Mikko Hypponen: Three types of online attack

100,267 views ・ 2012-01-18

TED


請雙擊下方英文字幕播放視頻。

譯者: Chen-Han Hsiao 審譯者: Vivian Mig
00:20
In the 1980s, in communist Eastern Germany,
0
20624
6701
1980年代
在共產主義的東德
如果你擁有一部打字機
00:27
if you owned a typewriter,
1
27349
3174
00:30
you had to register it with the government.
2
30547
2801
你得去跟政府登記
你必須登記
00:33
You had to register a sample sheet of text out of the typewriter.
3
33372
5464
出自這台打字機的
範例文件
00:38
And this was done so the government could track
4
38860
3551
這麼做以後
政府就能追蹤文件的來源
00:42
where the text was coming from.
5
42435
1745
如果他們發現了
00:44
If they found a paper which had the wrong kind of thought,
6
44204
5695
寫著錯誤觀點的文件
00:49
they could track down who created that thought.
7
49923
3144
他們就可以追蹤到
是誰創造了這觀點
在西方世界中
00:54
And we in the West
8
54369
1594
我們不能理解怎麼有人能這麼做
00:57
couldn't understand how anybody would do this,
9
57154
2682
00:59
how much this would restrict freedom of speech.
10
59860
3177
這將會多麼限制言論自由啊
在我們國家
01:03
We would never do that in our own countries.
11
63061
3276
我們絕不這麼做
但來到現今2011年
01:08
But today, in 2011, if you go and buy a color laser printer
12
68319
6417
如果你從任何一家大型雷射印表機製造商
01:14
from any major laser printer manufacturer
13
74760
3839
買一部彩色雷射印表機
然後印出一張紙
01:18
and print a page,
14
78623
1437
這張紙最後
01:20
that page will end up
15
80084
1752
01:21
having slight yellow dots printed on every single page,
16
81860
5220
會有一些小黃點
印在每一頁上
圖案使這張紙是獨特的
01:27
in a pattern which makes the page unique to you and to your printer.
17
87104
5443
對你和你的印表機都是
這就是現在
01:34
This is happening to us today.
18
94381
3335
發生在我們身上的
似乎沒有人為此大驚小怪
01:39
And nobody seems to be making a fuss about it.
19
99358
3082
這裡
01:43
And this is an example
20
103615
2664
展示了
01:46
of the ways our own governments are using technology
21
106303
6852
我們的政府
使用科技
來對付我們這些公民們的例子
01:53
against us, the citizens.
22
113179
2054
這是今天網路問題的
01:57
And this is one of the main three sources of online problems today.
23
117179
4334
三大來源之一
02:01
If we look at what's really happening in the online world,
24
121537
2990
如果我們看一下網路世界到底發生了什麼
02:04
we can group the attacks based on the attackers.
25
124551
2905
我們根據攻擊者來分組
我們有三個主要的組
02:08
We have three main groups.
26
128028
1808
02:09
We have online criminals.
27
129860
1439
我們有網路罪犯
02:11
Like here, we have Mr. Dmitry Golubov,
28
131323
2203
就像這位,Dimitry Golubov先生
02:13
from the city of Kiev in Ukraine.
29
133550
1976
來自烏克蘭的基輔市
網路罪犯的犯罪動機
02:16
And the motives of online criminals are very easy to understand.
30
136419
4417
很容易了解
02:20
These guys make money.
31
140860
1594
這些傢伙為了賺錢
02:22
They use online attacks to make lots of money --
32
142478
4254
他們利用線上攻擊
來拿取很多的錢
02:26
and lots and lots of it.
33
146756
1977
很多很多錢
02:28
We actually have several cases of millionaires online, multimillionaires,
34
148757
5385
實際上我們有好幾個案子
都是線上百萬富翁 千萬富翁
都是利用線上攻擊來賺錢的
02:34
who made money with their attacks.
35
154166
1760
02:35
Here's Vladimir Tsastsin, from Tartu in Estonia.
36
155950
3502
這是來自愛沙尼亞 塔爾圖市的Vladimir Tsastsin
還有這是Alfred Gonzalez
02:39
This is [Albert] Gonzalez.
