It took the hackers less than two hours to take over Patsy Walsh’s life.

不到兩個(gè)小時(shí)，黑客就接管了帕斯蒂·沃爾什(Patsy Walsh)的生活。

On a recent Friday, Mrs. Walsh, a grandmother of six, volunteered to allow two hackers to takea crack at hacking her home. How bad could it be?

沃爾什是六個(gè)孩子的祖母，最近一個(gè)周五，她志愿參加一個(gè)活動(dòng)，允許兩名黑客入侵她家。這能有多糟呢?

Mrs. Walsh did not consider herself a digital person. As far as she knew, her home was notequipped with any “smart devices, physical objects like refrigerators and thermometers thattransmit information to the Internet. Sure, she has a Facebook account, which she uses tokeep up on friends’ lives, but rarely does she post about her own.

沃爾什自認(rèn)為不是一個(gè)數(shù)碼愛(ài)好者。就她所知，她家中也沒(méi)有任何“智能設(shè)備，即可以將信息上傳互聯(lián)網(wǎng)的物品，比如智能冰箱和智能溫度計(jì)。當(dāng)然，她有一個(gè)Facebook帳號(hào)，她通過(guò)這個(gè)帳號(hào)來(lái)了解朋友們的生活狀況，但她很少發(fā)布關(guān)于自己的內(nèi)容。

“I don’t post things about myself and don’t really understand why other people do, Mrs.Walsh said. “The fact you can go from one friend’s profile to their friends’ profiles is creepy. Iguess you could find out a lot of information about somebody if you really wanted to.

“我不怎么發(fā)關(guān)于自己的內(nèi)容，我也真不明白為什么其他人會(huì)這么做，沃爾什說(shuō)。“你可以挨個(gè)查看朋友的主頁(yè)，這有點(diǎn)嚇人。我猜，只要你真心想查某人的信息，你就可以查出一大堆。

Indeed. Days before hackers even set foot in Mrs. Walsh’s home overlooking Mount Tamalpaisin Marin County, Calif., they found her Facebook account and — though it was comparativelylocked down — uncovered just enough to begin to take over her digital life. The New YorkTimes was invited to witness the hacking, on the condition that Mrs. Walsh’s town not benamed.

的確如此。沃爾什居住在加利福尼亞州，可以從家中遠(yuǎn)眺馬林縣的塔瑪珮?biāo)股剑诳驮谔ぷ闼业臄?shù)日之前，就發(fā)現(xiàn)了她的Facebook賬號(hào)——盡管它相對(duì)來(lái)說(shuō)是保密的——獲得了足以接管她的數(shù)字生活的信息。《紐約時(shí)報(bào)》應(yīng)邀見(jiàn)證了這起黑客行動(dòng)，前提是不透露沃爾什住在哪個(gè)城鎮(zhèn)。

The twist was that once the hackers found their way in, they discovered someone else hadalready been there.

亮點(diǎn)在于，黑客在成功侵入之后，發(fā)現(xiàn)已經(jīng)有人來(lái)過(guò)這里。

The hackers could see that Mrs. Walsh had liked a page organized by Change.org. That was allthey needed to construct some convincing click bait. Within 10 minutes, they composed afake email from Change.org asking her to sign a fake petition about land use in Marin County.

黑客可以看到沃爾什贊過(guò)Change.org發(fā)布的一個(gè)頁(yè)面。僅僅是這樣，他們就構(gòu)建了一些令人信服的點(diǎn)擊誘餌。不到10分鐘，他們偽造了一份來(lái)自Change.org的假電郵，請(qǐng)她在一份關(guān)于馬林縣土地利用的假請(qǐng)?jiān)笗?shū)上簽名。

When that link led her to a page that asked her to enter her email address and password, shecomplied. To spare Mrs. Walsh any actual harm, the hackers used a service called Phish5, whichdoes not actually store passwords and is often used by employers to test employees’ ability tospot malicious phishing cons.

