相關閱讀:庫丹庫拉姆核電站外部網絡遭惡意軟件感染
today with me I have object iron Metra
今天和我在一起,我有對象鐵Metra
senior fellow of the nuclear program at
核計劃高級研究員
the IPC s the Institute for peace and
IPC是和平與創新研究所
Conflict Studies today we will be
今天我們將進行沖突研究
discussing a report which came out
討論一份報告出來
yesterday first it came out on social
昨天首先它出現在社交上
media that there was a security breach
媒體認為存在安全漏洞
and the cordon column nuclear power
和警戒柱核能
plant following this the keh keh keh NPP
緊隨其后的核電站
administration has denied any breach to
政府已否認有任何違反
discuss this and more with me IBG thank
與我討論這個以及更多內容IBG謝謝
you obj so coming on poltical
你obj所以來上政治
buzzer let's just this was the incident
蜂鳴器,這就是事件
first first that such a breach had
首先,這種違反行為
happened at the nuclear power plant was
發生在核電站是
reported predominantly in social media
主要在社交媒體上報道
following which parliamentarians have
隨后議員們
taken it up and even the administration
拿起它,甚至行政
has given a statement denying it can you
發表聲明否認它可以
just give the brief of sure now this
現在就給我簡短的簡短說明
particular power plant other than of
除以下以外的特定電廠
course the infamy of all those
當然是所有這些的恥辱
anti-nuclear protests has had consistent
反核抗議活動一直持續
failures over a period of time I've been
我去過一段時間以來的失敗
going through the reports at least since
至少因為
2016 we've seen several shutdowns
2016年,我們已經關閉了幾次
happening so when it was announced
發生在宣布時
earlier this month or last month that
本月初或上個月
had shut down again none of us really
再次關閉了我們一個人
took it seriously till this day
直到今天都認真對待
well not a maintenance because the
好吧不是維護,因為
problem was routine shutdowns are
問題是例行關機
announced in advance good and ghulam for
提前宣布好和古拉姆
some reason keeps shutting down with no
某些原因一直關閉,沒有
no schedule so basically there's some
沒有時間表,所以基本上有一些
problem with it now we always thought
現在我們一直以為它有問題
that it was a mechanical problem out
那是一個機械問題
there it was a design problem of them
那里是他們的設計問題
which is worrying in itself but it turns
這本身令人擔憂,但事實證明
out and this is probably the good news
出來,這可能是個好消息
in all of this that it isn't it probably
在所有這一切中可能不是
isn't a mechanical problem it is
不是機械問題,而是
probably the cyber I'm hesitant to say
我可能會猶豫地說網絡
cyberattack let's call it a cyber event
網絡攻擊我們稱之為網絡事件
that has occurred now what's important
現在發生了什么重要
out here is that the government has
這里是政府有
basically gone and contradicted itself
基本上消失了并且自相矛盾
within 12 hours itself if you look at
如果您看的話,本身會在12小時內
the denial that couldn't ghulam itself k
拒絕不能固執己見的否認
and k k let's just call it could and
和kk讓我們稱之為它可以和
ghulam that current Ghulam put out
當前古蘭姆推出的古蘭姆
yesterday in the morning they basically
昨天早上他們基本上
said that a security breach wasn't
說不是安全違規
possible because we've
可能是因為我們
air-gapped that is to say the internal
氣隙即內部
networks have no connection with the
網絡與
outside networks outside of : :
外部網絡:
but then today's Indian Express report
但是今天的印度快報報道
then tells us that in fact there has
然后告訴我們,實際上
been a security it's the Indian Express
一直是印度快遞的證券
report that came out this morning
今天早上出來的報告
actually quotes government officials
實際引用政府官員
saying that's considered confirmed that
說被認為證實了
an incident happened early September
9月初發生了一起事件
afterwards the National Cyber Security
之后的國家網絡安全
Council has taken you know notice of it
市政局已通知您
