James Lyne: Everyday cybercrime -- and what you can do about it

412,219 views ・ 2013-09-16

TED


请双击下面的英文字幕来播放视频。

翻译人员: Riyan Song 校对人员: Viv Yang
00:12
I'm going to be showing some of the cybercriminals'
0
12713
1632
我将向你们展示网络罪犯们的一些
00:14
latest and nastiest creations.
1
14345
2462
最新、最邪恶的作品。
00:16
So basically, please don't go and download
2
16807
2908
所以,请不要去下载
00:19
any of the viruses that I show you.
3
19715
2696
我将展示的病毒。
00:22
Some of you might be wondering what a cybersecurity specialist looks like,
4
22411
3018
你们可能会好奇网络安全专家是什么样子的
00:25
and I thought I'd give you a quick insight
5
25429
2169
那就让我来简要介绍一下
00:27
into my career so far.
6
27598
2678
我迄今为止的工作经历吧。 (电脑奇客 ->苹果忠粉->Linux研究“猿”->TED演讲人)
00:30
It's a pretty accurate description.
7
30276
2501
这幅图描述得相当准确 (电脑奇客 ->苹果忠粉->Linux研究“猿”->TED演讲人)
00:32
This is what someone that specializes
8
32777
1656
这就是一个研究
00:34
in malware and hacking looks like.
9
34433
2420
恶意软件和黑客的人
00:36
So today, computer viruses and trojans,
10
36853
3414
今天,计算机病毒和木马程序
00:40
designed to do everything from stealing data
11
40267
2880
被用来做各种事情,如盗取数据,
00:43
to watching you in your webcam
12
43147
2041
打开你的网络摄像头偷窥,
00:45
to the theft of billions of dollars.
13
45188
2778
甚至窃取数十亿美金。
00:47
Some malicious code today goes as far
14
47966
2195
有些恶意代码甚至能
00:50
as targeting power, utilities and infrastructure.
15
50161
4143
攻击能源、公共和基础设施。
00:54
Let me give you a quick snapshot
16
54304
1961
让我们先迅速了解一下
00:56
of what malicious code is capable of today.
17
56265
2614
如今的恶意代码有多大能耐。
00:58
Right now, every second, eight new users
18
58879
3070
现在,每秒钟就有8名新用户
01:01
are joining the Internet.
19
61949
2155
加入互联网
01:04
Today, we will see 250,000 individual new computer viruses.
20
64104
7308
今天,共有25万种新型计算机病毒诞生
01:11
We will see 30,000 new infected websites.
21
71412
5773
3万个中毒网站
01:17
And, just to kind of tear down a myth here,
22
77185
2086
对了,在此澄清一个流言,
01:19
lots of people think that when you get infected
23
79271
2488
很多人认为他们的电脑之所以会感染病毒,
01:21
with a computer virus, it's because you went to a porn site.
24
81759
3451
是因为他们访问了色情网站
01:25
Right? Well, actually, statistically speaking,
25
85210
2443
对吧?但其实,据数字统计,
01:27
if you only visit porn sites, you're safer.
26
87653
3125
如果你只访问色情网站,那还更安全些。
01:30
People normally write that down, by the way. (Laughter)
27
90778
3002
顺便提一句,人们通常会记下这点 (笑)
01:33
Actually, about 80 percent of these
28
93780
1562
事实上,80%的电脑病毒来自
01:35
are small business websites getting infected.
29
95342
3513
受到病毒感染的商业网站。
01:38
Today's cybercriminal, what do they look like?
30
98855
2285
如今的网络罪犯到底长什么样子?
01:41
Well, many of you have the image, don't you,
31
101140
2426
很多人脑中会浮现出这样的画面,
01:43
of the spotty teenager sitting in a basement,
32
103566
2176
一个满脸粉刺的小伙子窝在地下室里,
01:45
hacking away for notoriety.
33
105742
2388
为了出名肆意发动黑客袭击。
01:48
But actually today, cybercriminals
34
108130
1623
但如今的网络罪犯
01:49
are wonderfully professional and organized.
35
109753
3311
具有高度的专业性和组织性。
01:53
In fact, they have product adverts.
36
113064
2871
事实上,他们甚至推出了产品广告。
01:55
You can go online and buy a hacking service
37
115935
2131
你可以上网购买黑客服务
01:58
to knock your business competitor offline.
38
118066
2149
拉黑你商业对手的网站。
02:00
Check out this one I found.
39
120215
1559
一起来看看我找到的这条广告。
02:01
(Video) Man: So you're here for one reason,
40
121774
1819
(视频)你来这里只有一个原因,
02:03
and that reason is
41
123593
1465
那就是
02:05
because you need your business competitors,
42
125058
1912
你希望打倒你的商业对手、
02:06
rivals, haters, or whatever the reason is, or who,
43
126970
3952
敌人、仇人,无论什么人、什么原因,
02:10
they are to go down.
