黑客對社交網站攻擊升級
Security breaches at LinkedIn and eHarmony have highlighted an escalation in attacks on social networks from hackers seeking to exploit personal data, according to security firms.
一些安全公司表示,專業交流網站LinkedIn和約會網站eHarmony的安全漏洞突顯出,尋求盜取個人數據的黑客加大了針對社交網站的攻擊力度。The professional networking and dating sites have both confirmed that "some" of their users'passwords have been have not disclosed how many but security experts said hackers have posted a total of 8m encrypted passwords online, the bulk of which came from LinkedIn.
上述兩家網站都已證實,“部分”用戶的密碼失竊。它們沒有透露遭竊數量,但安全專家表示,黑客在網上貼出了800萬條加密密碼,其中多數來自LinkedIn。LastFM, a UK-based social network focused on music owned by CBS, also said yesterday some of its users'passwords had been stolen. Like LinkedIn and eHarmony,it advised users to change passwords.
昨日,CBS旗下、總部位於英國的音樂社交網站LastFM也表示,部分用戶密碼遭竊。與LinkedIn以及eHarmony一樣,該網站建議用戶修改密碼。
Experts called the LinkedIn hack "one of the largest we've seen" and said it was a sign that cybercriminals are showing an increasing preference for targeting social networks, including Facebook, Twitter and Pinterest. "Now they've switched over to social networks,"said Graham Cluley,senior technology consultant at Sophos, a security research firm."The anti-spam features on these sites are nowhere near as mature as places like Hotmail and Gmail."
專家表示,LinkedIn遭黑客攻擊是“我們所見到的規模最大的攻擊之一”,他們表示,這是一個跡象,表明網絡罪犯越來越喜歡攻擊Facebook、Twitter和Pinterest等社交網站。安全研究企業Sophos的資深技術顧問格雷厄姆•克魯利(Graham Cluley)表示:“現在黑客轉移到了社交網站,而這些網站的反垃圾郵件機制遠遠不如Hotmail和Gmail等網站成熟。”In April, social networks replaced financial organisations as the top target of phishing attacks, according to data from Kaspersky Lab.
卡巴斯基實驗室(Kaspersky Lab)的數據顯示,4月,社交網站取代金融機構,成爲釣魚攻擊的頭號目標。Phishing campaigns are spoof emails or spoof social networking messages that impersonate a business like LinkedIn to trick people into handing over email addresses, passwords and other personal information.
釣魚攻擊使用欺詐郵件或欺詐性社交網絡信息,假扮成LinkedIn之類的企業,欺騙人們交出郵箱地址、密碼和其他個人信息。Kaspersky estimates social networks accounted for 28.8 per cent of phishing attacks in April, a 6 per cent increase from March, due mainly to a surge of attacks on Facebook users.
卡巴斯基估計,4月份的釣魚攻擊中,28.8%發生在社交網絡,比3月增加了6%,主要是由於針對Facebook用戶的攻擊猛增。The cause of this week's hacks are still unknown. LinkedIn has since added enhanced security features to its encryption process, a move Mr Cluley said they "should have been doing earlier". Mr Cluley also said that the openness of social networks to external programmers that develop applications left them more vulnerable to hackers.
本週黑客攻擊的原因尚不明朗。遭到攻擊後,LinkedIn已經加強了加密過程的安全設置,克魯利稱,LinkedIn“早就應該這麼做了”。克魯利還表示,社交網站對外部程序員開放,允許他們開發應用,這也使網站更容易受到黑客攻擊。In addition, the personal nature of social networks makes it easier for criminals to impersonate someone, using their name and photo to contact friends and work colleagues."If I get a message from someone who is a LinkedIn contact of mine, I'm much more likely to respond,"said David Emm, senior security researcher at Kaspersky Lab.
此外,社交網站的個人性質使罪犯更容易假裝成某人,使用他們的名字和照片聯繫朋友和同事。卡巴斯基實驗室的資深安全研究員戴維•埃姆(David Emm)表示:“如果我收到了我在LinkedIn上聯繫人的信息,我更有可能做出迴應。”Cybercrime on social networks is turning into its own industry, said Jim Walter, manager for McAfee Threat Intelligence Service, as criminals hire underlings to generate more traffic and even ad revenue from these sites through automated botnets, collection of compromised computers.
邁克菲網絡威脅情報服務(McAfee Threat Intelligence Service)經理吉姆•沃爾特(Jim Walter)表示,針對社交網絡的犯罪正在發展爲一個產業。罪犯僱傭人手,通過自動殭屍網絡(即大量已被侵入的電腦),在這些網站上製造流量,甚至產生廣告收入。"There's a whole underground economy around LinkedIn bots, Pinterest bots, Facebook bots, you name it,"he said.
沃爾特表示:“圍繞着LinkedIn殭屍、Pinterest殭屍、Facebook殭屍等等,存在着一個完整的地下經濟。”
