James Lyne: Everyday cybercrime -- and what you can do about it

412,219 views ・ 2013-09-16

TED


請雙擊下方英文字幕播放視頻。

譯者: Yi-Ting Chung 審譯者: Li Li
00:12
I'm going to be showing some of the cybercriminals'
0
12713
1632
我今天要給大家看看,網路犯罪者
00:14
latest and nastiest creations.
1
14345
2462
最新、最惡名昭彰的犯罪手法
00:16
So basically, please don't go and download
2
16807
2908
基本上,請大家不要去下載
00:19
any of the viruses that I show you.
3
19715
2696
我接下來要給大家看的任何病毒
00:22
Some of you might be wondering what a cybersecurity specialist looks like,
4
22411
3018
在座有些人可能會猜想 網路安全專家的工作是什麼樣子
00:25
and I thought I'd give you a quick insight
5
25429
2169
很快地給大家看一下
00:27
into my career so far.
6
27598
2678
我目前的工作經歷
00:30
It's a pretty accurate description.
7
30276
2501
這是還滿真實的描述
00:32
This is what someone that specializes
8
32777
1656
精通於惡意軟體的人
00:34
in malware and hacking looks like.
9
34433
2420
或是駭客就是長這樣
00:36
So today, computer viruses and trojans,
10
36853
3414
現在,電腦病毒和木馬程式
00:40
designed to do everything from stealing data
11
40267
2880
設計來不只竊取電腦資料
00:43
to watching you in your webcam
12
43147
2041
還透過你的網路攝影機監視你
00:45
to the theft of billions of dollars.
13
45188
2778
甚至盜領數十億美元
00:47
Some malicious code today goes as far
14
47966
2195
現在有些惡意代碼已經能夠
00:50
as targeting power, utilities and infrastructure.
15
50161
4143
攻擊能源、公共事業及基礎建設
00:54
Let me give you a quick snapshot
16
54304
1961
很快地給大家看一下
00:56
of what malicious code is capable of today.
17
56265
2614
現在惡意代碼能辦到的事
00:58
Right now, every second, eight new users
18
58879
3070
此時此刻,每秒就有八位
01:01
are joining the Internet.
19
61949
2155
新的網路使用者加入
01:04
Today, we will see 250,000 individual new computer viruses.
20
64104
7308
現在,我們就有 25 萬種新的電腦病毒
01:11
We will see 30,000 new infected websites.
21
71412
5773
還有三萬個剛中毒的網站
01:17
And, just to kind of tear down a myth here,
22
77185
2086
然後在這裡稍微打破大家的迷思
01:19
lots of people think that when you get infected
23
79271
2488
很多人以為電腦中毒
01:21
with a computer virus, it's because you went to a porn site.
24
81759
3451
是因為上了色情網站
01:25
Right? Well, actually, statistically speaking,
25
85210
2443
對吧?事實上,根據數據顯示
01:27
if you only visit porn sites, you're safer.
26
87653
3125
如果你只上色情網站,你還比較安全
01:30
People normally write that down, by the way. (Laughter)
27
90778
3002
順便一提,大家通常會把這記下來 (笑聲)
01:33
Actually, about 80 percent of these
28
93780
1562
其實,大約有 80% 的病毒來源
01:35
are small business websites getting infected.
29
95342
3513
是被感染的小企業網站
01:38
Today's cybercriminal, what do they look like?
30
98855
2285
現在的網路犯罪者是什麼樣子呢?
01:41
Well, many of you have the image, don't you,
31
101140
2426
很多人都會想到類似的畫面,對吧?
01:43
of the spotty teenager sitting in a basement,
32
103566
2176
滿臉雀斑的青少年窩在地下室裡
01:45
hacking away for notoriety.
33
105742
2388
為了成為惡名昭彰的駭客,入侵他人電腦
01:48
But actually today, cybercriminals
34
108130
1623
但事實上,現在的網路犯罪者
01:49
are wonderfully professional and organized.
35
109753
3311
有驚人的專業力和組織性
01:53
In fact, they have product adverts.
36
113064
2871
其實,他們甚至還有產品廣告
01:55
You can go online and buy a hacking service
37
115935
2131
你可以上網購買入侵電腦的服務
01:58
to knock your business competitor offline.
38
118066
2149
以離線狀態打擊你的商業對手
02:00
Check out this one I found.
39
120215
1559
一起看看我發現的這則廣告
02:01
(Video) Man: So you're here for one reason,
40
121774
1819
(影片)「你會在這裡只有一個理由
02:03
and that reason is
41
123593
1465
那個理由就是
02:05
because you need your business competitors,
42
125058
1912
因為你要讓你商業上的競爭者
02:06
rivals, haters, or whatever the reason is, or who,
43
126970
3952
敵人、憎恨的人 不管出於什麼理由,要針對什麼人
02:10
they are to go down.
