Mikko Hypponen: Three types of online attack

100,267 views ・ 2012-01-18

TED


Dvaput kliknite na engleske titlove ispod za reprodukciju videozapisa.

Prevoditelj: Davorin Jelačić Recezent: Mislav Ante Omazić - EFZG
00:20
In the 1980s, in communist Eastern Germany,
0
20624
6701
Tijekom 1980-tih
u komunističkoj Istočnoj Njemačkoj,
ako ste posjedovali pisaći stroj,
00:27
if you owned a typewriter,
1
27349
3174
00:30
you had to register it with the government.
2
30547
2801
vlada je tražila da ga registrirate.
Morali ste evidentirati
00:33
You had to register a sample sheet of text out of the typewriter.
3
33372
5464
običnu stranicu teksta
koja je izišla iz pisaćeg stroja.
00:38
And this was done so the government could track
4
38860
3551
To se činilo kako bi vlada
mogla pratiti odakle tekstovi potječu.
00:42
where the text was coming from.
5
42435
1745
Ako bi otkrili dokument
00:44
If they found a paper which had the wrong kind of thought,
6
44204
5695
koji je sadržavao pogrešne misli,
00:49
they could track down who created that thought.
7
49923
3144
mogli su ući u trag
onome tko je stvorio tu misao.
Mi na Zapadu
00:54
And we in the West
8
54369
1594
nismo mogli razumjeti kako je netko to mogao,
00:57
couldn't understand how anybody would do this,
9
57154
2682
00:59
how much this would restrict freedom of speech.
10
59860
3177
koliko je to ograničavalo slobodu govora.
Mi nikada ne bismo učinili takvo što
01:03
We would never do that in our own countries.
11
63061
3276
u našim vlastitim zemljama.
Ali danas, 2011.,
01:08
But today, in 2011, if you go and buy a color laser printer
12
68319
6417
ako idete kupiti laserski pisač u boji
01:14
from any major laser printer manufacturer
13
74760
3839
bilo kojeg vodećeg proizvođača
i ispišete stranicu,
01:18
and print a page,
14
78623
1437
taj će ispis imati
01:20
that page will end up
15
80084
1752
01:21
having slight yellow dots printed on every single page,
16
81860
5220
diskretne žute točkice
ispisane na baš svakoj stranici,
s obrascem koji tu stranicu čini jedinstvenom
01:27
in a pattern which makes the page unique to you and to your printer.
17
87104
5443
u odnosu na Vas i Vaš pisač.
To se događa
01:34
This is happening to us today.
18
94381
3335
nama danas.
I čini se da nitko ne pravi problem oko toga.
01:39
And nobody seems to be making a fuss about it.
19
99358
3082
To je primjer
01:43
And this is an example
20
103615
2664
načina
01:46
of the ways our own governments are using technology
21
106303
6852
na koje naše vlade
rabe tehnologiju
protiv nas, građana.
01:53
against us, the citizens.
22
113179
2054
I to je jedan od tri glavna izvora
01:57
And this is one of the main three sources of online problems today.
23
117179
4334
problema na mreži danas.
02:01
If we look at what's really happening in the online world,
24
121537
2990
Ako pogledamo što se doista događa na Internetu,
02:04
we can group the attacks based on the attackers.
25
124551
2905
možemo klasificirati napade prema napadačima.
Imamo tri glavne skupine.
02:08
We have three main groups.
26
128028
1808
02:09
We have online criminals.
27
129860
1439
Imamo mrežne kriminalce.
02:11
Like here, we have Mr. Dmitry Golubov,
28
131323
2203
Ovdje imamo g. Dimitrija Golubova
02:13
from the city of Kiev in Ukraine.
29
133550
1976
iz Kijeva u Ukrajini.
Motive mrežnih kriminalaca
02:16
And the motives of online criminals are very easy to understand.
30
136419
4417
lako je razumjeti.
02:20
These guys make money.
31
140860
1594
Ti tipovi zarađuju novac.
02:22
They use online attacks to make lots of money --
32
142478
4254
Koriste mrežne napade
da zarade puno novca,
02:26
and lots and lots of it.
33
146756
1977
puno, puno novca.
02:28
We actually have several cases of millionaires online, multimillionaires,
34
148757
5385
Imamo i nekoliko slučajeva
mrežnih milijunaša, multimilijunaša,
koji su zaradili svojim napadima.
02:34
who made money with their attacks.
35
154166
1760
02:35
Here's Vladimir Tsastsin, from Tartu in Estonia.
36
155950
3502
Ovo je Vladimir Čačin iz Tartua u Estoniji.
Ovo je Alfred Gonzalez.
