NPR News:孟加拉央行盗窃案嫌疑指向朝鲜

Security experts say North Korea might be behind a spree of cyberattacks on Asian banks. Researchers at the firm Symantec say these attacks have something in common with the one on Sony Pictures in 2014. That's the one the FBI tied to North Korea. Here to talk about all this is NPR's tech reporter Aarti Shahani.
安全专家表示，朝鲜可能参与了多家亚洲银行遭遇的网络攻击。赛门铁克公司的研究人员表示，这些攻击与索尼影业在2014年遭遇的攻击有一些共同点。当时美国联邦调查局认为朝鲜与索尼影业遭攻击有关。我们将连线NPR新闻的技术记者阿尔蒂•沙哈尼了解详细情况。

Hi there.
你好。

AARTI SHAHANI, BYLINE: Hi.
阿尔蒂•沙哈尼连线：你好。

MCEVERS: So who do the Symantec researchers say hacked into these banks?
麦克弗斯：赛门铁克公司的研究员认为是谁入侵了这些银行？

SHAHANI: The name of the group is Lazarus, and apparently they're a very effective group of hackers. And, you know, they're not just breaking into networks and stealing emails. They're developing a strategy to hijack banks and take cash directly out. The group allegedly stole tens of millions of dollars from the Central Bank of Bangladesh back in February. The Central Bank chief actually had to resign over that. In Vietnam, Lazarus allegedly attempted to steal more than a million from a bank there too. Officials managed intercept it, though, before it happened. A bank in Ecuador was also hit. And now, according to Symantec — you know, the company that makes antivirus software — according to Symantec, this same group hit the Philippines and managed to break into desktop computers and a house. It's not clear, though, if they managed to steal money this time.
沙哈尼：一个名为拉撒路集团的黑客组织，显然这个组织是一个效率很高的黑客组织。他们不只入侵网络，还窃取电子邮件。他们的策略是入侵银行系统并直接窃取现金。这个组织涉嫌在2月份从孟加拉国央行窃取了数千万美元。孟加拉国央行负责人因此引咎辞职。拉撒路集团还涉嫌企图从越南一家银行偷窃100余万美元。不过在他们行动前，银行官员成功地进行了拦截。厄瓜多尔一家银行也遭遇了黑客袭击。制造防毒软件的赛门铁克公司表示，这个组织还攻击了菲律宾银行，并侵入了台式电脑和办公区。但是目前并不清楚他们是否偷走了钱财。

MCEVERS: So what does all this have to do then with North Korea?
麦克弗斯：那这些与朝鲜有什么关系？

SHAHANI: OK. So this is going to sound a little complicated or convoluted so just bear with me here, OK? First there are a bunch of attacks that are linked to Lazarus the hacking group, OK? According to multiple security experts, malicious software — the exact same lines of malware — keeps showing up in attacks against South Korean companies, against Sony Pictures, which you referenced earlier, and now in these bank attacks. And so the security experts say that cannot be a coincidence. Lines of malicious software don't just get copied and pasted magically. So they believe Lazarus is behind it. OK. That's part one. Now, part two is the North Korea connection. According to U.S. intelligence officials, North Korea was behind Sony. So the private sector experts who've studied the hack, they're saying by extension it could be North Korea is behind these other attacks using the same malware.
沙哈尼：这听起来有些复杂难懂，请耐心听我解释，好吗？首先，大量的攻击事件都与黑客组织拉撒路集团有关。据多名安全专家表示，韩国公司和你刚才提到的索尼影业遭遇的攻击中都出现了同样的恶意程序代码，而这些代码也出现了在银行攻击事件中。所以安全专家表示，这不可能是巧合。恶意程序代码不会只是被复制粘贴而已。专家认为拉撒路集团是攻击事件的幕后黑手。这是其一。其二就是朝鲜与这些攻击的关联。美国情报官员表示，攻击索尼影业的是朝鲜。所以研究黑客的专家认为，由此推论，使用同样的恶意代码攻击银行的可能就是朝鲜。

MCEVERS: Did the researchers talk about why a country would want to get into the business of robbing banks?
麦克弗斯：研究人员有没有说为什么一个国家会与抢劫银行有牵扯？

SHAHANI: You know, according to the researchers, it's strange behavior, and I mean, really significant because, you know, nation states don't typically rob each other's banks. Though I do want to temper it by saying that it is to some extent speculation. We don't know for a fact that North Korea is behind it.
沙哈尼：研究人员表示，这是奇怪的行为，而且意义重大，因为通常一个国家不会去抢劫其他国家的银行。不过我要说明一下，从某种程度上说，这只是猜测。我们不能确定发动攻击的就是朝鲜。

MCEVERS: And the banks targeted in these attacks are pretty small. I mean, these are not the Citibanks and the J.P. Morgans of the world. Is there a reason why hackers would target these small banks?
麦克弗斯：黑客攻击的都是小型银行。不是花旗银行或摩根大通这些世界知名银行。为什么黑客会以这些小型银行为目标？

SHAHANI: Yeah, you know, it is definitely the case that these smaller banks are weaker links in the global financial system. There's a global network for banks to talk to each other and complete transactions. It's called SWIFT. And in fact just this week, the CEO of SWIFT gave this big address in Brussels. He said, listen, our central system's not at fault, it hasn't been compromised, but it looks like these small banks in our networks are vulnerable. He called the attack against Bangladesh in particular a watershed event. Again, that was the Central Bank looted by cyberthieves who took lots of money. And he said it's not an isolated incident. To his knowledge, other banks are being similarly attacked, small banks in particular. Part of the problem is small banks don't have response teams and fancy detection software like the big banks do. So in his opinion, the attacks are part of a campaign that's going to continue.
沙哈尼：当然是因为这些小型银行属于全球金融体系中的薄弱环节。银行之间有一个互相联系和完成交易的全球网络。这个网络是环球银行金融电信协会。本周，环球银行金融电信协会首席执行官在布鲁塞尔发表了重要讲话。他说，听着，我们的中央系统不存在问题，也没有受到侵害，不过看起来我们体系中的一些小型银行易受到攻击。他特别指出孟加拉国银行遭遇黑客攻击是“分水岭”事件。我们要再次说明一下，被网络窃贼侵入并偷取大量钱财的是孟加拉国央行。首席执行官表示，这不是一起个别事件。据他所知，其他银行也遭遇过类似的黑客袭击，尤其是小型银行。部分问题在于，与大银行不同，小型银行没有应急小组和复杂的监测软件。所以在他看来，这类黑客攻击事件还会继续发生。

MCEVERS: That's NPR's Aarti Shahani. Thanks so much.
麦克弗斯：以上是NPR新闻的阿尔蒂•沙哈尼带来的报告。非常谢谢你。

SHAHANI: Thank you.
沙哈尼：谢谢你。