37
159476
1795
Stephen Watt
02:41
This is Stephen Watt.
38
161295
1775
Bjorn Sundin.
02:43
This is Bjorn Sundin.
39
163094
1798
02:44
This is Matthew Anderson, Tariq Al-Daour
40
164916
1941
Matthew Anderson 及 Tariq Al-Daour
02:46
and so on and so on.
41
166881
2312
等等等等
這些人
02:50
These guys make their fortunes online,
42
170256
4219
在線上賺取他們的財富
卻是透過違法的手段
02:54
but they make it through the illegal means
43
174499
2337
02:56
of using things like banking Trojans
44
176860
2695
像是使用銀行木馬
在我們使用線上銀行服務時
02:59
to steal money from our bank accounts while we do online banking,
45
179579
3453
竊取我們銀行中的錢
或者 我們使用一台中毒的電腦在線上購物時
03:03
or with keyloggers
46
183056
2250
他們使用鍵盤記錄器
03:05
to collect our credit card information
47
185330
2258
03:07
while we are doing online shopping from an infected computer.
48
187612
3561
來收集我們信用卡的資訊
美國特勤局
03:11
The US Secret Service,
49
191197
2354
在2個月前
03:13
two months ago, froze the Swiss bank account
50
193575
3022
凍結了Sam Jain先生
03:16
of Mr. Sam Jain right here,
51
196621
2581
在瑞士銀行的帳戶
這個帳戶裡有著 一千四百九十萬 美元
03:19
and that bank account had 14.9 million US dollars in it
52
199226
3712
當它被凍結後
03:22
when it was frozen.
53
202962
1391
Sam Jain也消失無蹤
03:24
Mr. Jain himself is on the loose; nobody knows where he is.
54
204377
3237
沒人知道他在哪裡
03:28
And I claim it's already today
55
208637
2444
今日我斷言
任何一個在場的人
03:32
that it's more likely for any of us to become the victim of a crime online
56
212335
5722
都很可能成為線上犯罪的受害者
甚至超越了現實生活
03:38
than here in the real world.
57
218081
2370
而且很明顯的
03:41
And it's very obvious that this is only going to get worse.
58
221691
2945
這將會變的更糟
03:44
In the future, the majority of crime will be happening online.
59
224660
4376
在未來 主要的犯罪行為
都會發生在網路上
第二組我們關切的
03:51
The second major group of attackers that we are watching today
60
231488
3348
主要犯罪集團
03:54
are not motivated by money.
61
234860
2259
它們的動機不在於錢
他們的動機源自別處
03:57
They're motivated by something else --
62
237143
2103
出於抗議
03:59
motivated by protests,
63
239270
1977
出於表達意見
04:01
motivated by an opinion,
64
241271
2212
出於被嘲笑
04:03
motivated by the laughs.
65
243507
2171
04:05
Groups like Anonymous have risen up over the last 12 months
66
245702
5525
過去12個月中 這類集團活躍了起來
像是匿名客組識(Anonymous)
並且變成線上攻擊領域的
04:11
and have become a major player in the field of online attacks.
67
251251
3956
主要參與者
這些就是三組主要的攻擊者
04:16
So those are the three main attackers:
68
256287
1832
為了錢的罪犯
04:18
criminals who do it for the money,
69
258143
2055
還有為了抗議
04:20
hacktivists like Anonymous doing it for the protest,
70
260222
4499
像是匿名客組織(Anonymous)的駭客們
04:24
but then the last group are nation states --
71
264745
3202
但第三組來源是民族國家們
04:27
governments doing the attacks.
72
267971
2039
政府正進行這樣的攻擊
我們看一下例子
04:32
And then we look at cases like what happened in DigiNotar.
73
272551
3493
像是 DigiNotar 公司所發生的
這是一個典型例子
04:36
This is a prime example of what happens when governments attack
74
276068
3886
當政府攻擊他們的公民
04:39
against their own citizens.