點(diǎn)擊該鏈接后，她登上一個(gè)網(wǎng)頁(yè)，要求她輸入電郵地址和密碼，她照做了。為了不讓沃爾什遭受任何實(shí)質(zhì)上的危害，黑客使用了一個(gè)名為Phish5的服務(wù)，它并不真正存儲(chǔ)密碼，雇主通常用它來(lái)測(cè)試雇員識(shí)別惡意仿冒內(nèi)容的能力。

Had the two been actual attackers, they would have had all the information they needed to“pwn Mrs. Walsh — hacker speak for taking over someone’s digital life — from afar, particularlybecause, Mrs. Walsh confessed, she was guilty of using the same password across manyaccounts.

如果這兩名黑客是動(dòng)真格的，他們就已經(jīng)遠(yuǎn)程獲取了“pwn沃爾什所需的一切信息。“pwn是黑客的行話，指接管某人的數(shù)字生活。沃爾什承認(rèn)，她在不同的賬戶上使用了同樣的密碼，而這讓黑客入侵變得尤為輕松。

All this before they had even set foot in Mrs. Walsh’s home.

所有這一切還是在他們登門(mén)造訪沃爾什之前完成的。

The hackers, Reed Loden, the 27-year-old director of security of HackerOne, a San Franciscosecurity start-up, and Michiel Prins, the 25-year-old co-founder of HackerOne, were greetedwarmly when they arrived at her home.

這兩名黑客是舊金山初創(chuàng)安全企業(yè)HackerOne公司27歲的安全總監(jiān)里德·洛登(Reed Loden)和25歲的聯(lián)合創(chuàng)始人米希爾·普林斯(Michiel Prins)。到沃爾什家時(shí)，他們受到了熱烈的歡迎。

“Welcome Hackers was scrawled on a heart-shaped chalkboard on the front door, and deviledeggs, tuna sandwiches and fresh iced tea were waiting. Mrs. Walsh said she expected thehackers would wear black, but Mr. Loden and Mr. Prins did not fit that stereotype. Mr. Loden,who hails from Mississippi, ended his sentences with a warm “thank you, ma’am — his mannersintact even while explaining that he had just hacked Mrs. Walsh’s power of attorney form.

前門(mén)掛著一塊心形的黑板，上面寫(xiě)著“黑客請(qǐng)進(jìn)。還有魔鬼蛋、金槍魚(yú)三明治和爽口的冰茶等著他們。沃爾什以為黑客會(huì)穿黑色的衣服，但洛登和普林斯并不符合這種刻板印象。來(lái)自密西西比州的洛登在發(fā)言結(jié)束時(shí)熱情地說(shuō)了句“謝謝您，夫人。即便是在解釋自己剛剛侵入了沃爾什的法律授權(quán)書(shū)時(shí)，神情也并沒(méi)有變化。

“They’re very polite, Mrs. Walsh noted. (Later, she invited both to Thanksgiving dinner.)

“他們非常有禮貌，沃爾什說(shuō)(后來(lái)，她還邀請(qǐng)兩人共進(jìn)感恩節(jié)晚餐)。

Over an hour and a half, they discovered a way to open the Walshes’ garage door. It wassimply a matter of using a “brute force attack against an older door opener. The processentailed testing thousands of code combinations until hitting the correct one. Earlier this year,the hacker Samy Kamkar demonstrated how to do this in less than 10 seconds using a Matteltoy.

在一個(gè)半小時(shí)的時(shí)間里，他們找到了打開(kāi)沃爾什家車(chē)庫(kù)門(mén)的辦法，只需要“用蠻力攻擊上了年頭的開(kāi)門(mén)器即可。這個(gè)過(guò)程需要試驗(yàn)數(shù)千個(gè)密碼組合，直到試出正確的那個(gè)。今年早些時(shí)候，一個(gè)名叫薩米·卡姆卡爾(SamyKamkar)的黑客演示了如何在不到十秒鐘的時(shí)間里，用一個(gè)美泰(Mattel)玩具完成這件事。

Mr. Loden and Mr. Prins also found a way to intercept Mrs. Walsh’s television. A service workerhad not installed her DirecTV securely, with a password, which meant anyone with knowledge ofthe device’s I.P. address could control the television remotely.

