[(Title)]Lawmaker: US Senate, staff targeted by state-backed hackers - ABC News

Foreign government hackers continue to target the personal email accounts of U.S. senators and their aides — and the Senate's security office has refused to defend them, a lawmaker says.

一位立法者说，外国政府黑客继续攻击美国参议员及其助手的个人电子邮件账户，参议院安全办公室拒绝为他们提供保护。

Sen. Ron Wyden, an Oregon Democrat, said in a  that his office discovered that "at least one major technology company" has warned an unspecified number of senators and aides that their personal email accounts were "targeted by foreign government hackers."

俄勒冈州民主党参议员罗恩·威登在说，他的办公室发现“至少有一家大的技术公司”已经向数量不详的参议员和助手发出警告，他们的个人电子邮件账户是“外国政府黑客的目标”。

Similar methods were employed by Russian military agents who leaked the contents of private email inboxes to influence the 2016 elections.

俄罗斯军方特工也采用了类似的方法，他们泄露了私人电子邮件收件箱内容，以影响2016年的选举。

Wyden did not specify the timing of the notifications, but a Senate staffer said they occurred "in the last few weeks or months."

威登没有具体说明警告发出的时间，但是参议院的一名工作人员说，这发生在“过去几周或几个月”。"

The aide spoke on condition of anonymity because he was not authorized to discuss the issue publicly.

这名助手要求匿名，因为他无权公开讨论这个问题。

But the senator said the  , which oversees Senate security, informed legislators and staffers that it has no authority to help secure personal, rather than official, accounts.

但是这位参议员说，负责监督参议院安全的参议员告诉立法者和工作人员，他无权帮助确保非官方账户的个人账户安全。

"This must change," Wyden wrote in the letter.

“这必须改变，11月的选举越来越近，俄罗斯继续攻击我们的民主，参议院根本没有再拖延的时间。”威登在信中写道。

"The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays."

A spokeswoman for the security office said it would have no comment.

安全办公室的一名女发言人表示不会对此发表评论。

Wyden has proposed legislation that would allow the security office to offer digital protection for personal accounts and devices, the same way it does with official ones.

威登已经提出立法，允许安全办公室为个人账户和设备提供数字保护，就像官方账户和设备一样。

His letter did not provide additional details of the attempts to pry into the lawmakers' digital lives, including whether lawmakers of both parties are still being targeted.

Google and Microsoft, which offer popular private email accounts, declined to comment.

谷歌和微软，这些受欢迎的提供私人电子邮件账户的公司，拒绝置评。

The Wyden letter cites previous Associated Press reporting on the Russian hacking group known as Fancy Bear and how it targeted the personal accounts of congressional aides between 2015 and 2016.

威登的信引用了美联社此前关于俄罗斯黑客组织“Fancy Bear”的报道，以及该组织在2015年至2016年间是如何针对国会助手的个人账户的。

The group's prolific cyberspying targeted the Gmail accounts of current and former Senate staffers, including Robert Zarate, now national security adviser to Florida Sen. Marco Rubio, and Jason Thielman, chief of staff to Montana Sen. Steve Daines, the AP found.

美联社发现，该组织大量的网络间谍活动针对的是现任和前任参议院工作人员的Gmail账户，包括现任佛罗里达州参议员马尔科·卢比奥的国家安全顾问罗伯特·扎拉特和蒙大拿州参议员史蒂夫·戴恩斯的参谋长杰森·泰尔曼。

The same group also spent the second half of  intended to look like portals where Senate officials enter their work email credentials, the Tokyo-based cybersecurity firm TrendMicro has reported.

总部位于东京的网络安全公司trend micro报道称，该组织还将下半年的时间花在了看起来像是参议院官员输入工作电子邮件证书的门户网站上。

Microsoft seized some of those traps, and in September 2017 apparently thwarted an attempt to  , the Daily Beast discovered in July.