in mid-september they were there and
在9月中旬,他們在那里
they have given guidelines to rectify
他們給出了糾正的指導方針
what is or the problem that was there
那里是什么或存在的問題
now my thing is when you say air-gap
現在我的事情是當你說氣隙時
just so that our listeners can also
只是為了讓我們的聽眾也可以
understand an air-gap computer or a
了解氣隙式計算機或
system is one which does not have at any
系統是根本沒有的系統
point connectivity with the net
與網絡的點連接
therefore it cannot be hat that's the
因此,不可能是帽子
idea no it has connectivity to an
想法不,它具有與
Internet so assume that this table is
互聯網,因此假設此表是
the curriculum facility everything all
課程安排一切
most of the computers here will be
這里的大多數計算機將是
networked to each other in the internet
在互聯網上互相聯網
it's an intranet it will not be
這是一個內部網,它將不再是
connected to the Internet yes therefore
因此連接到互聯網
you can't view sites like say money
您無法查看諸如說錢之類的網站
control or tv18
控制或電視18
on this net and it's only when you come
在這個網上,只有當你來的時候
outside that you're able to access
在您可以訪問的外部
that's the area that's the air gap okay
那是氣隙好的區域
and this breach what you're seeing
這違反了您所看到的
you're not you're not calling it a cyber
你不是,你不是在稱它為網絡
attack per se now but it's an incident
現在本身就發動攻擊,但這是一個事件
the administration has also put up this
政府也提出了
clarify clarification saying that it has
澄清說
affected computers that are used for
用于的受影響的計算機
administrative purposes only now what is
現在僅行政目的是什么
the difference in this admin and/or ops
此管理員和/或操作的區別
right now here's the thing in the air
現在這是空中的東西
gap you basically have two sets of
差距你基本上有兩套
functions one is the function that
功能一是功能
controls the reactor and it's
控制反應堆,它是
functioning which is the operations but
功能是操作,但
then you also need to do things like
那么你還需要做類似的事情
because it's also workspace so you have
因為它也是工作區,所以你有
thousands of employees and so on and so
數千名員工等等
forth you need to do their pay you need
第四,您需要支付他們需要的薪水
to do their attendance records and so on
做他們的出勤記錄等等
and so forth if they're put in for leave
如果他們被請假,依此類推
normal administrative procedures
正常行政程序
ordering equipment ordering food because
訂購設備訂購食物,因為
they'd have a canteen and so on so forth
他們有一個食堂,依此類推
so all of that would be in a separate
所以所有這些都將放在單獨的位置
intranet okay and what runs on
內聯網還可以,運行什么
what actually runs the reactor would be
反應堆實際運行的是
a separate intranet linked to each other
相互鏈接的單獨的Intranet
now remember an air-gap only means that
現在記住氣隙只意味著
you can't be attacked over the net okay
你不能被網絡攻擊好嗎
it still means that you can be attacked
仍然意味著您可能會受到攻擊
through a USB stick right or any kind of
通過USB記憶棒或其他任何形式
if you've plugged your mobile phone for
如果您已將手機插入
example if you've just used this to any
例如,如果您剛剛將其用于任何
kind of phone you've charged it using
您使用過的那種手機
the usb on your computer on the intranet
內聯網上計算機上的USB
even that would constitute a secure that
即使這樣也可以確保
is a compromise so what has happened
是妥協,所以發生了什么事
here is very clear now
這里現在很清楚
first the government is contradicted
首先,政府是矛盾的
itself within 12 to 24 hours because
本身在12到24小時內
first they said the air-gap was
首先,他們說氣隙是
foolproof then they say there has been a
萬無一失,然后他們說已經有一個
cyber incident that's happened yes the
是的網絡事件是
very admission tells you that the
錄取通知書告訴你
air-gap was breached
氣隙被破壞
that there was a laxity of data hygiene
數據衛生寬松
