请双击下面的英文字幕来播放视频。
翻译人员: Yip Yan Yeung
校对人员: Yanyan Hong
00:04
I received a phone call from somebody
who needed my help.
0
4100
2720
我接到了一个电话,
来电人需要我的帮助。
00:06
And they explained to me
1
6820
1880
他/她解释说,
00:08
that this organization
had suffered a cyberattack,
2
8740
3120
这个组织遭到了网络攻击,
00:11
more specifically a ransomware attack,
3
11900
2240
更具体地说,是勒索软件攻击,
00:14
which is designed
4
14140
2800
其目的是窃取你的数据
并使其无法被使用。
00:16
to both steal your data
and make it unusable.
5
16940
2560
00:21
It replicates itself
throughout the business
6
21020
3200
它可以在整个业务过程中自我复制,
00:24
and can drive you down
to paper-based controls.
7
24260
2400
逼你采取纸质管理。
00:27
And this was an opportunity that I saw
8
27340
1880
我看到了一个机会,
00:29
where I could influence
something positively.
9
29260
3400
借此我可以对一些事产生积极影响。
00:33
And it was my job to investigate
what had happened,
10
33380
3240
我的工作是调查发生了什么、
00:36
how it happened and why.
11
36660
2160
它是如何以及为什么发生的。
00:41
And I saw something that I hadn't
experienced before firsthand.
12
41140
4640
我亲眼目睹了
以前从未经历过的东西。
00:45
In 2017, the NHS suffered
something similar,
13
45820
3960
2017 年,英国国家医疗服务体系
也遭受了类似的攻击,
00:49
and it cost nearly
100 million pounds to recover.
14
49820
2840
耗资近 1 亿英镑才得以恢复。
00:54
This incident cost around
five million pounds to recover
15
54260
2640
这起事件耗资约 500 万英镑恢复,
00:56
and took 14 months.
16
56940
1520
历时 14 个月。
00:59
Yet what I saw was the human impact.
17
59020
3280
但我看到的是人为的影响。
01:03
How this happened?
18
63020
1160
这是怎么发生的?
01:04
A single individual clicked a link,
19
64220
2040
一个人点击了一个链接,
01:06
and a single individual
enabled this, unknowingly,
20
66300
4000
而这个人在不知不觉中
导致了这起影响到整个机构的事件。
01:10
to happen to an organization.
21
70340
1640
01:12
Multiple people were signed off
sick due to stress,
22
72300
3320
很多人由于压力请了病假,
01:15
and multiple people were unable
to go to work the next day
23
75660
4200
很多人第二天
无法上班,无法完成工作。
01:19
and carry out their job.
24
79900
1480
01:22
Now, for me,
25
82300
1160
对我来说,
01:23
cybersecurity is a very
technological-focused term.
26
83500
4920
“网络安全”是一个非常技术性的术语。
01:28
And yet IBM did a study in 2021.
27
88420
3920
但是 IBM 在 2021 年
进行了一项研究,
01:32
and 95 percent of cyberattacks
28
92380
4280
95% 的网络攻击涉及人为因素。
01:36
used a human element.
29
96700
1680
01:39
Now that's all well and good,
30
99260
3000
听起来没什么问题,
01:42
but what does that actually mean?
31
102260
2160
但这到底意味着什么?
01:44
It means people can be exploited, too.
32
104460
3240
这意味着人们也可能会被利用。
01:47
There’s no lines of code,
and there’s no fancy software.
33
107740
3280
没有一行行代码,
也没有花哨的软件。
01:51
Cybersecurity is, as far
as the media is concerned,
34
111500
3680
媒体口中的网络安全
01:55
maybe teenagers in their
bedrooms causing trouble,
35
115220
3840
可能是青少年在卧室里搞事、
01:59
stealing things and learning
how to use them.
36
119060
3000
偷东西、学习如何使用它们。
02:02
Yet what people don't see is the impact
and how his day-to-day life.
37
122500
4560
然而,人们看不到的是
它造成的影响和与日常生活的联系。
02:08
And this incident for me,
38
128980
1680
对我来说,这起事件
02:10
made me think slightly differently
around cybersecurity.
39
130660
2960
使我对网络安全有了一些新的看法。
02:14
And recently I had an opportunity
40
134500
3040
我最近有了一个
展示这一思考过程的机会。
02:17
which presented this thought process.