75
279978
1696
的一個犯罪案例
DigiNotar 是一個荷蘭的
04:42
DigiNotar is a certificate authority from the Netherlands --
76
282412
4987
憑證發行機構
或者說 它曾經是
04:47
or actually, it was.
77
287423
1576
它在去年秋天時
04:49
It was running into bankruptcy last fall,
78
289023
5222
破產了
因為它們遭到入侵
04:54
because they were hacked into.
79
294269
1768
有人闖進去
04:56
Somebody broke in and they hacked it thoroughly.
80
296061
3364
徹底的毀了它
05:00
And I asked last week,
81
300591
2575
我上周
在與荷蘭政府代表開會時問過
05:03
in a meeting with Dutch government representatives,
82
303190
4123
我問一位領導
05:07
I asked one of the leaders of the team
83
307337
3694
他有否發現有可能
05:12
whether he found plausible that people died
84
312150
5330
有人會
05:17
because of the DigiNotar hack.
85
317504
1784
因為DigiNotar 攻擊而死亡
他的回答是肯定的
05:21
And his answer was: yes.
86
321447
2440
那麼 究竟為什麼人們的死亡
05:26
So how do people die
87
326073
2039
會源自於這樣的一個攻擊呢
05:28
as the result of a hack like this?
88
328136
1706
DigiNotar是個憑證發行機構
05:31
Well, DigiNotar is a CA.
89
331049
1787
05:32
They sell certificates.
90
332860
1976
他們販售憑證
05:34
What do you do with certificates?
91
334860
1606
你會用憑證來做什麼
05:36
Well, you need a certificate if you have a website
92
336490
2542
嗯 當你經營一個有https的網站
你會需要一個憑證
05:39
that has https, SSL encrypted services,
93
339056
3603
會以SSL加密的服務
05:43
services like Gmail.
94
343725
2749
像是Gmail
現在 我們所有人 或是大部份
05:47
Now we all, or a big part of us, use Gmail or one of their competitors,
95
347363
3661
使用Gmail 或是他對手們的其中一家
但這樣的服務
05:51
but these services are especially popular in totalitarian states like Iran,
96
351048
5788
在極權主義國家更為盛行
像是伊朗
05:56
where dissidents use foreign services like Gmail
97
356860
4976
異議人士
會使用像Gmail 這樣的國外服務
06:01
because they know they are more trustworthy than the local services
98
361860
3191
因為他們知道 這些服務比起國內服務更可以信任
而且這些服務是由SSL加密連線
06:05
and they are encrypted over SSL connections,
99
365075
2761
06:07
so the local government can't snoop on their discussions.
100
367860
3304
所以當地政府沒辦法竊聽
他們的討論
除非政府可以駭入國外的憑證發行機構
06:12
Except they can,
101
372196
1344
06:13
if they hack into a foreign CA and issue rogue certificates.
102
373564
3851
然後發行出假憑證
而這就是在 DigiNotar 案子中
06:17
And this is exactly what happened with the case of DigiNotar.
103
377439
3861
所發生的
來談談阿拉伯之春
06:25
What about Arab Spring
104
385109
1992
例如埃及所發生的事
06:27
and things that have been happening, for example, in Egypt?
105
387125
3311
在埃及
06:30
Well, in Egypt,
106
390460
1343
06:31
the rioters looted the headquarters of the Egyptian secret police
107
391827
3707
暴民洗劫了
埃及秘密警察的總部
06:35
in April 2011,
108
395558
2590
在2011年4月
當他們洗劫時發現很多文件
06:38
and when they were looting the building, they found lots of papers.
109
398172
3144
在這些文件中
06:41
Among those papers was this binder entitled, "FinFisher."
110
401340
3857
有一個名叫FINFISHER的夾子
這個夾子裡有些記錄
06:45
And within that binder were notes from a company based in Germany,
111
405221
4836
一間德國的公司
賣給了埃及政府
06:50
which had sold to the Egyptian government
112
410081
3522
一套可以用來竊聽
06:53
a set of tools for intercepting, at a very large scale,
113
413627
4703
的工具
有很大的比例
06:58
all the communication of the citizens of the country.
114
418354
3051
國家公眾的所有通信
他們把這套工具
07:01
They had sold this tool for 280,000 euros to the Egyptian government.
