ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com
TEDxBrussels

Mikko Hypponen: Three types of online attack

Mikko Hypponen: 線上攻擊的三種類型

Filmed:
1,057,532 views

網路犯罪專家 Mikko Hypponen 給我們講述危害我們隱私和資料的三類線上攻擊--只有兩種被視為犯罪。"我們該盲目的相信未來的政府嗎?因為我們放棄的任何權利,將永遠的失去了"
- Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio

Double-click the English transcript below to play the video.

00:20
In the 1980s
0
5000
3000
1980年代
00:23
in the communist共產 Eastern Germany德國,
1
8000
3000
在共產主義的東德
00:26
if you owned擁有的 a typewriter打字機,
2
11000
4000
如果你擁有一部打字機
00:30
you had to register寄存器 it with the government政府.
3
15000
2000
你得去跟政府登記
00:32
You had to register寄存器
4
17000
2000
你必須登記
00:34
a sample樣品 sheet of text文本
5
19000
2000
出自這台打字機的
00:36
out of the typewriter打字機.
6
21000
2000
範例文件
00:38
And this was doneDONE
7
23000
2000
這麼做以後
00:40
so the government政府 could track跟踪 where text文本 was coming未來 from.
8
25000
3000
政府就能追蹤文件的來源
00:43
If they found發現 a paper
9
28000
3000
如果他們發現了
00:46
which哪一個 had the wrong錯誤 kind of thought,
10
31000
3000
寫著錯誤觀點的文件
00:49
they could track跟踪 down
11
34000
2000
他們就可以追蹤到
00:51
who created創建 that thought.
12
36000
2000
是誰創造了這觀點
00:53
And we in the West西
13
38000
3000
在西方世界中
00:56
couldn't不能 understand理解 how anybody任何人 could do this,
14
41000
3000
我們不能理解怎麼有人能這麼做
00:59
how much this would restrict限制 freedom自由 of speech言語.
15
44000
3000
這將會多麼限制言論自由啊
01:02
We would never do that
16
47000
2000
在我們國家
01:04
in our own擁有 countries國家.
17
49000
3000
我們絕不這麼做
01:07
But today今天 in 2011,
18
52000
3000
但來到現今2011年
01:10
if you go and buy購買 a color顏色 laser激光 printer打印機
19
55000
4000
如果你從任何一家大型雷射印表機製造商
01:14
from any major重大的 laser激光 printer打印機 manufacturer生產廠家
20
59000
3000
買一部彩色雷射印表機
01:17
and print打印 a page,
21
62000
2000
然後印出一張紙
01:19
that page will end結束 up
22
64000
2000
這張紙最後
01:21
having slight輕微 yellow黃色 dots
23
66000
3000
會有一些小黃點
01:24
printed印刷的 on every一切 single page
24
69000
2000
印在每一頁上
01:26
in a pattern模式 which哪一個 makes品牌 the page unique獨特
25
71000
3000
圖案使這張紙是獨特的
01:29
to you and to your printer打印機.
26
74000
4000
對你和你的印表機都是
01:33
This is happening事件
27
78000
2000
這就是現在
01:35
to us today今天.
28
80000
3000
發生在我們身上的
01:38
And nobody沒有人 seems似乎 to be making製造 a fuss小題大作 about it.
29
83000
4000
似乎沒有人為此大驚小怪
01:42
And this is an example
30
87000
3000
這裡
01:45
of the ways方法
31
90000
2000
展示了
01:47
that our own擁有 governments政府
32
92000
3000
我們的政府
01:50
are using運用 technology技術
33
95000
2000
使用科技
01:52
against反對 us, the citizens公民.
34
97000
4000
來對付我們這些公民們的例子
01:56
And this is one of the main主要 three sources來源
35
101000
3000
這是今天網路問題的
01:59
of online線上 problems問題 today今天.
36
104000
2000
三大來源之一
02:01
If we take a look at what's really happening事件 in the online線上 world世界,
37
106000
3000
如果我們看一下網路世界到底發生了什麼
02:04
we can group the attacks攻擊 based基於 on the attackers攻擊者.
38
109000
3000
我們根據攻擊者來分組
02:07
We have three main主要 groups.
39
112000
2000
我們有三個主要的組
02:09
We have online線上 criminals罪犯.
