Ashley Madison: Who are the hackers behind the attack?
By Mark WardTechnology correspondent, BBC News
-
20 August 2015 From the sectionTechnology
A lot of data has been released about Ashley Madison but some facts of the breach of the dating website's database remain stubbornly elusive, not least who are the hackers behind the attack?
關於 Ashley Madison 大量的數據已經發布了但違反交友網站的數據庫的一些情況依然頑強地難以捉摸,尤其是誰是背後攻擊的駭客?
They call themselves the Impact Team and seem to have formed solely to carry out the attack on
the infidelity website. There is no evidence of the group stealing data elsewhere before it announced itself with the Ashley Madison attack on 15 July.
他們稱自己是影響團隊,且似乎已經形成單獨進行了無信仰網站的攻擊。沒有證據表明該集團7月15日宣布自己與Ashley Madison 攻擊之前從別處竊取數據。
Comments made by Noel Biderman, chief executive of Avid Life Media, which owns Ashley Madison, soon after the hack became public suggested it knew the identity of at least one of the people involved.
由 Noel Biderman ,Avid 生活媒體首席執行官,該公司擁有Ashley Madison 提出的評論,不久後駭客成了公眾建議它至少知道涉案人員中一個一般民眾的身份。
"It was definitely a person here that was not an employee but certainly had touched our technical services," he told security blogger Brian Krebs.
“這肯定是一個不是在這裡員工,但確實觸動了我們的技術服務,”他告訴了安全博客作者布賴恩·克雷布斯。
Stronger skill set
更強的技能設置
Since then, little new information has been made public about the hack, leading some to assume
that the information Avid had about a suspect would soon lead to an arrest.
從那時起,關於駭客小眾新的信息已經公開發表,導致一些人認為 Avid的信息曾經做過一個關
於將很快逮捕犯罪嫌疑人。
But it did not, and now gigabytes of information have been released and no-one is any the wiser about who the hackers are, where they are located and why they attacked the site.
他們為什麼攻擊網站。
The group is technically pretty competent, according to independent security researcher
The Grugq, who asked to remain anonymous.
該集團在技術上非常堅實,根據獨立安全研究人員的Grugq,不願透露姓名。
"Ashley Madison seems to have been better protected than some of the other places that have
been hit recently, so maybe the crew had a stronger skill set than normal," he told the BBC.
“Ashley Madison 似乎已比其他一些遭受攻擊的地方有更好的保護措施,所以也許團組比一
般正常者有較強的技能,”他告訴英國廣播公司。
They have also shown that they are adept when it comes to sharing what they stole, said forensic security specialist Erik Cabetas in a detailed analysis of the data.
他們還表明,他們是很熟練於每當談到他們竊取的分享,說法庭安全專家Erik Cabetas 對數據
分析詳細。
Nobody keeps something like this a secret Erik Cabetas, Forensic security specialist
沒有人像這樣如Erik Cabetas秘密般保持,法庭安全專家
The data was leaked first via the Tor network because it is good at obscuring the location and identity of anyone using it. However, Mr Cabetas said the group had taken extra steps to ensure their dark web identities were not matched with their real-life identities.
這些數據是首先通過Tor 網絡洩露,因為它是善於模糊位置,並使用他人的身份。然而,Cabetas先生表示,該集團已採取額外的步驟來確保他們的暗黑網站的身份並沒有與他們現實生活中的身份相匹配。
The Impact Team dumped the data via a server that only gave out basic web and text data - leaving little forensic information to go on. In addition, the data files seem to have been pruned of extraneous information that could give a clue about who took them and how the hack was carried out.
影響小組通過伺服器轉儲數據只分發基本的網頁和文本數據 - 留下一點取證信息以繼續。此外,數據文件似乎已被刪除了一個可以給關於誰拿了他們以及如何破解進行之線索的外來信息。
Identifiable clues
識別線索
The only potential lead that any investigator has is in the unique encryption key used to digitally sign the dumped files. Mr Cabetas said this was being employed to confirm the files were authentic and not fakes. But he said it could also be used to identify someone if they were ever caught.
唯一潛在引導任何調查人員是在使用數字簽名轉儲文件中的唯一的加密密鑰。 Cabetas先生說,這是被用來確認文件是真實的,而不是偽假。但他說,如果他們被抓到這也可以用來識別某何之。But he warned that using Tor was not foolproof. High-profile hackers, including Ross Ulbricht, of Silk Road, have been caught because they inadvertently left identifiable information on Tor sites.
但他警告說,使用Tor 並非萬無一失。高調的駭客,包括羅斯烏布利希的絲綢之路,被抓是因為他們無意中留在Tor網站的身份信息。
The Grugq has also warned about the dangers of neglecting operational security (known as opsec) and how extreme vigilance was needed to ensure no incriminating traces were left behind.
該Grugq也警告忽視運營安全(被稱為OPSEC)的危險,保持高度警惕是重要的才能確保沒有牽連痕跡留下的危險。
Ross Ulbricht was arrested after failing to cover his tracks
羅斯烏布利希在滅跡失敗後被捕
"Most opsec mistakes that hackers make are made early in their career," he said. "If they keep at it without changing their identifiers and handles (something that is harder for cybercriminals who need to maintain their reputation), then finding their mistakes is usually a matter of finding their earliest errors."
“大多數OPSEC的錯誤,是駭客在其職業生涯早期製造的,”他說。 “如果他們堅持下去而不改變其標識符和把柄(某些讓網絡罪犯更難需要維護自己的聲譽),然後找出他們的錯誤通常是找到他們早期錯誤的事情。”
"I suspect they have a good chance of getting away because they haven't linked to any other identifiers. They've used Tor, and they've kept themselves pretty clean," he said. "There doesn't seem to be anything in their dumps or in their missives that would expose them."
“我懷疑他們有更好的機會遠離,因為他們沒有與任何其他標識連結。他們使用Tor,他們已把自己的漂白”他說。 “目前似乎沒有任何東西在他們的轉儲或在他們的信函裡能揭露他們。”
The Grugq said it would need forensic data recovered from Ashley Madison around the time of the attack to track them down. But he said that if the attackers were skilled they might not have left much behind.
該Grugq表示,將需要襲擊發生時從阿什利麥迪遜恢復取證數據周圍的來跟踪他們。但他說,如果襲擊者很熟練,他們可能沒有留下太多甚麼。
"If they go dark and never do anything again (related to the identities used for AM) then they will likely never be caught," he said.
“如果他們隱沒,或不再做任何事情(與用於AM的身份連結),那麼他們很可能永遠不會被抓住了,”他說。
Mr Cabetas agreed and said they would probably be unearthed only if they spilled information to someone outside the group.
Cabetas先生同意,只有當他們揮灑信息給集團以外的人,他們才可能會被挖掘出來。
"Nobody keeps something like this a secret. If the attackers tell anybody, they're likely going to get caught," he wrote.
“沒有人保持這樣的一個秘密。如果攻擊者告訴別人,則他們有可能會被抓住,“他寫道。
沒有留言:
張貼留言