ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com
TEDGlobal 2011

Mikko Hypponen: Fighting viruses, defending the net

米科·哈普宁:对抗病毒,保卫网络

Filmed:
1,847,520 views

自首个电脑病毒(Brain A)攻击网络至今已经25年了,曾经只是让人烦恼的小东西,现在已经变成了为犯罪和间谍服务的尖端工具。电脑安全专家米科·哈普宁为我们展示如何阻止新型病毒对互联网的威胁。
- Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio

Double-click the English transcript below to play the video.

00:15
I love the Internet互联网.
0
0
3000
我爱网络
00:18
It's true真正.
1
3000
2000
这是真的
00:20
Think about everything it has brought us.
2
5000
2000
想想它给我们带来的一切
00:22
Think about all the services服务 we use,
3
7000
3000
想想它给我们提供的服务
00:25
all the connectivity连接,
4
10000
2000
所有的互联性
00:27
all the entertainment娱乐,
5
12000
2000
娱乐性
00:29
all the business商业, all the commerce商业.
6
14000
3000
商业性,贸易性
00:32
And it's happening事件 during our lifetimes寿命.
7
17000
3000
这些都发生在我们的生活中
00:35
I'm pretty漂亮 sure that one day
8
20000
3000
我非常肯定将来的某一天
00:38
we'll be writing写作 history历史 books图书
9
23000
2000
当我们书写从现在开始的
00:40
hundreds数以百计 of years年份 from now. This time
10
25000
3000
数百年历史的时候
00:43
our generation will be remembered记得
11
28000
3000
我们现在这段时期将被誉为
00:46
as the generation that got online线上,
12
31000
3000
网络的一代
00:49
the generation
13
34000
2000
真正的、完全的
00:51
that built内置 something really and truly global全球.
14
36000
3000
全球化的一代
00:54
But yes, it's also true真正
15
39000
3000
但是,当然
00:57
that the Internet互联网 has problems问题, very serious严重 problems问题,
16
42000
3000
也不可否认互联网仍然有许多问题,而且是非常严重的问题
01:00
problems问题 with security安全
17
45000
3000
安全问题
01:03
and problems问题 with privacy隐私.
18
48000
3000
隐私问题
01:06
I've spent花费 my career事业
19
51000
2000
我至今的职业生涯
01:08
fighting战斗 these problems问题.
20
53000
3000
都在和这些问题斗争
01:11
So let me show显示 you something.
21
56000
3000
我给大家展示一下
01:15
This here
22
60000
2000
01:17
is Brain.
23
62000
2000
是个Brain
01:19
This is a floppy软盘 disk磁盘
24
64000
2000
这是个软盘
01:21
-- five and a quarter-inch四分之一英寸 floppy软盘 disk磁盘
25
66000
2000
--5.25英寸的软盘
01:23
infected感染 by Brain.A.
26
68000
2000
被Brain A 病毒所感染
01:25
It's the first virus病毒 we ever found发现
27
70000
2000
这是我们至今发现的最早的
01:27
for PC个人计算机 computers电脑.
28
72000
2000
个人电脑病毒
01:30
And we actually其实 know
29
75000
2000
我们现在知道
01:32
where Brain came来了 from.
30
77000
2000
它出自何处
01:34
We know because it says so
31
79000
2000
因为它的代码
01:36
inside the code.
32
81000
2000
告诉了我们
01:38
Let's take a look.
33
83000
3000
我们来看一下
01:45
All right.
34
90000
3000
01:48
That's the boot sector扇形 of an infected感染 floppy软盘,
35
93000
3000
这就是这个被感染软盘的引导区
01:51
and if we take a closer接近 look inside,
36
96000
3000
如果我们仔细观察它的内部
01:54
we'll see that right there,
37
99000
2000
我们会在那里发现,
01:56
it says, "Welcome欢迎 to the dungeon地牢."
38
101000
4000
它说:“欢迎来到地牢”
02:00
And then it continues继续,
39
105000
2000
然后它继续提到
02:02
saying, 1986, Basit巴西特 and Amjad阿姆贾德.
40
107000
3000
1986,Basit 和 Amjad
02:05
And Basit巴西特 and Amjad阿姆贾德 are first names,
41
110000
3000
Basit和Amjad是名字
02:08
Pakistani巴基斯坦 first names.
42
113000
2000
巴基斯坦人的名字
02:10
In fact事实, there's a phone电话 number and an address地址 in Pakistan巴基斯坦.
43
115000
3000
事实上,那儿还有个巴基斯坦的电话和地址
02:13
(Laughter笑声)
44
118000
5000
(笑声)
02:18
Now, 1986.
45
123000
3000
1986年
02:21
Now it's 2011.
46
126000
2000
现在是2011年
02:23
That's 25 years年份 ago.
47
128000
2000
那已经是25年前的事情了
02:25
The PC个人计算机 virus病毒 problem问题 is 25 years年份 old now.
48
130000
4000
个人电脑病毒现在已经25岁了
02:29
So half a year ago,
49
134000
2000
因此一年半之前
02:31
I decided决定 to go to Pakistan巴基斯坦 myself.
50
136000
3000
我决定自己去趟巴基斯坦
02:34
So let's see, here's这里的 a couple一对 of photos相片 I took while I was in Pakistan巴基斯坦.
51
139000
3000
我们看一下,这有一些我在巴基斯坦时照的照片
02:37
This is from the city of Lahore拉合尔,
52
142000
2000
这是拉合尔城的照片
02:39
which哪一个 is around 300 kilometers公里 south
53
144000
2000
它位于本·拉登被击毙的
02:41
from Abbottabad阿伯塔巴德, where Bin箱子 Laden拉登 was caught抓住.
54
146000
3000
阿伯塔巴德以南大约300公里
02:44