that the possibly a USB stick because it
可能是USB記憶棒,因為它
is an air-gap was taken by somebody
有人采取了氣隙
inside and fit it onto one of the
內部并將其安裝到其中一個
computers otherwise a cyber incident
計算機,否則會發生網絡事件
simply could not now let me Club to
根本不能讓我俱樂部去
other questions that I have and so that
我還有其他問題,所以
this is you know our viewers can
這是您知道我們的觀眾可以
understand it why is this security
明白為什么這是安全的
inside of the cyber incident what is the
網絡事件內部是什么
implications of it and does it have any
它的含義,它是否有任何
security implications national security
安全影響國家安全
implications it has a lot of national
它有很多國家的含義
security implications because one of the
安全隱患,因為其中之一
things we keep looking at is cyber
我們一直關注的是網絡
attack in the course of warfare but
在戰爭過程中發動進攻,但
remember it's you know warfare as we
記住,你知道戰爭,因為我們
used to think of it as a kinetic event
過去將其視為動力學事件
Army's going bombing killing people
陸軍轟炸炸死人
today warfare bang can be carried out
今天可以進行戰爭爆炸
without that you know you can send say a
沒有它,您知道您可以發送說
TMS haywire and create induce a
TMS haywire和創造誘導
financial panic you can move funds
財務恐慌可以轉移資金
around if you get passwords and so on
如果您獲得密碼等等
and so forth things like that now in
諸如此類的事情現在
this case the danger is that first they
這種情況下的危險是首先
managed to breach the air-gap and get in
設法突破氣隙并進入
so if they breach the outside inside
所以如果他們突破內在
air-gap then there's no assurance that
氣隙,那么不能保證
they couldn't reach the - the two gaps
他們無法達到-兩個差距
that existed between the administrative
在行政之間存在
and the operation because if your
和操作,因為如果
security is lakhs and one then it's
安全是數十萬,然后是
lakhs in the other as well if one has
如果一個人擁有另一個人,則也可以
been breached the other one has also
被違反了另一個
been breached
被違反
that's an assumption we're making it's
這是我們正在做的一個假設
an assumption they're making but it's
他們正在做一個假設,但這是
based on fact if if one can be breached
根據事實是否可以被違反
if one was lakhs
如果一個人是十萬
purity is poor it should raise red flags
純度很差,應該舉起紅旗
it should raise red flags across the
它應該在整個
board now with regards to why this is
關于現在為什么登機
important to security remember we've had
對安全很重要請記住,我們曾經
a culture of bad security in this
不良安全文化
country you know you can go do a Google
您知道可以去Google的國家/地區
search and how many times the MEA
搜索以及MEA的次數
computers have been hacked in one in
一臺電腦被黑客入侵
Chinese hacker the Chinese hackers they
中國黑客他們是中國黑客
consistently keep hacking it was still
始終保持黑客狀態
to come up with an effective response to
提出有效的回應
it in one incident I think it was in
我認為是在一次事件中
2011 they were able to remotely turn
2011年,他們能夠遠程轉向
microphones and cameras of Indian
印度的麥克風和相機
embassy computers across the world you
使館計算機遍布世界各地
know being privy to information and so
知道對信息保密等等
on so forth so we don't know the extent
等等,所以我們不知道程度
to which this has gone only the third
這僅是第三次
thing we have to stress out here is we
我們要強調的是我們
don't know the entire nature of the
不知道
attack deep track is basically it's a
攻擊深層軌跡基本上是
derivative of the ransomware that was
勒索軟件的衍生產品
used by the Lazarus group believed to be
拉撒路小組使用的被認為是
a North Korean group to attack Sony you
朝鮮集團攻擊索尼
know remember when that movie critical
知道記得那部電影很關鍵的時候
of kim jeong-hoon called the interview
金正勛的采訪
Josh Rogin came out they used it to
Josh Rogin出來了,他們用它來
