中國黑客編制美國政府僱員數據庫

The Chinese hackers who are believed to have broken into the US government’s human resources office may be trying to map the government, recruit spies and access networks in other departments, experts warned.

一些專家警告，據信侵入美國政府人力資源部門的中國黑客可能在試圖繪製政府組織結構、招募間諜、以及進入其他部門的網絡。

The FBI said late last week that it was investigating the breach at the Office of Personnel Management that may have affected up to 4m current and former federal employees.

美國聯邦調查局(FBI)上週晚些時候表示，它正在調查美國人事管理局（Office of Personnel Management，簡稱：OPM）遭侵入的事件。這起事件可能影響到多達400萬現任和前任聯邦僱員。

People familiar with the matter said hackers in China were suspected of being responsible for the attack on the agency which has files on employees working across the federal government.

知情人士稱，中國境內的黑客被懷疑要對這起針對美國人事管理局的攻擊負責。該局保管着聯邦政府各部門僱員的人事檔案。

China has strongly denied it is responsible for the attacks, accusing the US of making “groundless accusations” and being “irresponsible”.

中國強烈否認它要對這些攻擊行爲負責，並指責美國“捕風捉影”和“不負責任”。

Even if it was not a hack sponsored by the Chinese government, Chinese hackers could be responsible. The line between nation state attackers and individuals is being blurred, as some employed to hack by the government by day use the same tools to hack for themselves by night.

即使這不是中國政府支持的一起黑客攻擊，中國黑客也可能要對此負責。國家背景的攻擊者和個人攻擊者之間的界限正變得模糊，一些白天受僱於政府的黑客晚上使用相同的工具“單幹”。

While many cyber criminals try to steal personal data are doing it to sell to fraudsters on underground markets, cyber security experts say this looks like a very different kind of attack.

雖然許多網絡犯罪分子竊取個人資料是爲了賣給地下市場的欺詐分子，但網絡安全專家表示，這起攻擊的性質看起來截然不同。

Jim Lewis, a director at the Center for Strategic and International Studies in Washington, said he believed the Chinese government was compiling a database of US government employees.

華盛頓戰略與國際研究中心(Center for Strategic and International Studies)的總監之一吉姆•劉易斯(Jim Lewis)表示，他相信中國政府正在編制美國政府僱員的數據庫。

He linked the OPM incident — announced last week but discovered in April — to a previous cyber attack on the same organisation, as well as to earlier attacks on Anthem, a provider of health insurance for government employees, and on two background check contractors.

他把上週宣佈、但4月份就已發現的美國人事管理局遭侵入事件，與之前針對該局的網絡攻擊、以及早先針對Anthem（面向政府僱員的醫保提供商）和兩家背景調查承包商的攻擊聯繫起來。

“I think ... the Chinese are building a big biographic database of US government employees, using the same kind of data mining tools that retailers and credit card companies use,” he said.

“我認爲……中國人正在構建一個有關美國政府僱員生平的大型數據庫，他們用的是零售商和信用卡公司所用的那類數據挖掘工具，”他說。

Most big intelligence agencies try to create databases on their opposition to “understand how your opponent is going to play the game”, Mr Lewis added, noting that such a treasure trove could help them recruit informants.

劉易斯補充說，多數大情報機構都試圖創建關於對手的數據庫，以便“瞭解你的對手將會怎麼玩”。他指出，此類數據寶庫有望幫助他們招募線人。

Marc Goodman, a cyber security expert who has worked with the UN, Nato and the US government, said the information would be incredibly useful to China from a “geopolitical, strategic, national security perspective”.

曾與聯合國、北約(Nato)及美國政府合作的網絡安全專家馬克•古德曼(Marc Goodman)表示，從“地緣政治、戰略和國家安全視角看”，這些信息對中國將是非常有用的。

He said the hackers could use their access to find people with high security clearances and the sensitive information that could be used to manipulate them.

他說，黑客可利用他們掌握的信息，找出具有較高等級“安全通行證”的人員，以及可被用來拉他們下水的敏感信息。

“If you see, for example, that a workers’ wife has breast cancer and medical bills of $200,000, it makes them a much more interesting target if you want to recruit them to spy on behalf of China,” he said.

“舉個例子，如果你看到某個工作人員的妻子患了乳腺癌，面對20萬美元的醫療費，這將讓夫婦倆成爲更令人感興趣的目標——如果你想招募他們爲中國從事間諜活動的話，”他說。

The information could also be used to guess passwords and gain entry to networks in departments across government, with data about system administrators, who can roam across networks, a particular target.

此類信息還可被用來猜測密碼，從而進入美國政府各部門的網絡，其中涉及系統管理員（他們可進入不同網絡）的數據成爲特別誘人的目標。

The OPM has been a frequent target, he said, because it has access to every employee and probably has a worse understanding of the counterintelligence threat than a department like defence, the FBI or the intelligence agencies.

他表示，美國人事管理局受到頻繁的攻擊，是因爲它掌握着所有政府僱員的檔案，但對間諜威脅的意識卻很可能不如美國國防部、聯邦調查局或各情報機構。

“It’s a common weakness in the system. The OPM is the central repository for information on a US ambassador or a three-star general or a single kid in Nevada flying a drone for the army,” he said.

“這是系統中的一個共同弱點。人事管理局是政府僱員的中央資料庫，無論其是一名美國大使、一名三星級將軍，還是一名在內華達州爲陸軍操縱無人機的單身年輕人，”他說。

The OPM said it had made “an aggressive effort” to update its cyber security in the last year but the intrusion predated the adoption of these tougher controls. It added that it introduced even more protections since the attacks.

美國人事管理局表示，它過去一年已採取“積極努力”升級網絡安全，但涉案的侵入行爲發生在採取這些更嚴格控制措施之前。該局補充稱，自發現遭侵入以來，它已採取更多保護措施。

But Ryan Wager, global threat strategist at vArmour, a US cyber security company, said the hackers could have remained inside the network since the previous attack.

但是，美國網絡安全公司vArmour的全球威脅策略師瑞安•韋傑(Ryan Wager)表示，自上次攻擊以來，黑客有可能一直隱藏在網絡內部。

“Most campaigns are actually correlated even if they seem like multiple autonomous attacks,” he said. “If you were breached months or years ago and there is no visibility inside the network there is no way to make sure they didn’t compromise it. Typically they don’t know how far it spread.”

“多數攻擊行動實際上是相關的，即使它們看起來像是多起獨立的攻擊。”他說，“如果你在幾個月或幾年前曾被侵入，而且難以獲知網絡內部的情況，就無從確保對方沒有攻陷它。一般情況下，遭侵入的部門不知道侵入的範圍有多大。”