Where is cybercrime really coming from? | Caleb Barlow

285,832 views ・ 2017-02-15

TED


Please double-click on the English subtitles below to play the video.

00:00
Translator: Leslie Gauthier Reviewer: Camille Martínez
0
0
7000
00:12
Cybercrime is out of control.
1
12832
4217
00:18
It's everywhere.
2
18006
1365
00:19
We hear about it every single day.
3
19395
4288
00:24
This year,
4
24591
1214
00:25
over two billion records lost or stolen.
5
25829
5134
00:31
And last year, 100 million of us, mostly Americans,
6
31870
5635
00:37
lost our health insurance data to thieves -- myself included.
7
37529
5134
00:44
What's particularly concerning about this is that in most cases,
8
44123
5448
00:49
it was months before anyone even reported that these records were stolen.
9
49595
5911
00:56
So if you watch the evening news,
10
56984
3043
01:00
you would think that most of this is espionage or nation-state activity.
11
60051
5206
01:05
And, well, some of it is.
12
65813
2093
01:08
Espionage, you see, is an accepted international practice.
13
68514
4438
01:13
But in this case,
14
73613
1483
01:15
it is only a small portion of the problem that we're dealing with.
15
75120
5453
01:21
How often do we hear about a breach
16
81459
3335
01:24
followed by, "... it was the result of a sophisticated nation-state attack?"
17
84818
4851
01:30
Well, often that is companies not being willing to own up
18
90481
4861
01:35
to their own lackluster security practices.
19
95366
2980
01:38
There is also a widely held belief
20
98885
2500
01:42
that by blaming an attack on a nation-state,
21
102175
3851
01:46
you are putting regulators at bay --
22
106050
2681
01:48
at least for a period of time.
23
108755
2034
01:51
So where is all of this coming from?
24
111657
4483
01:56
The United Nations estimates that 80 percent of it
25
116817
5493
02:02
is from highly organized and ultrasophisticated criminal gangs.
26
122334
5770
02:09
To date,
27
129074
1719
02:10
this represents one of the largest illegal economies in the world,
28
130817
6600
02:17
topping out at, now get this,
29
137441
3120
02:20
445 billion dollars.
30
140585
4316
02:25
Let me put that in perspective for all of you:
31
145359
2912
02:28
445 billion dollars is larger than the GDP
32
148295
6104
02:34
of 160 nations,
33
154423
2666
02:37
including Ireland, Finland, Denmark and Portugal,
34
157113
4545
02:41
to name a few.
35
161682
1230
02:44
So how does this work?
36
164113
2004
02:46
How do these criminals operate?
37
166141
1906
02:48
Well, let me tell you a little story.
38
168521
2856
02:52
About a year ago,
39
172351
1194
02:53
our security researchers were tracking
40
173569
3310
02:56
a somewhat ordinary but sophisticated banking Trojan called the Dyre Wolf.
41
176903
6046
03:03
The Dyre Wolf would get on your computer
42
183745
2221
03:05
via you clicking on a link in a phishing email
43
185990
3000
03:09
that you probably shouldn't have.
44
189014
1952
03:10
It would then sit and wait.
45
190990
1997
03:13
It would wait until you logged into your bank account.
46
193575
3011
03:17
And when you did, the bad guys would reach in,
47
197119
3343
03:20
steal your credentials,
48
200486
1653
03:22
and then use that to steal your money.
49
202163
1901
03:24
This sounds terrible,
50
204843
1920
03:26
but the reality is, in the security industry,
51
206787
2793
03:29
this form of attack is somewhat commonplace.
52
209604
3682
03:35
However, the Dyre Wolf had two distinctly different personalities --
53
215822
6164
03:42
one for these small transactions,
54
222479
2341
03:44
but it took on an entirely different persona
55
224844
3040
03:47
if you were in the business of moving large-scale wire transfers.
56
227908
3815
03:51
Here's what would happen.
57
231747
1699
03:53
You start the process of issuing a wire transfer,
58
233470
2800
03:56
and up in your browser would pop a screen from your bank,
59
236294
3008
03:59
indicating that there's a problem with your account,
60
239326
2597
04:01
and that you need to call the bank immediately,
61
241947
3191
04:05
along with the number to the bank's fraud department.