attack Sony Pictures now we don't really
攻擊Sony Pictures現在我們不是真的
know if this is a ransomware
知道這是否是勒索軟件
or malware ransomware is basically
或基本上是惡意軟件勒索軟件
malware used for ransom earrings so it
用于勒索耳環的惡意軟件
has a code or something which can undo
有代碼或可以撤消的內容
the things if you cooperate with the guy
如果你和那個家伙合作的話
blackmailing you malware is just purely
勒索您的惡意軟件純粹是
sadistic that it's gone and destroyed a
悲傷的是它已經消失并摧毀了
lot of things for you and the third is
很多東西給你,第三點是
like Stuxnet which is what affected the
像Stuxnet這樣影響了
Iranian in in in your article to money
伊朗人在你的文章中要錢
control you've actually talked about
控制您實際上已經在談論
this you've compared it to the attack
您已經將其與攻擊進行了比較
that happened in the Iranian nuclear
發生在伊朗核
facilities is it is that a stretch yes
設施是否是伸展
and no because see the point that was
也不是因為看到了
being highlighted out there with a lack
缺乏突出顯示
of his security culture that Iran's
伊朗的安全文化
program nuclear program was so recessed
計劃核計劃是如此隱蔽
it was so secret nobody was meant to
如此秘密,沒人理應
know about it
知道了
the level of security precautions they
他們的安全防范措施級別
took was so extraordinary and still
采取了是如此的非凡而仍然
because of a lack security culture
由于缺乏安全文化
somebody was able to if we know for a
如果我們知道一個人能夠
fact now that Stuxnet was fed into the
事實上,現在Stuxnet被饋入了
USB sticks of Russian contractors and it
俄羅斯承包商的USB隨身碟及其
attacked a certain Siemens processor
攻擊了某個西門子處理器
right so we don't know
對,所以我們不知道
what else if one virus has gotten in
如果一種病毒進入了該怎么辦
this way we don't know what else has got
這樣我們不知道還有什么
so at the moment we don't know the depth
所以目前我們還不知道深度
of the damage that has been done it's a
造成的損害是
dog let me let me put it like this
狗讓我讓我這樣說
whether damage has been done and the
是否已經造成損害,以及
depth of the damage correct and this is
損壞的深度正確,這是
you know what rapid eating different
你知道快速飲食有什么不同
things so what are the steps that can be
事情,那么可以采取哪些步驟
done or should be done at the moment or
已經完成或目前應該完成
the government and the codon column what
政府和密碼子欄
are the steps so its first it's very you
是步驟,所以首先是你
know the first thing about this is
知道的第一件事是
transparency you can't fix a problem
透明,您無法解決問題
till you acknowledge there's a problem
直到你承認有問題
and the problem in India that we have is
而印度存在的問題是
because of hierarchies and things like
因為層次結構之類的東西
that you can never have a junior go up
你永遠不會有一個初中生
to his boss and say sir you just took
向他的老板說,先生,你剛剛帶走
out a USB stick and put it in there or
取出USB記憶棒并放入其中
you're not going to be charging your
您不會為您的手機充電
phone on the computer system better data
手機在計算機系統上更好的數據
hygiene is it's better data hygiene but
衛生是更好的數據衛生,但
see better data hygiene also requires
看到更好的數據衛生也需要
you to change this challenge social
你改變這個挑戰社會
convention in this country you know the
在這個國家的慣例,你知道
reverence for your superior hierarchy
尊敬您的上級
and all of that how that's going to
以及所有這些如何
happen we don't know but it's basically
發生,我們不知道,但是基本上
a thing of training of constant training
不斷訓練的訓練
over and over again in the days ahead
在未來的日子里一遍又一遍
news about current column and the
有關當前專欄和
alleged breach will be in the news till
被指控的違規行為將成為新聞,直到
then do read the article that object has
然后閱讀該對象具有的文章
written for us on money control for more
為我們寫的關于金錢控制的更多內容
news and updates stay tuned - money
