7月15日，美國大批知名人士和公司的推特賬戶被黑客攻陷，這些推特賬戶發(fā)布消息，要求粉絲向特定的比特幣錢包轉(zhuǎn)賬，并承諾粉絲將得到雙倍回報。推特公司表示正在調(diào)查并采取措施加以解決。

The Twitter accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple were hijacked Wednesday, in a stunning show of force by hackers.

本周三（7月15日），包括喬·拜登、貝拉克·奧巴馬、埃隆·馬斯克、比爾·蓋茨、杰夫·貝佐斯和蘋果公司在內(nèi)的重要公眾人物和企業(yè)的推特賬戶被黑客攻陷，令人震驚。

Twitter said it was aware of “a security incident”and “taking steps to fix it”, but provided no further information hours after the hack began.

在黑客攻擊開始幾個小時后，推特公司表示，已經(jīng)知曉這起“安全事件”，并“正在采取措施修復(fù)漏洞”，但沒有提供進(jìn)一步的信息。

The hack unfolded over the course of several hours, and it appeared that Twitter was only able to stop it by preventing verified accounts from tweeting at all – an unprecedented measure.

這次黑客入侵持續(xù)了幾個小時，推特公司似乎只能通過禁止認(rèn)證賬戶發(fā)布推文來加以阻止，這一舉措前所未有。

黑客推文的內(nèi)容大致都是：“由于新冠疫情，我在回饋社區(qū)。所有寄往以下地址的比特幣將加倍退回！如果你寄1000美元，我就回寄2000美元。這個信息只在30分鐘內(nèi)有效?！?/p>

以下是一些名人推特賬戶被黑的截圖：

蘋果公司和優(yōu)步公司等知名公司的賬戶也被入侵：

The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted by some of the compromised accounts over the course of Wednesday afternoon.

這些被入侵的賬戶發(fā)出的推文包括一個比特幣錢包的地址，隨著騙局的蔓延，這個錢包的余額迅速增長到超過11個比特幣（超過10萬美元，約合人民幣69.8萬元)。本周三下午，類似的推文被一些被入侵的賬戶反復(fù)刪除和轉(zhuǎn)發(fā)。

While the motives and source of the attack are not yet known, the coordinated hijacking of the verified communications streams of world leaders, celebrities and major corporate accounts was a frightening prospect. Twitter has become a de facto wire service for the world and is used for official communications by governments during emergencies; a hack on the scale of Wednesday’s attack could have been more disruptive or even dangerous.

雖然此次黑客入侵的動機(jī)和來源尚不清楚，但合作入侵世界領(lǐng)導(dǎo)人、名人和大公司已認(rèn)證賬戶的做法令人恐懼。推特已經(jīng)成為事實上的全球通訊機(jī)構(gòu)，在緊急情況下被各國政府用于官方信息往來，像周三這樣規(guī)模的黑客攻擊可能更具破壞性，甚至更危險。

“The amount of damage this could cause is very high,” said Douglas Schmidt, a computer science professor at Vanderbilt University. “These people could hold information gleaned from the hack for ransom in the future.”

范德比爾特大學(xué)計算機(jī)科學(xué)教授道格拉斯·施密特說：“這可能造成非常大的損害。這些人可以保存從此次入侵事件中收集到的信息，以便將來索取贖金?！?/p>

Twitter issued a statement approximately 90 minutes after scam messages began being sent out by Musk’s and Gates’ accounts, as the attack was ongoing.

在馬斯克和蓋茨的賬戶開始發(fā)送詐騙信息大約90分鐘后，推特公司發(fā)布了一份聲明，當(dāng)時攻擊仍在進(jìn)行。

“We are aware of a security incident impacting accounts on Twitter,” the company said on Twitter. “We are investigating and taking steps to fix it. We will update everyone shortly.”

推特公司發(fā)推文表示：“我們注意到一起安全事件影響了推特上的賬戶。我們正在調(diào)查并采取措施修復(fù)。我們很快就會向大家發(fā)布最新消息。”

The company subsequently warned that some users would be unable to tweet or change their passwords as it worked to address the issue. The company appeared to be blocking verified users, whose accounts feature a blue checkmark to denote that Twitter has confirmed their identities, from tweeting.

該公司隨后警告說，在解決這個問題的過程中，一些用戶可能無法發(fā)推文或更改密碼。該公司似乎在屏蔽已驗證用戶的賬戶，這些用戶的賬戶上有一個藍(lán)色的標(biāo)記，表示推特公司已經(jīng)確認(rèn)了他們的身份。

Twitter’s stock price tumbled more than 3% in after hours trading.

推特股價在盤后交易中下跌超過3%。

The hack probably targeted a vulnerability on Twitter’s end rather than those of the individual account holders, said John Ozbay, the chief executive of the privacy and security tool Cryptee. Most high-profile users probably engage two-factor authentication, Ozbay said, and the hackers appeared to have enough control over the compromised accounts to “pin” a tweet. That would not have been possible if a hacked account were being controlled by SMS, as occurred when the Twitter CEO Jack Dorsey’s own account was hijacked in 2019.

隱私和安全工具Cryptee公司的首席執(zhí)行官約翰·奧茲貝說，黑客攻擊的目標(biāo)可能是推特終端的一個漏洞，而不是個人賬戶持有人的漏洞。奧茲貝說，大多數(shù)名人用戶可能會采用雙因素身份驗證，黑客似乎有足夠的控制權(quán)來控制被入侵的賬戶，“鎖定”一條推文。如果一個被黑的賬戶被用戶管理系統(tǒng)控制，這是不可能的，就像推特首席執(zhí)行官杰克·多爾西自己的賬戶在2019年被入侵時一樣。

Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronavirus pandemic.

施密特說，這些攻擊可能與這樣一個事實有關(guān)，即在新冠肺炎疫情期間，推特公司像其他許多科技行業(yè)的公司一樣，已經(jīng)轉(zhuǎn)向遠(yuǎn)程工作。

“The likelihood of attacks like this increase when people are working remotely it is much easier for bad actors to impersonate someone through an email and gain access to their accounts,” said Schmidt. “Assuming this wasn’t someone inside Twitter trying to take revenge, it appears to be a spear phishing attack – someone who has access to admin privileges that can override two-factor authentication and strong passwords fell victim to a hack”.

施密特說：“當(dāng)人們遠(yuǎn)程工作時，這種攻擊的可能性會增加，惡意攻擊者更容易通過電子郵件冒充他人入侵他們的賬戶。假設(shè)這不是推特內(nèi)部員工蓄意報復(fù)，那這似乎是一種魚叉式網(wǎng)絡(luò)釣魚攻擊，一個擁有管理權(quán)限、可以推翻雙因素認(rèn)證和強(qiáng)密碼的人最終成為黑客攻擊的受害者。

impersonate [?m?p??s?ne?t]：vt.扮演；模仿；

spear phishing：魚叉式網(wǎng)絡(luò)釣魚是面向特定組織的欺詐行為，目的是不通過授權(quán)訪問機(jī)密數(shù)據(jù)。

英文來源：衛(wèi)報

翻譯&編輯：yaning