ABOUT THE SPEAKER
Ralph Langner - Security consultant
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.

Why you should listen

Ralph Langner heads Langner, an independent cyber-security firm that specializes in control systems -- electronic devices that monitor and regulate other devices, such as manufacturing equipment. These devices' deep connection to the infrastructure that runs our cities and countries has made them, increasingly, the targets of an emerging, highly sophisticated type of cyber-warfare. And since 2010, when the Stuxnet computer worm first reared its head, Langner has stood squarely in the middle of the battlefield.

As part of a global effort to decode the mysterious program, Langner and his team analyzed Stuxnet's data structures, and revealed what he believes to be its ultimate intent: the control system software known to run centrifuges in nuclear facilities -- specifically, facilities in Iran. Further analysis by Langner uncovered what seem to be Stuxnet's shocking origins, which he revealed in his TED2011 talk. (PS: He was right.)

More profile about the speaker
Ralph Langner | Speaker | TED.com
TED2011

Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon

拉尔夫·兰纳:破解二十一世纪的网络武器--震网病毒

Filmed:
1,567,512 views

2010年初次发现震网电脑蠕虫时,它就给我们出了个难题。在它不寻常的高度复杂性后隐约地呈现出一个更令人不安的谜团:它的目的。拉尔夫·兰纳和他的团队协助破解了代码,其中揭露了这一数字敌人的最终目标 -- 及它隐秘的来源。在数字取证这一奇妙的表象下,他阐述了他们是如何做到的。
- Security consultant
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware. Full bio

Double-click the English transcript below to play the video.

