美國大批名人推特賬戶被黑 發送比特幣詐騙鏈接

7月15日，美國大批知名人士和公司的推特賬戶被黑客攻陷，這些推特賬戶發佈消息，要求粉絲向特定的比特幣錢包轉賬，並承諾粉絲將得到雙倍回報。推特公司表示正在調查並採取措施加以解決。

The Twitter accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple were hijacked Wednesday, in a stunning show of force by hackers.

本週三（7月15日），包括喬·拜登、貝拉克·奧巴馬、埃隆·馬斯克、比爾·蓋茨、傑夫·貝佐斯和蘋果公司在內的重要公衆人物和企業的推特賬戶被黑客攻陷，令人震驚。

Twitter said it was aware of “a security incident”and “taking steps to fix it”, but provided no further information hours after the hack began.

在黑客攻擊開始幾個小時後，推特公司表示，已經知曉這起“安全事件”，並“正在採取措施修復漏洞”，但沒有提供進一步的信息。

The hack unfolded over the course of several hours, and it appeared that Twitter was only able to stop it by preventing verified accounts from tweeting at all – an uNPRecedented measure.

這次黑客入侵持續了幾個小時，推特公司似乎只能通過禁止認證賬戶發佈推文來加以阻止，這一舉措前所未有。

黑客推文的內容大致都是：“由於新冠疫情，我在回饋社區。所有寄往以下地址的比特幣將加倍退回！如果你寄1000美元，我就回寄2000美元。這個信息只在30分鐘內有效。”

以下是一些名人推特賬戶被黑的截圖：

蘋果公司和優步公司等知名公司的賬戶也被入侵：

The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted by some of the compromised accounts over the course of Wednesday afternoon.

這些被入侵的賬戶發出的推文包括一個比特幣錢包的地址，隨着騙局的蔓延，這個錢包的餘額迅速增長到超過11個比特幣（超過10萬美元，約合人民幣69.8萬元)。本週三下午，類似的推文被一些被入侵的賬戶反覆刪除和轉發。

While the motives and source of the attack are not yet known, the coordinated hijacking of the verified communications streams of world leaders, celebrities and major corporate accounts was a frightening prospect. Twitter has become a de facto wire service for the world and is used for official communications by governments during emergencies; a hack on the scale of Wednesday’s attack could have been more disruptive or even dangerous.

雖然此次黑客入侵的動機和來源尚不清楚，但合作入侵世界領導人、名人和大公司已認證賬戶的做法令人恐懼。推特已經成爲事實上的全球通訊機構，在緊急情況下被各國政府用於官方信息往來，像週三這樣規模的黑客攻擊可能更具破壞性，甚至更危險。

“The amount of damage this could cause is very high,” said Douglas Schmidt, a computer science professor at Vanderbilt University. “These people could hold information gleaned from the hack for ransom in the future.”

範德比爾特大學計算機科學教授道格拉斯·施密特說：“這可能造成非常大的損害。這些人可以保存從此次入侵事件中收集到的信息，以便將來索取贖金。”

Twitter issued a statement approximately 90 minutes after scam messages began being sent out by Musk’s and Gates’ accounts, as the attack was ongoing.

在馬斯克和蓋茨的賬戶開始發送詐騙信息大約90分鐘後，推特公司發佈了一份聲明，當時攻擊仍在進行。

“We are aware of a security incident impacting accounts on Twitter,” the company said on Twitter. “We are investigating and taking steps to fix it. We will update everyone shortly.”

推特公司發推文表示：“我們注意到一起安全事件影響了推特上的賬戶。我們正在調查並採取措施修復。我們很快就會向大家發佈最新消息。”

The company subsequently warned that some users would be unable to tweet or change their passwords as it worked to address the issue. The company appeared to be blocking verified users, whose accounts feature a blue checkmark to denote that Twitter has confirmed their identities, from tweeting.

該公司隨後警告說，在解決這個問題的過程中，一些用戶可能無法發推文或更改密碼。該公司似乎在屏蔽已驗證用戶的賬戶，這些用戶的賬戶上有一個藍色的標記，表示推特公司已經確認了他們的身份。

Twitter’s stock price tumbled more than 3% in after hours trading.

推特股價在盤後交易中下跌超過3%。

The hack probably targeted a vulnerability on Twitter’s end rather than those of the individual account holders, said John Ozbay, the chief executive of the privacy and security tool Cryptee. Most high-profile users probably engage two-factor authentication, Ozbay said, and the hackers appeared to have enough control over the compromised accounts to “pin” a tweet. That would not have been possible if a hacked account were being controlled by SMS, as occurred when the Twitter CEO Jack Dorsey’s own account was hijacked in 2019.

隱私和安全工具Cryptee公司的首席執行官約翰·奧茲貝說，黑客攻擊的目標可能是推特終端的一個漏洞，而不是個人賬戶持有人的漏洞。奧茲貝說，大多數名人用戶可能會採用雙因素身份驗證，黑客似乎有足夠的控制權來控制被入侵的賬戶，“鎖定”一條推文。如果一個被黑的賬戶被用戶管理系統控制，這是不可能的，就像推特首席執行官傑克·多爾西自己的賬戶在2019年被入侵時一樣。

Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronavirus pandemic.

施密特說，這些攻擊可能與這樣一個事實有關，即在新冠肺炎疫情期間，推特公司像其他許多科技行業的公司一樣，已經轉向遠程工作。

“The likelihood of attacks like this increase when people are working remotely it is much easier for bad actors to impersonate someone through an email and gain access to their accounts,” said Schmidt. “Assuming this wasn’t someone inside Twitter trying to take revenge, it appears to be a spear phishing attack – someone who has access to admin privileges that can override two-factor authentication and strong passwords fell victim to a hack”.

施密特說：“當人們遠程工作時，這種攻擊的可能性會增加，惡意攻擊者更容易通過電子郵件冒充他人入侵他們的賬戶。假設這不是推特內部員工蓄意報復，那這似乎是一種魚叉式網絡釣魚攻擊，一個擁有管理權限、可以推翻雙因素認證和強密碼的人最終成爲黑客攻擊的受害者。

impersonate [ɪmˈpɜːsəneɪt]：vt.扮演；模仿；

spear phishing：魚叉式網絡釣魚是面向特定組織的欺詐行爲，目的是不通過授權訪問機密數據。