44
130922
1744
他们就要完蛋了
02:12
Well you, my friend, you've came to the right place.
45
132666
2860
嘿,朋友,你找对地方了!
02:15
If you want your business competitors to go down,
46
135526
2416
想让你的商业对手死机?
02:17
well, they can.
47
137942
1336
是的,他们会的。
02:19
If you want your rivals to go offline, well, they will.
48
139278
3424
想让你的对手掉线?好的,他们会的。
02:22
Not only that, we are providing a short-term-to-long-term
49
142702
3027
不仅如此,我们还提供短期至长期的
02:25
DDOS service or scheduled attack,
50
145729
2355
分布式拒绝服务(DDos)攻击和定时攻击。
02:28
starting five dollars per hour for small personal websites
51
148084
3811
攻击小型个人网站,每小时起价只需5美金
02:31
to 10 to 50 dollars per hour.
52
151895
2904
至10~50美金价格不等。
02:34
James Lyne: Now, I did actually pay
53
154799
1323
其实我曾经付钱
02:36
one of these cybercriminals to attack my own website.
54
156122
2793
给一个这样的网络罪犯来攻击我自己的网站。
02:38
Things got a bit tricky when I tried to expense it at the company.
55
158915
3494
但我在向公司报销这笔费用时有点麻烦
02:42
Turns out that's not cool.
56
162409
1714
结果不太理想。
02:44
But regardless, it's amazing how many products
57
164123
3010
但不管怎样,如今竟有如此多产品和服务
02:47
and services are available now to cybercriminals.
58
167133
3112
可为网络罪犯们提供方便。
02:50
For example, this testing platform,
59
170245
2476
比方说,这个测试平台
02:52
which enables the cybercriminals
60
172721
1715
可以让网络罪犯们
02:54
to test the quality of their viruses
61
174436
2482
在将病毒传播出去之前
02:56
before they release them on the world.
62
176918
2452
测试它们的效果。
02:59
For a small fee, they can upload it
63
179370
1957
只需花少量的钱,他们就能上传病毒
03:01
and make sure everything is good.
64
181327
1666
检查代码是否一切正常。
03:02
But it goes further.
65
182993
1533
不仅如此,
03:04
Cybercriminals now have crime packs
66
184526
2245
网络罪犯们现在还拥有犯罪工具包,
03:06
with business intelligence reporting dashboards
67
186771
3119
包括智能商业报告
03:09
to manage the distribution of their malicious code.
68
189890
3476
来管理恶意代码的传播。
03:13
This is the market leader in malware distribution,
69
193366
3528
这就是流氓软件传播的市场领导者,
03:16
the Black Hole Exploit Pack,
70
196894
1638
“黑洞开发包”
03:18
responsible for nearly one third of malware distribution
71
198532
3659
在过去的半年里,近三分之一流氓软件的散播
03:22
in the last couple of quarters.
72
202191
1974
都与其有关。
03:24
It comes with technical installation guides,
73
204165
3009
它自带安装指南,
03:27
video setup routines,
74
207174
1045
视频设置程序,
03:28
and get this, technical support.
75
208219
3955
听听这个,技术支持。
03:32
You can email the cybercriminals and they'll tell you
76
212174
2388
你可以给网络罪犯们发邮件,然后他们就会告诉你
03:34
how to set up your illegal hacking server.
77
214562
3622
如何建立你的非法黑客服务器。
03:38
So let me show you what malicious code looks like today.
78
218184
4284
现在,我给各位展示一下今天的恶意代码如何工作。
03:42
What I've got here is two systems,
79
222468
2312
这里有两个系统,
03:44
an attacker, which I've made look all Matrix-y and scary,
80
224780
3690
一个是攻击系统,我给它弄了个恐怖的矩阵形界面,
03:48
and a victim, which you might recognize from home or work.
81
228470
3302
另一个是受害人系统,也就是你的家用或办公电脑。
03:51
Now normally, these would be on different sides
82
231772
2729
通常来说,它们在地球或互联网的
03:54
of the planet or of the Internet,
83
234501
2555
不同两端,
03:57
but I've put them side by side
84
237056
1396
但我把他们放在一起
03:58
because it makes things much more interesting.
85
238452
2664
因为这样让事情变得更有趣。
04:01
Now, there are many ways you can get infected.
86
241116
2055
现在,有许多途径可使你的电脑被感染。
04:03
You will have come in contact with some of them.
87
243171
2592
你们可能经历过其中的一些。
04:05
Maybe some of you have received an email
88
245763
2096
例如你们可能收到封邮件说:
04:07
that says something like, "Hi, I'm a Nigerian banker,
89
247859
4085
“嗨,我是一名尼日利亚的银行家,
04:11
and I'd like to give you 53 billion dollars
90
251944
2764
我打算给你530亿美元
04:14
because I like your face."
