备注请放最后面 违者新闻文章删除
1.媒体来源:
reuters
2.记者署名:
Raphael Satter
3.完整新闻标题:
Chinese spyware code was copied from America's NSA: researchers
4.完整新闻内文:
WASHINGTON (Reuters) - Chinese spies used code first developed by the U.S.
National Security Agency to support their hacking operations, Israeli
researchers said on Monday, another indication of how malicious software
developed by governments can boomerang against their creators.
以色列研究人员周一说,中国间谍使用美国国家安全局最初开发的代码来支持其黑客行动
,这再次表明了政府开发的恶意软件如何对他们的创作者进行猛烈抨击。
Tel Aviv-based Check Point Software Technologies issued a report noting that
some features in a piece of China-linked malware it dubs “Jian” were so
similar they could only have been stolen from some of the National Security
Agency break-in tools leaked to the internet in 2017.
总部位于特拉维夫的Check Point软件技术公司发布了一份报告,指出中国的一个
恶意程式叫做"Jian"的,他有些地方太像偷来的。在2017年时,一些国安局的破解工具
被外流到网络上。
Yaniv Balmas, Checkpoint’s head of research, called Jian “kind of a
copycat, a Chinese replica.”
Checkpoint的研究主管Yaniv Balmas称Jian为“模仿者,中国复制品。”
The find comes as some experts argue that American spies should devote more
energy to fixing the flaws they find in software instead of developing and
deploying malicious software to exploit it.
这一发现之所以出现,是因为一些专家认为,美国间谍应该投入更多精力来修复他们在软
件中发现的缺陷,而不是开发和部署恶意软件来加以利用。
The NSA declined comment. The Chinese Embassy in Washington did not respond
to requests for comment.
国家安全局拒绝置评。 中国驻华盛顿大使馆未回应。
A person familiar with the matter said Lockheed Martin Corp – which is
credited as having identified the vulnerability exploited by Jian in 2017 –
discovered it on the network of an unidentified third party.
一位知情人士说,洛克希德·马丁公司(Lockheed Martin Corp)在一个身份不明的第三
方网络上发现了该漏洞。洛克希德·马丁公司(Lockheed Martin Corp)在2017年发现了
Jian利用的漏洞。
In a statement, Lockheed said it “routinely evaluates third-party software
and technologies to identify vulnerabilities.”
洛克希德公司在一份声明中说,“它定期评估第三方软件和技术以识别漏洞。”
Countries around the world develop malware that breaks into their rivals’
devices by taking advantage of flaws in the software that runs them. Every
time spies discover a new flaw they must decide whether to quietly exploit it
or fix the issue to thwart rivals and rogues.
全世界的国家都在利用运行恶意软件的漏洞来开发可侵入其竞争对手设备的恶意软件。
每次间谍发现新的漏洞时,他们都必须决定是悄悄地利用它还是解决该问题以阻止竞争对
手和流氓。
That dilemma came to public attention between 2016 and 2017, when a
mysterious group calling itself the “Shadow Brokers” published some of the
NSA’s most dangerous code to the internet, allowing cybercriminals and rival
nations to add American-made digital break-in tools to their own arsenals.
这种困境在2016年至2017年间引起了公众的注意,当时一个自称为“影子经纪人”的神秘
组织向网络发布了NSA最为危险的一些code,从而使网络犯罪分子和竞争国家可以将美
国制造的数位入侵工具加入到他们自己的武力。
How the Jian malware analyzed by Checkpoint was used is not clear. In an
advisory published in 2017, Microsoft Corp suggested it was linked to a
Chinese entity it dubs “Zirconium,” which last year was accused of
targeting U.S. election-related organizations and individuals, including
people associated with President Joe Biden’s campaign.
目前尚不清楚如何使用Checkpoint分析的Jian恶意软件。 在2017年发布的一份咨询报告
中,微软公司暗示它与一个叫做“锆”的中国公司有联系,该公司去年被指控针对美国
与选举相关的组织和个人,包括与乔·拜登总统竞选活动有关的人。
Checkpoint says Jian appears to have been crafted in 2014, at least two years
before the Shadow Brokers made their public debut. That, in conjunction with
research published in 2019 by Broadcom Inc-owned cybersecurity firm Symantec
about a similar incident, suggests the NSA has repeatedly lost control of its
own malware over the years.
Checkpoint表示,Jian似乎是在2014年制作的,至少在Shadow Brokers公开亮相之前两年
。 这与博通公司旗下网络安全公司赛门铁克在2019年发布的关于类似事件的研究相结合
,表明NSA多年来已经屡屡失去对其自身恶意软件的控制权。
Checkpoint’s research is thorough and “looks legit,” said Costin Raiu, a
researcher with Moscow-based antivirus firm Kaspersky Lab, which has helped
dissect some of the NSA’s malware.
莫斯科防毒软件公司卡巴斯基实验室的研究员Costin Raiu说,Checkpoint的研究是彻底的
“看起来很合法”,该组织已经帮助分析了NSA的某些恶意程式。
Balmas said a possible takeaway from his company’s report was for spymasters
weighing whether to keep software flaws secret to think twice about using a
vulnerability for their own ends.
Balmas说,间谍公司可以从公司的报告中得出结论,他们可以权衡是否对软件漏洞进行
保密,以便为自己的目的考虑使用漏洞。
“Maybe it’s more important to patch this thing and save the world,” Balmas
said. “It might be used against you.”
Balmas说:“也许修补这个东西并拯救世界更重要。” “它可能会被用来对付你。”
5.完整新闻连结 (或短网址):
https://www.reuters.com/article/us-usa-cyber-china-idUSKBN2AM11R
6.备注:
这新闻就两个点,一是美国国安局出了内鬼,专把自己人的code外泄,二是中国居然连
这个东西都要抄,不愧是作弊大国