41
137540
3200
02:21
I was commissioned
to evade security controls
42
141860
4680
我受委托绕过伦敦一座
非常知名的建筑的安保措施。
02:26
for a very well-known building in London.
43
146580
2320
02:29
That’s a snazzy way of saying “break in.”
44
149300
2920
只是“突破”(break in)的时髦说法。
02:32
And effectively, it was my job to see
if I could get past the security controls
45
152260
5560
我的工作其实是
看看我能否通过躲过安保,
02:37
and get into the building.
46
157820
1720
进入大楼。
02:39
And so for me, thinking
kind of outside of the box,
47
159580
4640
对我来说,得突发奇想一下,
02:44
this building has floor to ceiling doors,
48
164260
1960
这座大楼有落地门,
02:46
24/7 security team,
49
166220
1320
全天候的安保团队,
02:47
endless budget for this kind of thing
based on where they are.
50
167580
2960
环境的特殊性
意味着巨额的预算。
02:51
And so, thinking slightly outside,
51
171140
4040
还得再异想天开一点,
02:55
I needed to come up with a different plan.
52
175220
2200
我得再想出一个计划。
02:58
And ...
53
178420
1160
我选择了“社会工程”路线,
03:00
What I did was I tried to go down
the social engineering route,
54
180340
3400
03:03
which is the art of kind of deception
55
183740
3320
欺骗的艺术,
03:07
and making people believe something
without the full information.
56
187100
3120
让人们在没有完整信息的情况下
相信某些东西。
03:12
And what I did was
I walked in the front door,
57
192460
3600
我走进大门,
03:16
dressed quite similarly to this,
58
196060
2800
穿成我今天穿的这样,
03:18
and I was greeted by eight people
59
198900
1840
受到了八个人的问候,
03:20
and I thought, oh,
that's a bit over the top.
60
200780
2120
我想,哦,有点过头了。
03:23
And it's because every single person
should have the right information
61
203780
6400
这是因为每个人
都应该知道正确的信息,
03:30
and should know where they're going,
62
210220
1720
应该知道自己要去哪里。
03:31
It’s very rare for them to be visitors.
63
211940
1880
他们极少会作为访客出现。
03:33
And this person asked me,
64
213860
2200
然后有个人问我:
03:36
"Why are you here?
Who are you here to see?"
65
216100
2520
“你来这儿干嘛的?你找谁?”
03:38
And I explained, I didn't
have an appointment,
66
218660
2160
我解释说,我没有预约,
03:40
but I was here to see a specific person.
67
220860
1920
但我来这儿是为了见某个人。
03:42
And they said, "Yeah,
there's no chance you're getting in."
68
222780
2840
然后他/她说:“好吧,你进不去的。”
03:45
And I thought, oh goodness,
I traveled all this way.
69
225620
2520
然后我想,天哪,
我好不容易来到这里。
03:48
And yet what I know
is people are empathetic,
70
228460
3040
我知道人们有同理心,
03:51
and people want to help each other, right?
71
231540
2240
人们想互帮互助,对吧?
03:53
And so I made up a story and I said
I was here for a legal matter,
72
233820
3960
于是我编了一个故事,我说
我来这里是为了处理法律事务,
03:57
and I was only able to achieve
what I needed to achieve
73
237780
2600
我只能在满足此前提下
才能完成我本该完成的事项。
04:00
on these premises.
74
240420
1200
04:02
And they said,
"Yeah, sorry, we're still ..."
75
242340
2120
然后他/她说:
“不好意思,我们还在……”
04:04
And I explained the urgency,
and I made them feel sorry for me.
76
244460
3640
我解释了事态紧急,
让他/她同情我。
04:09
And what I was thinking
about giving this talk,
77
249900
2240
我在构思这场演讲的时候,
04:12
I was going to pause and I was going
to pretend that I was struggling.
78
252180
3360
本想我该暂停一下,装作窘迫。
04:16
And that emotion that you would have felt
79
256020
1960
你会感觉到想帮我的冲动,
04:17
where you wanted to help me
80
257980
1960
04:19
or you wanted me to continue,
is exactly how this person felt.