44
130922
1744
你要打敗他們
02:12
Well you, my friend, you've came to the right place.
45
132666
2860
各位兄弟們,你們來對地方了
02:15
If you want your business competitors to go down,
46
135526
2416
如果你要打敗你的競爭對手
02:17
well, they can.
47
137942
1336
你可以辦的到
02:19
If you want your rivals to go offline, well, they will.
48
139278
3424
你要對手無法連線,他們就會被迫離線
02:22
Not only that, we are providing a short-term-to-long-term
49
142702
3027
不只如此,我們還提供短期到長期的
02:25
DDOS service or scheduled attack,
50
145729
2355
分散式阻斷服務攻擊或是預定攻擊
02:28
starting five dollars per hour for small personal websites
51
148084
3811
個人的小型網站每小時五塊美金
02:31
to 10 to 50 dollars per hour.
52
151895
2904
到每小時十塊、五十塊美金。」
02:34
James Lyne: Now, I did actually pay
53
154799
1323
我真的有付過錢
02:36
one of these cybercriminals to attack my own website.
54
156122
2793
請其中一位網路犯罪者 來攻擊我自己的網站
02:38
Things got a bit tricky when I tried to expense it at the company.
55
158915
3494
我試著要跟公司申請攻擊費時 事情變得有點棘手
02:42
Turns out that's not cool.
56
162409
1714
結果並不如意
02:44
But regardless, it's amazing how many products
57
164123
3010
但不管怎樣,現在那麼多產品和服務 都受到網路犯罪者的威脅
02:47
and services are available now to cybercriminals.
58
167133
3112
涵蓋範圍非常可觀
02:50
For example, this testing platform,
59
170245
2476
舉例來說,這個測試平台
02:52
which enables the cybercriminals
60
172721
1715
可以讓網路犯罪者
02:54
to test the quality of their viruses
61
174436
2482
在散播病毒到世界各地之前
02:56
before they release them on the world.
62
176918
2452
測試他們病毒的品質
02:59
For a small fee, they can upload it
63
179370
1957
只要花一筆小錢,他們就能上傳病毒
03:01
and make sure everything is good.
64
181327
1666
並確保一切順利
03:02
But it goes further.
65
182993
1533
但現在不只如此
03:04
Cybercriminals now have crime packs
66
184526
2245
網路犯罪者現在還有犯罪套件
03:06
with business intelligence reporting dashboards
67
186771
3119
能利用圖表上顯示的商業智慧數據
03:09
to manage the distribution of their malicious code.
68
189890
3476
來管理惡意代碼的散佈
03:13
This is the market leader in malware distribution,
69
193366
3528
這是散佈惡意軟體的市場領導者
03:16
the Black Hole Exploit Pack,
70
196894
1638
「黑洞漏洞攻擊套件」
03:18
responsible for nearly one third of malware distribution
71
198532
3659
在前幾季,有將近三分之一的惡意軟體散佈
03:22
in the last couple of quarters.
72
202191
1974
是由其造成
03:24
It comes with technical installation guides,
73
204165
3009
套件裡包含技術上的安裝說明
03:27
video setup routines,
74
207174
1045
視頻安裝的例行程序
03:28
and get this, technical support.
75
208219
3955
還有,技術上的支持
03:32
You can email the cybercriminals and they'll tell you
76
212174
2388
你可以寄電子郵件給網路犯罪者 他們會告訴你
03:34
how to set up your illegal hacking server.
77
214562
3622
如何架設你的非法駭客伺服器
03:38
So let me show you what malicious code looks like today.
78
218184
4284
給大家看一下現在的惡意代碼是什麼樣子
03:42
What I've got here is two systems,
79
222468
2312
這裡有兩套系統
03:44
an attacker, which I've made look all Matrix-y and scary,
80
224780
3690
一個是攻擊者 我已經把它設計成嚇人的矩陣模型
03:48
and a victim, which you might recognize from home or work.
81
228470
3302
一個是被害者 就是平常我們在家裡或職場上看到的
03:51
Now normally, these would be on different sides
82
231772
2729
正常來說,這兩者會在地球的兩邊
03:54
of the planet or of the Internet,
83
234501
2555
或是網路的兩端
03:57
but I've put them side by side
84
237056
1396
但我把它們放在一起作比較
03:58
because it makes things much more interesting.
85
238452
2664
能夠呈現更有趣的對比
04:01
Now, there are many ways you can get infected.
86
241116
2055
你的電腦會中毒,有很多種可能
04:03
You will have come in contact with some of them.