40
114000
2000
我們有網路罪犯
02:11
Like here, we have Mr先生. Dimitry迪米特里 GolubovGolubov
41
116000
2000
就像這位,Dimitry Golubov先生
02:13
from the city of Kiev基輔 in Ukraine烏克蘭.
42
118000
2000
來自烏克蘭的基輔市
02:15
And the motives動機 of online線上 criminals罪犯
43
120000
3000
網路罪犯的犯罪動機
02:18
are very easy簡單 to understand理解.
44
123000
2000
很容易了解
02:20
These guys make money.
45
125000
2000
這些傢伙為了賺錢
02:22
They use online線上 attacks攻擊
46
127000
2000
他們利用線上攻擊
02:24
to make lots of money,
47
129000
2000
來拿取很多的錢
02:26
and lots and lots of it.
48
131000
2000
很多很多錢
02:28
We actually其實 have several一些 cases
49
133000
2000
實際上我們有好幾個案子
02:30
of millionaires百萬富翁 online線上, multimillionaires千萬富翁,
50
135000
3000
都是線上百萬富翁 千萬富翁
02:33
who made製作 money with their attacks攻擊.
51
138000
2000
都是利用線上攻擊來賺錢的
02:35
Here's這裡的 Vladimir弗拉基米爾 TsastsinTsastsin form形成 Tartu塔爾圖 in Estonia愛沙尼亞.
52
140000
3000
這是來自愛沙尼亞 塔爾圖市的Vladimir Tsastsin
02:38
This is Alfred阿爾弗雷德 Gonzalez岡薩雷斯.
53
143000
2000
還有這是Alfred Gonzalez
02:40
This is Stephen斯蒂芬 Watt.
54
145000
2000
Stephen Watt
02:42
This is Bjorn比約恩 Sundin桑丁.
55
147000
2000
Bjorn Sundin.
02:44
This is Matthew馬修 Anderson安德森, Tariq塔里克 Al-Daour鋁Daour
56
149000
3000
Matthew Anderson 及 Tariq Al-Daour
02:47
and so on and so on.
57
152000
2000
等等等等
02:49
These guys
58
154000
2000
這些人
02:51
make their fortunes命運 online線上,
59
156000
2000
在線上賺取他們的財富
02:53
but they make it through通過 the illegal非法 means手段
60
158000
3000
卻是透過違法的手段
02:56
of using運用 things like banking銀行業 trojans木馬
61
161000
2000
像是使用銀行木馬
02:58
to steal money from our bank銀行 accounts賬戶
62
163000
2000
在我們使用線上銀行服務時
03:00
while we do online線上 banking銀行業,
63
165000
2000
竊取我們銀行中的錢
03:02
or with keyloggers鍵盤記錄器
64
167000
2000
或者 我們使用一台中毒的電腦在線上購物時
03:04
to collect蒐集 our credit信用 card information信息
65
169000
3000
他們使用鍵盤記錄器
03:07
while we are doing online線上 shopping購物 from an infected感染 computer電腦.
66
172000
3000
來收集我們信用卡的資訊
03:10
The U.S. Secret秘密 Service服務,
67
175000
2000
美國特勤局
03:12
two months個月 ago,
68
177000
2000
在2個月前
03:14
froze凍結 the Swiss瑞士人 bank銀行 account帳戶
69
179000
2000
凍結了Sam Jain先生
03:16
of Mr先生. Sam山姆 Jain耆那教 right here,
70
181000
2000
在瑞士銀行的帳戶
03:18
and that bank銀行 account帳戶 had 14.9 million百萬 U.S. dollars美元 on it
71
183000
3000
這個帳戶裡有著 一千四百九十萬 美元
03:21
when it was frozen凍結的.
72
186000
2000
當它被凍結後
03:23
Mr先生. Jain耆那教 himself他自己 is on the loose疏鬆;
73
188000
2000
Sam Jain也消失無蹤
03:25
nobody沒有人 knows知道 where he is.
74
190000
3000
沒人知道他在哪裡
03:28
And I claim要求 it's already已經 today今天
75
193000
3000
今日我斷言
03:31
that it's more likely容易 for any of us
76
196000
3000
任何一個在場的人
03:34
to become成為 the victim受害者 of a crime犯罪 online線上
77
199000
3000
都很可能成為線上犯罪的受害者
03:37
than here in the real真實 world世界.