02:39
This is [Albert] Gonzalez.
37
159476
1795
Ovo je Stephen Watt.
02:41
This is Stephen Watt.
38
161295
1775
Ovo je Bjorn Sundin.
02:43
This is Bjorn Sundin.
39
163094
1798
02:44
This is Matthew Anderson, Tariq Al-Daour
40
164916
1941
Ovo je Matthew Anderson, Tariq Al-Daour
02:46
and so on and so on.
41
166881
2312
i tako dalje, i tako dalje.
Ti tipovi
02:50
These guys make their fortunes online,
42
170256
4219
zarađuju bogatstvo na mreži,
ali ga zarađuju na nezakonit način
02:54
but they make it through the illegal means
43
174499
2337
02:56
of using things like banking Trojans
44
176860
2695
koristeći bankovne trojance
kako bi krali novac s naših bankovnih računa
02:59
to steal money from our bank accounts while we do online banking,
45
179579
3453
dok mi obavljamo internetsko bankarstvo,
ili pomoću programa za bilježenje pritisnutih tipki
03:03
or with keyloggers
46
183056
2250
kojima prikupljaju podatke o našim kreditnim karticama
03:05
to collect our credit card information
47
185330
2258
03:07
while we are doing online shopping from an infected computer.
48
187612
3561
dok obavljamo internetsku kupnju sa zaraženog računala.
Tajna služba SAD-a
03:11
The US Secret Service,
49
191197
2354
blokirala je prije dva mjeseca
03:13
two months ago, froze the Swiss bank account
50
193575
3022
bankovni račun u Švicarskoj
03:16
of Mr. Sam Jain right here,
51
196621
2581
ovog gospodina, Sama Jaina,
a na tom je računu bilo 14,9 milijuna dolara,
03:19
and that bank account had 14.9 million US dollars in it
52
199226
3712
u trenutku blokade.
03:22
when it was frozen.
53
202962
1391
G. Jain je u bijegu;
03:24
Mr. Jain himself is on the loose; nobody knows where he is.
54
204377
3237
nitko ne zna gdje je.
03:28
And I claim it's already today
55
208637
2444
Tvrdim da je danas već vjerojatnije
da će bilo tko od nas
03:32
that it's more likely for any of us to become the victim of a crime online
56
212335
5722
postati žrtvom mrežnog kriminala
nego žrtvom kriminala u stvarnom svijetu.
03:38
than here in the real world.
57
218081
2370
I sasvim je očito
03:41
And it's very obvious that this is only going to get worse.
58
221691
2945
da će se stvari samo pogoršati.
03:44
In the future, the majority of crime will be happening online.
59
224660
4376
U budućnosti, većina zločina
odvijat će se na Internetu.
Drugu glavnu skupinu napadača
03:51
The second major group of attackers that we are watching today
60
231488
3348
koju danas promatramo
03:54
are not motivated by money.
61
234860
2259
ne motivira novac.
Motivira ih nešto drugo --
03:57
They're motivated by something else --
62
237143
2103
motiviraju ih prosvjedi,
03:59
motivated by protests,
63
239270
1977
mišljenja,
04:01
motivated by an opinion,
64
241271
2212
motivira ih humor.
04:03
motivated by the laughs.
65
243507
2171
04:05
Groups like Anonymous have risen up over the last 12 months
66
245702
5525
Skupine poput Anonymous
ojačale su tijekom posljednjih 12 mjeseci
i postale glavni igrač
04:11
and have become a major player in the field of online attacks.
67
251251
3956
na području mrežnih napada.
To su, dakle, tri glavna napadača:
04:16
So those are the three main attackers:
68
256287
1832
kriminalci koji to čine radi novca,
04:18
criminals who do it for the money,
69
258143
2055
hakerski aktivisti kao Anonymous
04:20
hacktivists like Anonymous doing it for the protest,
70
260222
4499
koji to čine iz bunta,
04:24
but then the last group are nation states --
71
264745
3202
ali posljednja skupina su nacionalne države,
04:27
governments doing the attacks.
72
267971
2039
vlade koje provode napade.
I tada promatramo slučajeve
04:32
And then we look at cases like what happened in DigiNotar.
73
272551
3493
poput slučaja DigiNotar.
Ovo je najbolji primjer onoga što se događa
04:36
This is a prime example of what happens when governments attack
74
276068
3886
kad vlade napadaju
04:39
against their own citizens.
75
279978
1696
svoje vlastite građane.
DigiNotar je tvrtka koja izdaje certifikate,
04:42
DigiNotar is a certificate authority from the Netherlands --
76
282412
4987
iz Nizozemske --
zapravo, bila je.