Here's这里的 a typical典型 street view视图.
55
149000
3000
这是个当地典型的街景
02:47
And here's这里的 the street or road leading领导 to this building建造,
56
152000
3000
这个是通往Allama Iqbal城 730尼扎姆街区
02:50
which哪一个 is 730 Nizam尼扎姆 block at AllamaAllama Iqbal伊克巴尔 Town.
57
155000
4000
的建筑物的街道
02:54
And I knocked被撞 on the door.
58
159000
2000
我敲了敲门
02:56
(Laughter笑声)
59
161000
2000
(笑声)
02:58
You want to guess猜测 who opened打开 the door?
60
163000
2000
你想知道谁开的门吗?
03:00
Basit巴西特 and Amjad阿姆贾德; they are still there.
61
165000
2000
就是Basit和Amjad, 他们还在那住着
03:02
(Laughter笑声)
62
167000
2000
(笑声)
03:04
(Applause掌声)
63
169000
4000
(掌声)
03:08
So here standing常设 up is Basit巴西特.
64
173000
3000
站着的就是Basit
03:11
Sitting坐在 down is his brother哥哥 Amjad阿姆贾德.
65
176000
3000
坐着的是他的兄弟Amjad
03:14
These are the guys who wrote the first PC个人计算机 virus病毒.
66
179000
3000
这就是编写了第一个个人电脑病毒的两个家伙
03:17
Now of course课程, we had a very interesting有趣 discussion讨论.
67
182000
3000
在当下,我们有一个很有趣的讨论
03:20
I asked them why.
68
185000
2000
我问他们为什么
03:22
I asked them how they feel about what they started开始.
69
187000
3000
我问他们开始的时候是怎么想的
03:25
And I got some sort分类 of satisfaction满意
70
190000
3000
同时我也得到了一些满足
03:28
from learning学习 that both Basit巴西特 and Amjad阿姆贾德
71
193000
3000
从获悉他们两个
03:31
had had their computers电脑 infected感染 dozens许多 of times
72
196000
3000
的电脑这些年来也感染了很多次
03:34
by completely全然 unrelated无关 other viruses病毒
73
199000
2000
完全不相关的
03:36
over these years年份.
74
201000
2000
其他病毒
03:38
So there is some sort分类 of justice正义
75
203000
2000
因此说这个世界上毕竟还是
03:40
in the world世界 after all.
76
205000
3000
有几分正义存在的
03:44
Now, the viruses病毒 that we used to see
77
209000
2000
如今,上世纪80-90年代之间
03:46
in the 1980s and 1990s
78
211000
2000
出现的病毒
03:48
obviously明显 are not a problem问题 any more.
79
213000
3000
对我们已经明显不是个问题了
03:51
So let me just show显示 you a couple一对 of examples例子
80
216000
2000
我给大家几个例子
03:53
of what they used to look like.
81
218000
2000
展示它们以前的样子
03:55
What I'm running赛跑 here
82
220000
2000
我这里打开的是
03:57
is a system系统 that enables使 me
83
222000
2000
一个让我可以在现代电脑上
03:59
to run age-old古老 programs程式 on a modern现代 computer电脑.
84
224000
3000
运行老程序的系统
04:02
So let me just mount安装 some drives驱动器. Go over there.
85
227000
3000
让我来攻击几个驱动器,来到这一步
04:05
What we have here is a list名单 of old viruses病毒.
86
230000
3000
我们现在看到的是一个老病毒的清单
04:08
So let me just run some viruses病毒 on my computer电脑.
87
233000
3000
让我在我的电脑上运行几个病毒
04:11
For example,
88
236000
2000
比如说
04:13
let's go with the Centipede virus病毒 first.
89
238000
2000
让我先运行一个蜈蚣病毒
04:15
And you can see at the top最佳 of the screen屏幕,
90
240000
2000
你可以看见在屏幕的上方
04:17
there's a centipede scrolling滚动 across横过 your computer电脑
91
242000
2000
有一个类似蜈蚣的滚轴在穿过你的屏幕
04:19
when you get infected感染 by this one.
92
244000
2000
当你的电脑被感染的时候
04:21
You know that you're infected感染
93
246000
2000
你就知道你的电脑被感染了
04:23
because it actually其实 shows节目 up.
94
248000
2000
因为它就出现了
04:25
Here's这里的 another另一个 one. This is the virus病毒 called Crash紧急,
95
250000
3000
这是另一个 这是一个叫做崩溃的病毒
04:28
invented发明 in Russia俄国 in 1992.
96
253000
2000
1992年一个俄罗斯人发明的
04:30
Let me show显示 you one which哪一个 actually其实 makes品牌 some sound声音.
97
255000
3000
让我给大家展示一个出声音的病毒
04:34
(Siren警笛 noise噪声)
98
259000
6000
(警报噪声)
04:40
And the last example,
99
265000
2000
最后一个例子
04:42
guess猜测 what the Walker助步车 virus病毒 does?
100
267000
2000
猜猜Walker病毒什么样
04:44
Yes, there's a guy walking步行 across横过 your screen屏幕
101
269000
2000
对,就是有一个家伙走过你的屏幕
04:46
once一旦 you get infected感染.
102
271000
2000
当你的电脑被它感染的时候
04:48
So it used to be fairly相当 easy简单 to know
103
273000
3000
因此它很容易被发现
04:51
that you're infected感染 by a virus病毒,
104
276000
3000
你的电脑被病毒感染的时候
04:54
when the viruses病毒 were written书面 by hobbyists爱好者
105
279000
2000
当病毒只是被爱好者以及青少年
04:56
and teenagers青少年.
106
281000
2000
编写的时候
04:58
Today今天, they are no longer being存在 written书面
107
283000
2000
现在,病毒的编写者已经不再是
05:00