78
202000
3000
甚至超越了現實生活
03:40
And it's very obvious明顯
79
205000
2000
而且很明顯的
03:42
that this is only going to get worse更差.
80
207000
2000
這將會變的更糟
03:44
In the future未來, the majority多數 of crime犯罪
81
209000
2000
在未來 主要的犯罪行為
03:46
will be happening事件 online線上.
82
211000
3000
都會發生在網路上
03:50
The second第二 major重大的 group of attackers攻擊者
83
215000
2000
第二組我們關切的
03:52
that we are watching觀看 today今天
84
217000
2000
主要犯罪集團
03:54
are not motivated動機 by money.
85
219000
2000
它們的動機不在於錢
03:56
They're motivated動機 by something else其他 --
86
221000
2000
他們的動機源自別處
03:58
motivated動機 by protests抗議,
87
223000
2000
出於抗議
04:00
motivated動機 by an opinion意見,
88
225000
2000
出於表達意見
04:02
motivated動機 by the laughs.
89
227000
3000
出於被嘲笑
04:05
Groups like Anonymous匿名
90
230000
2000
過去12個月中 這類集團活躍了起來
04:07
have risen上升 up over the last 12 months個月
91
232000
3000
像是匿名客組識(Anonymous)
04:10
and have become成為 a major重大的 player播放機
92
235000
2000
並且變成線上攻擊領域的
04:12
in the field領域 of online線上 attacks攻擊.
93
237000
3000
主要參與者
04:15
So those are the three main主要 attackers攻擊者:
94
240000
2000
這些就是三組主要的攻擊者
04:17
criminals罪犯 who do it for the money,
95
242000
2000
為了錢的罪犯
04:19
hacktivists黑客行動主義者 like Anonymous匿名
96
244000
3000
還有為了抗議
04:22
doing it for the protest抗議,
97
247000
2000
像是匿名客組織(Anonymous)的駭客們
04:24
but then the last group are nation國家 states狀態,
98
249000
3000
但第三組來源是民族國家們
04:27
governments政府 doing the attacks攻擊.
99
252000
3000
政府正進行這樣的攻擊
04:31
And then we look at cases
100
256000
2000
我們看一下例子
04:33
like what happened發生 in DigiNotarDigiNotar.
101
258000
2000
像是 DigiNotar 公司所發生的
04:35
This is a prime主要 example of what happens發生
102
260000
2000
這是一個典型例子
04:37
when governments政府 attack攻擊
103
262000
2000
當政府攻擊他們的公民
04:39
against反對 their own擁有 citizens公民.
104
264000
2000
的一個犯罪案例
04:41
DigiNotarDigiNotar is a Certificate證書 Authority權威
105
266000
3000
DigiNotar 是一個荷蘭的
04:44
from The Netherlands荷蘭 --
106
269000
2000
憑證發行機構
04:46
or actually其實, it was.
107
271000
2000
或者說 它曾經是
04:48
It was running賽跑 into bankruptcy破產
108
273000
2000
它在去年秋天時
04:50
last fall秋季
109
275000
3000
破產了
04:53
because they were hacked砍死 into.
110
278000
2000
因為它們遭到入侵
04:55
Somebody broke打破 in
111
280000
2000
有人闖進去
04:57
and they hacked砍死 it thoroughly.
112
282000
3000
徹底的毀了它
05:00
And I asked last week
113
285000
2000
我上周
05:02
in a meeting會議 with Dutch荷蘭人 government政府 representatives代表,
114
287000
4000
在與荷蘭政府代表開會時問過
05:06
I asked one of the leaders領導者 of the team球隊
115
291000
5000
我問一位領導
05:11
whether是否 he found發現 plausible似是而非
116
296000
3000
他有否發現有可能
05:14
that people died死亡
117
299000
3000
有人會
05:17
because of the DigiNotarDigiNotar hack.
118
302000
3000
因為DigiNotar 攻擊而死亡
05:20
And his answer回答 was yes.
119
305000
5000
他的回答是肯定的
05:25
So how do people die
120
310000
2000
那麼 究竟為什麼人們的死亡
05:27
as the result結果 of a hack like this?
121
312000
3000
會源自於這樣的一個攻擊呢
05:30
Well DigiNotarDigiNotar is a C.A.
122
315000
2000
DigiNotar是個憑證發行機構
05:32
They sell certificates證書.