洛登和普林斯還發(fā)現(xiàn)了控制沃爾什家電視的辦法。服務(wù)人員給她安裝DirecTV時(shí)的做法并不安全，沒(méi)有設(shè)置密碼，這意味著任何人，只要知道這臺(tái)設(shè)備的IP地址，就能遠(yuǎn)程控制電視。

In this case, the hackers used their access to purchase a three-hour pass to an array of adultchannels — the names of which would not be suitable for print here.

在這個(gè)案例里，兩名黑客利用自己取得的權(quán)限，購(gòu)買(mǎi)了三小時(shí)的觀看許可，可以收看一系列成人頻道。這些頻道的名字不宜在此刊出。

Still, Mrs. Walsh was not impressed. “What’s so wrong about getting into my TV? When Mr.Loden pointed out that someone could blast pornography in her living room in the middle of adinner party, Mrs. Walsh conceded, “I can see how that would be a little shocking to guests.

但沃爾什并沒(méi)有很在意。“破解我家的電視有什么大問(wèn)題嗎?但當(dāng)洛登指出，有人可以在她舉辦家宴時(shí)，讓客廳的電視突然播放色情作品之后，沃爾什承認(rèn)，“我能想象客人會(huì)有些震驚。

From there, the hackers made their way to the back of Mrs. Walsh’s house, where her PC waswaiting. With her passwords posted on the nearby router, their task was easy. Within minutes,they had not only broken into Mrs. Walsh’s email account, but also that of her daughter — whoat some point had allowed the computer’s browser to auto-fill her password. (As a courtesy,the hackers made sure to send Mrs. Walsh’s daughter an email from her own account with thesubject line: “Reminder: Change my password.)

然后，兩名黑客來(lái)到沃爾什家的后院。她的個(gè)人電腦放在那里，正等待黑客侵入。因?yàn)槊艽a貼在了附近的路由器上，他們的任務(wù)很容易。只用了幾分鐘，他們不僅進(jìn)入了沃爾什的電子郵箱賬戶，還進(jìn)入了她女兒的賬戶。她女兒在某個(gè)時(shí)刻允許了這臺(tái)電腦的瀏覽器自動(dòng)輸入她的密碼。(兩人做了件好事，用沃爾什女兒自己的賬戶給她發(fā)了一封電子郵件，主題欄上寫(xiě)著：“提醒：改密碼。)

They searched Mrs. Walsh’s email for the term “SSN and within seconds had access to herSocial Security number, her PayPal account, her air miles account and her insuranceinformation. They had even gotten their hands on her power of attorney form.

他們?cè)谖譅柺驳泥]件中搜索“SSN，幾秒鐘后便獲取了她的社會(huì)安全號(hào)碼、PayPal賬號(hào)、航空里程積分賬號(hào)和保險(xiǎn)信息。他們甚至還能對(duì)她的法律授權(quán)書(shū)做手腳。

What’s worse, they weren’t the only ones with access to all of the above. Mr. Loden and Mr.Prins ran a scan for malicious programs running on Mrs. Walsh’s machine and found roughly20, including InstallBrain, an installer that can download malicious programs on demand, likeone that helps attackers mine for Bitcoin. And others like DefaultTab, FunWebProducts,SearchProtect, SlimCleaner and Supreme Savings that can change a victim’s home page, spyon search and browsing histories, or replace ads on websites like Facebook and Google withintrusive programs.

更糟糕的是，他們不是唯一能獲取上述所有信息的人。在對(duì)沃爾什電腦上運(yùn)行的程序進(jìn)行掃描后，洛登和普林斯發(fā)現(xiàn)了大約20個(gè)惡意程序，包括InstallBrain。這是一個(gè)安裝程序，能夠按指令下載惡意程序，如一款幫助攻擊者生成比特幣(Bitcoin)的程序。其他像DefaultTab、FunWebProducts、SearchProtect、SlimCleaner和Supreme Savings這樣的程序，更改受害者的主頁(yè)，并監(jiān)視用戶的搜索和瀏覽記錄，或是將Facebook和谷歌等網(wǎng)站上的廣告替換成侵入性的程序。

After they were through “pwning Mrs. Walsh, the two hackers sat down with their victim for adebriefing. Critical points were that Mrs. Walsh needed a new garage door opener, a passwordfor her television and a password manager to help her set unique and far more complicatedpasswords for each of her accounts.