62
245162
2742
04:08
So you pick up the phone and you call.
63
248655
2170
04:10
And after going through the normal voice prompts,
64
250849
3011
04:13
you're met with an English-speaking operator.
65
253884
2117
04:16
"Hello, Altoro Mutual Bank. How can I help you?"
66
256025
2868
04:19
And you go through the process like you do every time you call your bank,
67
259853
3653
04:23
of giving them your name and your account number,
68
263530
2791
04:26
going through the security checks to verify you are who you said you are.
69
266345
3923
04:31
Most of us may not know this,
70
271629
1488
04:33
but in many large-scale wire transfers,
71
273141
2229
04:35
it requires two people to sign off on the wire transfer,
72
275394
3111
04:38
so the operator then asks you to get the second person on the line,
73
278529
3199
04:41
and goes through the same set of verifications and checks.
74
281752
2801
04:45
Sounds normal, right?
75
285780
1346
04:47
Only one problem:
76
287729
1442
04:49
you're not talking to the bank.
77
289195
1825
04:51
You're talking to the criminals.
78
291044
1586
04:52
They had built an English-speaking help desk,
79
292654
2198
04:54
fake overlays to the banking website.
80
294876
2065
04:56
And this was so flawlessly executed
81
296965
3100
05:00
that they were moving between a half a million
82
300089
2143
05:02
and a million and a half dollars per attempt
83
302256
3087
05:05
into their criminal coffers.
84
305367
1558
05:07
These criminal organizations operate
85
307960
2615
05:10
like highly regimented, legitimate businesses.
86
310599
3025
05:14
Their employees work Monday through Friday.
87
314165
2483
05:17
They take the weekends off.
88
317129
1536
05:18
How do we know this?
89
318689
1383
05:20
We know this because our security researchers see
90
320096
3133
05:23
repeated spikes of malware on a Friday afternoon.
91
323253
3066
05:27
The bad guys, after a long weekend with the wife and kids,
92
327074
3215
05:30
come back in to see how well things went.
93
330313
2240
05:35
The Dark Web is where they spend their time.
94
335521
2674
05:39
That is a term used to describe the anonymous underbelly of the internet,
95
339115
5789
05:44
where thieves can operate with anonymity
96
344928
2925
05:47
and without detection.
97
347877
1445
05:50
Here they peddle their attack software
98
350029
3027
05:53
and share information on new attack techniques.
99
353080
3456
05:57
You can buy everything there,
100
357391
1850
05:59
from a base-level attack to a much more advanced version.
101
359265
3656
06:03
In fact, in many cases, you even see
102
363662
2292
06:05
gold, silver and bronze levels of service.
103
365978
3172
06:09
You can check references.
104
369723
1671
06:11
You can even buy attacks
105
371797
2560
06:14
that come with a money-back guarantee --
106
374381
3328
06:17
(Laughter)
107
377733
1045
06:18
if you're not successful.
108
378802
1655
06:21
Now, these environments, these marketplaces --
109
381751
3091
06:24
they look like an Amazon or an eBay.
110
384866
3347
06:28
You see products, prices, ratings and reviews.
111
388237
3956
06:32
Of course, if you're going to buy an attack,
112
392217
2254
06:34
you're going to buy from a reputable criminal with good ratings, right?
113
394495
3449
06:37
(Laughter)
114
397968
1004
06:38
This isn't any different
115
398996
1201
06:40
than checking on Yelp or TripAdvisor before going to a new restaurant.
116
400221
5190
06:46
So, here is an example.
117
406323
2093
06:48
This is an actual screenshot of a vendor selling malware.
118
408440
5421
06:53
Notice they're a vendor level four,
119
413885
1815
06:55
they have a trust level of six.
120
415724
1841
06:57
They've had 400 positive reviews in the last year,
121
417589
2335
06:59
and only two negative reviews in the last month.
122
419948
2380
07:02
We even see things like licensing terms.