115
421429
4876
以28萬歐元賣給了埃及政府
這間公司的總部就在這
07:06
The company headquarters are right here.
116
426329
2920
所以 西方政府
07:09
So Western governments are providing totalitarian governments with tools
117
429273
4417
提供工具給極權政府
07:13
to do this against their own citizens.
118
433714
2248
來竊聽他們的人民
但西方政府對他們自己的人民也這麼做
07:17
But Western governments are doing it to themselves as well.
119
437293
2977
例如說 在德國
07:20
For example, in Germany,
120
440294
2171
幾個星期前
07:22
just a couple of weeks ago, the so-called "State Trojan" was found,
121
442489
4563
有個叫 State Trojan 的木馬被找到
這是個被德國政府官方
07:27
which was a Trojan used by German government officials
122
447076
3752
用來調查他們公民
07:30
to investigate their own citizens.
123
450852
2203
的一支木馬
如果你是個犯罪案件的嫌疑犯
07:33
If you are a suspect in a criminal case,
124
453079
3704
07:36
well, it's pretty obvious, your phone will be tapped.
125
456807
2525
很明顯的 你的電話會被監聽
但在今日 不只是如此
07:39
But today, it goes beyond that.
126
459356
2242
他們還會監聽你的網路連線
07:41
They will tap your Internet connection.
127
461622
1919
他們甚至使用使用像是 State Trojan 的工具
07:43
They will even use tools like State Trojan
128
463565
2736
使你的電腦感染木馬
07:46
to infect your computer with a Trojan,
129
466325
2512
07:48
which enables them to watch all your communication,
130
468861
4366
這使他們能夠
監看你所有的通訊
查看你線上的發言
07:53
to listen to your online discussions,
131
473251
2817
並收集你的密碼
07:56
to collect your passwords.
132
476092
2101
08:01
Now, when we think deeper about things like these,
133
481816
5220
當我們對這樣的事情
做更深的思考
人們的反應顯然會是
08:07
the obvious response from people should be,
134
487060
5314
"嗯,這聽起來不好"
08:12
"OK, well, that sounds bad, but that doesn't really affect me,
135
492398
4242
"但我是個合法的公民,這並不影響我"
08:16
because I'm a legal citizen.
136
496664
2176
"我何必擔心呢"
08:18
Why should I worry? Because I have nothing to hide."
137
498864
2723
"因為我沒什麼可隱藏的"
但這是個不合理
08:23
And this is an argument which doesn't make sense.
138
503373
2447
的論點
隱私是不言而喻
08:27
Privacy is implied.
139
507237
2809
隱私用不著討論
08:30
Privacy is not up for discussion.
140
510070
3665
08:34
This is not a question
141
514538
1872
這不是個
08:36
between privacy
142
516434
4549
隱私對抗安全
的問題
08:41
against security.
143
521007
1690
08:43
It's a question of freedom
144
523729
3555
這是個 自由對抗控制
的問題
08:47
against control.
145
527308
1441
我們在2011年的當下
08:50
And while we might trust our governments right now, right here in 2011,
146
530046
6863
我們信任我們的政府
08:56
any rights we give away will be given away for good.
147
536933
3439
任何我們放棄的權利 會永久的失去
而我們能不能信任 盲目的信任
09:00
And do we trust, do we blindly trust, any future government,
148
540396
4581
未來的政府
譬如說50年後
09:05
a government we might have 50 years from now?
149
545001
3284
的政府呢?
這就是接下來的五十年中,
09:11
And these are the questions
150
551460
2786
我們要擔憂的問題
09:14
that we have to worry about for the next 50 years.
151
554270
3213
關於本網站

本網站將向您介紹對學習英語有用的 YouTube 視頻。 您將看到來自世界各地的一流教師教授的英語課程。 雙擊每個視頻頁面上顯示的英文字幕,從那裡播放視頻。 字幕與視頻播放同步滾動。 如果您有任何意見或要求,請使用此聯繫表與我們聯繫。

https://forms.gle/WvT1wiN1qDtmnspy7