123
317000
2000
他們販售憑證
05:34
What do you do with certificates證書?
124
319000
2000
你會用憑證來做什麼
05:36
Well you need a certificate證書
125
321000
2000
嗯 當你經營一個有https的網站
05:38
if you have a website網站 that has httpsHTTPS,
126
323000
2000
你會需要一個憑證
05:40
SSLSSL encrypted加密 services服務,
127
325000
3000
會以SSL加密的服務
05:43
services服務 like GmailGmail的.
128
328000
3000
像是Gmail
05:46
Now we all, or a big part部分 of us,
129
331000
2000
現在 我們所有人 或是大部份
05:48
use GmailGmail的 or one of their competitors競爭對手,
130
333000
2000
使用Gmail 或是他對手們的其中一家
05:50
but these services服務 are especially特別 popular流行
131
335000
2000
但這樣的服務
05:52
in totalitarian極權主義 states狀態
132
337000
2000
在極權主義國家更為盛行
05:54
like Iran伊朗,
133
339000
2000
像是伊朗
05:56
where dissidents持不同政見者
134
341000
2000
異議人士
05:58
use foreign國外 services服務 like GmailGmail的
135
343000
3000
會使用像Gmail 這樣的國外服務
06:01
because they know they are more trustworthy可靠 than the local本地 services服務
136
346000
3000
因為他們知道 這些服務比起國內服務更可以信任
06:04
and they are encrypted加密 over SSLSSL connections連接,
137
349000
3000
而且這些服務是由SSL加密連線
06:07
so the local本地 government政府 can't snoop窺探
138
352000
2000
所以當地政府沒辦法竊聽
06:09
on their discussions討論.
139
354000
2000
他們的討論
06:11
Except they can if they hack into a foreign國外 C.A.
140
356000
3000
除非政府可以駭入國外的憑證發行機構
06:14
and issue問題 rogue流氓 certificates證書.
141
359000
2000
然後發行出假憑證
06:16
And this is exactly究竟 what happened發生
142
361000
2000
而這就是在 DigiNotar 案子中
06:18
with the case案件 of DigiNotarDigiNotar.
143
363000
3000
所發生的
06:24
What about Arab阿拉伯 Spring彈簧
144
369000
2000
來談談阿拉伯之春
06:26
and things that have been happening事件, for example, in Egypt埃及?
145
371000
3000
例如埃及所發生的事
06:29
Well in Egypt埃及,
146
374000
2000
在埃及
06:31
the rioters暴徒 looted洗劫一空 the headquarters司令部
147
376000
2000
暴民洗劫了
06:33
of the Egyptian埃及人 secret秘密 police警察
148
378000
2000
埃及秘密警察的總部
06:35
in April四月 2011,
149
380000
2000
在2011年4月
06:37
and when they were looting搶劫 the building建造 they found發現 lots of papers文件.
150
382000
3000
當他們洗劫時發現很多文件
06:40
Among其中 those papers文件,
151
385000
2000
在這些文件中
06:42
was this binder粘合劑 entitled標題 "FINFISHERFINFISHER."
152
387000
2000
有一個名叫FINFISHER的夾子
06:44
And within that binder粘合劑 were notes筆記
153
389000
3000
這個夾子裡有些記錄
06:47
from a company公司 based基於 in Germany德國
154
392000
2000
一間德國的公司
06:49
which哪一個 had sold出售 the Egyptian埃及人 government政府
155
394000
3000
賣給了埃及政府
06:52
a set of tools工具
156
397000
2000
一套可以用來竊聽
06:54
for intercepting攔截 --
157
399000
2000
的工具
06:56
and in very large scale規模 --
158
401000
2000
有很大的比例
06:58
all the communication通訊 of the citizens公民 of the country國家.
159
403000
2000
國家公眾的所有通信
07:00
They had sold出售 this tool工具
160
405000
2000
他們把這套工具
07:02
for 280,000 Euros歐元 to the Egyptian埃及人 government政府.
161
407000
3000
以28萬歐元賣給了埃及政府
07:05
The company公司 headquarters司令部 are right here.
162
410000
3000
這間公司的總部就在這
07:08
So Western西 governments政府
163
413000
2000
所以 西方政府
07:10
are providing提供 totalitarian極權主義 governments政府 with tools工具
164
415000
3000
提供工具給極權政府
07:13
to do this against反對 their own擁有 citizens公民.
