The Chinese hackers who are believed to have broken into the US government’s human resources office may be trying to map the government, recruit spies and access networks in other departments, experts warned.
一些专家警告,据信侵入美国政府人力资源部门的中国黑客可能在试图绘制政府组织结构、招募间谍、以及进入其他部门的网络。
The FBI said late last week that it was investigating the breach at the Office of Personnel Management that may have affected up to 4m current and former federal employees.
美国联邦调查局(FBI)上周晚些时候表示,它正在调查美国人事管理局(Office of Personnel Management,简称:OPM)遭侵入的事件。这起事件可能影响到多达400万现任和前任联邦雇员。
People familiar with the matter said hackers in China were suspected of being responsible for the attack on the agency which has files on employees working across the federal government.
知情人士称,中国境内的黑客被怀疑要对这起针对美国人事管理局的攻击负责。该局保管着联邦政府各部门雇员的人事档案。
China has strongly denied it is responsible for the attacks, accusing the US of making “groundless accusations” and being “irresponsible”.
中国强烈否认它要对这些攻击行为负责,并指责美国“捕风捉影”和“不负责任”。
Even if it was not a hack sponsored by the Chinese government, Chinese hackers could be responsible. The line between nation state attackers and individuals is being blurred, as some employed to hack by the government by day use the same tools to hack for themselves by night.
即使这不是中国政府支持的一起黑客攻击,中国黑客也可能要对此负责。国家背景的攻击者和个人攻击者之间的界限正变得模糊,一些白天受雇于政府的黑客晚上使用相同的工具“单干”。
While many cyber criminals try to steal personal data are doing it to sell to fraudsters on underground markets, cyber security experts say this looks like a very different kind of attack.
虽然许多网络犯罪分子窃取个人资料是为了卖给地下市场的欺诈分子,但网络安全专家表示,这起攻击的性质看起来截然不同。
Jim Lewis, a director at the Center for Strategic and International Studies in Washington, said he believed the Chinese government was compiling a database of US government employees.
华盛顿战略与国际研究中心(Center for Strategic and International Studies)的总监之一吉姆•刘易斯(Jim Lewis)表示,他相信中国政府正在编制美国政府雇员的数据库。
He linked the OPM incident — announced last week but discovered in April — to a previous cyber attack on the same organisation, as well as to earlier attacks on Anthem, a provider of health insurance for government employees, and on two background check contractors.
他把上周宣布、但4月份就已发现的美国人事管理局遭侵入事件,与之前针对该局的网络攻击、以及早先针对Anthem(面向政府雇员的医保提供商)和两家背景调查承包商的攻击联系起来。
“I think ... the Chinese are building a big biographic database of US government employees, using the same kind of data mining tools that retailers and credit card companies use,” he said.
“我认为……中国人正在构建一个有关美国政府雇员生平的大型数据库,他们用的是零售商和信用卡公司所用的那类数据挖掘工具,”他说。
Most big intelligence agencies try to create databases on their opposition to “understand how your opponent is going to play the game”, Mr Lewis added, noting that such a treasure trove could help them recruit informants.
刘易斯补充说,多数大情报机构都试图创建关于对手的数据库,以便“了解你的对手将会怎么玩”。他指出,此类数据宝库有望帮助他们招募线人。
Marc Goodman, a cyber security expert who has worked with the UN, Nato and the US government, said the information would be incredibly useful to China from a “geopolitical, strategic, national security perspective”.
曾与联合国、北约(Nato)及美国政府合作的网络安全专家马克•古德曼(Marc Goodman)表示,从“地缘政治、战略和国家安全视角看”,这些信息对中国将是非常有用的。
He said the hackers could use their access to find people with high security clearances and the sensitive information that could be used to manipulate them.
他说,黑客可利用他们掌握的信息,找出具有较高等级“安全通行证”的人员,以及可被用来拉他们下水的敏感信息。
“If you see, for example, that a workers’ wife has breast cancer and medical bills of $200,000, it makes them a much more interesting target if you want to recruit them to spy on behalf of China,” he said.
“举个例子,如果你看到某个工作人员的妻子患了乳腺癌,面对20万美元的医疗费,这将让夫妇俩成为更令人感兴趣的目标——如果你想招募他们为中国从事间谍活动的话,”他说。
The information could also be used to guess passwords and gain entry to networks in departments across government, with data about system administrators, who can roam across networks, a particular target.
此类信息还可被用来猜测密码,从而进入美国政府各部门的网络,其中涉及系统管理员(他们可进入不同网络)的数据成为特别诱人的目标。
The OPM has been a frequent target, he said, because it has access to every employee and probably has a worse understanding of the counterintelligence threat than a department like defence, the FBI or the intelligence agencies.
他表示,美国人事管理局受到频繁的攻击,是因为它掌握着所有政府雇员的档案,但对间谍威胁的意识却很可能不如美国国防部、联邦调查局或各情报机构。
“It’s a common weakness in the system. The OPM is the central repository for information on a US ambassador or a three-star general or a single kid in Nevada flying a drone for the army,” he said.
“这是系统中的一个共同弱点。人事管理局是政府雇员的中央资料库,无论其是一名美国大使、一名三星级将军,还是一名在内华达州为陆军操纵无人机的单身年轻人,”他说。
The OPM said it had made “an aggressive effort” to update its cyber security in the last year but the intrusion predated the adoption of these tougher controls. It added that it introduced even more protections since the attacks.
美国人事管理局表示,它过去一年已采取“积极努力”升级网络安全,但涉案的侵入行为发生在采取这些更严格控制措施之前。该局补充称,自发现遭侵入以来,它已采取更多保护措施。
But Ryan Wager, global threat strategist at vArmour, a US cyber security company, said the hackers could have remained inside the network since the previous attack.
但是,美国网络安全公司vArmour的全球威胁策略师瑞安•韦杰(Ryan Wager)表示,自上次攻击以来,黑客有可能一直隐藏在网络内部。
“Most campaigns are actually correlated even if they seem like multiple autonomous attacks,” he said. “If you were breached months or years ago and there is no visibility inside the network there is no way to make sure they didn’t compromise it. Typically they don’t know how far it spread.”
“多数攻击行动实际上是相关的,即使它们看起来像是多起独立的攻击。”他说,“如果你在几个月或几年前曾被侵入,而且难以获知网络内部的情况,就无从确保对方没有攻陷它。一般情况下,遭侵入的部门不知道侵入的范围有多大。”