Russian hackers are using Twitter as an ultra-stealthy way of concealing their intrusions into sensitive Western government computer systems — a new surveillance technique that blends cutting edge digital engineering with old-fashioned spy tradecraft.
俄罗斯黑客正把Twitter用作一种超级隐秘的方式,隐藏其入侵西方政府敏感电脑系统的行为,这种新的监视技术将先进的数字工程技术与老式的谍报技术结合在一起。
The hackers use images uploaded to the social media site to send messages and directions to malware — or malicious software — with which they have infected target computers.
黑客利用上传至Twitter的图片向植入到目标电脑中的恶意程序传递信息和指令。
The value of using Twitter as a means to control the malware — which may direct computers to steal files or other unintended operations — is that it is virtually invisible to most detection systems, appearing instead like myriad other visits users make to the social networking site.
把Twitter用作控制这种恶意程序的方法,其好处在于,多数侦测系统几乎无法察觉,看上去像是用户在大量访问这家社交网站。这种恶意软件可能会命令电脑盗取文件或进行其他意想不到的任务。
A new report from the cyber security firm FireEye released on Wednesday identifies the new malware for the first time publicly, which it has nicknamed “Hammertoss”.
网络安全机构FireEye周三发布的一份最新报告首次公开确认了这种新的恶意程序,绰号为“Hammertoss”。
FireEye says it has “high confidence” that Russian agents are behind the project.
FireEye表示,“高度怀疑”俄罗斯特工是该计划的支持者。
“It’s really an example of how innovative and thoughtful threat groups are becoming,” said Jen Weedon, manager at FireEye’s threat intelligence group. “They are leveraging all of these credentials and services. It’s artistry. This is clearly not malware that is being built without thought.”
“这确实表明这些组织变成了多么创新且经过精心设计的威胁,”FireEye威胁情报组织经理詹威登(Jen Weedon)表示,“他们正利用所有这些资历和服务。这需要高超的技巧。这显然不是没有经过思考就建立起来的。”
For all its digital sophistication, the principles behind Hammertoss are reminiscent of the low-tech spy signals of the Cold War — chalk marks on trees or dead-letter boxes. In essence, the social media site allows Russia’s cyber warriors to communicate with their agents in plain sight and under the noses of those on the look out for unusual behaviour or communications.
尽管Hammertoss需要复杂的数字技巧,但其背后的原则让人想起冷战(Cold War)时期科技含量较低的间谍信号:树上的粉笔记号或者废弃的信箱。大体而言,Twitter使得俄罗斯网络间谍得以在光天化日之下与他们的特工联系,而且就在那些监视不寻常行为或信息交流的机构的眼皮底下。
The malware, once embedded, performs a daily check for a specific Twitter account, the unique name of which is generated on each occasion by an inbuilt secret algorithm.
一旦植入这种恶意程序,它将每日查看具体某个Twitter账号,内置的秘密算法会每次生成独一无二的名字。
Hammertoss’s controllers, by possessing an identical algorithm, are able to know the name of the Twitter account the malware will look for each day. If they wish to issue a command to Hammertoss, they set up the account and post a tweet.
Hammertoss的控制者通过处理同样的算法,就能知晓这种恶意软件将每天寻找的Twitter账号的名字。如果他们想向Hammertoss发布命令,他们就建立一个账号,发布消息。
The tweet may look innocuous, but it will contain a link to an image. The image has a secret message for Hammertoss encoded within it — another Cold War technique known as steganography.
这些消息可能看上去毫无恶意,但将在图片中隐藏一个链接。图片中含有加密的秘密信息,这是冷战中的另一种谍报技术:“隐写术”。
Another Russian malware family, known as MiniDuke also used Twitter for certain command and control operations, but unlike Hammertoss, was limited to communications with a limited number of specific, pre-established accounts.
俄罗斯的另一个恶意程序家族名为MiniDuke,它也利用Twitter传递特定命令和控制任务,但与Hammertoss不同的是,它限于与有限数量的提前设置的特定账户的信息沟通。