新聞和更新敬請期待-金錢
control calm
控制冷靜
今天和我在一起,我有對象鐵Metra
senior fellow of the nuclear program at
核計劃高級研究員
the IPC s the Institute for peace and
IPC是和平與創新研究所
Conflict Studies today we will be
今天我們將進行沖突研究
discussing a report which came out
討論一份報告出來
yesterday first it came out on social
昨天首先它出現在社交上
media that there was a security breach
媒體認為存在安全漏洞
and the cordon column nuclear power
和警戒柱核能
plant following this the keh keh keh NPP
緊隨其后的核電站
administration has denied any breach to
政府已否認有任何違反
discuss this and more with me IBG thank
與我討論這個以及更多內容IBG謝謝
you obj so coming on poltical
你obj所以來上政治
buzzer let's just this was the incident
蜂鳴器,這就是事件
first first that such a breach had
首先,這種違反行為
happened at the nuclear power plant was
發生在核電站是
reported predominantly in social media
主要在社交媒體上報道
following which parliamentarians have
隨后議員們
taken it up and even the administration
拿起它,甚至行政
has given a statement denying it can you
發表聲明否認它可以
just give the brief of sure now this
現在就給我簡短的簡短說明
particular power plant other than of
除以下以外的特定電廠
course the infamy of all those
當然是所有這些的恥辱
anti-nuclear protests has had consistent
反核抗議活動一直持續
failures over a period of time I've been
我去過一段時間以來的失敗
going through the reports at least since
至少因為
2016 we've seen several shutdowns
2016年,我們已經關閉了幾次
happening so when it was announced
發生在宣布時
earlier this month or last month that
本月初或上個月
had shut down again none of us really
再次關閉了我們一個人
took it seriously till this day
直到今天都認真對待
well not a maintenance because the
好吧不是維護,因為
problem was routine shutdowns are
問題是例行關機
announced in advance good and ghulam for
提前宣布好和古拉姆
some reason keeps shutting down with no
某些原因一直關閉,沒有
no schedule so basically there's some
沒有時間表,所以基本上有一些
problem with it now we always thought
現在我們一直以為它有問題
that it was a mechanical problem out
那是一個機械問題
there it was a design problem of them
那里是他們的設計問題
which is worrying in itself but it turns
這本身令人擔憂,但事實證明
out and this is probably the good news
出來,這可能是個好消息
in all of this that it isn't it probably
在所有這一切中可能不是
isn't a mechanical problem it is
不是機械問題,而是
probably the cyber I'm hesitant to say
我可能會猶豫地說網絡
cyberattack let's call it a cyber event
網絡攻擊我們稱之為網絡事件
that has occurred now what's important
現在發生了什么重要
out here is that the government has
這里是政府有
basically gone and contradicted itself
基本上消失了并且自相矛盾
within 12 hours itself if you look at
如果您看的話,本身會在12小時內
the denial that couldn't ghulam itself k
拒絕不能固執己見的否認
and k k let's just call it could and
和kk讓我們稱之為它可以和
ghulam that current Ghulam put out
當前古蘭姆推出的古蘭姆
yesterday in the morning they basically
昨天早上他們基本上
said that a security breach wasn't
說不是安全違規
possible because we've
可能是因為我們
air-gapped that is to say the internal
氣隙即內部
networks have no connection with the
網絡與
outside networks outside of : :
外部網絡:
but then today's Indian Express report
但是今天的印度快報報道
then tells us that in fact there has
然后告訴我們,實際上
been a security it's the Indian Express
一直是印度快遞的證券
report that came out this morning
今天早上出來的報告
actually quotes government officials
實際引用政府官員
saying that's considered confirmed that
說被認為證實了
an incident happened early September
9月初發生了一起事件
afterwards the National Cyber Security
之后的國家網絡安全
Council has taken you know notice of it
市政局已通知您
in mid-september they were there and