by hobbyists爱好者 and teenagers青少年.
108
285000
2000
爱好者和青少年了
05:02
Today今天, viruses病毒 are a global全球 problem问题.
109
287000
3000
如今,病毒已经是个全球问题
05:05
What we have here in the background背景
110
290000
2000
我们现在这里的背景情况是
05:07
is an example of our systems系统 that we run in our labs实验室,
111
292000
3000
我们在实验室运行了一个系统作为一个案例
05:10
where we track跟踪 virus病毒 infections感染 worldwide全世界.
112
295000
2000
我们用它追踪世界范围内的病毒感染情况
05:12
So we can actually其实 see in real真实 time
113
297000
2000
因此我们可以进行实时关注
05:14
that we've我们已经 just blocked受阻 viruses病毒 in Sweden瑞典 and Taiwan台湾
114
299000
3000
我们已经阻止了在瑞典、台湾
05:17
and Russia俄国 and elsewhere别处.
115
302000
2000
俄罗斯和其他任何地方的病毒
05:19
In fact事实, if I just connect back to our lab实验室 systems系统
116
304000
3000
事实上,如果我通过网络和我们实验室系统
05:22
through通过 the Web卷筒纸,
117
307000
2000
进行连接
05:24
we can see in real真实 time
118
309000
2000
我们就可以实时看到
05:26
just some kind of idea理念 of how many许多 viruses病毒,
119
311000
3000
每一天会发现多少的病毒
05:29
how many许多 new examples例子 of malware恶意软件 we find every一切 single day.
120
314000
3000
多少的恶意软件的新案例
05:32
Here's这里的 the latest最新 virus病毒 we've我们已经 found发现,
121
317000
2000
这是我们发现的最新的病毒
05:34
in a file文件 called Server服务器.exe可执行程序.
122
319000
2000
在一个叫做Server.exe的文件内
05:36
And we found发现 it right over here three seconds ago --
123
321000
3000
我们三秒前发现它在那
05:39
the previous以前 one, six seconds ago.
124
324000
2000
之前一个,六秒之前
05:41
And if we just scroll滚动 around,
125
326000
3000
如果我们滚动一下
05:44
it's just massive大规模的.
126
329000
2000
会发现有很多
05:46
We find tens of thousands数千, even hundreds数以百计 of thousands数千.
127
331000
3000
我们发现数万个,甚至数百万个
05:49
And that's the last 20 minutes分钟 of malware恶意软件
128
334000
3000
那些是最近20分钟的恶意软件
05:52
every一切 single day.
129
337000
2000
每一天都这样
05:54
So where are all these coming未来 from then?
130
339000
3000
那么所有这些都是从哪里来的呢?
05:57
Well today今天, it's the organized有组织的 criminal刑事 gangs帮派
131
342000
4000
如今,它们都是有组织的犯罪团伙
06:01
writing写作 these viruses病毒
132
346000
2000
编写病毒程序
06:03
because they make money with their viruses病毒.
133
348000
2000
因为他们通过病毒获利
06:05
It's gangs帮派 like --
134
350000
2000
它是个团伙--
06:07
let's go to GangstaBucksGangstaBucks.comCOM.
135
352000
3000
就像GangstaBucks.com网站一样
06:10
This is a website网站 operating操作 in Moscow莫斯科
136
355000
3000
这是一个在莫斯科运行的网站
06:13
where these guys are buying购买 infected感染 computers电脑.
137
358000
4000
他们这些家伙购买被感染的电脑
06:17
So if you are a virus病毒 writer作家
138
362000
2000
因此如果你是一个病毒编写者
06:19
and you're capable of infecting感染 Windows视窗 computers电脑,
139
364000
2000
并且你有感染Windows系统电脑的能力
06:21
but you don't know what to do with them,
140
366000
2000
但是你不知道怎么处理它们
06:23
you can sell those infected感染 computers电脑 --
141
368000
2000
你可以卖掉这些被感染的电脑--
06:25
somebody else's别人的 computers电脑 -- to these guys.
142
370000
2000
其他人的电脑--卖给那些家伙
06:27
And they'll他们会 actually其实 pay工资 you money for those computers电脑.
143
372000
4000
他们会付给你钱买
06:31
So how do these guys then monetize赚钱
144
376000
3000
那么这些家伙如何靠这些染上病毒的电脑
06:34
those infected感染 computers电脑?
145
379000
2000
赚钱的呢?
06:36
Well there's multiple different不同 ways方法,
146
381000
2000
有许多不同的方法
06:38
such这样 as banking银行业 trojans木马, which哪一个 will steal money from your online线上 banking银行业 accounts账户
147
383000
3000
比如银行木马,它可以从你的在线银行帐号中盗取你的钱
06:41
when you do online线上 banking银行业,
148
386000
3000
当你在线交易的时候
06:44
or keyloggers键盘记录器.
149
389000
3000
或者键盘记录
06:47
Keyloggers键盘记录器 silently默默 sit on your computer电脑, hidden from view视图,
150
392000
4000
键盘记录潜伏在你的计算机中,在视图中隐藏自己
06:51
and they record记录 everything you type类型.
151
396000
3000
同时它可以记录你键入的所有信息
06:54
So you're sitting坐在 on your computer电脑 and you're doing Google谷歌 searches搜索.
152
399000
3000
因此当你坐在电脑旁同时在谷歌上进行搜索时
06:57
Every一切 single Google谷歌 search搜索 you type类型
153
402000
2000
每一次你键入的搜索词
06:59
is saved保存 and sent发送 to the criminals罪犯.
154
404000
3000
都会被保存并且发送到犯罪分子那里
07:02
Every一切 single email电子邮件 you write is saved保存 and sent发送 to the criminals罪犯.