91
254708
2427
因为我喜欢你的长相。”
04:17
Or funnycats.exe, which rumor has it
92
257135
3394
或收到 funnycats.exe (“有趣的小猫”)文件,据说
04:20
was quite successful in China's recent campaign against America.
93
260529
3769
它在最近的中美网络对抗中功不可没。
04:24
Now there are many ways you can get infected.
94
264298
2430
你会从很多渠道受到病毒攻击。
04:26
I want to show you a couple of my favorites.
95
266728
1987
我想展示我最喜欢的几个。
04:28
This is a little USB key.
96
268715
2660
这是一只小U盘
04:31
Now how do you get a USB key to run in a business?
97
271375
2157
然而你怎么才能将你的U盘插到一个公司的电脑里呢?
04:33
Well, you could try looking really cute.
98
273532
4125
你可以尝试卖萌。
04:37
Awww.
99
277657
1938
喔~~~
04:39
Or, in my case, awkward and pathetic.
100
279595
2363
或者像我一样,装可怜。
04:41
So imagine this scenario: I walk into one of your businesses,
101
281958
4189
请想象这样的情景:我可怜兮兮地走进你的公司,
04:46
looking very awkward and pathetic, with a copy of my C.V.
102
286147
2842
手里拿着我的简历,
04:48
which I've covered in coffee,
103
288989
1899
上面留着咖啡渍,
04:50
and I ask the receptionist to plug in this USB key
104
290888
3387
我请求前台人员插入我的U盘
04:54
and print me a new one.
105
294275
1949
来帮我打印一份新的简历。
04:56
So let's have a look here on my victim computer.
106
296224
3230
让我们来看看这边受攻击的电脑。
04:59
What I'm going to do is plug in the USB key.
107
299454
3246
我将要插入这只U盘。
05:02
After a couple of seconds,
108
302700
1490
几秒钟后,
05:04
things start to happen on the computer on their own,
109
304190
2751
有些东西开始在这台电脑里自动运行了,
05:06
usually a bad sign.
110
306941
1935
通常这是个坏兆头。
05:08
This would, of course, normally happen
111
308876
1694
当然,这些通常会在
05:10
in a couple of seconds, really, really quickly,
112
310570
2758
几秒之内发生,非常非常快,
05:13
but I've kind of slowed it down
113
313328
1660
但我让这个过程慢了下来,
05:14
so you can actually see the attack occurring.
114
314988
2830
这样你就能实际看到攻击是如何发生的。
05:17
Malware is very boring otherwise.
115
317818
2517
不然,恶意程序是很无聊的。
05:20
So this is writing out the malicious code,
116
320335
2597
这是在写出恶意代码,
05:22
and a few seconds later, on the left-hand side,
117
322932
3797
几秒后,在左侧,
05:26
you'll see the attacker's screen get some interesting new text.
118
326729
4298
你会看到攻击者的电脑屏幕上出现了一些有趣的新文本。
05:31
Now if I place the mouse cursor over it,
119
331027
1931
现在如果我把光标移过去,
05:32
this is what we call a command prompt,
120
332958
2307
就会出现一个所谓的命令提示符,
05:35
and using this we can navigate around the computer.
121
335265
3797
通过它,我们就可以随意操纵受害者电脑了。
05:39
We can access your documents, your data.
122
339062
2159
我们可以访问你的文件,你的数据。
05:41
You can turn on the webcam.
123
341221
1501
还可以打开网络摄像头。
05:42
That can be very embarrassing.
124
342722
1629
这有点尴尬。
05:44
Or just to really prove a point,
125
344351
1723
为了进一步证明我的观点,
05:46
we can launch programs like my personal favorite,
126
346074
3121
我们可以启动一些程序,比如说我最喜欢的,
05:49
the Windows Calculator.
127
349195
2805
Windows 计算器。
05:52
So isn't it amazing how much control
128
352000
2288
这难道不令人惊讶吗?
05:54
the attackers can get with such a simple operation?
129
354288
2895
一个简单操作竟可让攻击者尽在掌控。
05:57
Let me show you how most malware
130
357183
1931
请让我展示一下今天的恶意程序
05:59
is now distributed today.
131
359114
2183
是如何传播的。
06:01
What I'm going to do is open up a website
132
361297
2520
我要打开一个
06:03
that I wrote.
133
363817
1316
我自己编的网站。
06:05
It's a terrible website. It's got really awful graphics.
134
365133
4315
这是一个糟糕的网站,页面很丑。
06:09
And it's got a comments section here
135
369448
2194
这里有一个留言板
06:11
where we can submit comments to the website.
136
371642
3681
我们可以在此提交评论。
06:15
Many of you will have used something a bit like this before.
