| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
|
| 双语新闻 Bilingual News | 双语对照阅读 分级系列阅读 智能辅助阅读 在线英语学习 |
| [英文] [中文] [双语对照] [双语交替] [] |
| A Shanghai police database with a vast trove of personal data that was seized by a hacker or group had been left online, unsecured, for months, security researchers said, in what is probably the largest known breach of Chinese government computer systems. | 网络安全研究人员表示,上海警方一个拥有大量个人信息的数据库被一名黑客或一个黑客组织窃取,之后被留在网上长达数月之久,这可能是对中国政府的计算机系统已知的最大一次入侵。 |
| The leak, which came to light after an anonymous user posted in an online forum offering to sell the personal information of as many as one billion Chinese citizens, exposes the privacy risks of the Chinese government’s vast surveillance and security apparatus. | 有匿名用户在一个网络论坛发帖,提出可出售多达10亿中国人的个人信息,才让这起数据泄露事件曝光。这件事暴露了中国政府庞大的监控和安全机器存在的隐私风险。 |
| The authorities in China collect vast amounts of data on citizens by tracking their movements, scouring their social media posts, and recording their DNA and other biological markers. Yet even as the state amasses ever greater amounts of personal data, it has sometimes been lax in erecting safeguards, such as by parking it on unprotected servers. Shortly after the Shanghai database was advertised, another anonymous user posted in an online forum offering to sell a separate police database from the central Chinese province of Henan, claiming to have information on 90 million citizens. | 中国当局通过跟踪公民的行踪、搜查他们在社交媒体上的发帖、采集DNA和其他生物识别标记,对公民进行大规模数据收集。但就在政府积累越来越多个人数据的同时,有时在保护这些数据上却很松懈,比如把数据放在没有网络安全保护的服务器上。网上出现了出售上海警方数据库的广告后不久,另一个匿名用户在一个在线论坛发帖,表示可出售河南警方的一个数据库,声称其中有9000万公民的信息。 |
| Chinese citizens have in recent years expressed growing demands for personal privacy and data protection from companies. This leak, if it became widely known within China, would most likely fuel public resistance to the collection of private data by the government, as well. But news about the leak has been swiftly censored and removed from the Chinese internet and social media platforms, a sign that the government recognizes the explosive nature of the apparent breach. As of Thursday, hashtags such as “Shanghai data leak,” “data leak of one billion citizens” and “data leak” remained blocked on Sina Weibo, a popular Chinese microblogging service. | 近年来,中国公民对企业保护个人隐私和数据的要求越来越高。如果这次数据泄露事件在中国被广泛知晓,很可能也会引发公众对政府收集私人数据的抵制。但有关这次泄露的报道迅速遭到审查,并已从中国互联网和社交媒体平台删除,表明政府意识到了这次泄露可能引起爆炸性反应。截至周四,新浪微博上诸如“上海数据泄露”、“十亿公民数据泄露”和“数据泄露”等标签都已遭到屏蔽。 |
| “It’s left a big black eye for the Chinese public security world, and by extension the Chinese government,” said Paul Triolo, senior vice president for China at Albright Stonebridge Group, a strategy firm. “It’s not surprising they’ve gone into full censorship mode given how sensitive this issue is for the public.” | “这件事是对中国公安乃至中国政府的一记重击,”战略公司奥尔布莱特石桥咨询集团的中国事务高级副总裁保罗·特廖洛说。“考虑到这个问题对公众来说有多么敏感,他们进入全面审查模式也就不足为奇了。” |
| While large data leaks are not uncommon, the Shanghai police database stands out both for its scale and the highly sensitive nature of some of the information included, security researchers said. | 虽然大量数据遭泄露的情况并不罕见,但安全研究人员说,上海警方数据库的泄露因其规模之大以及其中一些信息的敏感度之高而引人注目。 |
| Two cybersecurity researchers said that they had separately verified the anonymous user’s claims that the database included over 23 terabytes of data covering as many as a billion individuals, noting that one of the leaked files appeared to contain nearly 970 million records. They did not rule out the possibility of duplicate entries. | 两名网络安全研究人员表示,他们已经分别证实了匿名出售数据者的说法,即数据库中有逾23万亿字节的数据,包含多达10亿人的个人信息。他们专门提到泄露数据库中有一份似乎包含近9.7亿条记录的文件,但没有排除数据重复的可能性。 |
| One of them, Vinny Troia, founder of Shadowbyte, a threat intelligence company, said that he first stumbled across the database months ago. Data from Leak IX, an online platform that trawls the internet for exposed databases, shows that the server was accessible as early as April 2021. The revelation that the Shanghai database had long been unsecured was earlier reported by CNN. | 其中一名网络安全研究人员是威胁情报公司Shadowbyte的创始人文尼·特洛亚。他说,几个月前他第一次偶然发现了这个数据库。在互联网上搜罗暴露数据库的在线平台Leak IX的数据显示,上海警方数据库所在的服务器早在2021年4月就已暴露。美国有线电视新闻网CNN曾在早些时候报道过上海警方数据库长时间处于不安全状态的消息。 |
| The New York Times confirmed parts of a sample of 750,000 records that the anonymous user, who goes by the name ChinaDan, released to prove the authenticity of the data. In addition to addresses and ID numbers, the database also included information on “key persons” identified by the police as requiring heightened surveillance, as well as police reports. In one case, a grandfather was reported to the police for raping his 3-year-old granddaughter. In another, a person was investigated for petitioning on Tiananmen Square in Beijing. The sample also included the names and passport numbers of American citizens who violated the terms of their visas in China. | 自称“ChinaDan”的匿名用户为了证明真实性而公布了75万份记录样本,《纽约时报》对部分内容进行了核实。除地址和身份证号外,数据库还包括被警方认定为需要加强监控的“重点人员”的信息,以及警方的报告,包括一名祖父因强奸了他的三岁孙女而被报警的报告。还有一份是某人因去北京天安门广场上访而被调查的报告。样本中还包括违反了中国签证条款的美国公民的姓名和护照号码。 |