結(jié)束對(duì)沃爾什的數(shù)字生活進(jìn)行的“pwn后，兩名黑客和受害人坐了下來(lái)，簡(jiǎn)單向?qū)Ψ浇榻B了情況。關(guān)鍵的點(diǎn)是，沃爾什的車(chē)庫(kù)門(mén)需要換一個(gè)新的開(kāi)門(mén)器;電視機(jī)需要設(shè)置密碼;需要一個(gè)密碼管理程序，來(lái)幫她給每個(gè)賬戶設(shè)置獨(dú)一無(wú)二的、復(fù)雜度遠(yuǎn)高于現(xiàn)在的密碼。

The hackers advised her to turn on two-step authentication, a service that sends a second,one-time password to users’ phones when they try to log in from an unrecognized machine.They also gave her a quick lesson in phishing attacks and a lecture on the importance ofinstalling software updates.

兩位黑客建議沃爾什開(kāi)啟兩步驗(yàn)證。這項(xiàng)服務(wù)會(huì)在用戶試圖從陌生設(shè)備上登錄時(shí)，向用戶的手機(jī)再發(fā)送一個(gè)一次性的驗(yàn)證碼。他們還向她簡(jiǎn)要介紹了釣魚(yú)攻擊和安裝軟件更新的重要性。

Best to switch on automatic updates, they said, for core services like Apple’s iOS operatingsystem, Google’s Chrome browser and Windows. And, they said, her PC needed to becompletely wiped. The good news was they promised to return to do this for her, possibly whenthey visit for Thanksgiving dinner.

他們說(shuō)，最好是為蘋(píng)果的iOS操作系統(tǒng)、谷歌的Chrome瀏覽器和Windows等核心服務(wù)，打開(kāi)自動(dòng)更新。他們還表示，需要徹底清除沃爾什個(gè)人電腦上的東西。好消息是，他們?cè)S諾會(huì)在下次來(lái)的時(shí)候幫她清理。可能就是來(lái)共進(jìn)感恩節(jié)晚餐的時(shí)候。

It took the hackers less than two hours to take over Patsy Walsh’s life.

不到兩個(gè)小時(shí)，黑客就接管了帕斯蒂·沃爾什(Patsy Walsh)的生活。

On a recent Friday, Mrs. Walsh, a grandmother of six, volunteered to allow two hackers to takea crack at hacking her home. How bad could it be?

沃爾什是六個(gè)孩子的祖母，最近一個(gè)周五，她志愿參加一個(gè)活動(dòng)，允許兩名黑客入侵她家。這能有多糟呢?

Mrs. Walsh did not consider herself a digital person. As far as she knew, her home was notequipped with any “smart devices, physical objects like refrigerators and thermometers thattransmit information to the Internet. Sure, she has a Facebook account, which she uses tokeep up on friends’ lives, but rarely does she post about her own.

沃爾什自認(rèn)為不是一個(gè)數(shù)碼愛(ài)好者。就她所知，她家中也沒(méi)有任何“智能設(shè)備，即可以將信息上傳互聯(lián)網(wǎng)的物品，比如智能冰箱和智能溫度計(jì)。當(dāng)然，她有一個(gè)Facebook帳號(hào)，她通過(guò)這個(gè)帳號(hào)來(lái)了解朋友們的生活狀況，但她很少發(fā)布關(guān)于自己的內(nèi)容。

“I don’t post things about myself and don’t really understand why other people do, Mrs.Walsh said. “The fact you can go from one friend’s profile to their friends’ profiles is creepy. Iguess you could find out a lot of information about somebody if you really wanted to.

“我不怎么發(fā)關(guān)于自己的內(nèi)容，我也真不明白為什么其他人會(huì)這么做，沃爾什說(shuō)。“你可以挨個(gè)查看朋友的主頁(yè)，這有點(diǎn)嚇人。我猜，只要你真心想查某人的信息，你就可以查出一大堆。

Indeed. Days before hackers even set foot in Mrs. Walsh’s home overlooking Mount Tamalpaisin Marin County, Calif., they found her Facebook account and — though it was comparativelylocked down — uncovered just enough to begin to take over her digital life. The New YorkTimes was invited to witness the hacking, on the condition that Mrs. Walsh’s town not benamed.

