sponsored links
TEDGlobal>London

Rodrigo Bijou: Governments don't understand cyber warfare. We need hackers

June 16, 2015

The Internet has transformed the front lines of war, and it's leaving governments behind. As security analyst Rodrigo Bijou shows, modern conflict is being waged online between non-state groups, activists and private corporations, and the digital landscape is proving to be fertile ground for the recruitment and radicalization of terrorists. Meanwhile, draconian surveillance programs are ripe for exploitation. Bijou urges governments to end mass surveillance programs and shut "backdoors" -- and he makes a bold call for individuals to step up.

Rodrigo Bijou - Security researcher
Rodrigo Bijou's work focuses on the cross section of intelligence, data science and information security. Full bio

sponsored links
Double-click the English subtitles below to play the video.
In 2008, Burhan Hassan, age 17,
00:12
boarded a flight from Minneapolis
00:16
to the Horn of Africa.
00:18
And while Burhan was the youngest recruit,
00:21
he was not alone.
00:23
Al-Shabaab managed to recruit
over two dozen young men
00:25
in their late teens and early 20s
00:28
with a heavy presence
on social media platforms like Facebook.
00:31
With the Internet and other technologies,
00:35
they've changed our everyday lives,
00:37
but they've also changed
recruitment, radicalization
00:39
and the front lines of conflict today.
00:43
What about the links connecting Twitter,
00:47
Google and protesters
fighting for democracy?
00:49
These numbers represent
Google's public DNS servers,
00:53
effectively the only
digital border crossing
00:57
protesters had and could use
01:00
to communicate with each other,
to reach the outside world
01:02
and to spread viral awareness
01:05
of what was happening
in their own country.
01:07
Today, conflict is essentially borderless.
01:10
If there are bounds to conflict today,
01:13
they're bound by digital,
not physical geography.
01:15
And under all this is a vacuum of power
01:19
where non-state actors, individuals
and private organizations
01:22
have the advantage over slow, outdated
military and intelligence agencies.
01:26
And this is because,
in the digital age of conflict,
01:33
there exists a feedback loop
01:35
where new technologies,
platforms like the ones I mentioned,
01:38
and more disruptive ones,
01:41
can be adapted, learned, and deployed
by individuals and organizations
01:42
faster than governments can react.
01:47
To understand the pace
of our own government thinking on this,
01:51
I like to turn to something aptly named
01:55
the Worldwide Threat Assessment,
01:57
where every year the Director
of National Intelligence in the US
02:00
looks at the global threat landscape,
02:04
and he says, "These are the threats,
these are the details,
02:07
and this is how we rank them."
02:10
In 2007, there was absolutely
no mention of cyber security.
02:12
It took until 2011,
when it came at the end,
02:16
where other things, like West
African drug trafficking, took precedence.
02:20
In 2012, it crept up, still behind things
like terrorism and proliferation.
02:23
In 2013, it became the top threat,
02:29
in 2014 and for the foreseeable future.
02:31
What things like that show us
02:36
is that there is
a fundamental inability today
02:37
on the part of governments
to adapt and learn in digital conflict,
02:40
where conflict can be immaterial,
borderless, often wholly untraceable.
02:45
And conflict isn't just online to offline,
as we see with terrorist radicalization,
02:51
but it goes the other way as well.
02:56
We all know the horrible events
that unfolded in Paris this year
02:59
with the Charlie Hebdo terrorist attacks.
03:02
What an individual hacker or a small group
of anonymous individuals did
03:04
was enter those social media conversations
that so many of us took part in.
03:09
#JeSuisCharlie.
03:14
On Facebook, on Twitter, on Google,
03:16
all sorts of places where millions
of people, myself included,
03:18
were talking about the events
03:21
and saw images like this,
03:23
the emotional, poignant image of a baby
with "Je suis Charlie" on its wrist.
03:25
And this turned into a weapon.
03:30
What the hackers did
was weaponize this image,
03:32
where unsuspecting victims,
03:34
like all of us in those conversations,
03:36
saw this image, downloaded it
03:38
but it was embedded with malware.
03:40
And so when you downloaded this image,
03:43
it hacked your system.
03:45
It took six days to deploy
a global malware campaign.
03:47
The divide between physical
and digital domains today
03:52
ceases to exist,
03:54
where we have offline attacks
like those in Paris
03:56
appropriated for online hacks.
03:59
And it goes the other way as well,
with recruitment.
04:03
We see online radicalization of teens,
04:05
who can then be deployed globally
for offline terrorist attacks.
04:08
With all of this, we see that there's
a new 21st century battle brewing,
04:13
and governments
don't necessarily take a part.
04:18
So in another case,
Anonymous vs. Los Zetas.
04:21
In early September 2011 in Mexico,
04:26
Los Zetas, one of the most
powerful drug cartels,
04:29
hung two bloggers with a sign that said,
04:32
"This is what will happen
to all Internet busybodies."
04:34
A week later, they beheaded a young girl.
04:39
They severed her head,
put it on top of her computer
04:41
with a similar note.
04:44
And taking the digital counteroffensive
04:45
because governments couldn't even