155
407000
3000
每一封你写的邮件也会遭受同样的经历
07:05
Same相同 thing with every一切 single password密码 and so on.
156
410000
4000
同样的遭遇还会发生在密码及其他资料上
07:09
But the thing that they're actually其实 looking for most
157
414000
2000
但是他们事实上最想获取的是
07:11
are sessions会议 where you go online线上
158
416000
2000
你的上网记录
07:13
and do online线上 purchases购买 in any online线上 store商店.
159
418000
3000
以及在网店进行在线交易的过程
07:16
Because when you do purchases购买 in online线上 stores商店,
160
421000
2000
因为当你进行网上交易的时候
07:18
you will be typing打字 in your name名称, the delivery交货 address地址,
161
423000
3000
你会输入你的姓名,邮寄地址
07:21
your credit信用 card number and the credit信用 card security安全 codes代码.
162
426000
3000
你的信用卡卡号以及安全码
07:24
And here's这里的 an example of a file文件
163
429000
2000
这里有一个案例
07:26
we found发现 from a server服务器 a couple一对 of weeks ago.
164
431000
2000
是我们数星期前在一个服务器上获得的
07:28
That's the credit信用 card number,
165
433000
2000
那是信用卡卡号
07:30
that's the expiration呼气 date日期, that's the security安全 code,
166
435000
2000
这是截至日期,这是安全码
07:32
and that's the name名称 of the owner所有者 of the card.
167
437000
2000
这是持卡人姓名
07:34
Once一旦 you gain获得 access访问 to other people's人们 credit信用 card information信息,
168
439000
3000
一旦你获取侵入他人信用卡的信息
07:37
you can just go online线上 and buy购买 whatever随你 you want
169
442000
2000
你就可以在线购买任何你想买的东西
07:39
with this information信息.
170
444000
3000
用所盗取的信息
07:42
And that, obviously明显, is a problem问题.
171
447000
2000
当然,很明显,这是一个问题
07:44
We now have a whole整个 underground地下 marketplace市井
172
449000
4000
我们现在存在着一整套的地下市场
07:48
and business商业 ecosystem生态系统
173
453000
3000
以及商业模式生态系统
07:51
built内置 around online线上 crime犯罪.
174
456000
3000
围绕着网上犯罪所设立的
07:54
One example of how these guys
175
459000
2000
有一个例子是说这些家伙
07:56
actually其实 are capable of monetizing货币化 their operations操作:
176
461000
3000
如何运作这个系统赚钱
07:59
we go and have a look at the pages网页 of INTERPOL国际刑警组织
177
464000
3000
我们打开看一下国际刑警组织的页面
08:02
and search搜索 for wanted persons.
178
467000
2000
然后搜索想找的人
08:04
We find guys like Bjorn比约恩 Sundin桑丁, originally本来 from Sweden瑞典,
179
469000
3000
我们找到了比约恩·松丁这个人,来自瑞典
08:07
and his partner伙伴 in crime犯罪,
180
472000
2000
与他的伙伴进行了犯罪
08:09
also listed上市 on the INTERPOL国际刑警组织 wanted pages网页,
181
474000
2000
同样在国际刑警组页面上列出了
08:11
Mr先生. ShaileshkumarShaileshkumar Jain耆那教,
182
476000
2000
Shaileshkumar Jain
08:13
a U.S. citizen公民.
183
478000
2000
一名美国公民
08:15
These guys were running赛跑 an operation手术 called I.M.U.,
184
480000
3000
这些家伙在运作着一个叫做I.M.U.的组织
08:18
a cybercrime网络犯罪 operation手术 through通过 which哪一个 they netted网状 millions百万.
185
483000
3000
是一个网络犯罪系统,净赚到数百万
08:21
They are both right now on the run.
186
486000
3000
他们现在还都在运作着
08:24
Nobody没有人 knows知道 where they are.
187
489000
2000
没人知道他们在哪里
08:26
U.S. officials官员, just a couple一对 of weeks ago,
188
491000
2000
美国官方,就在数星期前
08:28
froze冻结 a Swiss瑞士人 bank银行 account帐户
189
493000
2000
冻结了一个瑞士银行账户
08:30
belonging属于 to Mr先生. Jain耆那教,
190
495000
2000
是属于Jain的
08:32
and that bank银行 account帐户 had 14.9 million百万 U.S. dollars美元 on it.
191
497000
4000
账户中有1490万美元
08:36
So the amount of money online线上 crime犯罪 generates生成
192
501000
3000
因此说网上犯罪的金额是
08:39
is significant重大.
193
504000
2000
非常大的
08:41
And that means手段 that the online线上 criminals罪犯
194
506000
2000
这就意味着网上犯罪
08:43
can actually其实 afford给予 to invest投资 into their attacks攻击.
195
508000
3000
是可以负担的起他们进行攻击的支出
08:46
We know that online线上 criminals罪犯
196
511000
2000
我们知道网上犯罪
08:48
are hiring招聘 programmers程序员, hiring招聘 testing测试 people,
197
513000
3000
要雇佣程序员,测试人员
08:51
testing测试 their code,
198
516000
2000
测试他们的代码
08:53
having back-end后端 systems系统 with SQLSQL databases数据库.
199
518000
3000
拥有带SQL数据库的后端系统
08:56
And they can afford给予 to watch how we work --
200
521000
3000
同时他们可以监视我们如何工作--
08:59
like how security安全 people work --
201
524000
2000
比如安保人员工作状况--
09:01
and try to work their way around
202
526000