00:15
The idea理念 behind背后 the StuxnetStuxnet蠕虫 computer电脑 worm
0
0
3000
震网电脑蠕虫背后的思想
00:18
is actually其实 quite相当 simple简单.
1
3000
2000
其实非常简单。
00:20
We don't want Iran伊朗 to get the bomb炸弹.
2
5000
3000
我们不希望伊朗拥有核武器。
00:23
Their major重大的 asset财富 for developing发展 nuclear weapons武器
3
8000
3000
他们用于开发核武器的主要设备
00:26
is the Natanz纳坦兹 uranium enrichment丰富 facility设施.
4
11000
4000
是纳坦兹的铀浓缩设施。
00:30
The gray灰色 boxes盒子 that you see,
5
15000
2000
各位看到的灰盒子
00:32
these are real-time即时的 control控制 systems系统.
6
17000
3000
是实时控制系统。
00:35
Now if we manage管理 to compromise妥协 these systems系统
7
20000
3000
如果我们设法侵入这些
00:38
that control控制 drive驾驶 speeds速度 and valves阀门,
8
23000
3000
控制驱动器的速度和阀门的系统中,
00:41
we can actually其实 cause原因 a lot of problems问题
9
26000
3000
我们实际上可以用离心机
00:44
with the centrifuge离心分离机.
10
29000
2000
造成很多问题。
00:46
The gray灰色 boxes盒子 don't run Windows视窗 software软件;
11
31000
2000
这个灰盒子不能运行Windows软件;
00:48
they are a completely全然 different不同 technology技术.
12
33000
3000
它们用的是完全不同的技术。
00:51
But if we manage管理
13
36000
2000
但如果我们设法
00:53
to place地点 a good Windows视窗 virus病毒
14
38000
3000
把一个Windows病毒
00:56
on a notebook笔记本
15
41000
2000
放到一名
00:58
that is used by a maintenance保养 engineer工程师
16
43000
2000
设备工程师用于配置
01:00
to configure配置 this gray灰色 box,
17
45000
3000
这个灰盒子的笔记本上,
01:03
then we are in business商业.
18
48000
2000
然后我们就可以开始行动了。
01:05
And this is the plot情节 behind背后 StuxnetStuxnet蠕虫.
19
50000
3000
这就是震网病毒背后的阴谋。
01:08
So we start开始 with a Windows视窗 dropper滴管.
20
53000
5000
那么我从一个Windows注入器开始。
01:13
The payload有效载荷 goes onto the gray灰色 box,
21
58000
3000
它携带的病毒传播到灰盒子,
01:16
damages赔偿 the centrifuge离心分离机,
22
61000
2000
破坏离心机,
01:18
and the Iranian伊朗的 nuclear program程序 is delayed延迟 --
23
63000
2000
伊朗核项目延迟 --
01:20
mission任务 accomplished完成.
24
65000
2000
任务完成。
01:22
That's easy简单, huh?
25
67000
2000
很容易,是吧?
01:24
I want to tell you how we found发现 that out.
26
69000
3000
我想告诉大家我们是如何发现这些的。
01:27
When we started开始 our research研究 on StuxnetStuxnet蠕虫 six months个月 ago,
27
72000
3000
当六个月前我们开始研究震网病毒时,
01:30
it was completely全然 unknown未知 what the purpose目的 of this thing was.
28
75000
3000
我们对它的目的一无所知。
01:33
The only thing that was known已知
29
78000
2000
唯一知道的是,
01:35
is it's very, very complex复杂 on the Windows视窗 part部分, the dropper滴管 part部分,
30
80000
3000
它的Windows部分,注入器部分非常非常复杂,
01:38
used multiple zero-day零日 vulnerabilities漏洞.
31
83000
3000
使用了多重零日漏洞攻击。
01:41
And it seemed似乎 to want to do something
32
86000
3000
它似乎想要对
01:44
with these gray灰色 boxes盒子, these real-time即时的 control控制 systems系统.
33
89000
2000
这些灰盒子,这些实时控制系统做些什么。
01:46
So that got our attention注意,
34
91000
2000
这引起了我们的注意,
01:48
and we started开始 a lab实验室 project项目
35
93000
2000
我们启动了一个实验室项目,
01:50
where we infected感染 our environment环境 with StuxnetStuxnet蠕虫
36
95000
4000
用震网病毒感染我们的系统,
01:54
and checked检查 this thing out.
37
99000
2000
并进行了仔细的检查。
01:56
And then some very funny滑稽 things happened发生.
38
101000
3000
接着一些非常有趣的事发生了。
01:59
StuxnetStuxnet蠕虫 behaved like a lab实验室 rat
39
104000
3000
震网病毒表现的像只
02:02
that didn't like our cheese起司 --
40
107000
3000
不喜欢起司的大白鼠 --
02:05
sniffed, but didn't want to eat.
41
110000
2000
嗅一嗅起司,但并不想吃。
02:07
Didn't make sense to me.
42
112000
2000