81
259940
3360
或者你想让我把事做下去,
这个人就是这么感觉的。
04:23
They felt they were stopping me
from doing my job, which they were,
82
263340
4680
他/她觉得阻挠了我完成我的工作,
而他/她干成了自己的工作,
04:28
but not for how they expected it.
83
268060
2640
但他/她没想到是以这种方式。
04:31
And then I pretended to be on the phone
in the foyer, pacing up and down,
84
271820
3480
然后我假装在大厅打电话,来回踱步,
04:35
pretending to be aggravated.
85
275340
1480
假装情绪激动。
04:38
And then the manager came across
with a QR code for me and said,
86
278020
3040
然后经理给我拿了一张二维码,说:
04:41
"So sorry for the issues, no problem."
87
281060
2880
“很抱歉出了问题,没问题。”
04:43
And they showed me around a side passage
away from the two rounds of security.
88
283980
4880
然后他/她给我指了一条
两轮安检旁边的小道。
04:49
So I had my laptop bag
with me with “the evidence,”
89
289300
4720
我带着我的电脑包,装着“证据”。
04:54
and it wasn’t checked
and I was able to go in,
90
294060
2800
没人查它,我就进去了,
04:56
and I was able to go
to the floor that I needed to.
91
296900
2520
我也上到了我想去的楼层。
05:00
And I was paid as a cybersecurity expert
to evade the controls of this building.
92
300620
4760
我受聘作为网络安全专家
躲避这栋楼的安保。
05:05
And all I did was ask for access
and make someone feel sorry for me.
93
305420
3240
我所做的只是请求进楼,
让别人为我感到过意不去。
05:09
And so that's two
very different perspectives.
94
309860
3600
这是两个截然不同的视角。
05:14
One, the five-million-pound job
and took 14 months to recover
95
314020
3080
第一,花了 500 万英镑、
14 个月的工作,
05:17
where I was helping people,
96
317100
1320
我是在帮人,
05:18
but the second, I was the aggressor
97
318460
1680
但是第二,我是入侵者
或试图闯入的人。
05:20
or the person trying to get in.
98
320180
1640
05:22
Now this is all enabled through
the way that humans exist
99
322780
4120
这一切都源于人类的生存方式和行为。
05:26
and human behavior.
100
326940
1480
05:28
And cybersecurity as a whole
doesn't really represent that
101
328460
3360
我认为整体来看,网络安全
并没有完全体现出这个含义。
05:31
in a way that is sufficient,
I don't think.
102
331820
2600
05:35
And so I have one more narrative
and different perspective to share.
103
335820
4240
我还想分享一个故事
和不同的观点。
05:40
And it's when I was a victim.
104
340100
1640
这次我是个受害者。
05:43
This happened only a few weeks ago.
105
343220
2080
就发生在几周前。
05:46
And what happened was
I received a phone call.
106
346860
2240
我接到了一个电话。
05:50
It was around 8pm.
107
350140
1600
晚上 8 点左右。
05:51
I received a phone call
from a phone number.
108
351780
2160
我接到了一个电话号码打来的电话。
05:55
And they said,
"Hello, is this Mr. Pullen?"
109
355740
2520
他/她说:
“你好,是普伦(Pullen)先生吗?”
05:58
And I said yes.
110
358300
1200
我说是的。
06:00
And they said, "We've seen
your bank cards be used
111
360420
3160
他/她说:“我们发现你的银行卡
在我国另一个地区被使用了。”
06:03
in a different part of the country."
112
363620
1720
06:05
And I thought, oh goodness.
113
365380
1640
然后我想,天啊。
06:07
And what they explained was,
114
367900
1600
他/她解释说,
有三笔不同的交易,
06:09
they explained there's been
three different transactions
115
369540
2640
06:12
and would I like them
to block them for me?
116
372180
2040
问我要不要为我拦截?
06:14
I said, "Yes please.
117
374220
1320
我说:“好的。帮大忙了。”
06:15
That would be really helpful."
118
375540
1480
06:17
And I Googled the number out of instinct,
119
377500
1960
我出于直觉在谷歌上搜索了这个号码,
06:19
and it was the phone number
from the fraud line in the bank.
120
379460
3200
那是银行欺诈热线上的电话号码。
06:25
And something didn't add up.
121
385260
2360
有点蹊跷。
06:27
And I'm a bit of a pessimist.
