The director of the Federal Bureau of Investigation has offered fresh details of the cyber attack on Sony Pictures as he defended the US claim that North Korea was responsible.
美国联邦调查局(FBI)局长提供了有关索尼影视(Sony Pictures)所受网络攻击的新细节,为美国声称朝鲜应为此次攻击负责的说法辩护。
Some internet security consultants have cast doubt on Pyongyang’s involvement in the data breach, but James Comey, the FBI director, said he had “high confidence” in the bureau’s conclusion and cited recently declassified material.
部分互联网安全顾问对于朝鲜政府曾参与过这次数据泄露事件十分怀疑。不过FBI局长詹姆斯•科米(James Comey)表示,他对FBI的结论有着“高度的信心”,并提到了最近解密的材料。
Guardians of Peace, the group claiming credit for the attack, used proxy services to disguise their location when sending emails threatening Sony employees and posting statements online explaining their work, he said. But, he added, they got “sloppy”.
他说,在发出电子邮件威胁索尼员工并在网上贴出解释其工作的声明时,声称为此次网络袭击负责的“和平卫士(Guardians of Peace)”使用了代理服务掩饰他们的位置。不过,他补充说,这些人的处理“十分草率”。
“Several times either because they forgot or they had a technical problem they connected directly and we could see them. And we could see that the IP addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans,” he said.
他说:“有那么几次,要么是由于他们忘了,要么是由于他们遇到了技术问题,他们采取了直接连接的方式,从而令我们可以发现他们。此外,我们还发现他们用于发布声明和发送电子邮件的IP地址,来自朝鲜专用的IP地址。”
His comments came in response to recent allegations by a private computer security firm that said the cyber attack, which revealed embarrassing emails, salary information about employees, and other sensitive information, was more likely to be an inside job. Sony’s chief executive called the attack “vicious”.
他这番言论是对近期一家私营电脑安全公司指控的回应。这家公司表示这次网络袭击更有可能是一次索尼人员的内部行为。这次网络袭击披露了一些令人尴尬的电子邮件内容、索尼员工的薪资信息、以及其他敏感信息。索尼首席执行官曾称这次袭击“十分恶毒”。
Mr Comey said the FBI was still looking to identify the “vector” of the attack but said “the likely vector for the entry into Sony” evolved from a spear phishing attempt on the company as late as last September. Spear phishing is a technique deployed by hackers who send emails posing as someone known to the recipient, seeking information such as passwords.
科米表示,FBI仍在辨认此次袭击的“媒介”。不过他表示,“攻入索尼的可能媒介”与针对索尼的鱼叉式网络钓鱼(Spear phishing)攻击有关,这些攻击最晚发生在去年9月。鱼叉式网络钓鱼是黑客使用的一种技术,这些黑客会伪装成接收者认识的人,向其发送电子邮件并套取密码等信息。
Mr Comey was speaking at a cyber conference held by the FBI and Fordham University.
科米是在FBI和福坦莫大学(Fordham University)召开的有关网络的会议上发表上述言论的。