我有些不理解。
02:09
And after we experimented试验 with different不同 flavors口味 of cheese起司,
43
114000
3000
而在我们实验了各种不同的起司之后,
02:12
I realized实现, well, this is a directed针对 attack攻击.
44
117000
4000
我意识到,这是一个定向攻击。
02:16
It's completely全然 directed针对.
45
121000
2000
它完全是定向的。
02:18
The dropper滴管 is prowling潜行 actively积极地
46
123000
2000
如果找到了特定的配置,
02:20
on the gray灰色 box
47
125000
2000
注入器就会
02:22
if a specific具体 configuration组态 is found发现,
48
127000
3000
主动潜入灰盒子里,
02:25
and even if the actual实际 program程序 code that it's trying to infect感染
49
130000
4000
即使它正试图感染的实际的程序
02:29
is actually其实 running赛跑 on that target目标.
50
134000
2000
也在干着同样的事儿。
02:31
And if not, StuxnetStuxnet蠕虫 does nothing.
51
136000
3000
如果没有找到目标,震网病毒什么也不做。
02:34
So that really got my attention注意,
52
139000
2000
这确实引起了我的注意,
02:36
and we started开始 to work on this
53
141000
2000
我们开始昼夜不停的
02:38
nearly几乎 around the clock时钟,
54
143000
2000
对这个进行研究,
02:40
because I thought, "Well, we don't know what the target目标 is.
55
145000
3000
因为我觉得我们还不知道它的目标呢。
02:43
It could be, let's say for example,
56
148000
2000
目标也许是,打个比方,
02:45
a U.S. power功率 plant,
57
150000
2000
一座美国发电厂,
02:47
or a chemical化学 plant in Germany德国.
58
152000
2000
或德国的化工厂。
02:49
So we better find out what the target目标 is soon不久."
59
154000
3000
因此我们最好尽快找出它的目标。
02:52
So we extracted提取 and decompiled反编译
60
157000
2000
我们提取并反编译了
02:54
the attack攻击 code,
61
159000
2000
攻击代码,
02:56
and we discovered发现 that it's structured结构化的 in two digital数字 bombs炸弹 --
62
161000
3000
发现它包含两个数字炸弹 --
02:59
a smaller one and a bigger one.
63
164000
3000
一个小些的和一个大些的。
03:02
And we also saw that they are very professionally专业 engineered工程
64
167000
4000
而我们也发现,它们是被了解所有内幕信息的人
03:06
by people who obviously明显 had all insider内幕 information信息.
65
171000
4000
非常专业地制作出来的。
03:10
They knew知道 all the bits and bites咬伤
66
175000
2000
他们了解所要攻击
03:12
that they had to attack攻击.
67
177000
2000
目标的所有细节。
03:14
They probably大概 even know the shoe size尺寸 of the operator操作者.
68
179000
3000
他们甚至知道操作员鞋子的号码。
03:17
So they know everything.
69
182000
2000
他们知道一切。
03:19
And if you have heard听说 that the dropper滴管 of StuxnetStuxnet蠕虫
70
184000
3000
如果各位曾经听说过,震网病毒的注入器
03:22
is complex复杂 and high-tech高科技,
71
187000
2000
复杂且是高科技的,
03:24
let me tell you this:
72
189000
2000
让我告诉各位:
03:26
the payload有效载荷 is rocket火箭 science科学.
73
191000
2000
它携带的病毒非常复杂。
03:28
It's way above以上 everything
74
193000
2000
这远超过我们
03:30
that we have ever seen看到 before.
75
195000
3000
曾经见过的技术。
03:33
Here you see a sample样品 of this actual实际 attack攻击 code.
76
198000
3000
在这儿各位能看到实际的攻击代码的片段。
03:36
We are talking about --
77
201000
2000
我们在讨论 --
03:38
around about 15,000 lines线 of code.
78
203000
3000
大约1万5千行代码。
03:41
Looks容貌 pretty漂亮 much like old-style老式 assembly部件 language语言.
79
206000
3000
看起来很像旧式的汇编语言。
03:44
And I want to tell you how we were able能够
80
209000
2000
我想告诉各位我们是
03:46
to make sense out of this code.
81
211000
2000
如何弄明白这些代码的。
03:48
So what we were looking for is, first of all, system系统 function功能 calls电话,
82
213000
3000
我们首先要寻找的是系统函数调用,
03:51
because we know what they do.
83
216000
2000
因为我们知道这些函数做什么。
03:53
And then we were looking for timers计时器 and data数据 structures结构
84
218000
4000