04:47
or actually, it was.
77
287423
1576
Otišla je u stečaj
04:49
It was running into bankruptcy last fall,
78
289023
5222
prošle jeseni
jer je bila žrtvom hakiranja.
04:54
because they were hacked into.
79
294269
1768
Netko je provalio
04:56
Somebody broke in and they hacked it thoroughly.
80
296061
3364
i temeljito ih hakirao.
05:00
And I asked last week,
81
300591
2575
Upitao sam prošli tjedan,
na sastanku s predstavnicima nizozemske vlade,
05:03
in a meeting with Dutch government representatives,
82
303190
4123
pitao sam jednog od vođa tima
05:07
I asked one of the leaders of the team
83
307337
3694
misli li on da je vjerojatno
05:12
whether he found plausible that people died
84
312150
5330
da je netko poginuo
05:17
because of the DigiNotar hack.
85
317504
1784
kao posljedica hakiranja DigiNotara.
Odgovorio mi je pozitivno.
05:21
And his answer was: yes.
86
321447
2440
Pa kako to ljudi pogibaju
05:26
So how do people die
87
326073
2039
kao posljedica ovakvog hakiranja?
05:28
as the result of a hack like this?
88
328136
1706
DigiNotar je ovlašteni certifikator.
05:31
Well, DigiNotar is a CA.
89
331049
1787
05:32
They sell certificates.
90
332860
1976
Prodaju certifikate.
05:34
What do you do with certificates?
91
334860
1606
Što činimo s certifikatima?
05:36
Well, you need a certificate if you have a website
92
336490
2542
Trebate certifikat
ako imate Internetske stranice koje koriste https,
05:39
that has https, SSL encrypted services,
93
339056
3603
SSL enkripcijski servis,
05:43
services like Gmail.
94
343725
2749
servise poput Gmail-a.
Svi mi, ili velik broj nas,
05:47
Now we all, or a big part of us, use Gmail or one of their competitors,
95
347363
3661
koristimo Gmail ili nekog od konkurenata,
ali su te usluge naročito popularne
05:51
but these services are especially popular in totalitarian states like Iran,
96
351048
5788
u totalitarnim državama
poput Irana,
05:56
where dissidents use foreign services like Gmail
97
356860
4976
gdje disidenti
koriste strane usluge poput Gmail-a
06:01
because they know they are more trustworthy than the local services
98
361860
3191
jer znaju da im više mogu vjerovati nego lokalnim uslugama,
a i šifrirani su pri SSL povezivanju,
06:05
and they are encrypted over SSL connections,
99
365075
2761
06:07
so the local government can't snoop on their discussions.
100
367860
3304
pa lokalne vlade ne mogu njuškati
po njihovim diskusijama.
Odnosno mogu, ako hakiraju stranog certifikatora
06:12
Except they can,
101
372196
1344
06:13
if they hack into a foreign CA and issue rogue certificates.
102
373564
3851
i izdaju lažne certifikate.
I upravo se to dogodilo
06:17
And this is exactly what happened with the case of DigiNotar.
103
377439
3861
u slučaju DigiNotar-a.
A što je s arapskim proljećem
06:25
What about Arab Spring
104
385109
1992
i onime što se događalo, na primjer, u Egiptu?
06:27
and things that have been happening, for example, in Egypt?
105
387125
3311
U Egiptu su
06:30
Well, in Egypt,
106
390460
1343
06:31
the rioters looted the headquarters of the Egyptian secret police
107
391827
3707
pobunjenici opljačkali stožer
egipatske tajne policije
06:35
in April 2011,
108
395558
2590
u travnju 2011.,
i pri pljački su pronašli gomilu dokumenata.
06:38
and when they were looting the building, they found lots of papers.
109
398172
3144
Među tim dokumentima je bio
06:41
Among those papers was this binder entitled, "FinFisher."
110
401340
3857
i fascikl "FINFISHER."
U tom su fasciklu bile bilješke
06:45
And within that binder were notes from a company based in Germany,
111
405221
4836
kompanije sa sjedištem u Njemačkoj
koja je egipatskoj vladi prodala
06:50
which had sold to the Egyptian government
112
410081
3522
kolekciju alata
06:53
a set of tools for intercepting, at a very large scale,
113
413627
4703
za presretanje komunikacija --
na masovnoj osnovi --
06:58
all the communication of the citizens of the country.
114
418354
3051
građana te zemlje.
Prodali su te alate
07:01
They had sold this tool for 280,000 euros to the Egyptian government.
115
421429
4876
egipatskoj vladi za 280.000 eura.
Upravna zgrada te kompanije je baš ovdje.