137
375323
3007
你们以前可能用过类似的东西。
06:18
Unfortunately, when this was implemented,
138
378330
1947
可惜,当评论提交成功后,
06:20
the developer was slightly inebriated
139
380277
2425
开发者就会有些自我陶醉,
06:22
and managed to forget
140
382702
1242
以至于忘记了
06:23
all of the secure coding practices he had learned.
141
383944
2989
他接受过的所有的安全编程训练。
06:26
So let's imagine that our attacker,
142
386933
3066
想象一下,我们的攻击系统,
06:29
called Evil Hacker just for comedy value,
143
389999
3448
为了好玩,就叫它“邪恶黑客”吧,
06:33
inserts something a little nasty.
144
393447
2023
它嵌入了一些有点邪恶的东西。
06:35
This is a script.
145
395470
1699
这是一个脚本。
06:37
It's code which will be interpreted on the webpage.
146
397169
4077
它是一段可通过网页读取的代码。
06:41
So I'm going to submit this post,
147
401246
2325
下面我将发出这条讯息,
06:43
and then, on my victim computer,
148
403571
2382
然后,在我的受害电脑上,
06:45
I'm going to open up the web browser
149
405953
2027
我要打开网页浏览器,
06:47
and browse to my website,
150
407980
2253
浏览我的网站,
06:50
www.incrediblyhacked.com.
151
410233
3789
www.incrediblyhacked.com.
06:54
Notice that after a couple of seconds,
152
414022
2124
请注意,几秒钟后,
06:56
I get redirected.
153
416146
1457
页面跳转了,
06:57
That website address at the top there,
154
417603
1977
你马上就能看到,
06:59
which you can just about see, microshaft.com,
155
419580
3331
屏幕上方的网址是:microshaft.com
07:02
the browser crashes as it hits one of these exploit packs,
156
422911
3193
浏览器读取了某个开发包而崩溃
07:06
and up pops fake antivirus.
157
426104
4024
并弹出了假冒的杀毒软件提示。
07:10
This is a virus pretending to look like antivirus software,
158
430128
5056
其实这是病毒伪装成了杀毒软件,
07:15
and it will go through and it will scan the system,
159
435184
2365
它将开始运行,并扫面你的系统。
07:17
have a look at what its popping up here.
160
437549
1508
看一下这里弹出来了什么。
07:19
It creates some very serious alerts.
161
439057
1748
它制造了一些严重警告,
07:20
Oh look, a child porn proxy server.
162
440805
2343
快看,一个儿童色情代理服务器。
07:23
We really should clean that up.
163
443148
2432
我们应该彻底清除它。
07:25
What's really insulting about this is
164
445580
1584
最不能忍受的是,
07:27
not only does it provide the attackers with access to your data,
165
447164
4238
它不仅能让黑客获取你的数据,
07:31
but when the scan finishes, they tell you
166
451402
2823
在扫描完成后,它还会通知你
07:34
in order to clean up the fake viruses,
167
454225
3123
为彻底杀掉假病毒,
07:37
you have to register the product.
168
457348
2676
你必须要注册此产品。
07:40
Now I liked it better when viruses were free.
169
460024
3336
现在我不得不说,我更喜欢病毒免费的日子。
07:43
(Laughter)
170
463360
2779
(笑)
07:46
People now pay cybercriminals money
171
466139
2526
现在的人们付钱给网络罪犯们
07:48
to run viruses,
172
468665
2101
让他们运行病毒程序。
07:50
which I find utterly bizarre.
173
470766
2761
对此我完全无法理解。
07:53
So anyway, let me change pace a little bit.
174
473527
3536
不管怎样,让我变换一下节奏,
07:57
Chasing 250,000 pieces of malware a day
175
477063
3506
每天追踪25万种恶意程序
08:00
is a massive challenge,
176
480569
1655
实在是很大的挑战,
08:02
and those numbers are only growing
177
482224
2070
而数字仍在上升,
08:04
directly in proportion to the length of my stress line, you'll note here.
178
484294
3879
你可以看到,这和我皱纹的长度成正比。
08:08
So I want to talk to you briefly
179
488173
1876
所以我想很快地介绍一下
08:10
about a group of hackers we tracked for a year
180
490049
3050
我们追踪了一年的一个黑客团体,
08:13
and actually found --
181
493099
2007
事实上,我们已经找到了他们,
08:15
and this is a rare treat in our job.
182
495106
2577
这是我们的工作中少有的成果。
08:17
Now this was a cross-industry collaboration,
183
497683
2483
现在,追踪黑客已成为一项跨界合作,
08:20
people from Facebook, independent researchers,
184
500166
2389
Fackbook网友、独立研究者、
08:22
guys from Sophos.