87
243171
2592
你可能接觸過其中某些病毒
04:05
Maybe some of you have received an email
88
245763
2096
也許你們當中,有人已經收過電子郵件
04:07
that says something like, "Hi, I'm a Nigerian banker,
89
247859
4085
內容是:「嗨,我是奈及利亞的銀行家
04:11
and I'd like to give you 53 billion dollars
90
251944
2764
我想要給你 530 億美元
04:14
because I like your face."
91
254708
2427
因為我喜歡你的長相。」
04:17
Or funnycats.exe, which rumor has it
92
257135
3394
或是收到 funnycats.exe,聽說它
04:20
was quite successful in China's recent campaign against America.
93
260529
3769
在中國最近反抗美國的活動中 執行相當成功
04:24
Now there are many ways you can get infected.
94
264298
2430
電腦中毒有很多種管道
04:26
I want to show you a couple of my favorites.
95
266728
1987
我想給大家看一些我最喜歡的案例
04:28
This is a little USB key.
96
268715
2660
這是一個小小的隨身碟
04:31
Now how do you get a USB key to run in a business?
97
271375
2157
你要如何讓公司插入隨身碟呢?
04:33
Well, you could try looking really cute.
98
273532
4125
你可以用很可愛的方式
04:37
Awww.
99
277657
1938
喔~
04:39
Or, in my case, awkward and pathetic.
100
279595
2363
或者,我自己是用楚楚可憐的方式
04:41
So imagine this scenario: I walk into one of your businesses,
101
281958
4189
想像一下這個場景,我走進你們公司
04:46
looking very awkward and pathetic, with a copy of my C.V.
102
286147
2842
看起來很膽小無助地拿著一份
04:48
which I've covered in coffee,
103
288989
1899
被咖啡濺濕的履歷表
04:50
and I ask the receptionist to plug in this USB key
104
290888
3387
我請櫃台人員插入這個隨身碟
04:54
and print me a new one.
105
294275
1949
幫我印一份新的
04:56
So let's have a look here on my victim computer.
106
296224
3230
我們來看看被害者電腦的情形
04:59
What I'm going to do is plug in the USB key.
107
299454
3246
我現在要插入隨身碟
05:02
After a couple of seconds,
108
302700
1490
幾秒鐘後
05:04
things start to happen on the computer on their own,
109
304190
2751
電腦開始自己跑出一些東西
05:06
usually a bad sign.
110
306941
1935
通常是不好的兆頭
05:08
This would, of course, normally happen
111
308876
1694
當然這種現象,通常只發生
05:10
in a couple of seconds, really, really quickly,
112
310570
2758
在幾秒鐘之內,速度非常非常快
05:13
but I've kind of slowed it down
113
313328
1660
但我把速度稍微放慢
05:14
so you can actually see the attack occurring.
114
314988
2830
讓大家看清楚,電腦是怎麼遭受攻擊
05:17
Malware is very boring otherwise.
115
317818
2517
不然惡意軟體其實滿無聊的
05:20
So this is writing out the malicious code,
116
320335
2597
現在電腦正在寫惡意代碼
05:22
and a few seconds later, on the left-hand side,
117
322932
3797
幾秒鐘後,左手邊
05:26
you'll see the attacker's screen get some interesting new text.
118
326729
4298
你可以看到攻擊者的電腦出現有趣的符號
05:31
Now if I place the mouse cursor over it,
119
331027
1931
假如現在我把游標移到上面
05:32
this is what we call a command prompt,
120
332958
2307
這個叫做命令提示字元視窗
05:35
and using this we can navigate around the computer.
121
335265
3797
利用它,就能隨意控制電腦了
05:39
We can access your documents, your data.
122
339062
2159
我們可以獲取你的文件、資料
05:41
You can turn on the webcam.
123
341221
1501
你可以打開網路攝影機
05:42
That can be very embarrassing.
124
342722
1629
就會變得很尷尬
05:44
Or just to really prove a point,
125
344351
1723
為了證明我的觀點
05:46
we can launch programs like my personal favorite,
126
346074
3121
我們可以打開一個程式,像是我最愛的
05:49
the Windows Calculator.
127
349195
2805
Windows 計算機
05:52
So isn't it amazing how much control
128
352000
2288
所以攻擊者能輕易控制電腦
05:54
the attackers can get with such a simple operation?
129
354288
2895
不是很驚人嗎?
05:57
Let me show you how most malware
130
357183
1931
我讓大家看看現在的惡意軟體
05:59
is now distributed today.
131
359114
2183
是如何散佈出去的
06:01
What I'm going to do is open up a website
132
361297
2520
我現在要打開我架的
06:03
that I wrote.
133
363817
1316
網站
06:05
It's a terrible website. It's got really awful graphics.
134
365133
4315
這網站很爛,製圖滿差的
06:09
And it's got a comments section here
135
369448
2194
這裡有個留言板
06:11
where we can submit comments to the website.
136
371642
3681
可以在網站上留下評論
06:15
Many of you will have used something a bit like this before.