07:06
The company headquarters are right here.
116
426329
2920
Znači, zapadne vlade
07:09
So Western governments are providing totalitarian governments with tools
117
429273
4417
totalitarnim vladama daju alate
07:13
to do this against their own citizens.
118
433714
2248
koje koriste protiv vlastitih građana.
Ali zapadne vlade isto čine i sebi.
07:17
But Western governments are doing it to themselves as well.
119
437293
2977
Na primjer, u Njemačkoj,
07:20
For example, in Germany,
120
440294
2171
prije samo nekoliko tjedana
07:22
just a couple of weeks ago, the so-called "State Trojan" was found,
121
442489
4563
otkriven je takozvani Scuinst Trojan,
trojanac
07:27
which was a Trojan used by German government officials
122
447076
3752
koji dužnosnici njemačke vlade
07:30
to investigate their own citizens.
123
450852
2203
koriste za istraživanje vlastitih građana.
Ako ste osumnjičeni u kaznenom postupku,
07:33
If you are a suspect in a criminal case,
124
453079
3704
07:36
well, it's pretty obvious, your phone will be tapped.
125
456807
2525
očigledno je da će vam prisluškivati telefon.
Ali danas idu i dalje od toga.
07:39
But today, it goes beyond that.
126
459356
2242
Prisluškivat će vašu Internet vezu.
07:41
They will tap your Internet connection.
127
461622
1919
Koristit će alate poput Scuinst Trojana
07:43
They will even use tools like State Trojan
128
463565
2736
kako bi zarazili vaše računalo trojancem,
07:46
to infect your computer with a Trojan,
129
466325
2512
07:48
which enables them to watch all your communication,
130
468861
4366
što im omogućuje
praćenje svih vaših komunikacija,
slušanje vaših mrežnih diskusija,
07:53
to listen to your online discussions,
131
473251
2817
prikupljanje vaših lozinki.
07:56
to collect your passwords.
132
476092
2101
08:01
Now, when we think deeper about things like these,
133
481816
5220
Kada dublje razmislimo
o ovakvim stvarima,
očit odgovor ljudi bi mogao biti da,
08:07
the obvious response from people should be,
134
487060
5314
"Dobro, to je loše,
08:12
"OK, well, that sounds bad, but that doesn't really affect me,
135
492398
4242
ali to me se ne tiče jer ne kršim zakon.
08:16
because I'm a legal citizen.
136
496664
2176
Zašto da to mene brine?
08:18
Why should I worry? Because I have nothing to hide."
137
498864
2723
Ništa ne skrivam."
A to je argument,
08:23
And this is an argument which doesn't make sense.
138
503373
2447
koji nema smisla.
Privatnost se podrazumijeva.
08:27
Privacy is implied.
139
507237
2809
Privatnost nije predmet diskusije.
08:30
Privacy is not up for discussion.
140
510070
3665
08:34
This is not a question
141
514538
1872
Nije riječ o dilemi
08:36
between privacy
142
516434
4549
između privatnosti
i sigurnosti.
08:41
against security.
143
521007
1690
08:43
It's a question of freedom
144
523729
3555
Riječ je o pitanju slobode
i pitanju kontrole.
08:47
against control.
145
527308
1441
I dok možda vjerujemo našim vladama
08:50
And while we might trust our governments right now, right here in 2011,
146
530046
6863
sada, baš ovdje, 2011.,
08:56
any rights we give away will be given away for good.
147
536933
3439
svako pravo kojega se odreknemo, izgubit ćemo zauvijek.
I zar vjerujemo, zar slijepo vjerujemo,
09:00
And do we trust, do we blindly trust, any future government,
148
540396
4581
svakoj budućoj vladi,
nekoj vladi koja će vladati
09:05
a government we might have 50 years from now?
149
545001
3284
i za 50 godina?
To su pitanja
09:11
And these are the questions
150
551460
2786
o kojima moramo brinuti u sljedećih 50 godina.
09:14
that we have to worry about for the next 50 years.
151
554270
3213
O ovoj web stranici

Ova stranica će vas upoznati s YouTube videozapisima koji su korisni za učenje engleskog jezika. Vidjet ćete lekcije engleskog koje vode vrhunski profesori iz cijelog svijeta. Dvaput kliknite na engleske titlove prikazane na svakoj video stranici da biste reproducirali video s tog mjesta. Titlovi se pomiču sinkronizirano s reprodukcijom videozapisa. Ako imate bilo kakvih komentara ili zahtjeva, obratite nam se putem ovog obrasca za kontakt.

https://forms.gle/WvT1wiN1qDtmnspy7