在9月中旬,他們在那里
they have given guidelines to rectify
他們給出了糾正的指導方針
what is or the problem that was there
那里是什么或存在的問題
now my thing is when you say air-gap
現在我的事情是當你說氣隙時
just so that our listeners can also
只是為了讓我們的聽眾也可以
understand an air-gap computer or a
了解氣隙式計算機或
system is one which does not have at any
系統是根本沒有的系統
point connectivity with the net
與網絡的點連接
therefore it cannot be hat that's the
因此,不可能是帽子
idea no it has connectivity to an
想法不,它具有與
Internet so assume that this table is
互聯網,因此假設此表是
the curriculum facility everything all
課程安排一切
most of the computers here will be
這里的大多數計算機將是
networked to each other in the internet
在互聯網上互相聯網
it's an intranet it will not be
這是一個內部網,它將不再是
connected to the Internet yes therefore
因此連接到互聯網
you can't view sites like say money
您無法查看諸如說錢之類的網站
control or tv18
控制或電視18
on this net and it's only when you come
在這個網上,只有當你來的時候
outside that you're able to access
在您可以訪問的外部
that's the area that's the air gap okay
那是氣隙好的區域
and this breach what you're seeing
這違反了您所看到的
you're not you're not calling it a cyber
你不是,你不是在稱它為網絡
attack per se now but it's an incident
現在本身就發動攻擊,但這是一個事件
the administration has also put up this
政府也提出了
clarify clarification saying that it has
澄清說
affected computers that are used for
用于的受影響的計算機
administrative purposes only now what is
現在僅行政目的是什么
the difference in this admin and/or ops
此管理員和/或操作的區別
right now here's the thing in the air
現在這是空中的東西
gap you basically have two sets of
差距你基本上有兩套
functions one is the function that
功能一是功能
controls the reactor and it's
控制反應堆,它是
functioning which is the operations but
功能是操作,但
then you also need to do things like
那么你還需要做類似的事情
because it's also workspace so you have
因為它也是工作區,所以你有
thousands of employees and so on and so
數千名員工等等
forth you need to do their pay you need
第四,您需要支付他們需要的薪水
to do their attendance records and so on
做他們的出勤記錄等等
and so forth if they're put in for leave
如果他們被請假,依此類推
normal administrative procedures
正常行政程序
ordering equipment ordering food because
訂購設備訂購食物,因為
they'd have a canteen and so on so forth
他們有一個食堂,依此類推
so all of that would be in a separate
所以所有這些都將放在單獨的位置
intranet okay and what runs on
內聯網還可以,運行什么
what actually runs the reactor would be
反應堆實際運行的是
a separate intranet linked to each other
相互鏈接的單獨的Intranet
now remember an air-gap only means that
現在記住氣隙只意味著
you can't be attacked over the net okay
你不能被網絡攻擊好嗎
it still means that you can be attacked
仍然意味著您可能會受到攻擊
through a USB stick right or any kind of
通過USB記憶棒或其他任何形式
if you've plugged your mobile phone for
如果您已將手機插入
example if you've just used this to any
例如,如果您剛剛將其用于任何
kind of phone you've charged it using
您使用過的那種手機
the usb on your computer on the intranet
內聯網上計算機上的USB
even that would constitute a secure that
即使這樣也可以確保
is a compromise so what has happened
是妥協,所以發生了什么事
here is very clear now
這里現在很清楚
first the government is contradicted
首先,政府是矛盾的
itself within 12 to 24 hours because
本身在12到24小時內
first they said the air-gap was
首先,他們說氣隙是
foolproof then they say there has been a
萬無一失,然后他們說已經有一個
cyber incident that's happened yes the
是的網絡事件是
very admission tells you that the
錄取通知書告訴你
air-gap was breached
氣隙被破壞
that there was a laxity of data hygiene
數據衛生寬松
that the possibly a USB stick because it
