索尼影業的高管年薪遭黑客泄露

LOS ANGELES — Just as Sony Pictures Entertainment appeared to be recovering from a crippling online attack last month, the studio found itself confronting new perils on Tuesday. The Federal Bureau of Investigation warned United States businesses of a similar threat, and additional Sony secrets were leaked online.

洛杉磯——索尼影視娛樂公司(Sony Pictures Entertainment)似乎剛從上個月的嚴重網絡攻擊中恢復過來，週二卻發現自己遇到了新麻煩。該公司的更多機密泄露在了網絡上。美國聯邦調查局警告多家美國企業防範類似威脅。

Sony, the studio behind “The Amazing Spider-Man” films and the “Breaking Bad” television series, restarted many of its computer systems on Monday after a Nov. 24 breach by a group calling itself #GOP, for Guardians of Peace. Executives at the entertainment company said they were also making progress in fighting the apparently related Internet pirating of five complete films, including the unreleased “Annie.”

索尼公司曾出品系列電影《超凡蜘蛛俠》(The Amazing Spider-Man)和電視劇《絕命毒師》(Breaking Bad)。11月24日，該公司的電腦系統曾遭到一個自稱“和平衛士”(#GOP，Guardians of Peace)的組織攻擊。週一，索尼重啓了自己的很多電腦系統。該公司的主管們稱，他們在打擊網絡盜版方面也取得進展，這些盜版行爲顯然與已拍好的五部影片有關，包括尚未上映的《安妮》(Annie)。

But Sony was newly rattled by the leak of internal documents, one of which contained the pre-bonus annual salaries of senior executives, showing 17 who earn more than $1 million a year. The documents were published late Monday on Pastebin, the anonymous Internet posting site.

但是索尼公司剛剛又被內部文件泄露事件搞得很緊張，其中一份文件包括多位高管分紅前的年薪，表明有17位高管的年薪超過100萬美元。這些文件是週一晚間在匿名發帖網站Pastebin上發佈的。

The breach exposed two things the secretive movie industry is extremely sensitive about — the piracy of films and details about executive compensation — and sent a ripple of dread across Hollywood to Washington.

這一攻擊暴露了神祕的電影行業極爲敏感的兩件事——電影盜版和管理層薪資細節——令從好萊塢到華盛頓的諸多行業感到恐懼。

Although large attacks on companies are increasingly common, this one has played out like one of Sony’s own thrillers, with macabre images on computer screens of studio executives’ severed heads and theories that the attack could be retribution from North Korea for a coming Sony comedy about an assassination attempt on that country’s leader, Kim Jong-un.

雖然對公司的大型攻擊越來越常見，但這一次的表現形式像是索尼公司自己出品的驚悚片，電腦屏幕上出現公司高管被切割下來的頭顱的恐怖畫面。有人認爲，這次攻擊可能是朝鮮在報復索尼公司即將上映一部關於試圖刺殺該國領導人金正恩的喜劇片。

Tom Kellermann, chief cybersecurity officer at Trend Micro, the private security firm, said that unlike stealth attacks from China and Russia, Sony’s hackers not only aimed to steal data, but also to send a clear message. “This was like a home invasion where after taking the family jewels the hackers set the house ablaze,” he said.

私營安全公司趨勢科技公司(Trend Micro)的首席網絡安全官湯姆·凱勒曼(Tom Kellermann)說，這不像來自中國和俄羅斯的祕密攻擊，攻擊索尼公司的黑客們不僅意在竊取數據，而且想要傳遞一個明確的信息。“這就像入室盜竊，在拿走家裏的珠寶後，黑客們還放火燒了房子，”他說。

The attack at Sony comes as major American companies and government agencies are still reeling from online security threats. Breaches at major retailers like Target, Home Depot and Staples were only the beginning. Over the last year, the White House, the State Department, the nation’s largest bank, energy companies, even the Postal Service, were all breached by attackers who have yet to be identified or apprehended.

索尼公司遭受黑客攻擊之時，美國的大公司和政府機構仍在爲網絡安全威脅感到心煩意亂。對大型零售公司的攻擊纔剛開始，比如塔吉特(Target)、家得寶(Home Depot)和史泰博(Staples)。在過去的一年裏，白宮、美國國務院、美國最大的銀行、多個能源公司，甚至郵政系統都遭到攻擊，而攻擊者的身份和用意仍不明確。

But the Sony attack, and new details about a spate of coordinated cyberattacks from Iran that emerged on Tuesday, have security experts and law enforcement authorities rattled, worried that Sony’s difficulties may be a harbinger of many more to come.

但是索尼公司遭受的攻擊以及週二出現的一大波來自伊朗的協同網絡攻擊的最新細節，令安全專家和執法部門緊張不安，擔心索尼公司遭遇的麻煩可能預示着更多威脅即將到來。

“In 2015 hackers will destroy systems not just for activism, but also for counter-incident response,” said Mr. Kellermann, suggesting that it would be more difficult for security firms and companies to investigate, respond and recover from cyberattacks.