2000
并且尝试解决我们在他们周围
09:03
any security安全 precautions注意事项 we can build建立.
203
528000
2000
所部属的各种防范措施
09:05
They also use the global全球 nature性质 of Internet互联网
204
530000
3000
他们还利用互联网的全球性质
09:08
to their advantage优点.
205
533000
2000
使他们自己有利
09:10
I mean, the Internet互联网 is international国际.
206
535000
2000
我的意思是,互联网是个国际性的
09:12
That's why we call it the Internet互联网.
207
537000
2000
这也是我们为什么称它为国际互联网
09:14
And if you just go and take a look
208
539000
2000
如果你只是去看看
09:16
at what's happening事件 in the online线上 world世界,
209
541000
3000
在网络世界发生了什么
09:19
here's这里的 a video视频 built内置 by Clarified澄清 Networks网络,
210
544000
2000
这里有一个 Clarified Networks 制作的视频
09:21
which哪一个 illustrates说明 how one single malware恶意软件 family家庭 is able能够 to move移动 around the world世界.
211
546000
4000
说明了一个单一的恶意软件家族是如何在世界各地转移的
09:25
This operation手术, believed相信 to be originally本来 from Estonia爱沙尼亚,
212
550000
3000
这个操作系统,被认为是来自爱沙尼亚
09:28
moves移动 around from one country国家 to another另一个
213
553000
2000
会从一个国家转移到另一个国家
09:30
as soon不久 as the website网站 is tried试着 to shut关闭 down.
214
555000
2000
只要网站一被关闭
09:32
So you just can't shut关闭 these guys down.
215
557000
3000
但你不可能阻止住这些家伙
09:35
They will switch开关 from one country国家 to another另一个,
216
560000
2000
他们会从一个国家转到另一个国家
09:37
from one jurisdiction管辖权 to another另一个 --
217
562000
2000
从一种管辖权转移到另一个
09:39
moving移动 around the world世界,
218
564000
2000
在全球转移
09:41
using运用 the fact事实 that we don't have the capability能力
219
566000
2000
利用一个现实,也就是说我们不可能有全球警察
09:43
to globally全球 police警察 operations操作 like this.
220
568000
3000
像他们那样运作
09:46
So the Internet互联网 is as if
221
571000
2000
所以说,互联网就像
09:48
someone有人 would have given特定 free自由 plane平面 tickets门票
222
573000
2000
某人获得了免费机票
09:50
to all the online线上 criminals罪犯 of the world世界.
223
575000
3000
可以在世界各地进行网上犯罪
09:53
Now, criminals罪犯 who weren't capable of reaching到达 us before
224
578000
3000
之前,罪犯是不可能追踪到我们的
09:56
can reach达到 us.
225
581000
2000
现在却可以了
09:58
So how do you actually其实 go around finding发现 online线上 criminals罪犯?
226
583000
3000
因此 你如何找到网络犯罪分子?
10:01
How do you actually其实 track跟踪 them down?
227
586000
2000
你是如何追踪到他们的
10:03
Let me give you an example.
228
588000
2000
我来举个例子
10:05
What we have here is one exploit利用 file文件.
229
590000
3000
我这里有一个有漏洞的文件
10:08
Here, I'm looking at the Hex十六进制 dump倾倒 of an image图片 file文件,
230
593000
4000
这里,我们看一个十六进制的图像文件
10:12
which哪一个 contains包含 an exploit利用.
231
597000
2000
它包含了一个漏洞
10:14
And that basically基本上 means手段, if you're trying to view视图 this image图片 file文件 on your Windows视窗 computer电脑,
232
599000
3000
这意味着,如果你试着在你的Windows计算机上打开这个图像文件
10:17
it actually其实 takes over your computer电脑 and runs运行 code.
233
602000
3000
它将会接管你的计算机并且运行代码
10:20
Now, if you'll你会 take a look at this image图片 file文件 --
234
605000
3000
现在,如果你看一下这个图像文件--
10:23
well there's the image图片 header,
235
608000
2000
这是图像的开始的部分
10:25
and there the actual实际 code of the attack攻击 starts启动.
236
610000
3000
这是真正开始进行攻击的代码
10:28
And that code has been encrypted加密,
237
613000
2000
这些代码已经被加密了
10:30
so let's decrypt解码 it.
238
615000
2000
让我们把它们解密
10:32
It has been encrypted加密 with XORXOR function功能 97.
239
617000
2000
它用的是XOR函数97进行的加密
10:34
You just have to believe me,
240
619000
2000
你只能相信我
10:36
it is, it is.
241
621000
2000
真是这样的
10:38
And we can go here
242
623000
2000
然后我们就来到这里
10:40
and actually其实 start开始 decrypting解密 it.
243
625000
2000
然后开始解密
10:42
Well the yellow黄色 part部分 of the code is now decrypted解密.
244
627000
2000
密码的黄色部分现在已经被解密了
10:44
And I know, it doesn't really look much different不同 from the original原版的.
245
629000
3000
我知道,它们现在看起来和一开始差不多
10:47
But just keep staring凝视 at it.
246
632000
2000
但是请继续看下去
10:49
You'll你会 actually其实 see that down here
247
634000
2000
你会看到下半部分
10:51
you can see a Web卷筒纸 address地址:
248
636000
2000
有一个网址:
10:53
unionseekunionseek.comCOM/d/iooIOO.exe可执行程序
249
638000
6000