然后我们要找到定时器和数据结构,
03:57
and trying to relate涉及 them to the real真实 world世界 --
85
222000
2000
接着尝试把它们和现实世界联系起来 --
03:59
to potential潜在 real真实 world世界 targets目标.
86
224000
2000
与潜在的现实世界目标联系起来。
04:01
So we do need target目标 theories理论
87
226000
3000
因此我们需要目标理论
04:04
that we can prove证明 or disprove驳斥.
88
229000
3000
我们能用它来证实与否。
04:07
In order订购 to get target目标 theories理论,
89
232000
2000
为了得到目标理论,
04:09
we remember记得
90
234000
2000
我们记得
04:11
that it's definitely无疑 hardcore铁杆 sabotage破坏,
91
236000
2000
这绝对会造成严重的破坏,
04:13
it must必须 be a high-value高价值 target目标
92
238000
2000
因此必然有个高价值的目标,
04:15
and it is most likely容易 located位于 in Iran伊朗,
93
240000
3000
而且很有可能就位于伊朗境内,
04:18
because that's where most of the infections感染 had been reported报道.
94
243000
4000
因为在伊朗报告的病毒感染最多。
04:22
Now you don't find several一些 thousand targets目标 in that area.
95
247000
3000
在这一区域并不会发现许多目标。
04:25
It basically基本上 boils down
96
250000
2000
基本上可以把目标缩小至
04:27
to the Bushehr布什尔 nuclear power功率 plant
97
252000
2000
布歇赫尔核电厂
04:29
and to the Natanz纳坦兹 fuel汽油 enrichment丰富 plant.
98
254000
2000
和纳坦兹的铀浓缩厂。
04:31
So I told my assistant助理,
99
256000
2000
因此我对我的助理说,
04:33
"Get me a list名单 of all centrifuge离心分离机 and power功率 plant experts专家 from our client客户 base基础."
100
258000
3000
“给我一个包含我们客户群中所有离心机和发电厂专家的列表。”
04:36
And I phoned打电话给 them up and picked采摘的 their brain
101
261000
2000
我跟他们通了电话,让他们
04:38
in an effort功夫 to match比赛 their expertise专门知识
102
263000
2000
用他们的专业知识帮忙
04:40
with what we found发现 in code and data数据.
103
265000
3000
分析我们在代码和数据中的发现。
04:43
And that worked工作 pretty漂亮 well.
104
268000
2000
这非常管用。
04:45
So we were able能够 to associate关联
105
270000
2000
我们能把这个小的
04:47
the small digital数字 warhead弹头
106
272000
2000
数字弹头与转子控制器
04:49
with the rotor转子 control控制.
107
274000
2000
联系起来了。
04:51
The rotor转子 is that moving移动 part部分 within the centrifuge离心分离机,
108
276000
3000
这个转子是离心机内部的运动机件,
04:54
that black黑色 object目的 that you see.
109
279000
2000
就是各位看到的那个黑色物体。
04:56
And if you manipulate操作 the speed速度 of this rotor转子,
110
281000
3000
如果控制这个转子的速度,
04:59
you are actually其实 able能够 to crack裂纹 the rotor转子
111
284000
2000
实际上就能破解转子
05:01
and eventually终于 even have the centrifuge离心分离机 explode爆炸.
112
286000
4000
并甚至最终能让离心机爆炸。
05:05
What we also saw
113
290000
2000
我们也看到了
05:07
is that the goal目标 of the attack攻击
114
292000
2000
攻击的目的
05:09
was really to do it slowly慢慢地 and creepy爬行 --
115
294000
3000
是让这一切令人恐怖的事缓慢地发生--
05:12
obviously明显 in an effort功夫
116
297000
2000
显然这会
05:14
to drive驾驶 maintenance保养 engineers工程师 crazy,
117
299000
3000
让维护工程师们发疯,
05:17
that they would not be able能够 to figure数字 this out quickly很快.
118
302000
3000
他们不可能很快找出问题所在。
05:20
The big digital数字 warhead弹头 -- we had a shot射击 at this
119
305000
3000
大的数字弹头 -- 通过仔细地
05:23
by looking very closely密切
120
308000
2000
观察数据和数据结构,
05:25
at data数据 and data数据 structures结构.
121
310000
2000
我们有机会对它有所了解。
05:27
So for example, the number 164
122
312000
2000
例如,数字164
05:29
really stands站立 out in that code;
123
314000
2000
在这些代码中非常引人注目;
05:31
you can't overlook俯瞰 it.
124
316000
2000
不可能忽略它。
05:33
I started开始 to research研究 scientific科学 literature文学
125
318000
2000
我开始研究与这些分离机
05:35
on how these centrifuges离心机
126
320000
2000