“2015年，黑客們摧毀電腦系統將不僅爲了激進理念，也是爲了反應急響應，”凱勒曼說。他認爲安全機構和公司將更難調查、應對和修復網絡攻擊。

The F.B.I. issued a private bulletin late Monday to a wide range of companies about a malicious software threat that wipes data from computers beyond the point of recovery.

週一晚間，美國聯邦調查局向多家公司發佈了一份非公開公告，提醒它們警惕一個清除電腦數據的惡意軟件，稱這些數據很難恢復。

The agency did not name the companies attacked, or say whether the bulletin was linked to the Sony attack, but the description mirrored the findings at Sony. The F.B.I. on Monday confirmed that it was working with the company to investigate the attack.

聯邦調查局沒有指明遭到攻擊的是哪家公司，也未說明該公告與索尼公司遭受的攻擊是否有關，但是公告中的描述類似索尼公司的情況。週一，該機構確認，它正在與索尼公司聯合調查這次攻擊。

Joshua Campbell, an F.B.I. spokesman, said on Tuesday that the agency’s “flash” warning, first reported by Reuters, was a routine advisory intended to “help systems administrators guard against the actions of persistent cybercriminals.”

週二，聯邦調查局發言人約書亞·坎貝爾(Joshua Campbell)稱，該機構的“火速”警告是例行公告，意在“幫助網管提防頑固網絡犯罪分子的行動”。最早報道該公告的是路透社。

Two people with knowledge of the advisory’s contents said the bulletin warned companies of malware that could destroy data on their hard drives and prevent computers from rebooting. The malware overwrites data in such a way that it can be nearly impossible to recover using standard means.

兩位知曉公告內容的人士說，該公告提醒各公司防範能摧毀硬盤數據、阻止電腦重啓的惡意軟件。該惡意軟件用特殊方法重寫數據，用常規手段幾乎不可能恢復。

Sony declined to comment on Tuesday beyond its previously released statements. “The company has restored a number of important services to ensure ongoing business continuity and is working closely with law enforcement officials to investigate the matter,” one statement read. Sony is notably dealing with the breach and its aftermath without a public relations chief, having dismissed its top corporate communications executive the week before the attack occurred.

週二，除了之前發佈的聲明，索尼公司拒絕再做評論。其中一項聲明稱，“本公司已恢復幾項重要服務，以確保業務正常進行。本公司正與執法人員密切配合，調查該事件。”令人矚目的是，索尼公司是在沒有公關主管的情況下處理這次攻擊事件及其後果，因爲在攻擊發生前的那周，該公司剛將該主管解僱。

To restore its computer systems, Sony’s movie and television divisions — a large music unit was not affected — hired the Mandiant division of FireEye, one of the larger online security firms.

索尼公司的電影和電視部僱傭大型網絡安全公司火眼(FireEye)的Mandiant分部來恢復電腦系統。它的一個重要的音樂分部未受影響。

With Mandiant’s help, business on Monday largely returned to normal at the studio, according to employees who spoke on the condition of anonymity. A previously scheduled town hall gathering to welcome a new movie marketing and distribution executive went forward as planned. The usual trade news trickled out — a casting announcement here, an international television deal there.

據索尼公司的幾位不願透露姓名的員工說，在Mandiant公司的幫助下，週一該公司的大部分業務恢復正常。之前計劃好的在市政廳歡迎電影推廣發行新主管的活動如期舉行。它也開始逐步發佈日常行業新聞——選角公告和國際電視交易等。

Inside Sony’s offices on Tuesday the mood was subdued but far from panicked, according to several employees, who said the attack had led to an unusually high degree of camaraderie. But they remained nervous about the breach of personal data and the possibility of identity theft.

據幾名員工表示，週二索尼公司內部的情緒受到打擊，但遠不至於恐慌，攻擊令同事們空前友愛。但他們仍擔心個人資料和身份信息遭竊。

On Pastebin, hackers released on Monday evening what they said were “tens of terabytes” worth of internal Sony data. The post — titled “Gift of G.O.P.” — included links to various archives that appeared to contain Sony employees’ passwords, Social Security numbers, salaries and performance reviews. (The password to open many of the files was “diespe123” (presumably an abridgment of “Die Sony Pictures Entertainment”). The studio has offered to enroll employees in a fraud protection program.

黑客們週一晚上在Pastebin公佈了自稱“數十兆兆”的索尼內部資料。這份帖子的標題是“和平衛士的禮物”，包括多個文檔鏈接，裏面似乎含有索尼員工的密碼、社會安全號碼、薪水和績效評估（很多文件的密碼是diespe123，估計是“索尼影視娛樂公司去死”的縮寫）。該公司已提議員工加入一個詐騙保護項目。

“The problem is that every time there is another leak, people clench up all over again,” said one executive in Sony’s home entertainment division.

“問題是，每多一次攻擊，人們就多一分不安，”索尼家庭娛樂部的一位主管說。