123
422892
3357
07:06
Here's an example of a site you can go to
124
426582
2004
07:08
if you want to change your identity.
125
428610
1757
07:10
They will sell you a fake ID,
126
430391
1857
07:12
fake passports.
127
432272
1594
07:14
But note the legally binding terms for purchasing your fake ID.
128
434423
5049
07:20
Give me a break.
129
440338
1521
07:21
What are they going to do -- sue you if you violate them?
130
441883
2858
07:24
(Laughter)
131
444765
1150
07:27
This occurred a couple of months ago.
132
447278
2423
07:29
One of our security researchers was looking
133
449725
3615
07:33
at a new Android malware application that we had discovered.
134
453364
4998
07:38
It was called Bilal Bot.
135
458386
1920
07:41
In a blog post,
136
461334
1926
07:43
she positioned Bilal Bot as a new, inexpensive and beta alternative
137
463284
6805
07:50
to the much more advanced GM Bot
138
470690
3338
07:54
that was commonplace in the criminal underground.
139
474052
2815
07:58
This review did not sit well with the authors of Bilal Bot.
140
478478
4010
08:03
So they wrote her this very email,
141
483057
2580
08:06
pleading their case and making the argument
142
486848
2757
08:09
that they felt she had evaluated an older version.
143
489629
5429
08:16
They asked her to please update her blog with more accurate information
144
496018
4709
08:20
and even offered to do an interview
145
500751
3412
08:24
to describe to her in detail
146
504187
2221
08:26
how their attack software was now far better than the competition.
147
506432
4599
08:32
So look,
148
512185
1325
08:33
you don't have to like what they do,
149
513534
3864
08:37
but you do have to respect the entrepreneurial nature
150
517422
4919
08:42
of their endeavors.
151
522365
1207
08:43
(Laughter)
152
523596
1150
08:46
So how are we going to stop this?
153
526296
3855
08:51
It's not like we're going to be able to identify who's responsible --
154
531534
5564
08:57
remember, they operate with anonymity
155
537122
2962
09:00
and outside the reach of the law.
156
540108
1985
09:03
We're certainly not going to be able to prosecute the offenders.
157
543037
3284
09:06
I would propose that we need a completely new approach.
158
546976
5545
09:13
And that approach needs to be centered on the idea
159
553583
3906
09:17
that we need to change the economics for the bad guys.
160
557513
3895
09:22
And to give you a perspective on how this can work,
161
562065
3101
09:25
let's think of the response we see to a healthcare pandemic:
162
565190
4988
09:30
SARS, Ebola, bird flu, Zika.
163
570202
3003
09:33
What is the top priority?
164
573856
1921
09:35
It's knowing who is infected and how the disease is spreading.
165
575801
5293
09:43
Now, governments, private institutions, hospitals, physicians --
166
583835
6147
09:50
everyone responds openly and quickly.
167
590881
3720
09:55
This is a collective and altruistic effort
168
595154
3971
09:59
to stop the spread in its tracks
169
599149
3900
10:03
and to inform anyone not infected
170
603073
2877
10:05
how to protect or inoculate themselves.
171
605974
2380
10:10
Unfortunately, this is not at all what we see in response to a cyber attack.
172
610720
5694
10:17
Organizations are far more likely to keep information on that attack
173
617670
4451
10:22
to themselves.
174
622145
1625
10:24
Why?
175
624902
1156
10:26
Because they're worried about competitive advantage,
176
626082
2970
10:29
litigation
177
629863
1571
10:31
or regulation.
178
631458
1306
10:33
We need to effectively democratize threat intelligence data.
179
633647
5770
10:39
We need to get all of these organizations to open up and share
180
639795
5476
10:45
what is in their private arsenal of information.
181
645295
3622
10:50
The bad guys are moving fast;
182
650830
2794
10:53
we've got to move faster.
183
653648
2117
10:56
And the best way to do that is to open up
184
656570
3722
11:00
and share data on what's happening.
185
660316
2347
11:03
Let's think about this in the construct of security professionals.
186
663124
4326
11:07
Remember, they're programmed right into their DNA to keep secrets.
187
667984
4976
11:12
We've got to turn that thinking on its head.