122
387660
2800
我有点悲观。
06:30
I don't really trust people.
123
390500
1680
我不太会信任别人。
06:32
And so I was instantly on the back foot,
124
392220
3200
所以我立刻心生戒备,
06:35
and they're saying all of these things,
125
395460
1880
他/她说了这一大堆,
06:37
they were confirming my identity.
126
397340
1600
在确认我的身份。
06:38
They told me where I lived,
my mother's maiden name,
127
398940
2520
他/她说了我住在哪里、
我母亲的娘家姓氏,
06:41
and they told me a few other bits
of information the bank would know.
128
401500
3240
还说了一些银行才知道的信息。
06:44
And all of this is to build
a perception of credibility.
129
404740
3360
这一切都是为了建立可信度。
06:48
Why shouldn't I trust you?
130
408940
1760
我为什么不该相信你?
06:50
And why shouldn't you
be phoning me to help me?
131
410700
2960
你为什么不该打电话帮我?
06:54
And we go back and forth
for around an hour and a half,
132
414980
3440
我们拉扯了大概一个半小时,
06:58
and there was a few things
that didn't sit right with me.
133
418460
2880
有几点让我觉得不对劲。
07:01
And so when I was on hold,
when they were blocking my transactions,
134
421380
5400
当他/她在拦截我的交易,让我稍候时,
07:06
I phoned the actual fraud line and I said,
135
426780
2000
我给真正的欺诈热线打了电话,
07:08
is there a way that I can
verify their identity?
136
428820
2240
问有什么办法可以
验证他/她的身份吗?
07:11
The person on the phone said, "They sound
very professional and legitimate"
137
431100
4040
电话里那个人说:
“他/她听上去很专业,像是真的。”
07:15
and they were.
138
435140
1200
确实如此。
07:16
I asked for their name,
and they had a fake LinkedIn profile.
139
436340
2880
我问了他/她的名字,
他/她有一个虚假的领英档案。
07:19
They had a fake crime
reference number for me.
140
439220
2200
他/她给了我一个假的报案号码。
07:22
And ...
141
442780
1160
我亲身经历了这种情况,
07:24
Me experiencing this firsthand,
142
444980
2160
07:27
having investigated things like this
on a regular basis for mortgages
143
447140
3800
我定期调查这样的事情,
检查抵押贷款
07:30
and transactions ending
up in the wrong place,
144
450980
2760
和交易有没有流向不该去的地方,
07:33
I knew something
wasn’t sitting quite right,
145
453780
2360
我发现不太对劲,
07:36
and the true person
put a note on my account
146
456140
4560
确确实实有个人
给我的账户留过言,
07:40
and I explained to the person,
147
460740
1520
我和那个人说:
07:42
"Can you tell me
what the note says, please?"
148
462300
2240
“你能告诉我这个留言写了什么吗?”
07:44
And that was the first time
they got a little bit flustered.
149
464580
3160
那是他/她第一次有点慌张。
07:48
And it took them five minutes
and they said,
150
468220
2080
他/她花了五分钟,说:
“我们会去和客户团队核对。
07:50
"We'll go and check with accounts team.
151
470300
1960
但与此同时,你能告诉我
你手机 app 里的验证码吗?”
07:52
But in the meantime, can you tell me
the code that it says in your mobile app?"
152
472260
3800
此时我挂断了电话,
换了卡,然后就没事了。
07:56
At which point I hung up,
got my cards replaced, and I was OK.
153
476060
3320
07:59
But these three narratives
154
479380
3480
但是,这三个
08:02
of cybercrime or scams
or criminal behavior
155
482860
4440
网络犯罪、诈骗
或犯罪行为的故事
08:07
are all technology-focused
with the end goal
156
487300
2920
都是以技术为中心,达成最终目标,
08:10
but are human-led.
157
490260
1800
却是人为主导的。
08:12
And you may ask, "How is this possible?"
158
492460
3160
你可能会问:“这怎么可能?”
08:15
"Why can this be so easy?"
159
495660
2720
“为什么会这么简单?”
08:18
I've literally just walked into a building
160
498420
2600
我就这么走进了一栋楼,
08:21
and asked someone to let me in
with a fake story.
161
501020
3440
讲了个假故事就让人把我放进去了。
08:24
And someone's phoned me up
with a small piece of information
162
504460
2920
有人拿着一点点信息给我打电话,
08:27
and built this incredible picture around,
OK, yes, I should trust you.
