如果说互联网有一个永恒的主题的话，那就是总有某些人在某处被黑客以某种方式攻击了。上个月，针对银行发起的网络攻击再次成为头条新闻，受害者包括BB&T公司、花旗集团（Citigroup）和太阳信托银行（SunTrust）。不过最近由波尼蒙研究所（Ponemon Institute）所做的一项调研显示，各公司每周平均受到两次攻击，每年由于网络犯罪损失的金额高达890万美元。安全分析师称，企业首先要了解藏在暗处的到底是何种威胁。尽管许多黑客用的只是相对基础的工具，比如网络钓鱼或恶意软件，但他们运用这些工具的目的各有不同。下面我们为大家盘点了六类最有攻击力的黑客。

    If the Internet has one enduring constant, it's that somewhere, somehow, somebody is being hacked. Last month cyberassaults on banks, including BB&T (BBT, Fortune 500), Citigroup(C, Fortune 500), and SunTrust (STI, Fortune 500), made headlines. But a recent Ponemon Institute survey reported that the average company is attacked twice a week and loses $8.9 million a year to cybercrime. Security analysts say the first thing businesses must know is just what types of threats are lurking in the shadows. While many hackers use relatively basic tools, such as phishing or malware, they often wield them with different motives. Here are six of the most effective actors.

    政府撑腰的黑客

    身份：伊朗，以色列，俄罗斯，美国

    目的：情报，国家机密，破坏活动

    目标：外国政府，恐怖分子，各种产业

    特征：精心组织的破坏计算机系统的多层次攻击

    经典案例：受到震网病毒攻击后，伊朗核工厂五分之一的离心机崩溃了。它是一种蠕虫病毒，据称由美国和以色列情报机构开发，能侵入控制伊朗浓缩装置的电脑。而伊朗随后就发起了反击，使用户无法访问摩根大通银行（J.P.Morgan）、PNC银行，富国银行（Wells Fargo）及其他金融机构的网站。

    1. State sponsored

    Who: Iran, Israel, Russia, U.S.

    Objectives: Intelligence, state secrets, sabotage

    Targets: Foreign governments, terrorists, industry

    Signature: Multi-tiered, precisely orchestrated attacks that breach computer systems

    Classic Case: One-fifth of Iran's nuclear centrifuges crashed after Stuxnet, a worm reportedly developed by U.S. and Israeli intelligence, penetrated computers at an Iranian enrichment facility. Iran allegedly retaliated by disrupting access to the websites of J.P.Morgan (JPM, Fortune 500), PNC (PNC, Fortune 500), Wells Fargo (WFC, Fortune 500), and others.

    维权黑客

    身份：匿名组织，反安全组织，鲁兹安全

    目的：修正已知错误，推广自身，保护互联网自由

    目标：网络坏分子，科学论派，公司，政府

    特征：泄露敏感信息，公开羞辱，潜入YouTube视频

    经典案例：在所谓的“报复行动”（Operation Payback）中，贝宝（PayPal）、维萨信用卡（Visa）和万事达信用卡（MasterCard）的网站都遭到了破坏。这是一次由匿名组织发起的行动，旨在惩罚那些2010年冻结维基解密（WikiLeaks）账户的公司。仅贝宝一家公司就因此损失了560万美元。

    2. Hacktivist

    Who: Anonymous, AntiSec, LulzSec

    Objectives: Righting perceived wrongs, publicity, protecting Internet freedoms

    Targets: Bullies, Scientologists, corporations, governments

    Signature: Leaking sensitive information, public shaming, creepy YouTube videos

    Classic Case: The websites of PayPal, Visa (V, Fortune 500), and MasterCard (MA,Fortune 500) were disrupted during Operation Payback, an Anonymous-led effort to punish companies that suspended the accounts of WikiLeaks in 2010. Some $5.6 million was lost by PayPal alone.

