Security breaches at LinkedIn and eHarmony have highlighted an escalation in attacks on social networks from hackers seeking to exploit personal data, according to security firms.
一些安全公司表示,专业交流网站LinkedIn和约会网站eHarmony的安全漏洞突显出,寻求盗取个人数据的黑客加大了针对社交网站的攻击力度。
The professional networking and dating sites have both confirmed that "some" of their users'passwords have been stolen.They have not disclosed how many but security experts said hackers have posted a total of 8m encrypted passwords online, the bulk of which came from LinkedIn.
上述两家网站都已证实,“部分”用户的密码失窃。它们没有透露遭窃数量,但安全专家表示,黑客在网上贴出了800万条加密密码,其中多数来自LinkedIn。
LastFM, a UK-based social network focused on music owned by CBS, also said yesterday some of its users'passwords had been stolen. Like LinkedIn and eHarmony,it advised users to change passwords.
昨日,CBS旗下、总部位于英国的音乐社交网站LastFM也表示,部分用户密码遭窃。与LinkedIn以及eHarmony一样,该网站建议用户修改密码。
Experts called the LinkedIn hack "one of the largest we've seen" and said it was a sign that cybercriminals are showing an increasing preference for targeting social networks, including Facebook, Twitter and Pinterest. "Now they've switched over to social networks,"said Graham Cluley,senior technology consultant at Sophos, a security research firm."The anti-spam features on these sites are nowhere near as mature as places like Hotmail and Gmail."
专家表示,LinkedIn遭黑客攻击是“我们所见到的规模最大的攻击之一”,他们表示,这是一个迹象,表明网络罪犯越来越喜欢攻击Facebook、Twitter和Pinterest等社交网站。安全研究企业Sophos的资深技术顾问格雷厄姆•克鲁利(Graham Cluley)表示:“现在黑客转移到了社交网站,而这些网站的反垃圾邮件机制远远不如Hotmail和Gmail等网站成熟。”
In April, social networks replaced financial organisations as the top target of phishing attacks, according to data from Kaspersky Lab.
卡巴斯基实验室(Kaspersky Lab)的数据显示,4月,社交网站取代金融机构,成为钓鱼攻击的头号目标。
Phishing campaigns are spoof emails or spoof social networking messages that impersonate a business like LinkedIn to trick people into handing over email addresses, passwords and other personal information.
钓鱼攻击使用欺诈邮件或欺诈性社交网络信息,假扮成LinkedIn之类的企业,欺骗人们交出邮箱地址、密码和其他个人信息。
Kaspersky estimates social networks accounted for 28.8 per cent of phishing attacks in April, a 6 per cent increase from March, due mainly to a surge of attacks on Facebook users.
卡巴斯基估计,4月份的钓鱼攻击中,28.8%发生在社交网络,比3月增加了6%,主要是由于针对Facebook用户的攻击猛增。
The cause of this week's hacks are still unknown. LinkedIn has since added enhanced security features to its encryption process, a move Mr Cluley said they "should have been doing earlier". Mr Cluley also said that the openness of social networks to external programmers that develop applications left them more vulnerable to hackers.
本周黑客攻击的原因尚不明朗。遭到攻击后,LinkedIn已经加强了加密过程的安全设置,克鲁利称,LinkedIn“早就应该这么做了”。克鲁利还表示,社交网站对外部程序员开放,允许他们开发应用,这也使网站更容易受到黑客攻击。
In addition, the personal nature of social networks makes it easier for criminals to impersonate someone, using their name and photo to contact friends and work colleagues."If I get a message from someone who is a LinkedIn contact of mine, I'm much more likely to respond,"said David Emm, senior security researcher at Kaspersky Lab.
此外,社交网站的个人性质使罪犯更容易假装成某人,使用他们的名字和照片联系朋友和同事。卡巴斯基实验室的资深安全研究员戴维•埃姆(David Emm)表示:“如果我收到了我在LinkedIn上联系人的信息,我更有可能做出回应。”
Cybercrime on social networks is turning into its own industry, said Jim Walter, manager for McAfee Threat Intelligence Service, as criminals hire underlings to generate more traffic and even ad revenue from these sites through automated botnets, collection of compromised computers.
迈克菲网络威胁情报服务(McAfee Threat Intelligence Service)经理吉姆•沃尔特(Jim Walter)表示,针对社交网络的犯罪正在发展为一个产业。罪犯雇佣人手,通过自动僵尸网络(即大量已被侵入的电脑),在这些网站上制造流量,甚至产生广告收入。
"There's a whole underground economy around LinkedIn bots, Pinterest bots, Facebook bots, you name it,"he said.
沃尔特表示:“围绕着LinkedIn僵尸、Pinterest僵尸、Facebook僵尸等等,存在着一个完整的地下经济。”