185
502555
2081
Sophos防毒软件专家等均在其中。
08:24
So here we have a couple of documents
186
504636
2655
这里有一些文件,
08:27
which our cybercriminals had uploaded
187
507291
2826
是网络罪犯们上传到
08:30
to a cloud service, kind of like Dropbox or SkyDrive,
188
510117
4377
Dropbox或SkyDrive一类云服务器中的。
08:34
like many of you might use.
189
514494
2209
就像你们使用的方法一样。
08:36
At the top, you'll notice a section of source code.
190
516703
3392
在文件上方能看到一段源代码
08:40
What this would do is send the cybercriminals
191
520095
2968
它的作用是每天发给网络罪犯们
08:43
a text message every day telling them how much money
192
523063
5040
一条讯息,告诉他们
08:48
they'd made that day,
193
528103
1666
每天的收入
08:49
so a kind of cybercriminal billings report, if you will.
194
529769
3296
你也可以把它看做网络罪犯们的对账单。
08:53
If you look closely, you'll notice a series
195
533065
2757
如果你仔细看,就会发现一连串的
08:55
of what are Russian telephone numbers.
196
535822
2983
俄罗斯电话号码。
08:58
Now that's obviously interesting,
197
538805
1479
这就很有趣了,
09:00
because that gives us a way of finding our cybercriminals.
198
540284
3237
因为这就为我们的追踪提供了一条线索。
09:03
Down below, highlighted in red,
199
543521
2115
下方,红色显示的,
09:05
in the other section of source code,
200
545636
1751
另一段源代码,
09:07
is this bit "leded:leded."
201
547387
2743
这里写道:“leded:leded.”
09:10
That's a username,
202
550130
1289
这个是用户名,
09:11
kind of like you might have on Twitter.
203
551419
2859
有点类似于你在推特上用的。
09:14
So let's take this a little further.
204
554278
1231
让我们再进一步了解一下
09:15
There are a few other interesting pieces
205
555509
2258
网络罪犯们还上传了
09:17
the cybercriminals had uploaded.
206
557767
2275
一些其他的有意思的东西。
09:20
Lots of you here will use smartphones
207
560042
2572
你们当中有很多人会在开会时,
09:22
to take photos and post them from the conference.
208
562614
2647
用智能手机拍照并上传。
09:25
An interesting feature of lots of modern smartphones
209
565261
2837
很多现代智能手机都有一个有趣的特点,
09:28
is that when you take a photo,
210
568098
1667
就是当你拍了一张照片时,
09:29
it embeds GPS data about where that photo was taken.
211
569765
4237
它都会自动嵌入GPS数据以显示照片的拍摄位置。
09:34
In fact, I've been spending a lot of time
212
574002
2443
事实上,最近,我在交友网站上
09:36
on Internet dating sites recently,
213
576445
2244
花费了很多时间,
09:38
obviously for research purposes,
214
578689
2411
当然,我是为了做研究。
09:41
and I've noticed that about 60 percent
215
581100
3521
我注意到,在交友网站上
09:44
of the profile pictures on Internet dating sites
216
584621
2823
约有60%的头像照片
09:47
contain the GPS coordinates of where the photo was taken,
217
587444
4451
包含了照片的GPS定位信息。
09:51
which is kind of scary
218
591895
1061
这有点恐怖,
09:52
because you wouldn't give out your home address
219
592956
2562
因为你肯定不愿意把你的家庭住址
09:55
to lots of strangers,
220
595518
1449
告诉陌生人,
09:56
but we're happy to give away our GPS coordinates
221
596967
1994
但是我们愿意将自己的GPS坐标
09:58
to plus or minus 15 meters.
222
598961
4029
公布给你周围15米左右人,
10:02
And our cybercriminals had done the same thing.
223
602990
3234
我们的网络罪犯们也做了同样的事情。
10:06
So here's a photo which resolves to St. Petersburg.
224
606224
3204
这里有一张拍摄于圣彼得堡的照片。
10:09
We then deploy the incredibly advanced hacking tool.
225
609428
3686
我们随后部署了非常先进的黑客工具,
10:13
We used Google.
226
613114
2395
也就是谷歌。
10:15
Using the email address, the telephone number
227
615509
2225
利用电子邮件地址,电话号码
10:17
and the GPS data, on the left you see an advert
228
617734
3549
和GPS数据,在左侧,你可以看到一则
10:21
for a BMW that one of our cybercriminals is selling,
229
621283
3669
网络罪犯正在出售的宝马车广告,
10:24
on the other side an advert for the sale of sphynx kittens.
230
624952
5348
另一侧广告在出售一只斯芬克斯小猫。
10:30
One of these was more stereotypical for me.
231
630300
3100
对于我来讲,其中一则更常见。
10:33
A little more searching, and here's our cybercriminal.
232
633400
3989
经过进一步调查,这位网络罪犯浮出水面。
10:37
Imagine, these are hardened cybercriminals
233
637389
3546
别忘了,这是些顽固的网络罪犯,
10:40
sharing information scarcely.
