盘点2017年置我们于危险之中的那些黑客事件

　　It was the year nothing seemed safe.

　　已经过去的这一年，似乎什么都不安全。

　　Here’s a look back at the major hacks of 2017.

　　让我们一起回顾下2017年的这些主要黑客事件。

　　Equifax

　　1.艾奎法克斯泄密事件

　　Cybercriminals penetrated Equifax (EFX), one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers.

　　今年7月，有网络犯罪分子渗透进美国最大的征信企业之一艾奎法克斯公司，窃取了1.45亿人的个人信息。因为包括公民的社会保险号在内的太多敏感信息被曝光，此案被视为有史以来最严重的黑客事件之一。

　　The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft.

　　艾奎法克斯公司直到两个月后才披露此事。案件的影响恐怕会持续好几年，因为被盗数据可以用来实施身份盗用犯罪。

　　The Equifax breach raised concerns over the amount of information data brokers collect on consumers, which can range from public records to mailing addresses, birth dates and other personal details.

　　艾奎法克斯泄密案发生后，人们开始担心中介机构掌握的大量消费者数据是否安全——涵盖了从公共记录、邮件地址到出生日期等等个人信息。

　　Firms like Equifax, TransUnion and Experian sell that data to customers, such as banks, landlords and employers, so they can learn more about you.

　　像艾奎法克斯、环联资讯、益百利这样的公司会把信息出售给银行、房东、雇主等客户，让他们了解你的更多信息。

　　Whether data brokers do enough to keep that private information secure is under scrutiny.

　　数据中介机构是否会采取足够的措施保证信息的安全，尚有待审查。

　　The public still doesn’t know who is responsible for the hack.

　　公众仍不清楚谁将对本次泄密事件负责。

　　A Yahoo bombshell

　　2.雅虎事件

　　Parent company Verizon (VZ) announced in October that every one of Yahoo’s 3 billion accounts was hacked in 2013 -- three times what was first thought.

　　雅虎的母公司美国威瑞森电信公司今年10月宣布，全球30亿雅虎账户早在2013年就全部遭到入侵——受害规模是最初估测结果的三倍。

　　In November, former Yahoo CEO Marissa Mayer told Congress that the company only found out about the breach in 2016, when it reported that 1 billion accounts were hacked.

　　前雅虎首席执行官玛丽萨.迈耶11月在美国国会表示，雅虎直到2016年才发现入侵事件，当时声称受影响账户为10亿。

　　The company still does not know who was responsible.

　　到目前为止，雅虎仍然不清楚究竟谁是罪魁祸首。

　　Leaked government tools

　　3. 政府工具外泄

　　In April, an anonymous group called the Shadow Brokers leaked a suite of hacking tools widely believed to belong to the National Security Agency.

　　今年4月，一个名为“影子经纪人”的匿名组织发布了一批黑客工具，据信这批工具来自美国国家安全局。

　　The tools allowed hackers to compromise a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

　　黑客可以利用这些工具入侵多种Windows服务器和操作系统，包括Windows7和Windows8系统。

　　Microsoft said it had released patches for the security holes in March. But many businesses had not patched their software. The tools Shadow Brokers leaked were then used in the year’s biggest global cyberattacks, including WannaCry.In March, WikiLeaks released documents that claimed to describe hacking tools created by the CIA. Researchers found that many of the exploits were old and imitated hacks that were made public years ago.

　　美国微软公司表示早在今年3月就发布了针对相关安全漏洞的补丁，但许多公司没有及时更新。随后，“影子经纪人”发布的工具被用来制造本年内多起国际重大黑客事件，比如3月份的“想哭”勒索事件，维基解密公布了一些文件，声称这些文件描述了CIA创造的黑客工具。

　　WannaCry

　　4.“想哭”勒索软件

　　WannaCry, which spanned more than 150 countries, leveraged some of the leaked NSA tools. In May, the ransomware targeted businesses running outdated Windows software and locked down computer systems.

　　“想哭”勒索软件利用了从美国国安局泄露出来的部分工具，传播到150多个国家。“想哭”在今年5月瞄准了使用过时Windows软件的公司，锁住了它们的电脑系统。

　　The hackers behind WannaCry demanded money to unlock files. More than 300,000 machines were hit across numerous industries, including health care and car companies.

　　“想哭”背后的黑客要求这些公司为解锁文件支付赎金，超过30万台机器受到影响，包括医疗和汽车在内的无数行业都未能幸免。

　　There was a human cost: In Britain, hospitals with locked computers were forced to close temporarily. One patient told CNN his cancer surgery was delayed.

　　此事甚至影响到了人命：有英国医院因为电脑被锁定，被迫暂时关闭。有病人告诉CNN，他的癌症手术也因此而推迟。

　　NotPetya

　　5.“诺特佩蒂亚”病毒

　　In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses, including FedEx, the British advertising agency WPP, the Russian oil and gas giant Rosneft, and the Danish shipping firm Maersk.

