PBS高端访谈:为什么黑客会将目标锁定在保险公司?

 　　JUDY WOODRUFF: Today's disclosure of a major hacking 1 attack on the nation's second-largest health insurer, Anthem 2, is setting off alarms about cyber-crime at a new level.

　　Hackers 3 were able to crack a database that included records for 80 million people. The cyber-criminals were able to get names, addresses and e-mails, as well as Social Security numbers and income. But hospital and doctor information related to patients wasn't hacked 4.
　　Bloomberg News reported that investigators 5 believe Chinese state-sponsored hackers are involved.
　　Mark Bower 6 is a noted 7 expert on these issues. He's also a vice 8 president at Voltage Security in California.
　　Mark Bower, welcome.
　　So, compared to the hacks 9 we have seen until now, how serious is this one?
　　MARK BOWER, Voltage Security: Well, certainly, we have just started the year off with a bang in terms of data breaches 11; 80 million records is a very substantial amount, so this is quite a serious attack
　　And the nature of the data, you have got lots of personal data that can potentially be monetized. It's going to be very inconvenient 12 for those individuals and also quite costly 13 for the organization that this affects.
　　JUDY WOODRUFF: It is possible to know at this point who is behind this? You — we mentioned the Bloomberg news report that it's potentially the Chinese. They mentioned a group called Deep Panda.
　　MARK BOWER: It's not clear yet. We only have a couple data points on information like that.
　　But, fundamentally, there's got to be some organized crime behind this or very well-organized attackers to be able to get into these types of systems and steal this volume of data. And we shouldn't forget that these types of attacks are pretty much expected these days.
　　We have seen breaches of this nature across the board over the last decade. And, in fact, the volumes of data that have been stolen are actually staggering these days.
　　JUDY WOODRUFF: What can the people behind this data breach 10 do with this information?
　　MARK BOWER: So, it depends on the — their motive 14 in the end. But, ultimately, if you have stolen large amounts of personal information, whether you have got Social Security numbers, name and address, date of birth, all that kind of stuff — and in this case, it seems like there's also employment history and income data — well, you can start to create identity theft situations, where you're actually stealing people's information or identity to commit fraud.
　　But, more importantly, there is also the risk of side effects, that this type of data can actually result in attacks that are more targeted. So, for example, we might have an individual that is maybe a wealthy individual, and the attacker can go now after them more specifically based on the information that they have about them in what we call a spear phishing attack.
　　And that might involve going after them with targeted e-mails, even phone calls, to try and get them to reveal more data that then can be used in a compromise or for further identity theft.
　　JUDY WOODRUFF: So for individuals who either now or did have health coverage 15 through Anthem, what should they be on the lookout 16 for?
　　MARK BOWER: So, after these types of attacks, what we often see is a wave of spam e-mails. Those are those fake e-mails that are often trying to lure 17 people into Web sites where there may be viruses and malware, the more sinister 18 phishing attacks, which might be there to lure people to Web sites to then download malware that will actually steal further information from their own personal computers or maybe even get into their bank accounts and so on with online banking 19.
　　So people have to be vigilant 20 to make sure that they're not seeing e-mails that look suspicious and clicking on things there. And also be wary 21 of things like phone calls, for instance, from organizations that may be purporting 22 to be from service providers that may be related to Anthem, but they're actually criminal gangs trying to get more information from consumers that can then be used for further fraud or accessing their bank account or accessing their computers and so on.
　　JUDY WOODRUFF: Just quickly, Mark Bower, how would you rank or rate the security system at a company like Anthem? I mean, obviously, it was breached 23, but had they taken all the steps that a big company is supposed to take?
　　MARK BOWER: That's hard to say.
　　But even the best-prepared organizations can often succumb 24 to these types of attacks. What we have found over the last several years is that the attackers are becoming much more sophisticated. The malware is becoming much more advanced. And it just takes one vulnerability to be able to bypass those traditional perimeter 25 defenses, the firewalls and the log-in and the intrusion detection, to get into the heart of these systems.
　　And once they're in there, it's too late. The information can be stolen, monetized. And we see victims, as we have seen today.
　　JUDY WOODRUFF: Well, it's certainly got a lot of people's attention.
　　Mark Bower with Voltage Security, we thank you.
　　MARK BOWER: Thank you very much.