Fresh cyber attacks in North Macedonia, this time targeting the health and education ministries, are spurring calls for more sophisticated cyber protection.
北马其顿的新一轮网络攻击,这次针对卫生和教育部,正在促使人们呼吁进行更复杂的网络保护。
Last week’s attacks took down the websites of both ministries and were claimed by the hacker group ‘Anonopsmkd’, which previously took responsibility for a July 15 attack on the country’s most popular news aggregator TIME.mk.
上周的攻击摧毁了两个政府部门的网站,并被黑客组织“ Anonopsmkd”宣称,该组织此前曾对7月15日对该国最受欢迎的新闻聚合商TIME.mk进行攻击负责。
The denial of service attack on TIME.mk, which involved more than 35 million addresses that generated thousands of clicks per seconds, coincided with a closely-fought parliamentary election in North Macedonia when the State Electoral Commission was also targeted.
对TIME.mk的拒绝服务攻击涉及超过3500万个地址,每秒产生数千次点击,而与此同时,北马其顿的议会选举也进行了激烈讨论,当时州选举委员会也成为目标。
In an interview last week, Anonopsmkd denied hitting the electoral commission, but it has warned that law enforcement structures in North Macedonia are its next target, spurring calls for greater protection of state bodies in the newest member of NATO.
Anonopsmkd在上周的一次采访中否认罢免选举委员会,但警告说,北马其顿的执法机构是下一个目标,引发了对北约最新成员中国家机构的更大保护的呼吁。
“There should be a single protection system that would cover all government electronic services including agencies, ministries, local governments, and any legal entity or state body,” said Skopje-based cybersecurity consultant Mane Piperevski.
总部位于斯科普里的网络安全顾问Mane Piperevski说:“应该有一个涵盖所有政府电子服务的单一保护系统,包括机构,政府部门,地方政府以及任何法律实体或州机构。”
“This can be achieved by having a state-level Security Operation Centre with mixed ownership (51:49 in favour of the state),” Piperevski told BIRN. “The joint protection system would be under the leadership of the company that would be in charge of this Security Operation Centre.”
Piperevski告诉BIRN:“这可以通过拥有所有权混合的州级安全运营中心(支持国家的比例为51:49)来实现。” “联合保护系统将在负责此安全运营中心的公司的领导下进行。”
黑客阻碍选举结果公告 (Hackers obstruct election result announcement)
Piperevski said such a model had been implemented in a number of European Union countries.
Piperevski说,这样的模型已经在许多欧盟国家实施。
“There is a quality staff within the government bodies that is ready to respond to such challenges,” he said. “The only problem, however, is with politics and priorities of the work in the institutions.”
他说:“政府机构内部有一支素质高的员工随时准备应对这些挑战。” “但是,唯一的问题是机构的政治和工作重点。”
Privacy and data protection expert Ljubica Pendaroska said the protection system should be multi-layered, “in order to make to make it as hard as possible for the hackers, and thus increase the protection of information and especially the personal data of citizens.”
隐私和数据保护专家Ljubica Pendaroska说,保护系统应该是多层的,“以使其对黑客来说尽可能地困难,从而增强对信息尤其是对公民个人数据的保护。”
“It is necessary for the institutions to have a developed and functional team and a procedure for rapid intervention and response in the case of an attack,” Pendaroska told BIRN.
Pendaroska告诉BIRN:“对于机构来说,有必要建立一支发达的职能团队,并制定程序,在发生攻击时Swift进行干预和做出响应。”
An investigation conducted by the Ministry of Interior concluded that the electoral commission had been the target of a denial of service or DDoS attack which blocked publication of the preliminary results. The Commission website was out of action for several days.
内政部进行的一项调查得出的结论是,选举委员会已成为拒绝服务或DDoS攻击的目标,这阻止了初步结果的发布。 该委员会的网站几天都没有运作。
“The investigation of this case continues in order to determine the IP addresses from where the attack was carried out, and for additional information to be collected to determine the perpetrator of this attack,” the ministry said.
国防部表示:“将继续调查此案,以确定发动攻击的IP地址,并收集更多信息以确定此攻击的实施者。”
国家网络安全机构只开会一次 (National cybersecurity body has met only once)
A spate of cyber attacks on state bodies in North Macedonia over the past few months has raised fears over the safety of its IT system, a concern for NATO too since the country joined the Western military alliance in March this year.
在过去的几个月里,北马其顿对国家机构的一系列网络攻击使人们对其IT系统的安全性产生了担忧,自从该国于今年3月加入西方军事同盟以来,北约也对此感到担忧。
As BIRN reported in May, several cyberattacks in a short period of time exposed gaps in how North Macedonia’s authorities are dealing with cybersecurity issues.
正如BIRN在5月份报道的那样,在短时间内发生的几起网络攻击暴露了北马其顿当局处理网络安全问题的差距。
In one security breach two months ago, a Greek hacker group calling itself ‘Powerful Greek Army’ leaked dozens of email addresses and passwords from staffers in North Macedonia’s ministries of finance and economy. Authorities are yet to determine how exactly the attack happened.
两个月前的一次安全漏洞中,一个自称为“强大的希腊军队”的希腊黑客组织从北马其顿财政和经济部的工作人员那里泄漏了数十封电子邮件地址和密码。 当局尚未确定袭击发生的确切程度。
Last year, North Macedonia formed a National Council for Cyber Security, bringing together the ministers of interior, defence and information society. But it has so far met only once.
去年,北马其顿成立了全国网络安全委员会,将内政,国防和信息社会的部长召集在一起。 但是到目前为止,它只见过一次。
NATO member countries bear primary responsibility for their national cyber defences, but the alliance does provide expert support and has rapid reaction teams it can deploy in emergencies.
北约成员国对其国家网络防御负有主要责任,但该联盟确实提供了专家支持,并拥有可以在紧急情况下部署的快速React小组。
“NATO cyber experts can offer support and share information with Allies in real-time, including through our Malware Information Sharing Platform,” a NATO official told BIRN in an emailed response. “NATO has cyber rapid reaction teams on standby to assist Allies 24 hours a day, and our Cyberspace Operations Centre is operational.”
北约官员在一封电子邮件回复中告诉BIRN:“北约网络专家可以提供支持并与盟国实时共享信息,包括通过我们的恶意软件信息共享平台。” “北约有网络快速React小组随时待命,可以每天24小时为盟友提供帮助,我们的网络空间运营中心也可以正常运行。”
“NATO also invests in training, education and exercises which improve the skills of national cyber experts. Any attempts to interfere with democratic elections, including through hacking, are unacceptable, so we must remain vigilant.”
“北约还投资于培训,教育和演习,以提高国家网络专家的技能。 任何包括通过黑客手段来干预民主选举的尝试都是不可接受的,因此我们必须保持警惕。”
Originally published at https://balkaninsight.com on July 28, 2020.
最初于 2020年7月28日 在 https://balkaninsight.com 上 发布 。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