　　今年6月，“诺特佩蒂亚”电脑病毒瞄准了使用中毒财税软件的乌克兰公司。多家大型跨国企业中招，包括美国联邦快递公司、英国WPP广告公司、俄罗斯石油公司和丹麦马士基航运有限公司。

　　This virus also spread by leveraging a vulnerability leaked by the Shadow Brokers.

　　“诺特佩蒂亚”的传播方式还利用了“影子经纪人”泄露出来的安全漏洞。

　　In September, FedEx attributed a $300 million loss to the attack. The company’s subsidiary TNT Express had to suspend business.

　　美国联邦快递9月表示，病毒已造成3亿美元损失，旗下TNT国际快递公司被迫暂停业务。

　　Bad Rabbit

　　6.“坏兔子”勒索软件

　　Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised.

　　另一个造成很大骚动的勒索软件是“坏兔子”。“坏兔子”利用新闻媒体网站弹出的Adobe Flash软件安装请求来渗透用户电脑，而那些新闻媒体网站已经被黑客入侵了。

　　The ransomware, which hit in October, mostly affected Russia, but experts saw infections in Ukraine, Turkey and Germany.

　　这轮勒索风潮发生在10月，主要冲击了俄罗斯，但有专家发现乌克兰、土耳其和德国也出现了受害者。

　　It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don’t belong to the software company.

　　这件事提醒我们，用户一定不要通过广告弹出窗口或者不属于软件公司的网站来下载软件。

　　Voter records exposed

　　7.选民信息泄露

　　In June, a security researcher discovered almost 200 million voter records exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service.

　　今年6月，有电脑安全研究人员发现，一家美国共和党数据公司在选择亚马逊云存储服务的安全设置时出了错，导致近2亿选民信息被泄露。

　　It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored. They are secure by default, but Chris Vickery, a researcher at cybersecurity firm UpGuard, regularly finds that companies set it up wrong.

　　这是亚马逊服务器不够安全所导致的最新一起重大泄密事件。服务器的默认选项是安全的，但网络安全师克里斯.维克里经常发现有公司设置错误。

　　Verizon and the U.S. Department of Defense also had data exposed on Amazon servers.

　　美国威瑞森电信公司和美国国防部同样有存储在亚马逊服务器里的信息被曝光。

　　An Uber coverup

　　8. 优步隐瞒黑客案

　　In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until this November, when it was revealed by new Uber CEO Dara Khosrowshahi.

　　2016年，有黑客窃取了5700万优步用户的数据，美国优步公司随后支付10万美元平息此事。直到今年11月，该案才被新任优步首席执行官达拉.霍斯劳沙希披露出来。

　　Now Uber is facing questions from lawmakers. Three senators introduced a bill that could make executives face jail time for knowingly covering up data breaches.

　　优步公司眼下正面临议员的质询。三位联邦参议员推动制定相关法案，很可能导致那些故意掩盖数据入侵事件的高管面临牢狱之灾。

　　Looking ahead，Expect even more of this in 2018.

　　展望未来，2018年此类事件会更多。

　　Nunnikhoven predicts attacks on the Internet of Things will keep hitting industries including airlines, manufacturing and cars as they rely more on so-called smart technology.

　　农尼霍芬(美国趋势科技公司副总裁)认为，针对物联网的攻击活动将持续影响民航、制造、汽车等行业，因为这些行业越来越依靠所谓的智能技术。

　　"They face the same cybersecurity challenges that our laptops and our phones do, but they’re attached to real things in the real world," he said. "If someone hacks my laptop, my data is at risk. But if someone hacks a robotic manufacturing arm, that entire manufacturing line is at risk."

　　“我们的手提电脑和手机所面临的网络安全挑战，这些行业同样要面对，但它们同时与真实世界的真实物体联系在一起。如果有人入侵我的手提电脑，我的数据就会受到威胁。但如果有人入侵一台自动机械臂，受威胁的就成了整条生产线。”

　　The year’s breaches may ultimately change consumer behavior. They proved Social Security numbers and birthdays might not be the best form of secure identification. Criminals buy and sell those numbers for fairly low prices, along with other personal information like addresses, emails and passwords.

　　今年的各种入侵事件恐怕将最终改变消费者的行为。事实证明，社会保险号与生日恐怕不是安全识别身份的最佳方式，犯罪分子以较低的价格买卖这些数字，而地址、电邮、密码之类的个人信息也被买来买去。

　　Lawmakers are also proposing legislation to combat data breaches.

　　议员们还提议立法打击数据泄露。

　　In the meantime, businesses and people are at least more aware of security risks.

　　与此同时，企业和个人也应当更加提高安全风险意识。