| Nine people reached by The New York Times by telephone confirmed their names and details. None of the people contacted said they had previously heard about the data leak. | 《纽约时报》通过电话联系到的九个人证实了他们的姓名和细节。这些人都表示,他们之前未听说过数据泄露的事情。 |
| Some seemed unfazed about having their personal information exposed. One man, whose record of a complaint to the police that his daughter had been raped by her work manager was among the data posted in the sample set, confirmed the accuracy of the record when reached by phone. But he said that the episode was in the past, and it didn’t matter if the information was public. | 一些人似乎并不担心自己的个人信息被泄露。样本集公布的数据中有一条记录是,一名男子向警方投诉自己的女儿被工作单位的经理强奸了,他在电话中证实了这条记录的准确性。但他说,事情已经过去了,信息是否公开已不再重要。 |
| Others expressed frustration and resignation. Many Chinese have grown accustomed to surveillance, censorship and frequent telemarketing calls, accepting that such intrusions were the cost of convenience and safety. Still, they said, there needed to be safeguards. | 其他人则对信息被泄露表示失望和无奈。许多中国人已经习惯了监控、审查和频繁的电话营销,他们接受了这些侵扰,认为那是为了方便和安全付出的代价。尽管如此,他们说,仍需要有措施保护个人信息。 |
| “It’s alarming because these are the files of ordinary people,” said May Peng, a saleswoman in Shanghai whose details were also in the sample set. She confirmed that as the data showed, she had filed a police report in 2017 when her electric scooter was stolen. “They should be better protected.” | “会警觉,这些是一般人的档案,应该(被)好好保存。”上海一位名叫梅·彭的女销售员说,她的详细信息也在样本集中。数据显示,她的电动滑板车在2017年被盗后,曾向警方报案。她证实了这条信息。 |
| The government has kept silent on the matter. The Cybersecurity Administration of China did not respond to a faxed request for comment. Shanghai’s public security bureau declined to respond to questions about the database. | 政府一直对此事保持沉默。国家网信办没有回复记者用传真发去的置评请求。上海市公安局拒绝回答有关该数据库的问题。 |
| The government’s refusal to acknowledge the leak comes in contrast to common practice in other countries, under which companies and government agencies are often obligated to alert affected users if their information has been leaked. | 中国政府拒绝承认数据泄露的做法与其他国家的普遍做法形成鲜明对比。在其他国家,企业和政府机构通常有责任把信息被泄露的情况告知受到影响的用户。 |
| Mr. Troia and another researcher, Bob Diachenko, owner of SecurityDiscovery.com, a cybersecurity consultancy, said that the Shanghai data had been stored securely on a closed-off network until someone set up a gateway that essentially punched a hole through the firewall. They said that creating such portals was common practice among developers as a way to gain easy access to a database, but that such gateways should be password protected. | 特洛亚和另一名研究人员、网络安全咨询公司SecurityDiscovery.com的所有者鲍勃·迪亚琴科说,上海警方的数据库曾存放在有安全保护的封闭网络上,直到有人设置了一个网关,等于是在防火墙上打了个洞。他们说,设置这种网关是开发人员的一种常见做法,以便他们可以访问数据库,但这种网关应该有密码保护。 |
| The gateway to the Shanghai database did not have a password. | 上海警方数据库的网关没有密码。 |
| Mr. Troia said he first came across the unsecured trove of files last December or January, and that it stood out for its vast size. He said he downloaded and reviewed a small sample of the files at the time. | 特洛亚说,他在去年12月或今年1月第一次接触到这些没有安全保护的文件,其庞大规模引人注目。他说,他当时下载并查阅了其中一小部分文件样本。 |
| Mr. Diachenko said that his team had determined that the database was accessible as early as April this year until mid-June when someone copied and destroyed the data and left a ransom note demanding 10 Bitcoin, current value about $200,000, for recovery of the information. Security researchers say that it is common for malicious actors to hijack exposed databases and try to extort the data owners with ransom demands. | 迪亚琴科说,他的团队早在今年4月就已确定,该数据库可访问,直到今年6月中旬,有人复制那个数据库后,销毁了原来的数据,还留下一个赎金要求,向数据被盗者索要10个比特币(目前约值20万美元),换取数据的恢复。安全研究人员说,恶意劫持被暴露的数据库,并试图用赎金勒索数据所有者的情况很常见。 |
| It’s unclear if anyone has paid for and downloaded the entire database. The Times reached out to the anonymous user this week but did not receive a response. | 目前还不清楚是否有人购买并下载了整个数据库。时报本周联系了那个匿名用户,但没有收到回复。 |
| Security researchers say that the vast amount of personal information contained in the Shanghai database could put the individuals whose data was exposed at risk of extortion, blackmail or fraud. | 安全研究人员表示,上海警方数据库中包含的大量个人信息可能会让数据被暴露者面临敲诈、勒索或欺诈的风险。 |
| “The more complete profile you have of a person, the more dangerous it is,” Mr. Diachenko said. “The possibilities are endless.” | “手中掌握的一个人的情况越完整,危险就越大,”迪亚琴科说。“滥用的可能性无穷无尽。” |
OK阅读网 版权所有(C)2017 | 联系我们