163
507420
3360
描绘出了一整幅图景。
好吧,我确实该信你。
08:31
And it's because data has a value
in different pockets,
164
511900
5880
这是因为数据在不同人的手中各有价值,
08:37
and with small bits of information
you can build quite a narrative,
165
517780
5880
如你所见,只要有了一点信息
就能编个像样的故事。
08:43
as you can see.
166
523700
1320
08:45
And so today,
167
525340
2000
如今,
08:47
what you would be able to do
168
527380
2360
如果你想干这种见不得人的勾当,
08:49
on the kind of criminal
underground, if you like,
169
529780
2320
08:52
would be buy 1,000 email
addresses and passwords
170
532100
3520
你只需花 6 美元左右
买 1000 个邮箱和密码,
08:55
for around six US dollars
171
535660
1640
08:57
a cup of coffee in some places, right?
172
537340
1880
有些店里的一杯咖啡
也这个价,对吧?
08:59
That's 1,000 people's account details
that you may be able to log into
173
539980
3520
这 1000 个人的账号信息,
你可以登进去,
09:03
or have tangible information
to create a case,
174
543540
3800
拿到货真价实的信息
编造一个事件,
09:07
and that might be pretending to be
Amazon for a password reset.
175
547380
3120
可以是假装亚马逊要求重置密码。
09:10
It might be what location
you went on holiday,
176
550540
2880
可能是你去度假的地点,
09:13
and we're going to do a bit more
of a targeted attack that way.
177
553460
3640
我们就这样进行一些针对性攻击。
09:17
And this information is available
178
557980
3360
这些信息之所以可用,
是因为存在技术上的漏洞。
09:21
because of vulnerabilities
from a technical standpoint.
179
561380
3320
09:24
Yet this is to exploit human behaviors.
180
564740
2120
但这是为了利用人类的行为。
09:27
Take my parents, for example.
181
567620
1400
以我的父母为例。
09:29
I think I’m in cybersecurity
because my parents give me a balance.
182
569020
3280
我认为我之所以从事网络安全,
是因为我的父母给了我一个平衡点。
09:32
My mom is 100 percent,
110 percent optimist.
183
572340
3200
我妈妈 100%、110% 乐观。
09:35
Nothing's going to go wrong,
everything's OK,
184
575540
2120
什么都不会出错,
一切都很好,
09:37
no one's going to hurt my little boy
and all of this sort of stuff.
185
577660
3600
没有人会伤害我的小男孩等等。
09:41
And my dad's much more
on the pessimistic end where,
186
581300
3000
而我爸爸更悲观,他会说:
09:44
“Why do you want to know me?
187
584340
1400
“你为什么想认识我?
09:45
Why do you want this information?”
188
585780
1720
你为什么想要这些信息?”
09:48
And so that balance for me brings
kind of both sides of the story.
189
588460
5920
于是这种平衡为我带来了故事的两面。
09:54
And my mom is the sort of person
that would have shared
190
594740
2840
我妈妈就是那种会分享
09:57
the traditional WhatsApp messages,
191
597620
2440
传统的 WhatsApp 消息的人,
10:00
250 pounds at Christmas
and oh, how lovely that would be,
192
600060
3400
圣诞节要发上几万条,
多美好啊,
10:03
pay for your Christmas lunch
and all those sorts of things.
193
603500
2800
请你一顿圣诞午餐等等。
10:07
And that then becomes
a whole different attack vector,
194
607220
3520
然后这就变成了
一个全新的攻击载体,
10:10
because it's coming
from someone you trust,
195
610780
2000
因为它是你信任的人发的,
10:12
and they're sharing you a link
196
612820
1480
他们给你分享了一个链接,
10:14
and they're sharing something
you might want to click,
197
614300
2560
分享了你可能想点开的东西,
10:16
and you begin to trust it even more.
198
616900
1800
然后你就更信它了。
10:18
And so my talk is around
really focusing on the ways
199
618700
4160
我的演讲更侧重于
10:22
in which human behavior is exploited
200
622900
2120
人类行为被利用的方式,
10:25
and how we can benefit
and protect each other.
201
625020
2800
我们该如何获益、互相保护。
10:28
And it's OK to call these things out.