unionseek.com/d/ioo.exe
10:59
And when you view视图 this image图片 on your computer电脑
250
644000
2000
当你在电脑上看这个图像的时候
11:01
it actually其实 is going to download下载 and run that program程序.
251
646000
2000
它将下载且运行这个程序
11:03
And that's a backdoor后门 which哪一个 will take over your computer电脑.
252
648000
3000
这是个后门程序,它将接管你的电脑
11:06
But even more interestingly有趣,
253
651000
2000
但是更有趣的是
11:08
if we continue继续 decrypting解密,
254
653000
2000
如果我们继续解密
11:10
we'll find this mysterious神秘 string,
255
655000
2000
我们将发现一串奇怪的
11:12
which哪一个 says O600KOKO78RUSRUS.
256
657000
5000
叫做O600KO78RUS的代码
11:17
That code is there underneath the encryption加密
257
662000
2000
这个代码在加密文件的底部
11:19
as some sort分类 of a signature签名.
258
664000
2000
就像署名一样
11:21
It's not used for anything.
259
666000
2000
它没有什么实际作用
11:23
And I was looking at that, trying to figure数字 out what it means手段.
260
668000
3000
当我看到它的时候,我试图找到它的作用
11:26
So obviously明显 I Googled谷歌搜索 for it.
261
671000
2000
于是我自然的用GOOGLE去搜索了一下
11:28
I got zero hits点击; wasn't there.
262
673000
2000
我什么也没发现
11:30
So I spoke with the guys at the lab实验室.
263
675000
2000
然后我就跟实验室的其他人说了这个事情
11:32
And we have a couple一对 of Russian俄语 guys in our labs实验室,
264
677000
2000
我们实验室有几个俄罗斯的人
11:34
and one of them mentioned提到,
265
679000
2000
他们其中一个提到
11:36
well, it ends结束 in RUSRUS like Russia俄国.
266
681000
2000
恩,结尾字母RUS可能代表俄罗斯
11:38
And 78 is the city code
267
683000
2000
数字78则代表城市代码
11:40
for the city of St. Petersburg圣彼得堡.
268
685000
2000
也就是 圣彼得堡
11:42
For example, you can find it from some phone电话 numbers数字
269
687000
2000
举个例子,你可以从有些电话号码中发现类似的代码
11:44
and car汽车 license执照 plates and stuff东东 like that.
270
689000
3000
或者是在车牌之类的东西上
11:47
So I went looking for contacts往来 in St. Petersburg圣彼得堡,
271
692000
3000
于是我就去找它圣彼得堡的关系
11:50
and through通过 a long road,
272
695000
2000
经过长时间的努力
11:52
we eventually终于 found发现 this one particular特定 website网站.
273
697000
4000
我们最终发现了一个特别的网站
11:56
Here's这里的 this Russian俄语 guy who's谁是 been operating操作 online线上 for a number of years年份
274
701000
3000
这个网站就是这个俄罗斯人运作的,他已经运作这个私人网站
11:59
who runs运行 his own拥有 website网站,
275
704000
2000
很多年了
12:01
and he runs运行 a blog博客 under the popular流行 Live生活 Journal日志.
276
706000
3000
他在这个流行的 Journal网站下还有一个博客
12:04
And on this blog博客, he blogs博客 about his life,
277
709000
2000
在博客里,他记录他的生活
12:06
about his life in St. Petersburg圣彼得堡 --
278
711000
2000
他在圣彼得堡的生活情况--
12:08
he's in his early 20s --
279
713000
2000
他20出头--
12:10
about his cat,
280
715000
2000
有关他的猫的情况
12:12
about his girlfriend女朋友.
281
717000
2000
他的女友
12:14
And he drives驱动器 a very nice不错 car汽车.
282
719000
2000
而且他还有一辆很好的车
12:16
In fact事实, this guy drives驱动器
283
721000
3000
实际上,这家伙开的是
12:19
a Mercedes-Benz梅赛德斯 - 奔驰 S600
284
724000
2000
一辆奔驰S600
12:21
V12
285
726000
2000
12缸
12:23
with a six-liter六升 engine发动机
286
728000
2000
6升发动机
12:25
with more than 400 horsepower马力.
287
730000
2000
400多马力
12:27
Now that's a nice不错 car汽车 for a 20-something-something year-old kid孩子 in St. Petersburg圣彼得堡.
288
732000
4000
对于一个在圣彼得堡20岁出头的孩子来说,这已经是一辆非常好的车了
12:31
How do I know about this car汽车?
289
736000
2000
我是如何了解到这辆车的?
12:33
Because he blogged博客 about the car汽车.
290
738000
2000
因为他的微博提到过
12:35
He actually其实 had a car汽车 accident事故.
291
740000
2000
他还有过一次车祸
12:37
In downtown市中心 St. Petersburg圣彼得堡,
292
742000
2000
在圣彼得堡的市区
12:39
he actually其实 crashed坠毁 his car汽车 into another另一个 car汽车.
293
744000
2000
他开车撞到了另一辆车
12:41
And he put blogged博客 images图片 about the car汽车 accident事故 --
294
746000
2000
他把车祸的情况放到了博客上--
12:43
that's his Mercedes奔驰 --
295
748000
2000
就是那辆奔驰--
12:45
right here is the Lada拉达 Samara萨马拉 he crashed坠毁 into.
296
750000
4000
那就是他撞上的 拉达萨马拉
12:49
And you can actually其实 see that the license执照 plate盘子 of the Samara萨马拉
297
754000
3000
你可以很清楚的看见被撞车的车牌
12:52
ends结束 in 78RUSRUS.
298
757000
2000
以78RUS结尾
12:54
And if you actually其实 take a look at the scene现场 picture图片,
299