如何被建造在纳坦兹
05:37
are actually其实 built内置 in Natanz纳坦兹
127
322000
2000
有关的科学文献,
05:39
and found发现 they are structured结构化的
128
324000
2000
并发现它们被组织在
05:41
in what is called a cascade级联,
129
326000
2000
一个被称为层级的东西之中,
05:43
and each cascade级联 holds持有 164 centrifuges离心机.
130
328000
4000
每个层级包含164个离心机。
05:47
So that made制作 sense, that was a match比赛.
131
332000
2000
这有点清楚了,匹配起来了。
05:49
And it even got better.
132
334000
2000
甚至更好地匹配了。
05:51
These centrifuges离心机 in Iran伊朗
133
336000
2000
在伊朗的这些离心机
05:53
are subdivided细分 into 15, what is called, stages阶段.
134
338000
4000
被分成15个所谓的机组。
05:57
And guess猜测 what we found发现 in the attack攻击 code?
135
342000
2000
猜测我们在攻击代码中发现了什么?
05:59
An almost几乎 identical相同 structure结构体.
136
344000
2000
一个几乎完全相同的机组结构。
06:01
So again, that was a real真实 good match比赛.
137
346000
3000
因此,再一次地很好地匹配上了。
06:04
And this gave us very high confidence置信度 for what we were looking at.
138
349000
3000
这在我们所进行的工作上给了我们更多自信。
06:07
Now don't get me wrong错误 here, it didn't go like this.
139
352000
3000
现在别误会我,它不是像这样进行的。
06:10
These results结果 have been obtained获得
140
355000
3000
这些结果中包含了
06:13
over several一些 weeks of really hard labor劳动.
141
358000
3000
我们数周的辛苦劳动。
06:16
And we often经常 went into just a dead end结束
142
361000
3000
我们常常走入死胡同
06:19
and had to recover恢复.
143
364000
2000
并回到起点。
06:21
Anyway无论如何, so we figured想通 out
144
366000
2000
总之,我们找出了
06:23
that both digital数字 warheads弹头
145
368000
2000
这两个从不同角度
06:25
were actually其实 aiming瞄准 at one and the same相同 target目标,
146
370000
2000
瞄准着同一个目标的
06:27
but from different不同 angles.
147
372000
2000
数字弹头。
06:29
The small warhead弹头 is taking服用 one cascade级联,
148
374000
3000
小弹头选择一个层级,
06:32
and spinning纺织 up the rotors转子 and slowing减缓 them down,
149
377000
3000
旋转加速转子,接着让它们慢下来,
06:35
and the big warhead弹头
150
380000
2000
然后大弹头
06:37
is talking to six cascades级联
151
382000
2000
选择六个层级
06:39
and manipulating操纵 valves阀门.
152
384000
2000
并操控阀门。
06:41
So in all, we are very confident信心
153
386000
2000
总的来说,我们非常自信
06:43
that we have actually其实 determined决心 what the target目标 is.
154
388000
2000
我们确定了目标是什么。
06:45
It is Natanz纳坦兹, and it is only Natanz纳坦兹.
155
390000
3000
就是纳坦兹,只可能是纳坦兹。
06:48
So we don't have to worry担心
156
393000
2000
我们并不担心
06:50
that other targets目标
157
395000
2000
其他可能被震网病毒
06:52
might威力 be hit击中 by StuxnetStuxnet蠕虫.
158
397000
2000
要攻击的目标。
06:54
Here's这里的 some very cool stuff东东 that we saw --
159
399000
3000
有些我们看到的非常酷的东西 --
06:57
really knocked被撞 my socks袜子 off.
160
402000
2000
确实让我大吃一惊的东西。
06:59
Down there is the gray灰色 box,
161
404000
2000
这儿下面是灰盒子,
07:01
and on the top最佳 you see the centrifuges离心机.
162
406000
3000
在上面看到的是离心机。
07:04
Now what this thing does
163
409000
2000
事情是这样的,
07:06
is it intercepts拦截 the input输入 values from sensors传感器 --
164
411000
3000
它拦截了从传感器发送来的输入值--
07:09
so for example, from pressure压力 sensors传感器
165
414000
2000
例如,来自压力传感器
07:11
and vibration振动 sensors传感器 --
166
416000
2000
和震动传感器的输入值 --
07:13
and it provides提供 legitimate合法 program程序 code,
167
418000
3000
并提供合法的代码,
07:16
which哪一个 is still running赛跑 during the attack攻击,
168
421000
2000
这代码会在攻击期间仍然保持运行,
07:18
with fake input输入 data数据.
169
423000
2000
随代码一起的还有假的输入数据。
07:20