可能是USB記憶棒,因為它
is an air-gap was taken by somebody
有人采取了氣隙
inside and fit it onto one of the
內部并將其安裝到其中一個
computers otherwise a cyber incident
計算機,否則會發生網絡事件
simply could not now let me Club to
根本不能讓我俱樂部去
other questions that I have and so that
我還有其他問題,所以
this is you know our viewers can
這是您知道我們的觀眾可以
understand it why is this security
明白為什么這是安全的
inside of the cyber incident what is the
網絡事件內部是什么
implications of it and does it have any
它的含義,它是否有任何
security implications national security
安全影響國家安全
implications it has a lot of national
它有很多國家的含義
security implications because one of the
安全隱患,因為其中之一
things we keep looking at is cyber
我們一直關注的是網絡
attack in the course of warfare but
在戰爭過程中發動進攻,但
remember it's you know warfare as we
記住,你知道戰爭,因為我們
used to think of it as a kinetic event
過去將其視為動力學事件
Army's going bombing killing people
陸軍轟炸炸死人
today warfare bang can be carried out
今天可以進行戰爭爆炸
without that you know you can send say a
沒有它,您知道您可以發送說
TMS haywire and create induce a
TMS haywire和創造誘導
financial panic you can move funds
財務恐慌可以轉移資金
around if you get passwords and so on
如果您獲得密碼等等
and so forth things like that now in
諸如此類的事情現在
this case the danger is that first they
這種情況下的危險是首先
managed to breach the air-gap and get in
設法突破氣隙并進入
so if they breach the outside inside
所以如果他們突破內在
air-gap then there's no assurance that
氣隙,那么不能保證
they couldn't reach the - the two gaps
他們無法達到-兩個差距
that existed between the administrative
在行政之間存在
and the operation because if your
和操作,因為如果
security is lakhs and one then it's
安全是數十萬,然后是
lakhs in the other as well if one has
如果一個人擁有另一個人,則也可以
been breached the other one has also
被違反了另一個
been breached
被違反
that's an assumption we're making it's
這是我們正在做的一個假設
an assumption they're making but it's
他們正在做一個假設,但這是
based on fact if if one can be breached
根據事實是否可以被違反
if one was lakhs
如果一個人是十萬
purity is poor it should raise red flags
純度很差,應該舉起紅旗
it should raise red flags across the
它應該在整個
board now with regards to why this is
關于現在為什么登機
important to security remember we've had
對安全很重要請記住,我們曾經
a culture of bad security in this
不良安全文化
country you know you can go do a Google
您知道可以去Google的國家/地區
search and how many times the MEA
搜索以及MEA的次數
computers have been hacked in one in
一臺電腦被黑客入侵
Chinese hacker the Chinese hackers they
中國黑客他們是中國黑客
consistently keep hacking it was still
始終保持黑客狀態
to come up with an effective response to
提出有效的回應
it in one incident I think it was in
我認為是在一次事件中
2011 they were able to remotely turn
2011年,他們能夠遠程轉向
microphones and cameras of Indian
印度的麥克風和相機
embassy computers across the world you
使館計算機遍布世界各地
know being privy to information and so
知道對信息保密等等
on so forth so we don't know the extent
等等,所以我們不知道程度
to which this has gone only the third
這僅是第三次
thing we have to stress out here is we
我們要強調的是我們
don't know the entire nature of the
不知道
attack deep track is basically it's a
攻擊深層軌跡基本上是
derivative of the ransomware that was
勒索軟件的衍生產品
used by the Lazarus group believed to be
拉撒路小組使用的被認為是
a North Korean group to attack Sony you
朝鮮集團攻擊索尼
know remember when that movie critical
知道記得那部電影很關鍵的時候
of kim jeong-hoon called the interview
金正勛的采訪
Josh Rogin came out they used it to
Josh Rogin出來了,他們用它來
attack Sony Pictures now we don't really