234
640935
1868
几乎从不分享他们的信息。
10:42
Imagine what you could find
235
642803
1148
想象一下你能从中发现
10:43
about each of the people in this room.
236
643951
1703
这间房中每个人的哪些信息。
10:45
A bit more searching through the profile
237
645654
1806
透过个人资料进一步搜寻,
10:47
and there's a photo of their office.
238
647460
1860
找到了一张他办公室的照片。
10:49
They were working on the third floor.
239
649320
2048
他的办公室在三楼,
10:51
And you can also see some photos
240
651368
2199
还有一些照片,
10:53
from his business companion
241
653567
1175
来自于他的工作伙伴,
10:54
where he has a taste in a certain kind of image.
242
654742
4839
看来他对某一类照片情有独钟。
10:59
It turns out he's a member of the Russian Adult Webmasters Federation.
243
659581
3995
结果发现,他是“俄罗斯成人网络管理联盟”成员。
11:03
But this is where our investigation starts to slow down.
244
663576
3017
但随后,我们的调查开始进展缓慢。
11:06
The cybercriminals have locked down their profiles quite well.
245
666593
3943
网络罪犯们完全锁住了他们的资料。
11:10
And herein is the greatest lesson
246
670536
2035
接下来,就是我们在使用
11:12
of social media and mobile devices for all of us right now.
247
672571
4578
社交媒体和手机时最大的教训:
11:17
Our friends, our families and our colleagues
248
677149
3730
即使我们没有做任何事,
11:20
can break our security even when we do the right things.
249
680879
4689
我们的朋友,家人和同事也可能破坏我们的安全。
11:25
This is MobSoft, one of the companies
250
685568
2780
Mob Soft是这群网络罪犯
11:28
that this cybercriminal gang owned,
251
688348
2166
拥有的公司之一,
11:30
and an interesting thing about MobSoft
252
690514
1589
有趣的是,Mob Soft公司
11:32
is the 50-percent owner of this
253
692103
2871
50%的所有者
11:34
posted a job advert,
254
694974
1947
上传过一则招聘广告,
11:36
and this job advert matched one of the telephone numbers
255
696921
3380
这则广告显示的联系电话,刚好在
11:40
from the code earlier.
256
700301
2152
之前的代码里出现过。
11:42
This woman was Maria,
257
702453
2125
这位女士叫玛利亚,
11:44
and Maria is the wife of one of our cybercriminals.
258
704578
2880
她是一名网络罪犯的妻子。
11:47
And it's kind of like she went into her social media settings
259
707458
3520
她似乎在自己的社交网页设置中,
11:50
and clicked on every option imaginable
260
710978
2795
开放了所有你能想象的选项,
11:53
to make herself really, really insecure.
261
713773
3697
这时她的网络状态非常不安全。
11:57
By the end of the investigation,
262
717470
1567
在调查的最后,
11:59
where you can read the full 27-page report at that link,
263
719037
3559
你能够通过链接阅读整整27页的报告,
12:02
we had photos of the cybercriminals,
264
722596
2034
我们拥有了网络罪犯的照片,
12:04
even the office Christmas party
265
724630
2895
甚至他们他们在圣诞派对上
12:07
when they were out on an outing.
266
727525
1866
在户外拍摄的照片
12:09
That's right, cybercriminals do have Christmas parties,
267
729391
3249
你没听错,网络罪犯也会举办
12:12
as it turns out.
268
732640
1588
圣诞节派对。
12:14
Now you're probably wondering what happened to these guys.
269
734228
2235
现在,你会问他们到底是怎么回事。
12:16
Let me come back to that in just a minute.
270
736463
2937
我们回头再说这个。
12:19
I want to change pace to one last little demonstration,
271
739400
2747
现在我想做最后一次展示,
12:22
a technique that is wonderfully simple and basic,
272
742147
3969
这是一个非常简单、基本的技巧
12:26
but is interesting in exposing how much information
273
746116
3065
但它将生动地告诉我们究竟有多少个人信息
12:29
we're all giving away,
274
749181
1776
我们正在泄漏出去,
12:30
and it's relevant because it applies to us as a TED audience.
275
750957
4278
而且这和每位在座的TED观众有关。
12:35
This is normally when people start kind of shuffling in their pockets
276
755235
2450
听到这,人们通常赶紧把手伸进口袋
12:37
trying to turn their phones onto airplane mode desperately.
277
757685
4218
试图把手机调成飞行模式。
12:41
Many of you all know about the concept
278
761903
1686
你们基本都会用
12:43
of scanning for wireless networks.
279
763589
2343
搜索无线网络的功能。
12:45
You do it every time you take out your iPhone or your Blackberry
280
765932
3401
每当你拿出苹果或者黑莓手机时,你都会搜索
12:49
and connect to something like TEDAttendees.
