《DevOps for Finance》CHAPTER 1-黑客
The NASDAQ Hack
黑客入侵纳斯达克
In late 2010, hackers broke into NASDAQ’s Directors Desk web application and planted malware. According to NASDAQ, the hackers did not get access to private information or breach the trading platform.
2010年末,黑客闯入纳斯达克(Nasdaq)的董事办公桌网络应用程序,并植入恶意软件。据纳斯达克称,黑客没有获取私人信息或侵入交易平台。
At least, that’s what they thought at the time.
至少,那是他们当时的想法。
However, subsequent investigations by the NSA and the FBI found that the hackers were extremely sophisticated. They had used two zero-day vulnerabilities—evidence of a nation state actor—and planted advanced malware (including a logic bomb) created by the Federal Security Service of the Russian Federation in NASDAQ’s systems.
然而,美国国家安全局和联邦调查局随后的调查发现,这些黑客非常老练。他们使用了两个零日漏洞(这是国家行为人的证据),并在纳斯达克系统中植入了俄罗斯联邦安全局创建的高级恶意软件(包括逻辑炸弹)。
Agents also found evidence that several different hacking groups (including cyber criminals and “Chinese cyberspies”) had compromised NASDAQ’s networks, and may have been inside for years. More than a year after the hack, it was still not clear to the investigators who the attackers were, or if they were attempting to steal
NASDAQ’s technology IP, or get access to inside information about the market, or if they had intended to plant a digital weapon to disrupt the US economy.8
特工们还发现了几个不同的黑客组织(包括网络罪犯和“中国的网络间谍”)已经破坏了纳斯达克的网络,并且可能已经潜入纳斯达克多年。黑客袭击一年多后,调查人员仍不清楚袭击者是谁,也不知道他们是否试图盗窃纳斯达克的技术知识产权,或获取有关市场的内幕信息,或他们是否打算制造一种数字武器来扰乱美国经济。8
8 见 http://bloom.bg/1KaFBQU.
9 见 http://nyti.ms/1L2JhoC.