PBS高端访谈:为什么黑客会将目标锁定在保险公司?

搜索关注在线英语听力室公众号：tingroom，领取免费英语资料大礼包。

　　Hackers³ were able to crack a database that included records for 80 million people. The cyber-criminals were able to get names, addresses and e-mails, as well as Social Security numbers and income. But hospital and doctor information related to patients wasn't hacked⁴.

　　Bloomberg News reported that investigators⁵ believe Chinese state-sponsored hackers are involved.

　　Mark Bower⁶ is a noted⁷ expert on these issues. He's also a vice⁸ president at Voltage Security in California.

　　Mark Bower, welcome.

　　So, compared to the hacks⁹ we have seen until now, how serious is this one?

　　MARK BOWER, Voltage Security: Well, certainly, we have just started the year off with a bang in terms of data breaches¹¹; 80 million records is a very substantial amount, so this is quite a serious attack

　　And the nature of the data, you have got lots of personal data that can potentially be monetized. It's going to be very inconvenient¹² for those individuals and also quite costly¹³ for the organization that this affects.

　　JUDY WOODRUFF: It is possible to know at this point who is behind this? You — we mentioned the Bloomberg news report that it's potentially the Chinese. They mentioned a group called Deep Panda.

　　MARK BOWER: It's not clear yet. We only have a couple data points on information like that.

　　But, fundamentally, there's got to be some organized crime behind this or very well-organized attackers to be able to get into these types of systems and steal this volume of data. And we shouldn't forget that these types of attacks are pretty much expected these days.

　　We have seen breaches of this nature across the board over the last decade. And, in fact, the volumes of data that have been stolen are actually staggering these days.

　　JUDY WOODRUFF: What can the people behind this data breach¹⁰ do with this information?

　　MARK BOWER: So, it depends on the — their motive¹⁴ in the end. But, ultimately, if you have stolen large amounts of personal information, whether you have got Social Security numbers, name and address, date of birth, all that kind of stuff — and in this case, it seems like there's also employment history and income data — well, you can start to create identity theft situations, where you're actually stealing people's information or identity to commit fraud.

　　But, more importantly, there is also the risk of side effects, that this type of data can actually result in attacks that are more targeted. So, for example, we might have an individual that is maybe a wealthy individual, and the attacker can go now after them more specifically based on the information that they have about them in what we call a spear phishing attack.

　　And that might involve going after them with targeted e-mails, even phone calls, to try and get them to reveal more data that then can be used in a compromise or for further identity theft.

　　JUDY WOODRUFF: So for individuals who either now or did have health coverage¹⁵ through Anthem, what should they be on the lookout¹⁶ for?

　　MARK BOWER: So, after these types of attacks, what we often see is a wave of spam e-mails. Those are those fake e-mails that are often trying to lure¹⁷ people into Web sites where there may be viruses and malware, the more sinister¹⁸ phishing attacks, which might be there to lure people to Web sites to then download malware that will actually steal further information from their own personal computers or maybe even get into their bank accounts and so on with online banking¹⁹.

　　So people have to be vigilant²⁰ to make sure that they're not seeing e-mails that look suspicious and clicking on things there. And also be wary²¹ of things like phone calls, for instance, from organizations that may be purporting²² to be from service providers that may be related to Anthem, but they're actually criminal gangs trying to get more information from consumers that can then be used for further fraud or accessing their bank account or accessing their computers and so on.

　　JUDY WOODRUFF: Just quickly, Mark Bower, how would you rank or rate the security system at a company like Anthem? I mean, obviously, it was breached²³, but had they taken all the steps that a big company is supposed to take?

　　MARK BOWER: That's hard to say.

　　But even the best-prepared organizations can often succumb²⁴ to these types of attacks. What we have found over the last several years is that the attackers are becoming much more sophisticated. The malware is becoming much more advanced. And it just takes one vulnerability to be able to bypass those traditional perimeter²⁵ defenses, the firewalls and the log-in and the intrusion detection, to get into the heart of these systems.

　　And once they're in there, it's too late. The information can be stolen, monetized. And we see victims, as we have seen today.

　　JUDY WOODRUFF: Well, it's certainly got a lot of people's attention.

　　Mark Bower with Voltage Security, we thank you.

　　MARK BOWER: Thank you very much.

分享到：