202
628580
1920
把这些话说出来是可以的。
10:30
And so there's some basic
things you can do,
203
630500
2280
你可以做几件基本的事,
10:32
such as resetting passwords
204
632820
1320
例如重置密码,
10:34
and making sure you're not using
the same password for all your accounts.
205
634140
3440
确保所有账户没有用同一个密码。
10:37
Because if one of your
passwords did get leaked,
206
637620
2240
因为如果你的一个密码
确实被泄露了,
10:39
you would like to know, OK,
it's just this one account,
207
639900
2640
你就知道,
好吧,只是这个账户而已,
10:42
and I understand that's the one
I need to look after.
208
642540
2560
我只需要处理这个账户就行了。
10:45
When many people will use
the same profile for Facebook,
209
645100
3000
很多人会在 Facebook、
10:48
their bank -- their online banking, sorry,
210
648100
3160
银行,网上银行,不好意思,
10:51
and sites that you can purchase things.
211
651300
2960
和购物网站上使用同一份个人信息。
10:54
So you might be able to go on Amazon
212
654300
1720
所以你可以上亚马逊,
10:56
and buy an iPhone with someone's
username and password, right?
213
656060
2920
用别人的用户名和密码
买一台 iPhone,对吧?
10:59
Bank account details are stored.
214
659020
2720
银行账户详细信息都存着呢。
11:01
And that creates a whole different
perspective of risk and cybercrime.
215
661740
4120
这为风险和网络犯罪
创造了完全不同的视角。
11:07
And so for me,
216
667060
2080
对我来说,
11:09
I don't believe any generation
can avoid this anymore.
217
669180
4680
我认为没有一代人
可以避免这种情况。
11:14
Children are being raised with iPads,
218
674540
2240
孩子们是拿着 iPad 长大的,
11:16
and older generations are online shopping
219
676780
2000
老一辈人之所以在网上购物,
11:18
because of convenience and accessibility
to services they may not have had before.
220
678780
4040
是因为他们以前不能
如此便利和容易地获取服务。
11:23
And so I believe that understanding
how these things may happen
221
683620
5240
我相信了解这些情况发生的缘由,
11:28
and putting some light on them
222
688860
2240
多关注它们,
11:31
can really impact the way in which
people conduct themselves
223
691140
5120
可以影响人们的行为方式,
11:36
and challenge when things
may not feel quite right.
224
696260
3360
在情况可能不太对劲时质疑。
11:40
And so for me,
225
700540
2280
对我来说,
11:42
going through this journey and those
three different perspectives,
226
702820
3160
经历这段旅程和这三种不同的视角,
11:45
the one where I was the person helping,
five million pounds,
227
705980
2840
一个是我帮助的人,
500 万英镑,
11:48
and seeing people really suffer.
228
708860
1680
看到了人们痛苦不堪。
11:50
The second one where I was putting people
potentially in that position,
229
710580
3680
第二个是我让人们处于这种境地,
11:54
however fully ethically,
and I was meant to be there for my job.
230
714300
3840
虽然完全是符合道义的,
我只是在完成我的工作。
11:58
And the third where I was the victim,
231
718140
2720
第三个是我成为受害者的故事,
12:00
it shows that it can take many different
shapes based on information.
232
720900
3520
表明信息可以产生不同的形态。
12:05
And information can come
from social media.
233
725340
2360
信息可能来自社交媒体。
12:09
And so if you're going
on holiday to Mexico,
234
729180
2280
如果你要去墨西哥度假,
12:11
say, for your honeymoon,
235
731500
1840
比如度蜜月,
12:13
you've saved up all of this money.
236
733380
1640
你已经存够了钱。
12:15
Wonderful, have a lovely time.
237
735380
1960
太棒了,玩得开心。
12:17
Yet someone you know or an acquaintance
238
737900
4080
但是你认识的人、熟人,
12:21
or you have public visibility
of your arrangements.
239
741980
4240
或者你公开了你的行程。
12:27
If someone knows that information
240
747660
2120
如果有人知道这些信息,
12:29
and they know the bank you may work with,
241
749820
2000
并且知道你可能与哪家银行合作,
12:31
they could phone you
whilst you land and say,
242
751860
3240
他/她可以在你落地的时候
打电话给你,说:
12:35
"We've seen your card
be used in this location."