137
375323
3007
很多人都用過這種留言板
06:18
Unfortunately, when this was implemented,
138
378330
1947
不幸地,執行這個動作後
06:20
the developer was slightly inebriated
139
380277
2425
版主有點得意忘形
06:22
and managed to forget
140
382702
1242
試圖遺忘
06:23
all of the secure coding practices he had learned.
141
383944
2989
所有他學過的安全編碼
06:26
So let's imagine that our attacker,
142
386933
3066
想像一下我們的攻擊者
06:29
called Evil Hacker just for comedy value,
143
389999
3448
為了笑果,我們將其稱為「邪惡駭客」
06:33
inserts something a little nasty.
144
393447
2023
他在網頁中置入了棘手的東西
06:35
This is a script.
145
395470
1699
這是一串程式語言
06:37
It's code which will be interpreted on the webpage.
146
397169
4077
是一種網頁可讀取的編碼
06:41
So I'm going to submit this post,
147
401246
2325
我現在要送出這則留言
06:43
and then, on my victim computer,
148
403571
2382
接著,我要打開
06:45
I'm going to open up the web browser
149
405953
2027
受害者電腦的網頁瀏覽器
06:47
and browse to my website,
150
407980
2253
上我的網站
06:50
www.incrediblyhacked.com.
151
410233
3789
www.incrediblyhacked.com
06:54
Notice that after a couple of seconds,
152
414022
2124
注意看,幾秒鐘後
06:56
I get redirected.
153
416146
1457
網站被轉出
06:57
That website address at the top there,
154
417603
1977
從網站上方的網址
06:59
which you can just about see, microshaft.com,
155
419580
3331
可以看到 microshaft.com
07:02
the browser crashes as it hits one of these exploit packs,
156
422911
3193
網站在碰到這些攻擊套件後就當機了
07:06
and up pops fake antivirus.
157
426104
4024
然後出現冒牌的防毒軟體
07:10
This is a virus pretending to look like antivirus software,
158
430128
5056
這種病毒假裝自己是防毒軟體
07:15
and it will go through and it will scan the system,
159
435184
2365
它會仔細瀏覽並掃描整個系統
07:17
have a look at what its popping up here.
160
437549
1508
看一下這裡出現什麼
07:19
It creates some very serious alerts.
161
439057
1748
出現了嚴重的警告
07:20
Oh look, a child porn proxy server.
162
440805
2343
看,兒童色情網代理伺服器
07:23
We really should clean that up.
163
443148
2432
我們真的應該把它清乾淨
07:25
What's really insulting about this is
164
445580
1584
真的很羞辱人的部分
07:27
not only does it provide the attackers with access to your data,
165
447164
4238
不只是它賦予了攻擊者竊取資料的能力
07:31
but when the scan finishes, they tell you
166
451402
2823
更是因為當掃描結束後,它會顯示
07:34
in order to clean up the fake viruses,
167
454225
3123
為了清理假的病毒
07:37
you have to register the product.
168
457348
2676
你必須要申請產品註冊
07:40
Now I liked it better when viruses were free.
169
460024
3336
現在我更喜歡免費的病毒了
07:43
(Laughter)
170
463360
2779
(笑聲)
07:46
People now pay cybercriminals money
171
466139
2526
現在大家付錢請網路犯罪者
07:48
to run viruses,
172
468665
2101
來跑病毒
07:50
which I find utterly bizarre.
173
470766
2761
我覺得很奇怪
07:53
So anyway, let me change pace a little bit.
174
473527
3536
不管怎樣,現在我要稍微換個步調
07:57
Chasing 250,000 pieces of malware a day
175
477063
3506
一天要追趕 25 萬個惡意軟體
08:00
is a massive challenge,
176
480569
1655
是很大的挑戰
08:02
and those numbers are only growing
177
482224
2070
而這樣的數據只會不斷上升
08:04
directly in proportion to the length of my stress line, you'll note here.
178
484294
3879
你可以看到,它和我皺紋的長度成正比
08:08
So I want to talk to you briefly
179
488173
1876
所以我要簡短的跟大家談談
08:10
about a group of hackers we tracked for a year
180
490049
3050
我們追蹤了一年的駭客團隊
08:13
and actually found --
181
493099
2007
而且我們確實找到他們
08:15
and this is a rare treat in our job.
182
495106
2577
對我們的工作來說,這是很難得的事
08:17
Now this was a cross-industry collaboration,
183
497683
2483
這是一個跨企業的合作研究
08:20
people from Facebook, independent researchers,
184
500166
2389
成員有臉書的網友、獨立研究員
08:22
guys from Sophos.