281
769333
4020
并连接类似于“TED出席者”名称的网络。
12:53
But what you might not know
282
773353
1747
但是你可能不知道,
12:55
is that you're also beaming out a list of networks
283
775100
4751
你同时也发出了一连串
12:59
you've previously connected to,
284
779851
2422
之前连接过的网络信息,
13:02
even when you're not using wireless actively.
285
782273
4147
就算你并不经常使用无线网络。
13:06
So I ran a little scan.
286
786420
1727
所以我稍微扫描了一下。
13:08
I was relatively inhibited compared to the cybercriminals,
287
788147
2926
比起不法分子,
13:11
who wouldn't be so concerned by law,
288
791073
2544
我更加节制一些。
13:13
and here you can see my mobile device.
289
793617
2587
这里,你能看到我的移动设备。
13:16
Okay? So you can see a list of wireless networks.
290
796204
2654
看到了吗?你能看到一串无线网络列表。
13:18
TEDAttendees, HyattLB. Where do you think I'm staying?
291
798858
4627
有TEDAttendees,HyattLB等。你知道我住在哪儿了吗?
13:23
My home network, PrettyFlyForAWifi,
292
803485
3493
这是我家的网络,PrettyFlyForAWifi(找网络的小苍蝇),
13:26
which I think is a great name.
293
806978
1765
我觉得名字起得不错。
13:28
Sophos_Visitors, SANSEMEA, companies I work with.
294
808743
2767
Sophos_Visitors, SANSEMEA.这是我的工作网络。
13:31
Loganwifi, that's in Boston. HiltonLondon.
295
811510
3308
Loganwifi,这是在波士顿,HiltonLondon(伦敦希尔顿)
13:34
CIASurveillanceVan.
296
814818
2441
还有CIA SurveillanceVan(CIA 监控车).
13:37
We called it that at one of our conferences
297
817259
1609
这是我们在会议上起的名字,
13:38
because we thought that would freak people out,
298
818868
1736
因为我们觉得它挺唬人的,
13:40
which is quite fun.
299
820604
1994
很好玩。
13:42
This is how geeks party.
300
822598
4658
这就是网络奇客们的娱乐方式。
13:47
So let's make this a little bit more interesting.
301
827256
2207
让我们把事情变得更有趣些。
13:49
Let's talk about you.
302
829463
2538
说说你们吧。
13:52
Twenty-three percent of you have been to Starbucks
303
832001
2110
在座有23%的人最近去过星巴克
13:54
recently and used the wireless network.
304
834111
3115
并用了那里的无线网络。
13:57
Things get more interesting.
305
837226
1164
越来越有意思了。
13:58
Forty-six percent of you I could link to a business,
306
838390
2446
你们当中,有46%的人连接过
14:00
XYZ Employee network.
307
840836
2870
叫做 “某某某雇员”的公司网络。
14:03
This isn't an exact science, but it gets pretty accurate.
308
843706
4179
这并不算科学验算,但是它准确率很高。
14:07
Seven hundred and sixty-one of you I could identify a hotel you'd been to recently,
309
847885
4469
我能说出你们当中761个人最近去过的酒店。
14:12
absolutely with pinpoint precision somewhere on the globe.
310
852354
3839
并且可以准确定位。
14:16
Two hundred and thirty-four of you, well, I know where you live.
311
856193
3948
我知道在场234个人的家庭住址。
14:20
Your wireless network name is so unique
312
860141
2319
你们的无线网络名称太独特了,
14:22
that I was able to pinpoint it
313
862460
1549
因此我能准确定位。
14:24
using data available openly on the Internet
314
864009
2667
我不需要黑客技术或聪明的技巧,
14:26
with no hacking or clever, clever tricks.
315
866676
4248
只需网络上公开可得的数据就可以办到。
14:30
And I should mention as well that
316
870924
1820
我还要提一下,
14:32
some of you do use your names,
317
872744
1542
有些人用自己的名字命名网络,
14:34
"James Lyne's iPhone," for example.
318
874286
2596
比如说“詹姆士·莱恩的苹果手机”。
14:36
And two percent of you have a tendency to extreme profanity.
319
876882
4358
还有2%的人用了不雅的名称。
14:41
So something for you to think about:
320
881240
2004
因此我们要思考一下:
14:43
As we adopt these new applications and mobile devices,
321
883244
3913
当我们使用新的应用和移动设备时,
14:47
as we play with these shiny new toys,
322
887157
2317
当我们把玩这些亮闪闪的新玩具时,
14:49
how much are we trading off convenience
323
889474
3822
为了方便,我们交换出了多少
14:53
for privacy and security?
324
893296
2890
隐私和安全?
14:56
Next time you install something,
325
896186
2058
下次当你安装东西时,
14:58
look at the settings and ask yourself,
326
898244
2304
看一下设置,同时问问自己,
15:00
"Is this information that I want to share?