    网络犯罪

    身份：尼日利亚“王子”，信用卡盗用者，身份窃贼，垃圾邮件制造者

    目的：劫财

    目标：容易上当的人，在线购物者，小企业，拥有大量数据的保健机构和零售企业

    特征：盗窃数据，洗劫银行账户

    经典案例：2009年，专门记录击键动作和密码的恶意软件Coreflood感染了230万台电脑，其中包括一些警察局、机场、银行、医院和大学的电脑。受害公司遭到高达6位数的虚假电子转账侵袭。

    3. Cyber-Criminal

    Who: Nigerian "princes," carders, identity thieves, spammers

    Objective: Treasure

    Targets: The gullible, online shoppers, small businesses, data-rich health care and retail companies

    Signature: Stealing data, looting bank accounts

    Classic Case: Coreflood, malicious software that records keystrokes and passwords, infected 2.3 million computers in 2009, some in police departments, airports, banks, hospitals, and universities. Affected companies suffered six-figure fraudulent wire transfers.

    内鬼

    身份：心怀不满的员工，承包商，举报人

    目的：利益之争，泄露信息，公共利益

    目标：大公司，政府

    特征：窃取文件

    经典案例：马谷志郡位于澳大利亚昆士兰州阳光海岸。2001年，一个承包商用黑客攻击并控制了当地150座污水泵站，导致该地区被上百万吨未处理的污水淹没。他这么干的起因是在该地区的一项业务承包中落选。结果，这次卑鄙行为让马谷志郡损失了超过100万美元。

    4. Insider (You)

    Who: Disgruntled employees, contractors, whistleblowers

    Objectives: Score-settling, leaks, public good

    Targets: Large companies, governments

    Signature: Document theft

    Classic Case: Maroochy Shire, an Australian district along the Sunshine Coast in Queensland, was inundated with millions of gallons of untreated sewage in 2001 when a contractor hacked and took control of 150 sewage pumping stations. He had been passed over for a job with the district. His dirty work cost Maroochy Shire upwards of $1 million.

    脚本小子

    身份：无聊的年轻人

    目的：寻求刺激，博得恶名

    目标：容易下手的对象，比如没有保护措施的网站和电子邮件账户

    特征：丑化或破坏网站

    经典案例：2001年，一封主题为“我爱你”的电子邮件把人们弄得晕头转向——包括一些五角大楼的人。这封信含有来自菲律宾的病毒，它在破坏文件的同时进行自我复制，在收件箱里扎根。所谓的“爱虫”所引起的数据破坏和生产力损失估计高达100亿美元。

    5. Script Kiddie

    Who: Bored youth

    Objectives: Thrills, notoriety

    Targets: Low-hanging fruit such as unprotected websites and e-mail accounts

    Signature: Defacing or dismantling websites

    Classic Case: An e-mail subject-lined I LOVE YOU duped people -- some of them inside the Pentagon -- in 2001. The virus it contained, which originated in the Philippines, destroyed files and simultaneously replicated itself, seeding in-boxes as it went. The so-called Love Bug caused an estimated $10 billion in digital damage and lost productivity.

    漏洞经纪人

    身份：Endgame公司，Netragard公司，Vupen公司

    目的：把黑客行为当成合法生意

    目标：未可知

    特征：找到所谓的“零天攻击”代码（zero-day exploit）——即攻击新软件的方法，再把它们卖给政府和其他财大气粗的客户。

    经典案例：去年3月举行的一次安全会议上，法国公司Vupen黑掉了谷歌公司（Google）的Chrome浏览器。这家公司并没有（收下6万美元，）把这项技术和谷歌分享，而是把代码卖给了出价更高的客户。

    6. Vulnerability Broker

    Who: Endgame, Netragard, Vupen

    Objective: Hacking as legitimate business

    Targets: Agnostic

    Signature: Finding so-called zero-day exploits -- ways to hack new software, selling them to governments and other deep-pocketed clients

    Classic Case: French firm Vupen hacked Google's (GOOG, Fortune 500) Chrome browser at a security conference last March. Rather than share its technique with the company (and accept a $60,000 award), Vupen has been selling the exploit to higher-paying customers.