Last month, Microsoft made news again when it  linked to Fancy Bear , including two apparently aimed at conservative think tanks in Washington.

上个月，当微软与“Fancy Bear”联系在一起时，它又一次成为新闻，包括两个显然是针对华盛顿保守智库的。

Such incidents "only scratch the surface" of advanced cyberthreats faced by U.S. officials in the administration and Congress, according to Thomas Rid, a cybersecurity expert at Johns Hopkins University.

约翰·霍普金斯大学的网络安全专家托马斯·里德称，这种事件“只是触及”美国政府和国会官员面临的高级网络威胁的表面。

Rid made the statement  .

"The personal accounts of senators and their staff are high-value, low-hanging targets," Rid wrote.

他写道:“参议员及其工作人员的个人账户是高价值、低悬赏的目标。没有规定，没有条例，没有资金流，没有强制培训，没有系统的安全支持来保护这些资源。”

"No rules, no regulations, no funding streams, no mandatory training, no systematic security support is available to secure these resources."

Attempts to breach such accounts were a major feature of the yearlong AP investigation into Fancy Bear that identified hundreds of senior officials and politicians — including former secretaries of state, top generals and intelligence chiefs — whose Gmail accounts were targeted.

试图破坏这些账户是美联社对“Fancy Bear”长达一年的调查后定义的一个主要特征，调查发现了数百名高级官员和政治家——包括前国务卿、高级将领和情报主管——他们的Gmail账户是攻击目标。

The Kremlin is by no means the only source of worry, said Matt Tait, a University of Texas cybersecurity fellow and former British intelligence official.

德克萨斯大学网络安全研究员、前英国情报官员马特·泰特说，克里姆林宫绝不是唯一令人担忧的地方。

"There are lots of countries that are interested in what legislators are thinking, what they're doing, how to influence them, and it's not just for purposes of dumping their information online," Tait said.

泰特说:“很多国家都对立法者的想法、他们在做什么、如何影响他们感兴趣，这不仅仅是为了在网上散布他们的信息。”。

In an April 12 letter released by Wyden's office, Adm. Michael Rogers — then director of the National Security Agency — acknowledged that personal accounts of senior government officials "remain prime targets for exploitation" and said that officials at the NSA and Department for Homeland Security were discussing ways to better protect them.

在威登办公室4月12日发布的一封信中，时任国家安全局局长的迈克尔·罗杰斯承认，高级政府官员的个人账户“仍然是攻击的主要目标”，并表示国家安全局和国土安全部的官员正在讨论如何更好地保护他们。

The NSA and DHS declined to offer further details.

Guarding personal accounts is a complex, many-layered challenge.

保护个人账户是一项复杂的、多层次的挑战。

Rid believes tech companies have a sudden responsibility to nudge high-profile political targets into better digital hygiene.

He said he did not believe much as been done, although Facebook announced a pilot program Monday to help political campaigns protect their accounts, including monitoring for potential hacking threats for those that sign up.

里德说，他不相信在这方面已经做了很多努力，尽管Facebook周一宣布了一个试点项目来帮助政治运动保护他们的账户，包括监控注册者的潜在黑客威胁。

Boosting protection in the Senate could begin with the distribution of small chip-based security devices such as the YubiKey, which are already used in many secure corporate and government environments, Tait said.

Such keys supplement passwords to authenticate legitimate users, potentially frustrating distant hackers.

Cybersecurity experts also recommend them for high-value cyber-espionage targets including human rights workers and journalists.

"In an ideal world, the Sergeant at Arms could just have a pile of YubiKeys," said Tait.

"When legislators or staff come in they can (get) a quick cybersecurity briefing and pick up a couple of these for their personal accounts and their official accounts."

Bajak reported from Boston.

Satter reported from London.

Wednesday letter to Senate leaders

Office of the Sergeant at Arms

2017 laying digital traps

steal login credentials of a policy aide to Missouri Sen. Claire McCaskill

seized several internet domains

in a letter to Wyden last week