185
502555
2081
以及 Sophos (防毒軟體公司)的人員
08:24
So here we have a couple of documents
186
504636
2655
這裡有一些文件
08:27
which our cybercriminals had uploaded
187
507291
2826
是網路犯罪者
08:30
to a cloud service, kind of like Dropbox or SkyDrive,
188
510117
4377
上傳到類似 Dropbox 或 SkyDrive 的雲端
08:34
like many of you might use.
189
514494
2209
就像你們可能使用過的雲端服務
08:36
At the top, you'll notice a section of source code.
190
516703
3392
上方,你們可以看到原始碼的部分
08:40
What this would do is send the cybercriminals
191
520095
2968
它的功能是每天傳送訊息
08:43
a text message every day telling them how much money
192
523063
5040
給網路犯罪者,告知他們
08:48
they'd made that day,
193
528103
1666
他們當天賺了多少錢
08:49
so a kind of cybercriminal billings report, if you will.
194
529769
3296
所以你可以說它 有點像網路犯罪者的營業額報告
08:53
If you look closely, you'll notice a series
195
533065
2757
如果你仔細看,你會注意到有一串
08:55
of what are Russian telephone numbers.
196
535822
2983
俄羅斯的電話號碼
08:58
Now that's obviously interesting,
197
538805
1479
顯然現在事情越來越有趣了
09:00
because that gives us a way of finding our cybercriminals.
198
540284
3237
因為它提供我們找出網路犯罪者的管道
09:03
Down below, highlighted in red,
199
543521
2115
下方,紅色部分
09:05
in the other section of source code,
200
545636
1751
另一部分的原始碼
09:07
is this bit "leded:leded."
201
547387
2743
是位元 "leded:leded"
09:10
That's a username,
202
550130
1289
那是使用者名稱
09:11
kind of like you might have on Twitter.
203
551419
2859
有點像你在推特上的名字
09:14
So let's take this a little further.
204
554278
1231
現在我們更進一步來看
09:15
There are a few other interesting pieces
205
555509
2258
還有一些網路犯罪者所上傳的
09:17
the cybercriminals had uploaded.
206
557767
2275
有趣的東西
09:20
Lots of you here will use smartphones
207
560042
2572
在場的各位,大部分都會在會議時
09:22
to take photos and post them from the conference.
208
562614
2647
用智慧型手機拍照上傳
09:25
An interesting feature of lots of modern smartphones
209
565261
2837
而大部分的智慧型手機都有一項特色
09:28
is that when you take a photo,
210
568098
1667
當你拍照時
09:29
it embeds GPS data about where that photo was taken.
211
569765
4237
手機會匯入有關拍攝地點的 GPS 資料
09:34
In fact, I've been spending a lot of time
212
574002
2443
事實上,最近我大部分的時間
09:36
on Internet dating sites recently,
213
576445
2244
都花在交友網站上
09:38
obviously for research purposes,
214
578689
2411
當然是為了研究目的
09:41
and I've noticed that about 60 percent
215
581100
3521
而我注意到交友網站上
09:44
of the profile pictures on Internet dating sites
216
584621
2823
大約 60% 的個人照
09:47
contain the GPS coordinates of where the photo was taken,
217
587444
4451
提供了拍攝地點的 GPS 服務
09:51
which is kind of scary
218
591895
1061
這其實有點可怕
09:52
because you wouldn't give out your home address
219
592956
2562
因為你不會給陌生人
09:55
to lots of strangers,
220
595518
1449
你家的住址
09:56
but we're happy to give away our GPS coordinates
221
596967
1994
但我們卻樂意分享我們的位置
09:58
to plus or minus 15 meters.
222
598961
4029
讓 15 公里外的人知道
10:02
And our cybercriminals had done the same thing.
223
602990
3234
網路犯罪者也是做同樣的事情
10:06
So here's a photo which resolves to St. Petersburg.
224
606224
3204
這是在聖彼得堡的照片
10:09
We then deploy the incredibly advanced hacking tool.
225
609428
3686
我們部屬了非常先進的駭客工具
10:13
We used Google.
226
613114
2395
也就是 Google
10:15
Using the email address, the telephone number
227
615509
2225
利用電子郵件、電話號碼
10:17
and the GPS data, on the left you see an advert
228
617734
3549
以及 GPS 數據,左手邊可以看到
10:21
for a BMW that one of our cybercriminals is selling,
229
621283
3669
網路犯罪者在宣傳的 BMW 廣告
10:24
on the other side an advert for the sale of sphynx kittens.
230
624952
5348
另一邊可以看到賣斯芬克斯貓的廣告
10:30
One of these was more stereotypical for me.
231
630300
3100
其中一個對我來說比較常見
10:33
A little more searching, and here's our cybercriminal.
232
633400
3989
進一步研究之後,找到這位網路犯罪者
10:37
Imagine, these are hardened cybercriminals
233
637389
3546
想像一下,這些頑固的網路犯罪者
10:40
sharing information scarcely.