243
755140
2440
“我们看到你的卡
在这个地点被使用了。”
12:39
Now, how are you going to feel
244
759220
2280
如果有人说你的卡被人用了,
是你用的,你怎么想?
12:41
if someone's saying your card
is being used and it's you?
245
761540
2680
12:44
You're going to feel OK,
cool, yeah, this is me, no problem.
246
764220
3360
你会感觉还好,
没事,是的,是我自己,没问题。
12:48
And they say, "OK, can you just
confirm your identity?
247
768060
3440
然后他/她说:“好吧,
你能确认一下你的身份吗?
12:51
Because we want to make sure this is you.
248
771540
2960
因为我们想确认是你。
12:54
Can you just tell me your card number?"
249
774500
1920
你能告诉我你的卡号吗?”
12:56
So you do, and then you're asked
why you're there.
250
776860
2520
你说了,然后他/她问你,
你为什么在那里。
12:59
"I'm on my honeymoon."
251
779380
1160
“我正在度蜜月。”
13:00
"Have a lovely time."
252
780580
1200
“玩得开心。”
13:01
All of these social engineering,
empathetic side of behaviors.
253
781820
3600
这些社会工程、善解人意的行为。
13:06
And then you get down into the more
conversational elements.
254
786860
3440
然后你说到了更多的对话元素。
13:10
"OK, can you just confirm
your card isn't going to expire?
255
790300
2760
“好吧,你能确认一下
你的卡不会过期吗?
13:13
When does it expire, please?"
256
793100
1400
请问它什么时候过期?”
13:14
There's many different ways you can pose
questions to make people feel acceptance.
257
794500
4280
你可以通过许多不同的方式提出问题,
让人们感到被人接受。
13:19
And then lastly, "Can you just
check the security pin
258
799220
2600
最终,“你能不能检查一下安全码,
13:21
so I know which card
I'm going to disable?"
259
801820
2200
这样我就知道要禁用哪张卡了?”
13:24
And by that time what you've done is
260
804660
2320
那时你所做的就是
13:27
you've told someone
you've got money in your bank
261
807020
2360
告诉别人你的账户里有钱,
13:29
because you've been saving
for this wonderful occasion,
262
809420
2640
是因为你一直在
为这个美好的时刻存钱,
13:32
and also you're not going to be
in the country to do anything about it.
263
812100
3400
你跑到这个国家也不会动它。
13:35
And so from a cybersecurity perspective,
264
815980
2960
从网络安全的角度来看,
13:38
exploitation can happen
in many different ways,
265
818980
2200
利用可能以许多不同的方式发生,
13:41
and I don't think it's publicized
around the human elements enough.
266
821180
3400
我认为围绕人为因素
进行的宣传还不够。
13:45
And so if you take one thing from today,
267
825220
3280
如果说你今天要有什么收获,
13:48
I ask that you see this
as your opportunity
268
828540
4640
我想请你借此机会,
13:53
to make sure that you protect your own
information and your loved ones
269
833220
3360
确保你保护着你自己的信息、
保护着你的挚爱之人
13:56
and your identity online.
270
836580
1960
和网络上的身份。
13:58
There's no problem
with using social media.
271
838580
2280
使用社交媒体没有问题。
14:00
All I ask is you consider
who you're sharing that information with.
272
840900
3880
我只是想请你考虑
你在与谁分享信息。
14:04
The reason being that information
is valuable, even if it's not to you.
273
844820
3600
因为信息很珍贵,
即使对你来说并非如此,
14:08
It could build a picture,
274
848780
2280
它也可以拼凑出全局,
14:11
and it could cause you some trouble.
275
851060
1920
给你带来麻烦。
14:14
Consider who you share
your information with.
276
854140
2560
考虑一下你在与谁分享你的信息。
14:16
Thank you.
277
856740
1160
谢谢。
14:17
(Applause)
278
857940
2600
(掌声)
New videos
Original video on YouTube.com
关于本网站
这个网站将向你介绍对学习英语有用的YouTube视频。你将看到来自世界各地的一流教师教授的英语课程。双击每个视频页面上显示的英文字幕,即可从那里播放视频。字幕会随着视频的播放而同步滚动。如果你有任何意见或要求,请使用此联系表与我们联系。