本周一的爆炸性新聞報(bào)道稱，德勤（Deloitte）遭到了大規(guī)模的網(wǎng)絡(luò)攻擊，電子郵件系統(tǒng)和某些客戶的檔案遭到泄露。這一消息對于全球“四大”會計(jì)和咨詢公司之一而言，可謂是一大丑聞——尤其德勤的主要業(yè)務(wù)之一就是提供網(wǎng)絡(luò)安全咨詢。

整個(gè)黑客事件的波及范圍目前尚不清楚，不過細(xì)節(jié)已經(jīng)開始浮出水面，其中包括布萊恩?克雷布斯提供的消息。這位飽受尊敬的安全記者表示他獲得了與德勤來往密切的消息源的說法。以下的問答環(huán)節(jié)展示了關(guān)于這次最新的備受矚目的安全攻擊，我們所知道和不知道的內(nèi)容。

黑客偷走了什么？

德勤遭到攻擊的最初新聞來源于《衛(wèi)報(bào)》（Guardian），其中指出黑客盜得了“部分藍(lán)籌客戶的機(jī)密郵件和計(jì)劃”。公司回應(yīng)稱自己確實(shí)遭到了網(wǎng)絡(luò)攻擊，但是淡化了事態(tài)的嚴(yán)重性，表示“只有極少數(shù)客戶受到了影響”。

然而，克雷布斯援引與德勤來往密切的消息源的說法，表示攻擊造成的影響很可能比這更嚴(yán)重。消息源聲稱，黑客進(jìn)入了公司全部的內(nèi)部郵件數(shù)據(jù)庫和所有的管理員賬號。更糟糕的是，他們似乎還轉(zhuǎn)移或復(fù)制了相當(dāng)一部分機(jī)密數(shù)據(jù)：

這個(gè)消息源還表示，司法調(diào)查者已經(jīng)確認(rèn)有數(shù)GB的數(shù)據(jù)被傳到了英國的某個(gè)服務(wù)器上，并進(jìn)一步指出，黑客自由入侵網(wǎng)絡(luò)已有“很長時(shí)間”，德勤還不知道究竟有多少數(shù)據(jù)遭竊。

與此同時(shí)，克雷布斯的消息源也稱德勤還沒確定攻擊的涉及范圍。

哪些公司受到了影響？

德勤只稱他們通知了六家公司和一些政府機(jī)構(gòu)，但沒有透露這些機(jī)構(gòu)的名字?！缎l(wèi)報(bào)》補(bǔ)充道這些公司都家喻戶曉，但同樣沒有提供進(jìn)一步細(xì)節(jié)。

德勤這類公司會給金融、制藥、媒體等行業(yè)的跨國巨頭提供咨詢，所以潛在的受害者有很多。而且實(shí)際上的受害者可能也不止六家，尤其是考慮到德勤還沒有完全弄清這次攻擊的真相。

攻擊帶來的影響有多糟糕？

對德勤來說，非常糟糕。公司網(wǎng)絡(luò)安全咨詢業(yè)務(wù)的聲譽(yù)將會受損，不僅僅是因?yàn)楣颈蝗肭至恕Ｈ绻缎l(wèi)報(bào)》報(bào)道的信息屬實(shí)，那么德勤并未采用雙重認(rèn)證等基礎(chǔ)的安全措施。公司似乎還使用了單一密碼來保護(hù)大量數(shù)據(jù)。

對德勤的客戶而言，危害的程度還不太清楚。如果黑客確實(shí)掌握了所有德勤的電子郵件，這些信息可能會泄露客戶機(jī)密的公司戰(zhàn)略或敏感的知識產(chǎn)權(quán)。與此同時(shí)，騙子可以利用其中所有的郵件地址，針對頂層高管進(jìn)行網(wǎng)絡(luò)釣魚。

我們什么時(shí)候能知道更多？

報(bào)告指出，德勤早在去年10月就知道情況有些不對勁。所以幾乎可以肯定，公司掌握的消息比披露出來的更多。德勤發(fā)表了一份聲明作為對《衛(wèi)報(bào)》的回應(yīng)，，不過尚未對克雷布斯提供的細(xì)節(jié)有所說明。

我們期待著德勤在未來透露更多，不過安全圈子內(nèi)外也可能會流出更多消息。 （財(cái)富中文網(wǎng)）

譯者：嚴(yán)匡正

A bombshell report on Monday revealed that Deloitte was hit by a major cyber attack that compromised its email system and certain client records. The news is a major black eye for one of the world’s “big four” accountancy and consulting firms—especially since a major part of Deloitte’s business is selling cyber security.

The full extent of the hacking episode isn’t clear, but details are beginning to trickle out, including from Brian Krebs, a well-respected security journalist who says he has heard from sources close to the Deloitte. Here’s a Q&A about we know and don’t know about the latest high profile security attack.

What did the hackers steal?

The initial report of the Deloitte breach came from the Guardian, which revealed hackers had compromised the “confidential emails and plans of some of its blue-chip clients.” In response, the firm confirmed it had suffered a cyber-attack, but played down the significance by saying “only very few clients were impacted.”

Krebs, however, cites sources close to Deloitte who suggest the hack was likely more severe than that. The sources claimed the hackers accessed the entirety of the firm’s internal email database, and all administrative accounts. Worse, it appears the hackers transferred or copied a significant amount of that confidential data:

This same source said forensic investigators identified several gigabytes of data being exfiltrated to a server in the United Kingdom. The source further said the hackers had free reign in the network for “a long time” and that the company still does not know exactly how much total data was taken.

Meanwhile, Krebs’ sources say Deloitte has yet to identify the full pervasiveness of the attack.

What companies are affected?

Deloitte has only said it notified six companies and some government agencies, but it has not identified them. The Guardian adds that those companies are household names, but likewise doesn’t provide further details.

A firm like Deloitte advises giant multinationals in sectors like finance, pharma, and media, so the length of potential victims is long. It’s also possible the list of actual victims will come to number more than six—especially if Deloitte has yet to get to the bottom of the hack.

How bad is this?

For Deloitte, it’s very bad. The reputation of company’s cyber-security consulting business will take a hit, and not just because it got breached. If details in the Guardian’s report are true, Deloitte failed to deploy elementary security measures such as requiring two-factor authentication. The firm also appears to have guarded large pools of data with a single password.

For Deloitte’s clients, the extent of the harm is less clear. If hackers indeed got hold of all of Deloitte’s emails, those messages may have revealed their client’s secret corporate strategies or sensitive intellectual property. Meanwhile, all of those email addresses would provide crooks with ample opportunities for spear-phishing scams targeted at top executives.

When will we know more?

Reports suggests Deloitte knew something was amiss as long ago as last October so the firm almost certainly knows more than it is disclosing. In response to the Guardian’s report, the company issued a statement but has yet to address the additional details described by Krebs.

Look for more information to trickle out in coming days from the company, but also in the form of leaks from the security community and beyond.