234
640935
1868
幾乎不分享資訊
10:42
Imagine what you could find
235
642803
1148
想像一下,你可以在現場
10:43
about each of the people in this room.
236
643951
1703
每個人身上找出什麼資訊
10:45
A bit more searching through the profile
237
645654
1806
透過個人資料進一步搜尋
10:47
and there's a photo of their office.
238
647460
1860
這是他們辦公室的照片
10:49
They were working on the third floor.
239
649320
2048
他們在三樓工作
10:51
And you can also see some photos
240
651368
2199
你可以從他們的企業夥伴那裡
10:53
from his business companion
241
653567
1175
看到更多照片
10:54
where he has a taste in a certain kind of image.
242
654742
4839
在那,他帶有某種形象的特徵
10:59
It turns out he's a member of the Russian Adult Webmasters Federation.
243
659581
3995
結果發現他是 俄羅斯成人網路管理聯盟的一員
11:03
But this is where our investigation starts to slow down.
244
663576
3017
由此開始,我們的調查遇到瓶頸
11:06
The cybercriminals have locked down their profiles quite well.
245
666593
3943
網路犯罪者把他們的個人檔案鎖得很確實
11:10
And herein is the greatest lesson
246
670536
2035
而此正是我們
11:12
of social media and mobile devices for all of us right now.
247
672571
4578
使用社群媒體和行動裝置時,最重要的一課
11:17
Our friends, our families and our colleagues
248
677149
3730
我們的朋友、家人和同事
11:20
can break our security even when we do the right things.
249
680879
4689
在我們沒做錯事時,也可能危及我們的安全
11:25
This is MobSoft, one of the companies
250
685568
2780
MobSoft,是這位網路犯罪者擁有的
11:28
that this cybercriminal gang owned,
251
688348
2166
其中一家公司
11:30
and an interesting thing about MobSoft
252
690514
1589
有趣的是
11:32
is the 50-percent owner of this
253
692103
2871
擁有 MobSoft 的人
11:34
posted a job advert,
254
694974
1947
50% 分享過招聘廣告
11:36
and this job advert matched one of the telephone numbers
255
696921
3380
而此招聘廣告,剛好符合其中一支
11:40
from the code earlier.
256
700301
2152
先前顯示的電話號碼
11:42
This woman was Maria,
257
702453
2125
這位女性是瑪麗亞
11:44
and Maria is the wife of one of our cybercriminals.
258
704578
2880
她是其中一位網路犯罪者的妻子
11:47
And it's kind of like she went into her social media settings
259
707458
3520
她可能是進入她的社群媒體設定
11:50
and clicked on every option imaginable
260
710978
2795
點選了你想的到的任何選項
11:53
to make herself really, really insecure.
261
713773
3697
使自己陷入極不安全的狀態
11:57
By the end of the investigation,
262
717470
1567
在調查的最後
11:59
where you can read the full 27-page report at that link,
263
719037
3559
在連結中,你可以看到整整 27 頁的報告
12:02
we had photos of the cybercriminals,
264
722596
2034
我們有網路犯罪者的照片
12:04
even the office Christmas party
265
724630
2895
甚至是全體職員
12:07
when they were out on an outing.
266
727525
1866
一起出遊辦的聖誕節派對
12:09
That's right, cybercriminals do have Christmas parties,
267
729391
3249
沒錯,結果網路犯罪者
12:12
as it turns out.
268
732640
1588
也有聖誕派對
12:14
Now you're probably wondering what happened to these guys.
269
734228
2235
現在你可能會想,這些傢伙是怎麼回事
12:16
Let me come back to that in just a minute.
270
736463
2937
等等我再回來談這件事
12:19
I want to change pace to one last little demonstration,
271
739400
2747
我想要最後再做一次示範
12:22
a technique that is wonderfully simple and basic,
272
742147
3969
一個非常簡單且基本的技巧
12:26
but is interesting in exposing how much information
273
746116
3065
有趣的是我們總共洩漏了
12:29
we're all giving away,
274
749181
1776
多少資訊
12:30
and it's relevant because it applies to us as a TED audience.
275
750957
4278
這很重要,因為它適用於我們所有 TED 觀眾
12:35
This is normally when people start kind of shuffling in their pockets
276
755235
2450
通常我們在口袋裡移來移去
12:37
trying to turn their phones onto airplane mode desperately.
277
757685
4218
拼命地要把手機轉成飛航模式就是這樣子
12:41
Many of you all know about the concept
278
761903
1686
大家都知道
12:43
of scanning for wireless networks.
279
763589
2343
選擇無線網路的概念
12:45
You do it every time you take out your iPhone or your Blackberry
280
765932
3401
每次你拿出你的 iPhone 或黑莓機都會做這件事
12:49
and connect to something like TEDAttendees.
