另一项指令之后发布的,上一份指令要求企业向政府报告重大网络攻击。但这并没有让系统得到保护。 |
| The newly declassified report was a reminder that nation-backed hackers targeted oil and gas pipelines before cybercriminals devised new ways of holding their operators hostage for ransom. Ransomware is a form of malware that encrypts data until the victim pays. The attack on Colonial Pipeline led it to pay about $4 million in cryptocurrency, some of which the F.B.I. seized back after the criminals left part of the money visible in cryptocurrency wallets. But that was, as one law enforcement official said, a “lucky break.” Another ransomware attack a few weeks later extracted $11 million from JBS, a producer of beef products; none of it was recovered. | 这份最新解密的报告提醒人们,在网络犯罪分子想出新方法挟持运营商索取赎金之前,国家支持的黑客已将目标对准了这些石油和天然气管道。勒索软件是一种恶意软件,它会对数据进行加密,直到受害者付款。对科洛尼尔管道的攻击导致它支付了大约400万美元的加密货币,其中一部分被犯罪分子留在加密货币钱包中的资金被FBI夺回。但正如一名执法官员所说,那是“碰上了运气”。几周后的另一次勒索软件攻击从牛肉产品生产商JBS那里拿到了1100万美元;没有一分钱被寻回。 |
| Nearly 10 years ago, the Department of Homeland Security said in the declassified report, it began responding to intrusions on oil pipelines and electric power operators at “an alarming rate.” Officials successfully traced a portion of those attacks to China, but in 2012, its motivation was not clear: Were the hackers trolling for industrial secrets? Or were they positioning themselves for some future attack? | 美国国土安全部在解密报告中表示,近10年前,它开始频频回应石油管道和电力运营商所遭受的次数多到“令人感到担忧”的入侵。官员成功地将这些攻击的一部分追溯到中国,但在2012年,其动机尚不清楚:黑客是否在窃取工业机密?或者他们是否在为未来的攻击做准备? |
| “We are still trying to figure it out,” a senior American intelligence official told The New York Times in 2013. “They could have been doing both.” | “我们仍在努力寻找答案,”一位美国高级情报官员在2013年告诉《纽约时报》,“他们有可能两个目标都有。” |
| But the alert on Tuesday asserted that the goal was “holding U.S. pipeline infrastructure at risk.” | 但周二的警报断言,其目标是“使美国管道基础设施处于危险之中”。 |
| “This activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations,” the alert said. | 警告称:“这项活动的最终目的是帮助中国发展针对美国管道的网络攻击能力,导致管道的物理损坏或扰乱管道运营。” |
| The alert was prompted by new concerns over the cyberdefense of critical infrastructure, brought to the fore with the attack on Colonial Pipeline. That breach set off alarms at the White House and the Energy Department, which found that the nation could have afforded only three more days of downtime before mass transit and chemical refineries came to a halt. | 该警告源于人们对关键基础设施网络防御的新担忧,科洛尼尔管道遭到攻击后,这种担忧更加突出。那次攻击引起了白宫和能源部的警觉,它们发现,在公共交通和化工炼油厂停产之前,美国最多只能再撑三天。 |
| Mandiant, a division of the security firm FireEye, said the advisory was consistent with the Chinese-backed intrusions it tracked on multiple natural gas pipeline companies and other critical operators from 2011 to 2013. But the firm added one unnerving detail, noting that it “strongly” believed that in one case, Chinese hackers had gained access to the controls, which could have enabled a pipeline shutdown or could potentially set off an explosion. | 安全公司火眼(FireEye)的子公司麦迪安(Mandiant)表示,该公告与其在2011年至2013年间跟踪的中国对多家天然气管道公司和其他关键运营商的入侵行为一致。但该公司补充了一个令人不安的细节,指出它“强烈认为”,在一起案件中,中国黑客获得了控制权,这可能导致管道关闭或可能引发爆炸。 |