And as a matter of fact事实, this fake input输入 data数据
170
425000
2000
事实上,这假的输入数据
07:22
is actually其实 prerecorded预录 by StuxnetStuxnet蠕虫.
171
427000
3000
是震网病毒事先预存的。
07:25
So it's just like from the Hollywood好莱坞 movies电影
172
430000
2000
正如好莱坞电影
07:27
where during the heist抢劫,
173
432000
2000
中的抢劫片段,
07:29
the observation意见 camera相机 is fed美联储 with prerecorded预录 video视频.
174
434000
3000
观察摄像头被连上了事先录制好的视频。
07:32
That's cool, huh?
175
437000
2000
很酷,不是么?
07:35
The idea理念 here is obviously明显
176
440000
2000
它的打算显然
07:37
not only to fool傻子 the operators运营商 in the control控制 room房间.
177
442000
3000
不仅是要愚弄控制室中的操作员。
07:40
It actually其实 is much more dangerous危险 and aggressive侵略性.
178
445000
4000
它实际上要更危险,更具侵略性。
07:44
The idea理念
179
449000
2000
它的打算
07:46
is to circumvent规避 a digital数字 safety安全 system系统.
180
451000
3000
是要绕过数字安全系统。
07:50
We need digital数字 safety安全 systems系统
181
455000
2000
我们需要数字安全系统
07:52
where a human人的 operator操作者 could not act法案 quick enough足够.
182
457000
3000
在那些人类操作员不能做出足够快的行动的地方。
07:55
So for example, in a power功率 plant,
183
460000
2000
例如,在发电厂,
07:57
when your big steam蒸汽 turbine涡轮 gets得到 too over speed速度,
184
462000
3000
当巨大的蒸汽轮机转速过快时,
08:00
you must必须 open打开 relief浮雕 valves阀门 within a millisecond毫秒.
185
465000
3000
必须在一毫秒内打开安全阀。
08:03
Obviously明显, this cannot不能 be doneDONE by a human人的 operator操作者.
186
468000
3000
显然,人类操作员不可能做到。
08:06
So this is where we need digital数字 safety安全 systems系统.
187
471000
2000
因此,在这儿就需要数字安全系统。
08:08
And when they are compromised妥协,
188
473000
2000
而当它们受到损害时,
08:10
then real真实 bad things can happen发生.
189
475000
3000
真正的问题就会出现。
08:13
Your plant can blow打击 up.
190
478000
2000
电厂会爆炸。
08:15
And neither也不 your operators运营商 nor也不 your safety安全 system系统 will notice注意 it.
191
480000
3000
操作员和安全系统都不会注意到。
08:18
That's scary害怕.
192
483000
2000
这很可怕。
08:20
But it gets得到 worse更差.
193
485000
2000
但还会更糟。
08:22
And this is very important重要, what I'm going to say.
194
487000
3000
我将要说到的,非常重要。
08:25
Think about this:
195
490000
2000
想想这个。
08:27
this attack攻击 is generic通用.
196
492000
3000
这种攻击是通用的。
08:30
It doesn't have anything to do, in specifics细节,
197
495000
4000
它不需要对离心机,
08:34
with centrifuges离心机,
198
499000
2000
对铀浓缩做什么
08:36
with uranium enrichment丰富.
199
501000
3000
具体的事情。
08:39
So it would work as well, for example,
200
504000
3000
它也将发挥作用,例如,
08:42
in a power功率 plant
201
507000
2000
在一个发电厂
08:44
or in an automobile汽车 factory.
202
509000
3000
或是一个汽车制造厂。
08:47
It is generic通用.
203
512000
2000
这很普通。
08:49
And you don't have -- as an attacker攻击者 --
204
514000
2000
作为一名攻击者,你不需要 --
08:51
you don't have to deliver交付 this payload有效载荷
205
516000
3000
不需要用U盘把病毒
08:54
by a USBUSB stick,
206
519000
2000
传播出去,
08:56
as we saw it in the case案件 of StuxnetStuxnet蠕虫.
207
521000
2000
如我们在震网病毒这一案例中看到的那样。
08:58
You could also use conventional常规 worm technology技术 for spreading传播.
208
523000
3000
你也可以用传统的蠕虫技术进行传播。
09:01
Just spread传播 it as wide as possible可能.
209
526000
3000
尽可能广泛地传播它。
09:04
And if you do that,
210
529000
2000
如果做到了这些
09:06
what you end结束 up with
211
531000
2000
最终就会拥有
09:08
is a cyber网络 weapon武器 of mass destruction毁坏.
212
533000
5000
一个大规模杀伤性的网络武器。
09:14
That's the consequence后果
213
539000
2000
这就是我们不得不
