The Twitter accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple were hijacked Wednesday, in a stunning show of force by hackers.
本周三(7月15日),包括乔·拜登、贝拉克·奥巴马、埃隆·马斯克、比尔·盖茨、杰夫·贝佐斯和苹果公司在内的重要公众人物和企业的推特账户被黑客攻陷,令人震惊。
Twitter said it was aware of “a security incident”and “taking steps to fix it”, but provided no further information hours after the hack began.
在黑客攻击开始几个小时后,推特公司表示,已经知晓这起“安全事件”,并“正在采取措施修复漏洞”,但没有提供进一步的信息。
The hack unfolded over the course of several hours, and it appeared that Twitter was only able to stop it by preventing verified accounts from tweeting at all – an unprecedented measure.
这次黑客入侵持续了几个小时,推特公司似乎只能通过禁止认证账户发布推文来加以阻止,这一举措前所未有。
黑客推文的内容大致都是:“由于新冠疫情,我在回馈社区。所有寄往以下地址的比特币将加倍退回!如果你寄1000美元,我就回寄2000美元。这个信息只在30分钟内有效。”
以下是一些名人推特账户被黑的截图:
苹果公司和优步公司等知名公司的账户也被入侵:
The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted by some of the compromised accounts over the course of Wednesday afternoon.
这些被入侵的账户发出的推文包括一个比特币钱包的地址,随着骗局的蔓延,这个钱包的余额迅速增长到超过11个比特币(超过10万美元,约合人民币69.8万元)。本周三下午,类似的推文被一些被入侵的账户反复删除和转发。
While the motives and source of the attack are not yet known, the coordinated hijacking of the verified communications streams of world leaders, celebrities and major corporate accounts was a frightening prospect. Twitter has become a de facto wire service for the world and is used for official communications by governments during emergencies; a hack on the scale of Wednesday’s attack could have been more disruptive or even dangerous.
虽然此次黑客入侵的动机和来源尚不清楚,但合作入侵世界领导人、名人和大公司已认证账户的做法令人恐惧。推特已经成为事实上的全球通讯机构,在紧急情况下被各国政府用于官方信息往来,像周三这样规模的黑客攻击可能更具破坏性,甚至更危险。
“The amount of damage this could cause is very high,” said Douglas Schmidt, a computer science professor at Vanderbilt University. “These people could hold information gleaned from the hack for ransom in the future.”
范德比尔特大学计算机科学教授道格拉斯·施密特说:“这可能造成非常大的损害。这些人可以保存从此次入侵事件中收集到的信息,以便将来索取赎金。”
Twitter issued a statement approximately 90 minutes after scam messages began being sent out by Musk’s and Gates’ accounts, as the attack was ongoing.
在马斯克和盖茨的账户开始发送诈骗信息大约90分钟后,推特公司发布了一份声明,当时攻击仍在进行。
“We are aware of a security incident impacting accounts on Twitter,” the company said on Twitter. “We are investigating and taking steps to fix it. We will update everyone shortly.”
推特公司发推文表示:“我们注意到一起安全事件影响了推特上的账户。我们正在调查并采取措施修复。我们很快就会向大家发布最新消息。”
The company subsequently warned that some users would be unable to tweet or change their passwords as it worked to address the issue. The company appeared to be blocking verified users, whose accounts feature a blue checkmark to denote that Twitter has confirmed their identities, from tweeting.
该公司随后警告说,在解决这个问题的过程中,一些用户可能无法发推文或更改密码。该公司似乎在屏蔽已验证用户的账户,这些用户的账户上有一个蓝色的标记,表示推特公司已经确认了他们的身份。
Twitter’s stock price tumbled more than 3% in after hours trading.
推特股价在盘后交易中下跌超过3%。
The hack probably targeted a vulnerability on Twitter’s end rather than those of the individual account holders, said John Ozbay, the chief executive of the privacy and security tool Cryptee. Most high-profile users probably engage two-factor authentication, Ozbay said, and the hackers appeared to have enough control over the compromised accounts to “pin” a tweet. That would not have been possible if a hacked account were being controlled by SMS, as occurred when the Twitter CEO Jack Dorsey’s own account was hijacked in 2019.
隐私和安全工具Cryptee公司的首席执行官约翰·奥兹贝说,黑客攻击的目标可能是推特终端的一个漏洞,而不是个人账户持有人的漏洞。奥兹贝说,大多数名人用户可能会采用双因素身份验证,黑客似乎有足够的控制权来控制被入侵的账户,“锁定”一条推文。如果一个被黑的账户被用户管理系统控制,这是不可能的,就像推特首席执行官杰克·多尔西自己的账户在2019年被入侵时一样。
Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronavirus pandemic.
施密特说,这些攻击可能与这样一个事实有关,即在新冠肺炎疫情期间,推特公司像其他许多科技行业的公司一样,已经转向远程工作。
“The likelihood of attacks like this increase when people are working remotely it is much easier for bad actors to impersonate someone through an email and gain access to their accounts,” said Schmidt. “Assuming this wasn’t someone inside Twitter trying to take revenge, it appears to be a spear phishing attack – someone who has access to admin privileges that can override two-factor authentication and strong passwords fell victim to a hack”.
施密特说:“当人们远程工作时,这种攻击的可能性会增加,恶意攻击者更容易通过电子邮件冒充他人入侵他们的账户。假设这不是推特内部员工蓄意报复,那这似乎是一种鱼叉式网络钓鱼攻击,一个拥有管理权限、可以推翻双因素认证和强密码的人最终成为黑客攻击的受害者。
impersonate [ɪmˈpɜːsəneɪt]:vt.扮演;模仿;
spear phishing:鱼叉式网络钓鱼是面向特定组织的欺诈行为,目的是不通过授权访问机密数据。