攻擊Sony Pictures現在我們不是真的
know if this is a ransomware
知道這是否是勒索軟件
or malware ransomware is basically
或基本上是惡意軟件勒索軟件
malware used for ransom earrings so it
用于勒索耳環的惡意軟件
has a code or something which can undo
有代碼或可以撤消的內容
the things if you cooperate with the guy
如果你和那個家伙合作的話
blackmailing you malware is just purely
勒索您的惡意軟件純粹是
sadistic that it's gone and destroyed a
悲傷的是它已經消失并摧毀了
lot of things for you and the third is
很多東西給你,第三點是
like Stuxnet which is what affected the
像Stuxnet這樣影響了
Iranian in in in your article to money
伊朗人在你的文章中要錢
control you've actually talked about
控制您實際上已經在談論
this you've compared it to the attack
您已經將其與攻擊進行了比較
that happened in the Iranian nuclear
發生在伊朗核
facilities is it is that a stretch yes
設施是否是伸展
and no because see the point that was
也不是因為看到了
being highlighted out there with a lack
缺乏突出顯示
of his security culture that Iran's
伊朗的安全文化
program nuclear program was so recessed
計劃核計劃是如此隱蔽
it was so secret nobody was meant to
如此秘密,沒人理應
know about it
知道了
the level of security precautions they
他們的安全防范措施級別
took was so extraordinary and still
采取了是如此的非凡而仍然
because of a lack security culture
由于缺乏安全文化
somebody was able to if we know for a
如果我們知道一個人能夠
fact now that Stuxnet was fed into the
事實上,現在Stuxnet被饋入了
USB sticks of Russian contractors and it
俄羅斯承包商的USB隨身碟及其
attacked a certain Siemens processor
攻擊了某個西門子處理器
right so we don't know
對,所以我們不知道
what else if one virus has gotten in
如果一種病毒進入了該怎么辦
this way we don't know what else has got
這樣我們不知道還有什么
so at the moment we don't know the depth
所以目前我們還不知道深度
of the damage that has been done it's a
造成的損害是
dog let me let me put it like this
狗讓我讓我這樣說
whether damage has been done and the
是否已經造成損害,以及
depth of the damage correct and this is
損壞的深度正確,這是
you know what rapid eating different
你知道快速飲食有什么不同
things so what are the steps that can be
事情,那么可以采取哪些步驟
done or should be done at the moment or
已經完成或目前應該完成
the government and the codon column what
政府和密碼子欄
are the steps so its first it's very you
是步驟,所以首先是你
know the first thing about this is
知道的第一件事是
transparency you can't fix a problem
透明,您無法解決問題
till you acknowledge there's a problem
直到你承認有問題
and the problem in India that we have is
而印度存在的問題是
because of hierarchies and things like
因為層次結構之類的東西
that you can never have a junior go up
你永遠不會有一個初中生
to his boss and say sir you just took
向他的老板說,先生,你剛剛帶走
out a USB stick and put it in there or
取出USB記憶棒并放入其中
you're not going to be charging your
您不會為您的手機充電
phone on the computer system better data
手機在計算機系統上更好的數據
hygiene is it's better data hygiene but
衛生是更好的數據衛生,但
see better data hygiene also requires
看到更好的數據衛生也需要
you to change this challenge social
你改變這個挑戰社會
convention in this country you know the
在這個國家的慣例,你知道
reverence for your superior hierarchy
尊敬您的上級
and all of that how that's going to
以及所有這些如何
happen we don't know but it's basically
發生,我們不知道,但是基本上
a thing of training of constant training
不斷訓練的訓練
over and over again in the days ahead
在未來的日子里一遍又一遍
news about current column and the
有關當前專欄和
alleged breach will be in the news till
被指控的違規行為將成為新聞,直到
then do read the article that object has
然后閱讀該對象具有的文章
written for us on money control for more
為我們寫的關于金錢控制的更多內容
news and updates stay tuned - money
新聞和更新敬請期待-金錢
control calm
控制冷靜