understand what was going on or act,
04:48
Anonymous, a group we might not associate
as the most positive force in the world,
04:51
took action,
04:55
not in cyber attacks, but threatening
information to be free.
04:56
On social media, they said,
05:01
"We will release information
05:03
that ties prosecutors and governors
to corrupt drug deals with the cartel."
05:05
And escalating that conflict,
05:10
Los Zetas said, "We will kill 10 people
for every bit of information you release."
05:13
And so it ended there because
it would become too gruesome to continue.
05:19
But what was powerful about this
05:25
was that anonymous individuals,
05:28
not federal policia,
not military, not politicians,
05:31
could strike fear deep into the heart
05:34
of one of the most powerful,
violent organizations in the world.
05:38
And so we live in an era
05:44
that lacks the clarity
of the past in conflict,
05:46
in who we're fighting,
in the motivations behind attacks,
05:49
in the tools and techniques used,
05:53
and how quickly they evolve.
05:55
And the question still remains:
05:58
what can individuals,
organizations and governments do?
06:00
For answers to these questions,
it starts with individuals,
06:05
and I think peer-to-peer security
is the answer.
06:08
Those people in relationships
that bought over teens online,
06:12
we can do that with peer-to-peer security.
06:16
Individuals have more power
than ever before
06:18
to affect national
and international security.
06:21
And we can create those positive
peer-to-peer relationships
06:25
on and offline,
06:28
we can support and educate the next
generation of hackers, like myself,
06:30
instead of saying, "You can either be
a criminal or join the NSA."
06:34
That matters today.
06:39
And it's not just individuals --
it's organizations, corporations even.
06:41
They have an advantage
to act across more borders,
06:46
more effectively and more rapidly
than governments can,
06:49
and there's a set
of real incentives there.
06:53
It's profitable and valuable
06:57
to be seen as trustworthy
in the digital age,
06:58
and will only be more so
in future generations to come.
07:02
But we still can't ignore government,
07:06
because that's who we turn to
for collective action
07:08
to keep us safe and secure.
07:11
But we see where that's gotten us so far,
07:15
where there's an inability to adapt
and learn in digital conflict,
07:18
where at the highest levels of leadership,
07:22
the Director of the CIA,
Secretary of Defense,
07:25
they say, "Cyber Pearl Harbor will happen."
"Cyber 9/11 is imminent."
07:28
But this only makes us
more fearful, not more secure.
07:34
By banning encryption in favor
of mass surveillance and mass hacking,
07:39
sure, GCHQ and the NSA can spy on you.
07:42
But that doesn't mean
that they're the only ones that can.
07:46
Capabilities are cheap, even free.
07:49
Technical ability
is rising around the world,
07:51
and individuals and small groups
have the advantage.
07:54
So today it might just be
the NSA and GCHQ,
07:59
but who's to say that the Chinese
can't find that backdoor?
08:02
Or in another generation,
some kid in his basement in Estonia?
08:05
And so I would say that it's
not what governments can do,
08:10
it's that they can't.
08:15
Governments today
need to give up power and control
08:17
in order to help make us more secure.
08:22
Giving up mass surveillance and hacking
and instead fixing those backdoors
08:25
means that, yeah, they can't spy on us,
08:29
but neither can the Chinese
08:31
or that hacker in Estonia
a generation from now.
08:33
And government support
for technologies like Tor and Bitcoin
08:37
mean giving up control,
08:40
but it means that developers, translators,
anybody with an Internet connection,
08:42
in countries like Cuba, Iran and China,
can sell their skills, their products,
08:46
in the global marketplace,
08:50
but more importantly sell their ideas,
08:52
show us what's happening
in their own countries.
08:54
And so it should be not fearful,
08:57
it should be inspiring
to the same governments
09:00
that fought for civil rights,
free speech and democracy
09:02
in the great wars of the last century,
09:05
that today, for the first time
in human history,
09:07
we have a technical opportunity
09:10
to make billions of people
safer around the world
09:12
that we've never had before
in human history.
09:15
It should be inspiring.
09:18
(Applause)
09:21

sponsored links

Rodrigo Bijou - Security researcher
Rodrigo Bijou's work focuses on the cross section of intelligence, data science and information security.

Why you should listen

Rodrigo Bijou is an information security researcher with a background in threat intelligence, security analytics and privacy technology. Named a Global Privacy Scholar by the International Association of Privacy Professionals, he is also currently a Watson Fellow exploring “Trust in Technology.”

Bijou previously worked as a consultant to the finance and technology industries and at companies such as Palantir. When not hacking data directly, Rodrigo can be found writing policy analysis in outlets such as IHS Jane’s Intelligence Review and the Harvard Law Review.

sponsored links

If you need translations, you can install "Google Translate" extension into your Chrome Browser.
Furthermore, you can change playback rate by installing "Video Speed Controller" extension.

Data provided by TED.

This website is owned and operated by Tokyo English Network.
The developer's blog is here.