759000
3000
如果你看下现场的照片
12:57
you can see that the plate盘子 of the Mercedes奔驰
300
762000
2000
你可以看见奔驰车的车牌
12:59
is O600KOKO78RUSRUS.
301
764000
6000
是O600KO78RUS
13:05
Now I'm not a lawyer律师,
302
770000
2000
我不是一个律师
13:07
but if I would be,
303
772000
2000
但如果我是的话
13:09
this is where I would say, "I rest休息 my case案件."
304
774000
3000
看到这我想我会说:“我可以结案了”
13:12
(Laughter笑声)
305
777000
2000
(笑声)
13:14
So what happens发生 when online线上 criminals罪犯 are caught抓住?
306
779000
3000
那么,当网络罪犯被抓获以后又会怎么样呢?
13:17
Well in most cases it never gets得到 this far.
307
782000
3000
大多数案例都不会获得如此详细的信息
13:20
The vast广大 majority多数 of the online线上 crime犯罪 cases,
308
785000
2000
绝大多数网络罪犯的情况是
13:22
we don't even know which哪一个 continent大陆 the attacks攻击 are coming未来 from.
309
787000
3000
我们甚至不知道他们从哪个大洲发动的攻击
13:25
And even if we are able能够 to find online线上 criminals罪犯,
310
790000
3000
即使我们有能力去找到这些网络罪犯
13:28
quite相当 often经常 there is no outcome结果.
311
793000
2000
大多数情况都不了了之
13:30
The local本地 police警察 don't act法案, or if they do, there's not enough足够 evidence证据,
312
795000
3000
地方警察不会有所行动,即使他们实施抓捕,也没有充足的证据
13:33
or for some reason原因 we can't take them down.
313
798000
2000
或者因为一些原因无法抓到罪犯
13:35
I wish希望 it would be easier更轻松;
314
800000
2000
我希望事情能简单一些
13:37
unfortunately不幸 it isn't.
315
802000
2000
不幸的是,并非如此
13:39
But things are also changing改变
316
804000
3000
但事情总是在改变
13:42
at a very rapid快速 pace步伐.
317
807000
3000
并且速度非常可观
13:45
You've all heard听说 about things like StuxnetStuxnet蠕虫.
318
810000
3000
大家应该都已经听说过Stuxnet震网病毒 的事情了
13:48
So if you look at what StuxnetStuxnet蠕虫 did
319
813000
3000
如果你看看Stuxnet震网病毒 的作为
13:51
is that it infected感染 these.
320
816000
2000
它感染了这些
13:53
That's a Siemens西门子 S7-400 PLCPLC,
321
818000
3000
那是一台西门子S7-400 PLC
13:56
programmable可编程的 logic逻辑 [controller调节器].
322
821000
2000
可编程逻辑控制器
13:58
And this is what runs运行 our infrastructure基础设施.
323
823000
3000
它用于我们的基础设施中
14:01
This is what runs运行 everything around us.
324
826000
3000
它用于周遭的一切东西中
14:04
PLC'sPLC的, these small boxes盒子 which哪一个 have no display显示,
325
829000
3000
它是这些小盒子,没有显示器
14:07
no keyboard键盘,
326
832000
2000
没有键盘
14:09
which哪一个 are programmed程序, are put in place地点, and they do their job工作.
327
834000
2000
程式化的,被放到需要的地方后便自动工作
14:11
For example, the elevators电梯 in this building建造
328
836000
2000
举个例子,这栋建筑的电梯
14:13
most likely容易 are controlled受控 by one of these.
329
838000
4000
很有可能就是被这套装置所控制
14:17
And when StuxnetStuxnet蠕虫 infects感染 one of these,
330
842000
3000
因此当Stuxnet震网病毒 侵入到它们之中
14:20
that's a massive大规模的 revolution革命
331
845000
2000
就会造成我们不得不担心的
14:22
on the kinds of risks风险 we have to worry担心 about.
332
847000
3000
各种风险的重大变革
14:25
Because everything around us is being存在 run by these.
333
850000
3000
因为我们周边的一切都被这种病毒所接管
14:28
I mean, we have critical危急 infrastructure基础设施.
334
853000
2000
我的意思是,我们有一些关键性的设施
14:30
You go to any factory, any power功率 plant,
335
855000
3000
你去看任何一个工厂,电站
14:33
any chemical化学 plant, any food餐饮 processing处理 plant,
336
858000
2000
化学设备,食品制造设备
14:35
you look around --
337
860000
2000
你看看周遭--
14:37
everything is being存在 run by computers电脑.
338
862000
2000
一切都是依靠电脑运行的
14:39
Everything is being存在 run by computers电脑.
339
864000
2000
一切都是依靠电脑运行的
14:41
Everything is reliant信赖的 on these computers电脑 working加工.
340
866000
3000
一切都是依赖电脑才能工作
14:44
We have become成为 very reliant信赖的
341
869000
3000
我们已经变得非常依赖
14:47
on Internet互联网,
342
872000
2000
网络
14:49
on basic基本 things like electricity电力, obviously明显,
343
874000
3000
依赖基础资源例如电力,这是很明显的
14:52
on computers电脑 working加工.
344
877000
2000
依赖电脑工作
14:54
And this really is something
345
879000
2000
这就是些
14:56
which哪一个 creates创建 completely全然 new problems问题 for us.
346
881000
2000
对我们来说全新的问题
14:58
We must必须 have some way
347
883000
2000
我们必须找到其他的途径
15:00
of continuing继续 to work
348
885000
2000
来继续工作
15:02
even if computers电脑 fail失败.
349
887000
3000
即使在电脑不能运行的情况下