09:16
that we have to face面对.
214
541000
3000
面对的后果。
09:19
So unfortunately不幸,
215
544000
3000
不幸地是,
09:22
the biggest最大 number of targets目标 for such这样 attacks攻击
216
547000
3000
这类攻击数量最多的目标
09:25
are not in the Middle中间 East.
217
550000
2000
不是在中东。
09:27
They're in the United联合的 States状态 and Europe欧洲 and in Japan日本.
218
552000
3000
而是在美国、欧洲和日本。
09:30
So all of the green绿色 areas,
219
555000
2000
所有这些绿色的区域,
09:32
these are your target-rich目标丰富 environments环境.
220
557000
3000
这些是目标密集的区域。
09:35
We have to face面对 the consequences后果,
221
560000
3000
我们不得不面对这些后果,
09:38
and we better start开始 to prepare准备 right now.
222
563000
3000
我们最好立即开始做准备。
09:41
Thanks谢谢.
223
566000
2000
谢谢。
09:43
(Applause掌声)
224
568000
6000
(掌声)
09:49
Chris克里斯 Anderson安德森: I've got a question.
225
574000
2000
克里斯·安德森:我有个问题。
09:53
Ralph拉尔夫, it's been quite相当 widely广泛 reported报道
226
578000
2000
拉尔夫,广为流传
09:55
that people assume承担 that Mossad摩萨德
227
580000
2000
人们认为摩萨德
09:57
is the main主要 entity实体 behind背后 this.
228
582000
2000
是幕后主使。
09:59
Is that your opinion意见?
229
584000
3000
你怎么看?
10:02
Ralph拉尔夫 Langner朗纳: Okay, you really want to hear that?
230
587000
2000
拉尔夫·兰纳:好的,你真的想知道?
10:04
Yeah. Okay.
231
589000
2000
是的,好吧。
10:06
My opinion意见 is that the Mossad摩萨德 is involved参与,
232
591000
3000
我认为摩萨德牵涉其中,
10:09
but that the leading领导 force is not Israel以色列.
233
594000
3000
但主导力量不是以色列。
10:12
So the leading领导 force behind背后 that
234
597000
2000
其后的主导力量
10:14
is the cyber网络 superpower超级大国.
235
599000
3000
是网络超级大国。
10:17
There is only one,
236
602000
2000
只有一个,
10:19
and that's the United联合的 States状态 --
237
604000
2000
那就是美国 --
10:21
fortunately幸好, fortunately幸好.
238
606000
2000
很幸运,很幸运。
10:23
Because otherwise除此以外,
239
608000
2000
因为否则的话,
10:25
our problems问题 would even be bigger.
240
610000
3000
我们面临的问题就更加严重了。
10:28
CACA: Thank you for scaring惊吓 the living活的 daylights一大跳 out of us. Thank you, Ralph拉尔夫.
241
613000
4000
克里斯:谢谢你吓了我们一大跳,谢谢你,拉尔夫。
10:32
(Applause掌声)
242
617000
2000
(掌声)
Translated by Felix Chen
Reviewed by Angelia King

▲Back to top

ABOUT THE SPEAKER
Ralph Langner - Security consultant
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.

Why you should listen

Ralph Langner heads Langner, an independent cyber-security firm that specializes in control systems -- electronic devices that monitor and regulate other devices, such as manufacturing equipment. These devices' deep connection to the infrastructure that runs our cities and countries has made them, increasingly, the targets of an emerging, highly sophisticated type of cyber-warfare. And since 2010, when the Stuxnet computer worm first reared its head, Langner has stood squarely in the middle of the battlefield.

As part of a global effort to decode the mysterious program, Langner and his team analyzed Stuxnet's data structures, and revealed what he believes to be its ultimate intent: the control system software known to run centrifuges in nuclear facilities -- specifically, facilities in Iran. Further analysis by Langner uncovered what seem to be Stuxnet's shocking origins, which he revealed in his TED2011 talk. (PS: He was right.)

More profile about the speaker
Ralph Langner | Speaker | TED.com