327
900548
3552
“ 这些信息是我愿意分享的吗?
15:04
Would someone be able to abuse it?"
328
904100
2890
它们是否会被人滥用?”
15:06
We also need to think very carefully
329
906990
2072
我们还要非常仔细地想一下,
15:09
about how we develop our future talent pool.
330
909062
4141
我们如何建设未来的人才库。
15:13
You see, technology's changing at a staggering rate,
331
913203
2979
想想看,科技发展日新月异,
15:16
and that 250,000 pieces of malware
332
916182
3176
那25万种恶意软件
15:19
won't stay the same for long.
333
919358
2872
不会一成不变。
15:22
There's a very concerning trend
334
922230
2198
还有一个令人堪忧的趋势,
15:24
that whilst many people coming out of schools now
335
924428
3193
就是现在很多毕业生
15:27
are much more technology-savvy, they know how to use technology,
336
927621
4412
科技水平很高,他们知道如何应用科技,
15:32
fewer and fewer people are following the feeder subjects
337
932033
3613
但越来越少的人关注编程课题
15:35
to know how that technology works under the covers.
338
935646
4324
去了解科技背后的运行方式。
15:39
In the U.K., a 60 percent reduction since 2003,
339
939970
4385
在英国,2003年以来,IT成绩优异的学生减少了60%,
15:44
and there are similar statistics all over the world.
340
944355
3775
全世界皆是如此。
15:48
We also need to think about the legal issues in this area.
341
948130
4076
我们还要考虑这一领域中的法律问题。
15:52
The cybercriminals I talked about,
342
952206
1527
我提到过的网络罪犯,
15:53
despite theft of millions of dollars,
343
953733
2139
尽管盗取了数百万美元,
15:55
actually still haven't been arrested,
344
955872
2109
事实上仍然逍遥法外,
15:57
and at this point possibly never will.
345
957981
3559
目前看来,很难让他们落网。
16:01
Most laws are national in their implementation,
346
961540
3500
虽然有打击网络犯罪的国际公约,
16:05
despite cybercrime conventions, where the Internet
347
965040
3999
大部分法律却在国家层面执行,
16:09
is borderless and international by definition.
348
969039
3106
而网络实际上就是无国界、全球性的。
16:12
Countries do not agree, which makes this area
349
972145
2833
国家间无法达成协议,使得这一领域
16:14
exceptionally challenging from a legal perspective.
350
974978
3617
在法律层面上充满挑战。
16:18
But my biggest ask is this:
351
978595
4360
但是,我今天最大的请求是:
16:22
You see, you're going to leave here
352
982955
1642
你们即将离开这里,
16:24
and you're going to see some astonishing stories in the news.
353
984597
3717
今后会在新闻里看到一些惊人的消息。
16:28
You're going to read about malware doing incredible
354
988314
2174
你们会读到关于恶意软件所做的
16:30
and terrifying, scary things.
355
990488
3261
无法想象的恐怖行为。
16:33
However, 99 percent of it works
356
993749
3929
然而,其中的99%能够生效
16:37
because people fail to do the basics.
357
997678
4190
是因为人们没能做到最基本的事情。
16:41
So my ask is this: Go online,
358
1001868
3022
所以我的请求是:上网,
16:44
find these simple best practices,
359
1004890
2645
找到这些简单且有效的方法,
16:47
find out how to update and patch your computer.
360
1007535
2554
找出如何更新并修补你的电脑。
16:50
Get a secure password.
361
1010089
1551
设置一个安全的密码,
16:51
Make sure you use a different password
362
1011640
1530
确定在每个网站和在线服务中
16:53
on each of your sites and services online.
363
1013170
3351
使用不同的密码。
16:56
Find these resources. Apply them.
364
1016521
3243
找到并应用这些资源。
16:59
The Internet is a fantastic resource
365
1019764
2611
互联网无论对于经济、政治、
17:02
for business, for political expression,
366
1022375
2065
艺术或学习,
17:04
for art and for learning.
367
1024440
2331
都是极好的资源。
17:06
Help me and the security community
368
1026771
3182
帮助我和网络安全人员
17:09
make life much, much more difficult
369
1029953
3468
让网络罪犯更加
17:13
for cybercriminals.
370
1033421
1952
难以生存。
17:15
Thank you.
371
1035373
1328
谢谢。
17:16
(Applause)
372
1036701
4539
(掌声)
关于本网站

这个网站将向你介绍对学习英语有用的YouTube视频。你将看到来自世界各地的一流教师教授的英语课程。双击每个视频页面上显示的英文字幕,即可从那里播放视频。字幕会随着视频的播放而同步滚动。如果你有任何意见或要求,请使用此联系表与我们联系。

https://forms.gle/WvT1wiN1qDtmnspy7