的確如此。沃爾什居住在加利福尼亞州，可以從家中遠(yuǎn)眺馬林縣的塔瑪珮?biāo)股剑诳驮谔ぷ闼业臄?shù)日之前，就發(fā)現(xiàn)了她的Facebook賬號(hào)——盡管它相對(duì)來(lái)說(shuō)是保密的——獲得了足以接管她的數(shù)字生活的信息。《紐約時(shí)報(bào)》應(yīng)邀見(jiàn)證了這起黑客行動(dòng)，前提是不透露沃爾什住在哪個(gè)城鎮(zhèn)。

The twist was that once the hackers found their way in, they discovered someone else hadalready been there.

亮點(diǎn)在于，黑客在成功侵入之后，發(fā)現(xiàn)已經(jīng)有人來(lái)過(guò)這里。

The hackers could see that Mrs. Walsh had liked a page organized by Change.org. That was allthey needed to construct some convincing click bait. Within 10 minutes, they composed afake email from Change.org asking her to sign a fake petition about land use in Marin County.

黑客可以看到沃爾什贊過(guò)Change.org發(fā)布的一個(gè)頁(yè)面。僅僅是這樣，他們就構(gòu)建了一些令人信服的點(diǎn)擊誘餌。不到10分鐘，他們偽造了一份來(lái)自Change.org的假電郵，請(qǐng)她在一份關(guān)于馬林縣土地利用的假請(qǐng)?jiān)笗?shū)上簽名。

When that link led her to a page that asked her to enter her email address and password, shecomplied. To spare Mrs. Walsh any actual harm, the hackers used a service called Phish5, whichdoes not actually store passwords and is often used by employers to test employees’ ability tospot malicious phishing cons.

點(diǎn)擊該鏈接后，她登上一個(gè)網(wǎng)頁(yè)，要求她輸入電郵地址和密碼，她照做了。為了不讓沃爾什遭受任何實(shí)質(zhì)上的危害，黑客使用了一個(gè)名為Phish5的服務(wù)，它并不真正存儲(chǔ)密碼，雇主通常用它來(lái)測(cè)試雇員識(shí)別惡意仿冒內(nèi)容的能力。

Had the two been actual attackers, they would have had all the information they needed to“pwn Mrs. Walsh — hacker speak for taking over someone’s digital life — from afar, particularlybecause, Mrs. Walsh confessed, she was guilty of using the same password across manyaccounts.

如果這兩名黑客是動(dòng)真格的，他們就已經(jīng)遠(yuǎn)程獲取了“pwn沃爾什所需的一切信息。“pwn是黑客的行話，指接管某人的數(shù)字生活。沃爾什承認(rèn)，她在不同的賬戶上使用了同樣的密碼，而這讓黑客入侵變得尤為輕松。

All this before they had even set foot in Mrs. Walsh’s home.

所有這一切還是在他們登門(mén)造訪沃爾什之前完成的。

The hackers, Reed Loden, the 27-year-old director of security of HackerOne, a San Franciscosecurity start-up, and Michiel Prins, the 25-year-old co-founder of HackerOne, were greetedwarmly when they arrived at her home.

這兩名黑客是舊金山初創(chuàng)安全企業(yè)HackerOne公司27歲的安全總監(jiān)里德·洛登(Reed Loden)和25歲的聯(lián)合創(chuàng)始人米希爾·普林斯(Michiel Prins)。到沃爾什家時(shí)，他們受到了熱烈的歡迎。

“Welcome Hackers was scrawled on a heart-shaped chalkboard on the front door, and deviledeggs, tuna sandwiches and fresh iced tea were waiting. Mrs. Walsh said she expected thehackers would wear black, but Mr. Loden and Mr. Prins did not fit that stereotype. Mr. Loden,who hails from Mississippi, ended his sentences with a warm “thank you, ma’am — his mannersintact even while explaining that he had just hacked Mrs. Walsh’s power of attorney form.