15:12
(Laughter笑声)
350
897000
2000
(笑声)
15:14
(Applause掌声)
351
899000
10000
(掌声)
15:24
So preparedness准备 means手段 that we can do stuff东东
352
909000
3000
应此,有备无患意味着即使我们认为理所当然
15:27
even when the things we take for granted理所当然
353
912000
2000
的事情发生了意料之外的改变,我们仍然可以
15:29
aren't there.
354
914000
2000
照常工作
15:31
It's actually其实 very basic基本 stuff东东 --
355
916000
2000
这其实是基本常识--
15:33
thinking思维 about continuity连续性, thinking思维 about backups备份,
356
918000
3000
要考虑到持续性,后备方案
15:36
thinking思维 about the things that actually其实 matter.
357
921000
3000
以及真正至关重要的问题
15:39
Now I told you --
358
924000
3000
我把这些都告诉你们了--
15:42
(Laughter笑声)
359
927000
2000
(笑声)
15:44
I love the Internet互联网. I do.
360
929000
4000
我真的很爱网络
15:48
Think about all the services服务 we have online线上.
361
933000
3000
想想那些我们通过网络得到的服务
15:51
Think about if they are taken采取 away from you,
362
936000
3000
想想如果把它们从你身边拿走
15:54
if one day you don't actually其实 have them
363
939000
2000
如果有一天因为这样或那样的原因
15:56
for some reason原因 or another另一个.
364
941000
2000
你真的失去了它们
15:58
I see beauty美女 in the future未来 of the Internet互联网,
365
943000
3000
我看到了网络美好的未来
16:01
but I'm worried担心
366
946000
2000
但是我同样担心
16:03
that we might威力 not see that.
367
948000
2000
我们可能看不到它
16:05
I'm worried担心 that we are running赛跑 into problems问题
368
950000
2000
我担心我们正在因为网络犯罪的原因
16:07
because of online线上 crime犯罪.
369
952000
2000
陷入到问题之中
16:09
Online线上 crime犯罪 is the one thing
370
954000
2000
网络犯罪是一个可能把
16:11
that might威力 take these things away from us.
371
956000
2000
这些美好的事物从我们身边夺走的原因之一
16:13
(Laughter笑声)
372
958000
3000
(笑声)
16:16
I've spent花费 my life
373
961000
2000
我用尽我的一生
16:18
defending卫冕 the Net,
374
963000
3000
去保卫网络
16:21
and I do feel that if we don't fight斗争 online线上 crime犯罪,
375
966000
3000
我真正的感觉到如果我们不对抗网络犯罪
16:24
we are running赛跑 a risk风险 of losing失去 it all.
376
969000
4000
我们将走向一条失去一切的不归之路
16:28
We have to do this globally全球,
377
973000
3000
我们必须全球联手
16:31
and we have to do it right now.
378
976000
3000
且刻不容缓
16:34
What we need
379
979000
2000
我们需要的
16:36
is more global全球, international国际 law enforcement强制 work
380
981000
3000
是更加全球化,国际性法规强制性的
16:39
to find online线上 criminal刑事 gangs帮派 --
381
984000
2000
抓捕网络罪犯
16:41
these organized有组织的 gangs帮派
382
986000
2000
这些有组织的
16:43
that are making制造 millions百万 out of their attacks攻击.
383
988000
2000
从攻击中创造百万利润的罪犯们
16:45
That's much more important重要
384
990000
2000
这要比研发反病毒软件
16:47
than running赛跑 anti-viruses反病毒软件 or running赛跑 firewalls防火墙.
385
992000
2000
研发防火墙要重要的多
16:49
What actually其实 matters事项
386
994000
2000
真正重要的是
16:51
is actually其实 finding发现 the people behind背后 these attacks攻击,
387
996000
2000
找到在这些攻击的幕后指使者
16:53
and even more importantly重要的,
388
998000
2000
更重要的是
16:55
we have to find the people
389
1000000
2000
我们必须要找出
16:57
who are about to become成为
390
1002000
2000
将要成为网络犯罪世界
16:59
part部分 of this online线上 world世界 of crime犯罪,
391
1004000
2000
其中一部分
17:01
but haven't没有 yet然而 doneDONE it.
392
1006000
2000
但是还没有那样做的人
17:03
We have to find the people with the skills技能,
393
1008000
3000
我们要发现有才之人
17:06
but without the opportunities机会
394
1011000
2000
只是怀才不遇
17:08
and give them the opportunities机会
395
1013000
2000
并且给他们机会
17:10
to use their skills技能 for good.
396
1015000
3000
让他们的才能为我们所用
17:13
Thank you very much.
397
1018000
2000
非常感谢
17:15
(Applause掌声)
398
1020000
13000
(掌声)
Translated by Jiwei Qu
Reviewed by Angelia King

▲Back to top

ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com

Data provided by TED.

This site was created in May 2015 and the last update was on January 12, 2020. It will no longer be updated.

We are currently creating a new site called "eng.lish.video" and would be grateful if you could access it.

If you have any questions or suggestions, please feel free to write comments in your language on the contact form.

Privacy Policy

Developer's Blog

Buy Me A Coffee