281
769333
4020
把它連到像 TEDAttendees 的網路
12:53
But what you might not know
282
773353
1747
但你可能不知道
12:55
is that you're also beaming out a list of networks
283
775100
4751
這時你也發射出了
12:59
you've previously connected to,
284
779851
2422
一系列先前連過的網站訊號
13:02
even when you're not using wireless actively.
285
782273
4147
即使你並沒有常常在使用無線網路
13:06
So I ran a little scan.
286
786420
1727
所以我稍微掃描了一下
13:08
I was relatively inhibited compared to the cybercriminals,
287
788147
2926
比起網路犯罪者,我比較有顧忌一點
13:11
who wouldn't be so concerned by law,
288
791073
2544
因為他們並不在乎法律的約束
13:13
and here you can see my mobile device.
289
793617
2587
這是我的行動裝置
13:16
Okay? So you can see a list of wireless networks.
290
796204
2654
你們可以看到一連串的無線網路
13:18
TEDAttendees, HyattLB. Where do you think I'm staying?
291
798858
4627
TEDAttendees, HyattLBTE 你們覺得我連的是哪一個網路?
13:23
My home network, PrettyFlyForAWifi,
292
803485
3493
我家的網路 PrettyFlyForAWifi
13:26
which I think is a great name.
293
806978
1765
我覺得這名字很不錯
13:28
Sophos_Visitors, SANSEMEA, companies I work with.
294
808743
2767
Sophos_Visitors, SANSEMEA 這是我公司的網路
13:31
Loganwifi, that's in Boston. HiltonLondon.
295
811510
3308
Loganwifi ,它在波士頓 還有 HiltonLondon
13:34
CIASurveillanceVan.
296
814818
2441
以及 CIASurveillanceVan
13:37
We called it that at one of our conferences
297
817259
1609
我們在其中一場會議使用這個名稱
13:38
because we thought that would freak people out,
298
818868
1736
因為我們覺得這可以嚇到大家
13:40
which is quite fun.
299
820604
1994
還滿有趣的
13:42
This is how geeks party.
300
822598
4658
這就是網路怪客娛樂的方式
13:47
So let's make this a little bit more interesting.
301
827256
2207
我們現在談點有趣的
13:49
Let's talk about you.
302
829463
2538
談談你們好了
13:52
Twenty-three percent of you have been to Starbucks
303
832001
2110
在座有 23% 的人最近去過星巴克
13:54
recently and used the wireless network.
304
834111
3115
並且使用無線網路
13:57
Things get more interesting.
305
837226
1164
事情越來越有趣
13:58
Forty-six percent of you I could link to a business,
306
838390
2446
有 46% 的人可以讓我連線到某家企業
14:00
XYZ Employee network.
307
840836
2870
XYZ 員工的網路
14:03
This isn't an exact science, but it gets pretty accurate.
308
843706
4179
這並不是一門精確的科學,但它多少滿準確的
14:07
Seven hundred and sixty-one of you I could identify a hotel you'd been to recently,
309
847885
4469
我可以指出在場 761 位聽眾 最近去過的旅館
14:12
absolutely with pinpoint precision somewhere on the globe.
310
852354
3839
而且是相當精確的位置
14:16
Two hundred and thirty-four of you, well, I know where you live.
311
856193
3948
在場的 234 位聽眾,我知道你們住哪裡
14:20
Your wireless network name is so unique
312
860141
2319
你們的無線網路名稱很特別
14:22
that I was able to pinpoint it
313
862460
1549
讓我能夠非常精確的判斷位置
14:24
using data available openly on the Internet
314
864009
2667
只需要使用網路上公開的資料
14:26
with no hacking or clever, clever tricks.
315
866676
4248
不需要當駭客或任何聰明的技巧
14:30
And I should mention as well that
316
870924
1820
我也要順便提一下
14:32
some of you do use your names,
317
872744
1542
有些人直接使用自己的姓名
14:34
"James Lyne's iPhone," for example.
318
874286
2596
比如說「詹姆斯·萊恩的iPhone」
14:36
And two percent of you have a tendency to extreme profanity.
319
876882
4358
還有 2% 的人使用不雅的名稱
14:41
So something for you to think about:
320
881240
2004
所以有些事應該要思考一下
14:43
As we adopt these new applications and mobile devices,
321
883244
3913
當我們接受這些新的應用程式及行動裝置
14:47
as we play with these shiny new toys,
322
887157
2317
當我們在把玩這些閃亮亮的機子時
14:49
how much are we trading off convenience
323
889474
3822
我們為了方便
14:53
for privacy and security?
324
893296
2890
賠上了多少隱私和安全?
14:56
Next time you install something,
325
896186
2058
下次當你要安裝軟體時
14:58
look at the settings and ask yourself,
326
898244
2304
看看設定,問問自己
15:00
"Is this information that I want to share?