前門(mén)掛著一塊心形的黑板，上面寫(xiě)著“黑客請(qǐng)進(jìn)。還有魔鬼蛋、金槍魚(yú)三明治和爽口的冰茶等著他們。沃爾什以為黑客會(huì)穿黑色的衣服，但洛登和普林斯并不符合這種刻板印象。來(lái)自密西西比州的洛登在發(fā)言結(jié)束時(shí)熱情地說(shuō)了句“謝謝您，夫人。即便是在解釋自己剛剛侵入了沃爾什的法律授權(quán)書(shū)時(shí)，神情也并沒(méi)有變化。

“They’re very polite, Mrs. Walsh noted. (Later, she invited both to Thanksgiving dinner.)

“他們非常有禮貌，沃爾什說(shuō)(后來(lái)，她還邀請(qǐng)兩人共進(jìn)感恩節(jié)晚餐)。

Over an hour and a half, they discovered a way to open the Walshes’ garage door. It wassimply a matter of using a “brute force attack against an older door opener. The processentailed testing thousands of code combinations until hitting the correct one. Earlier this year,the hacker Samy Kamkar demonstrated how to do this in less than 10 seconds using a Matteltoy.

在一個(gè)半小時(shí)的時(shí)間里，他們找到了打開(kāi)沃爾什家車(chē)庫(kù)門(mén)的辦法，只需要“用蠻力攻擊上了年頭的開(kāi)門(mén)器即可。這個(gè)過(guò)程需要試驗(yàn)數(shù)千個(gè)密碼組合，直到試出正確的那個(gè)。今年早些時(shí)候，一個(gè)名叫薩米·卡姆卡爾(SamyKamkar)的黑客演示了如何在不到十秒鐘的時(shí)間里，用一個(gè)美泰(Mattel)玩具完成這件事。

Mr. Loden and Mr. Prins also found a way to intercept Mrs. Walsh’s television. A service workerhad not installed her DirecTV securely, with a password, which meant anyone with knowledge ofthe device’s I.P. address could control the television remotely.

洛登和普林斯還發(fā)現(xiàn)了控制沃爾什家電視的辦法。服務(wù)人員給她安裝DirecTV時(shí)的做法并不安全，沒(méi)有設(shè)置密碼，這意味著任何人，只要知道這臺(tái)設(shè)備的IP地址，就能遠(yuǎn)程控制電視。

In this case, the hackers used their access to purchase a three-hour pass to an array of adultchannels — the names of which would not be suitable for print here.

在這個(gè)案例里，兩名黑客利用自己取得的權(quán)限，購(gòu)買(mǎi)了三小時(shí)的觀看許可，可以收看一系列成人頻道。這些頻道的名字不宜在此刊出。

Still, Mrs. Walsh was not impressed. “What’s so wrong about getting into my TV? When Mr.Loden pointed out that someone could blast pornography in her living room in the middle of adinner party, Mrs. Walsh conceded, “I can see how that would be a little shocking to guests.

但沃爾什并沒(méi)有很在意。“破解我家的電視有什么大問(wèn)題嗎?但當(dāng)洛登指出，有人可以在她舉辦家宴時(shí)，讓客廳的電視突然播放色情作品之后，沃爾什承認(rèn)，“我能想象客人會(huì)有些震驚。

From there, the hackers made their way to the back of Mrs. Walsh’s house, where her PC waswaiting. With her passwords posted on the nearby router, their task was easy. Within minutes,they had not only broken into Mrs. Walsh’s email account, but also that of her daughter — whoat some point had allowed the computer’s browser to auto-fill her password. (As a courtesy,the hackers made sure to send Mrs. Walsh’s daughter an email from her own account with thesubject line: “Reminder: Change my password.)

然后，兩名黑客來(lái)到沃爾什家的后院。她的個(gè)人電腦放在那里，正等待黑客侵入。因?yàn)槊艽a貼在了附近的路由器上，他們的任務(wù)很容易。只用了幾分鐘，他們不僅進(jìn)入了沃爾什的電子郵箱賬戶，還進(jìn)入了她女兒的賬戶。她女兒在某個(gè)時(shí)刻允許了這臺(tái)電腦的瀏覽器自動(dòng)輸入她的密碼。(兩人做了件好事，用沃爾什女兒自己的賬戶給她發(fā)了一封電子郵件，主題欄上寫(xiě)著：“提醒：改密碼。)

They searched Mrs. Walsh’s email for the term “SSN and within seconds had access to herSocial Security number, her PayPal account, her air miles account and her insuranceinformation. They had even gotten their hands on her power of attorney form.