188
672984
3024
11:16
We've got to get governments, private institutions
189
676032
3281
11:19
and security companies
190
679337
1443
11:20
willing to share information at speed.
191
680804
2731
11:23
And here's why:
192
683559
1676
11:25
because if you share the information,
193
685259
1877
11:27
it's equivalent to inoculation.
194
687160
2017
11:30
And if you're not sharing,
195
690483
1547
11:32
you're actually part of the problem,
196
692054
2101
11:34
because you're increasing the odds that other people could be impacted
197
694179
5768
11:39
by the same attack techniques.
198
699971
2630
11:43
But there's an even bigger benefit.
199
703806
2049
11:47
By destroying criminals' devices closer to real time,
200
707018
4746
11:51
we break their plans.
201
711788
1753
11:55
We inform the people they aim to hurt
202
715282
3240
11:58
far sooner than they had ever anticipated.
203
718546
2645
12:02
We ruin their reputations,
204
722340
2201
12:04
we crush their ratings and reviews.
205
724565
3092
12:08
We make cybercrime not pay.
206
728125
3832
12:12
We change the economics for the bad guys.
207
732751
3768
12:18
But to do this, a first mover was required --
208
738135
3972
12:22
someone to change the thinking in the security industry overall.
209
742131
4601
12:27
About a year ago,
210
747887
1270
12:29
my colleagues and I had a radical idea.
211
749181
2506
12:32
What if IBM were to take our data --
212
752444
4584
12:37
we had one of the largest threat intelligence databases in the world --
213
757807
3988
12:41
and open it up?
214
761819
1359
12:43
It had information not just on what had happened in the past,
215
763577
3461
12:47
but what was happening in near-real time.
216
767062
2475
12:49
What if we were to publish it all openly on the internet?
217
769561
3897
12:54
As you can imagine, this got quite a reaction.
218
774283
2494
12:56
First came the lawyers:
219
776801
1364
12:58
What are the legal implications of doing that?
220
778189
2315
13:01
Then came the business:
221
781205
1335
13:02
What are the business implications of doing that?
222
782564
2400
13:05
And this was also met with a good dose
223
785442
2173
13:07
of a lot of people just asking if we were completely crazy.
224
787639
3108
13:11
But there was one conversation that kept floating to the surface
225
791748
3786
13:15
in every dialogue that we would have:
226
795558
2051
13:18
the realization that if we didn't do this,
227
798220
3547
13:21
then we were part of the problem.
228
801791
2631
13:25
So we did something unheard of in the security industry.
229
805334
2860
13:28
We started publishing.
230
808865
1673
13:30
Over 700 terabytes of actionable threat intelligence data,
231
810562
4410
13:34
including information on real-time attacks
232
814996
3005
13:38
that can be used to stop cybercrime in its tracks.
233
818025
2863
13:41
And to date,
234
821633
1370
13:43
over 4,000 organizations are leveraging this data,
235
823027
4044
13:47
including half of the Fortune 100.
236
827095
1879
13:50
And our hope as a next step is to get all of those organizations
237
830419
4017
13:54
to join us in the fight,
238
834460
1961
13:56
and do the same thing
239
836445
1551
13:58
and share their information
240
838020
2088
14:00
on when and how they're being attacked as well.
241
840132
2534
14:03
We all have the opportunity to stop it,
242
843372
3018
14:06
and we already all know how.
243
846414
2161
14:09
All we have to do is look to the response that we see
244
849192
4370
14:13
in the world of health care,
245
853586
1506
14:15
and how they respond to a pandemic.
246
855116
1903
14:17
Simply put,
247
857443
1379
14:18
we need to be open and collaborative.
248
858846
2276
14:21
Thank you.
249
861696
1151
14:22
(Applause)
250
862871
3792
About this website

This site will introduce you to YouTube videos that are useful for learning English. You will see English lessons taught by top-notch teachers from around the world. Double-click on the English subtitles displayed on each video page to play the video from there. The subtitles scroll in sync with the video playback. If you have any comments or requests, please contact us using this contact form.

https://forms.gle/WvT1wiN1qDtmnspy7