327
900548
3552
「這是我想要分享的資訊嗎?
15:04
Would someone be able to abuse it?"
328
904100
2890
會不會有人濫用它呢?」
15:06
We also need to think very carefully
329
906990
2072
我們也必須仔細思考
15:09
about how we develop our future talent pool.
330
909062
4141
未來的人才庫該如何發展
15:13
You see, technology's changing at a staggering rate,
331
913203
2979
科技日新月異,速度驚人
15:16
and that 250,000 pieces of malware
332
916182
3176
而那 25 萬種惡意軟體
15:19
won't stay the same for long.
333
919358
2872
還會持續不斷增加
15:22
There's a very concerning trend
334
922230
2198
現在有一個需要關注的趨勢
15:24
that whilst many people coming out of schools now
335
924428
3193
許多離開校園的人
15:27
are much more technology-savvy, they know how to use technology,
336
927621
4412
都越來越了解科技,他們知道如何使用科技
15:32
fewer and fewer people are following the feeder subjects
337
932033
3613
越來越少人去研究使用說明
15:35
to know how that technology works under the covers.
338
935646
4324
來了解科技背後是如何運作
15:39
In the U.K., a 60 percent reduction since 2003,
339
939970
4385
在英國,這一類的人 從 2003 年開始就減少了 60%
15:44
and there are similar statistics all over the world.
340
944355
3775
全世界的統計都差不多
15:48
We also need to think about the legal issues in this area.
341
948130
4076
我們必須好好想想科技帶來的非法問題
15:52
The cybercriminals I talked about,
342
952206
1527
我談到的網路犯罪者
15:53
despite theft of millions of dollars,
343
953733
2139
儘管盜領了幾百萬美元
15:55
actually still haven't been arrested,
344
955872
2109
現在仍然逍遙法外
15:57
and at this point possibly never will.
345
957981
3559
而且看起來永遠抓不到了
16:01
Most laws are national in their implementation,
346
961540
3500
大部分的法律都是以國家為單位來執行
16:05
despite cybercrime conventions, where the Internet
347
965040
3999
儘管網路犯罪基本上按定義來說
16:09
is borderless and international by definition.
348
969039
3106
是全球不分國界的
16:12
Countries do not agree, which makes this area
349
972145
2833
國家無法掌控,使得科技
16:14
exceptionally challenging from a legal perspective.
350
974978
3617
在法律上特別棘手
16:18
But my biggest ask is this:
351
978595
4360
但我最大的請求是
16:22
You see, you're going to leave here
352
982955
1642
你將要離開這裡了
16:24
and you're going to see some astonishing stories in the news.
353
984597
3717
你會在新聞上看到很多驚人的故事
16:28
You're going to read about malware doing incredible
354
988314
2174
你會看到惡意軟體做了很多
16:30
and terrifying, scary things.
355
990488
3261
非常駭人的事情
16:33
However, 99 percent of it works
356
993749
3929
然而,這些軟體 99% 可以成功
16:37
because people fail to do the basics.
357
997678
4190
是因為大家都忽略了基本原則
16:41
So my ask is this: Go online,
358
1001868
3022
所以我的請求是:上網
16:44
find these simple best practices,
359
1004890
2645
去找出這些簡單卻最好用的執行方法
16:47
find out how to update and patch your computer.
360
1007535
2554
去了解要如何更新和修正你的電腦
16:50
Get a secure password.
361
1010089
1551
設一組安全的密碼
16:51
Make sure you use a different password
362
1011640
1530
請確保你在登入每個網站時
16:53
on each of your sites and services online.
363
1013170
3351
都是使用不同的密碼
16:56
Find these resources. Apply them.
364
1016521
3243
找出這些資源,並加以利用
16:59
The Internet is a fantastic resource
365
1019764
2611
網路是一個很棒的資源
17:02
for business, for political expression,
366
1022375
2065
不管是對企業、對政治
17:04
for art and for learning.
367
1024440
2331
對藝術,還是對於學習
17:06
Help me and the security community
368
1026771
3182
請大家幫我及安全社群
17:09
make life much, much more difficult
369
1029953
3468
讓網路犯罪者的生存
17:13
for cybercriminals.
370
1033421
1952
更加艱難
17:15
Thank you.
371
1035373
1328
謝謝
17:16
(Applause)
372
1036701
4539
(掌聲)
關於本網站

本網站將向您介紹對學習英語有用的 YouTube 視頻。 您將看到來自世界各地的一流教師教授的英語課程。 雙擊每個視頻頁面上顯示的英文字幕,從那裡播放視頻。 字幕與視頻播放同步滾動。 如果您有任何意見或要求,請使用此聯繫表與我們聯繫。

https://forms.gle/WvT1wiN1qDtmnspy7