| While the directive did not name the victims of the pipeline intrusion, one of the companies infiltrated by Chinese hackers over that same time frame was Telvent, which monitors more than half the oil and gas pipelines in North America. It discovered hackers in its computer systems in September 2012, only after they had been loitering there for months. The company closed its remote access to clients’ systems, fearing it would be used to shut down American’s infrastructure. | 虽然该指令没有明确管道入侵活动的受害者,但在同一时段内被中国黑客入侵的企业包括泰尔文特公司(Telvent),它监控着北美半数以上的油气管道。2012年9月,该公司在其电脑系统中发现了黑客,当时这些黑客已经在系统里逛了好几个月。该公司关闭了客户系统的远程访问,担心这会被用来关闭美国的基础设施。 |
| The Chinese government denied it was behind the breach of Telvent. Congress failed to pass cybersecurity legislation that would have increased the security of pipelines and other critical infrastructure. And the country seemed to move on. | 中国政府否认自己是破坏泰尔文特公司的幕后主使。国会未能通过旨在提高管道和其他关键基础设施安全性的网络安全立法。而整个美国似乎就把此事抛到脑后了。 |
| Nearly a decade later, the Biden administration says the threat of a hacking on America’s oil and gas pipelines has never been graver. “The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” Alejandro N. Mayorkas, the homeland security secretary, said in a statement on Tuesday. | 近十年之后,拜登政府才表示,美国石油和天然气管道从来没有遭受如此严重的黑客威胁。“美国人民的生命和生计,取决于我们保护国家关键基础设施免受不断升级的威胁的整体能力,”国土安全部长亚历杭德罗·N·马约卡斯(Alejandro N. Mayorkas)周一在声明中说道。 |
| The May directive set a 30-day period to “identify any gaps and related remediation measures to address cyber-related risks” and report them to the T.S.A. and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. | 5月的指令设定了30天期限,以“找出所有漏洞和相关补救措施,解决网络相关风险”,并将结果报告给运输安全管理局和国土安全部的网络安全与基础设施安全局(Cybersecurity and Infrastructure Security Agency)。 |
| Shortly after taking office, President Biden promised that improving cybersecurity would be a top priority. This month, he met with top advisers to discuss options for responding to a wave of Russian ransomware attacks on American companies, including one on July 4 on a Florida company that provides software to businesses that manage technology for smaller firms. | 拜登总统上任后不久就承诺,改善网络安全将是当务之急。本月,他与高级顾问会面,讨论了如何应对俄罗斯针对美国企业发起的一波勒索软件攻击,其中一次是7月4日针对佛罗里达州一家公司的攻击,后者专为向小型公司提供技术管理的公司提供软件。 |
| And on Monday, the White House said that China’s Ministry of State Security, which oversees intelligence, was behind an unusually aggressive and sophisticated attack in March on tens of thousands of victims that relied on Microsoft Exchange mail servers. | 白宫周一表示,负责监管情报的中国国家安全部是今年3月一次异常凶猛复杂攻击的幕后主使,影响了成千上万依赖微软Exchange邮件系统的受害者。 |
| Separately, the Justice Department unsealed indictments of four Chinese citizens on Monday for coordinating the hackings of trade secrets from companies in aviation, defense, biopharmaceuticals and other industries. | 此外,美国司法部周一公开了对四名中国公民的起诉书,指控他们配合黑客攻击,窃取航空、国防、生物制药等领域企业的商业秘密。 |
| According to the indictments, China’s hackers operate from front companies, some on the island of Hainan, and tap Chinese universities not only to recruit hackers to the government’s ranks, but also to manage key business operations, like payroll. That decentralized structure, American officials and security experts say, is intended to offer China’s Ministry of State Security plausible deniability. | 根据起诉书,中国黑客以幌子公司的掩护进行活动,其中一些公司位于海南岛,他们利用中国的大学,不仅招募黑客进入政府队伍,还管理关键的商业操作,比如工资发放。美国官员和安全专家表示,这种分散结构的目的在于为中国国安部提供合理的推诿。 |
| The indictments also revealed that China’s “government-affiliated” hackers had engaged in for-profit ventures of their own, conducting ransomware attacks that extort companies for millions of dollars. | 起诉书还透露,“政府附属”的中国黑客自己也从事营利项目,进行勒索软件攻击,勒索企业达数百万美元。 |
OK阅读网 版权所有(C)2017 | 联系我们