165
418000
3000
來竊聽他們的人民
07:16
But Western西 governments政府 are doing it to themselves他們自己 as well.
166
421000
3000
但西方政府對他們自己的人民也這麼做
07:19
For example, in Germany德國,
167
424000
2000
例如說 在德國
07:21
just a couple一對 of weeks ago
168
426000
2000
幾個星期前
07:23
the so-called所謂 State Trojan木馬 was found發現,
169
428000
3000
有個叫 State Trojan 的木馬被找到
07:26
which哪一個 was a trojan木馬
170
431000
2000
這是個被德國政府官方
07:28
used by German德語 government政府 officials官員
171
433000
2000
用來調查他們公民
07:30
to investigate調查 their own擁有 citizens公民.
172
435000
2000
的一支木馬
07:32
If you are a suspect疑似 in a criminal刑事 case案件,
173
437000
4000
如果你是個犯罪案件的嫌疑犯
07:36
well it's pretty漂亮 obvious明顯, your phone電話 will be tapped竊聽.
174
441000
2000
很明顯的 你的電話會被監聽
07:38
But today今天, it goes beyond that.
175
443000
2000
但在今日 不只是如此
07:40
They will tap龍頭 your Internet互聯網 connection連接.
176
445000
2000
他們還會監聽你的網路連線
07:42
They will even use tools工具 like State Trojan木馬
177
447000
3000
他們甚至使用使用像是 State Trojan 的工具
07:45
to infect感染 your computer電腦 with a trojan木馬,
178
450000
3000
使你的電腦感染木馬
07:48
which哪一個 enables使 them
179
453000
2000
這使他們能夠
07:50
to watch all your communication通訊,
180
455000
2000
監看你所有的通訊
07:52
to listen to your online線上 discussions討論,
181
457000
3000
查看你線上的發言
07:55
to collect蒐集 your passwords密碼.
182
460000
3000
並收集你的密碼
08:01
Now when we think deeper更深
183
466000
2000
當我們對這樣的事情
08:03
about things like these,
184
468000
3000
做更深的思考
08:06
the obvious明顯 response響應 from people should be
185
471000
5000
人們的反應顯然會是
08:11
that, "Okay, that sounds聲音 bad,
186
476000
3000
"嗯,這聽起來不好"
08:14
but that doesn't really affect影響 me because I'm a legal法律 citizen公民.
187
479000
3000
"但我是個合法的公民,這並不影響我"
08:17
Why should I worry擔心?
188
482000
2000
"我何必擔心呢"
08:19
Because I have nothing to hide隱藏."
189
484000
3000
"因為我沒什麼可隱藏的"
08:22
And this is an argument論據,
190
487000
2000
但這是個不合理
08:24
which哪一個 doesn't make sense.
191
489000
2000
的論點
08:26
Privacy隱私 is implied默示.
192
491000
3000
隱私是不言而喻
08:29
Privacy隱私 is not up for discussion討論.
193
494000
5000
隱私用不著討論
08:34
This is not a question
194
499000
2000
這不是個
08:36
between之間 privacy隱私
195
501000
4000
隱私對抗安全
08:40
against反對 security安全.
196
505000
3000
的問題
08:43
It's a question of freedom自由
197
508000
3000
這是個 自由對抗控制
08:46
against反對 control控制.
198
511000
3000
的問題
08:49
And while we might威力 trust相信 our governments政府
199
514000
4000
我們在2011年的當下
08:53
right now, right here in 2011,
200
518000
3000
我們信任我們的政府
08:56
any right we give away will be given特定 away for good.
201
521000
3000
任何我們放棄的權利 會永久的失去
08:59
And do we trust相信, do we blindly盲目地 trust相信,
202
524000
3000
而我們能不能信任 盲目的信任
09:02
any future未來 government政府,
203
527000
2000
未來的政府
09:04
a government政府 we might威力 have
204
529000
2000
譬如說50年後
09:06
50 years年份 from now?
205
531000
2000
的政府呢?
09:10
And these are the questions問題
206
535000
3000
這就是接下來的五十年中,
09:13
that we have to worry擔心 about for the next下一個 50 years年份.
207
538000
3000
我們要擔憂的問題
Translated by Chen-Han Hsiao
Reviewed by Vivian Mig

▲Back to top

ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com