他們?cè)谖譅柺驳泥]件中搜索“SSN，幾秒鐘后便獲取了她的社會(huì)安全號(hào)碼、PayPal賬號(hào)、航空里程積分賬號(hào)和保險(xiǎn)信息。他們甚至還能對(duì)她的法律授權(quán)書(shū)做手腳。

What’s worse, they weren’t the only ones with access to all of the above. Mr. Loden and Mr.Prins ran a scan for malicious programs running on Mrs. Walsh’s machine and found roughly20, including InstallBrain, an installer that can download malicious programs on demand, likeone that helps attackers mine for Bitcoin. And others like DefaultTab, FunWebProducts,SearchProtect, SlimCleaner and Supreme Savings that can change a victim’s home page, spyon search and browsing histories, or replace ads on websites like Facebook and Google withintrusive programs.

更糟糕的是，他們不是唯一能獲取上述所有信息的人。在對(duì)沃爾什電腦上運(yùn)行的程序進(jìn)行掃描后，洛登和普林斯發(fā)現(xiàn)了大約20個(gè)惡意程序，包括InstallBrain。這是一個(gè)安裝程序，能夠按指令下載惡意程序，如一款幫助攻擊者生成比特幣(Bitcoin)的程序。其他像DefaultTab、FunWebProducts、SearchProtect、SlimCleaner和Supreme Savings這樣的程序，更改受害者的主頁(yè)，并監(jiān)視用戶的搜索和瀏覽記錄，或是將Facebook和谷歌等網(wǎng)站上的廣告替換成侵入性的程序。

After they were through “pwning Mrs. Walsh, the two hackers sat down with their victim for adebriefing. Critical points were that Mrs. Walsh needed a new garage door opener, a passwordfor her television and a password manager to help her set unique and far more complicatedpasswords for each of her accounts.

結(jié)束對(duì)沃爾什的數(shù)字生活進(jìn)行的“pwn后，兩名黑客和受害人坐了下來(lái)，簡(jiǎn)單向?qū)Ψ浇榻B了情況。關(guān)鍵的點(diǎn)是，沃爾什的車(chē)庫(kù)門(mén)需要換一個(gè)新的開(kāi)門(mén)器;電視機(jī)需要設(shè)置密碼;需要一個(gè)密碼管理程序，來(lái)幫她給每個(gè)賬戶設(shè)置獨(dú)一無(wú)二的、復(fù)雜度遠(yuǎn)高于現(xiàn)在的密碼。

The hackers advised her to turn on two-step authentication, a service that sends a second,one-time password to users’ phones when they try to log in from an unrecognized machine.They also gave her a quick lesson in phishing attacks and a lecture on the importance ofinstalling software updates.

兩位黑客建議沃爾什開(kāi)啟兩步驗(yàn)證。這項(xiàng)服務(wù)會(huì)在用戶試圖從陌生設(shè)備上登錄時(shí)，向用戶的手機(jī)再發(fā)送一個(gè)一次性的驗(yàn)證碼。他們還向她簡(jiǎn)要介紹了釣魚(yú)攻擊和安裝軟件更新的重要性。

Best to switch on automatic updates, they said, for core services like Apple’s iOS operatingsystem, Google’s Chrome browser and Windows. And, they said, her PC needed to becompletely wiped. The good news was they promised to return to do this for her, possibly whenthey visit for Thanksgiving dinner.

他們說(shuō)，最好是為蘋(píng)果的iOS操作系統(tǒng)、谷歌的Chrome瀏覽器和Windows等核心服務(wù)，打開(kāi)自動(dòng)更新。他們還表示，需要徹底清除沃爾什個(gè)人電腦上的東西。好消息是，他們?cè)S諾會(huì)在下次來(lái)的時(shí)候幫她清理。可能就是來(lái)共進(jìn)感恩節(jié)晚餐的時(shí)候。