TED@IBM
Caleb Barlow: Where is cybercrime really coming from?
迦勒.巴羅: 網路犯罪究竟從何而來?
Filmed:
Readability: 4.3
1,639,157 views
去年,網路犯罪狂撈了 4,500 億美金的暴利,於此同時,全球超過 20 億筆紀錄遺失或遭竊。安全專家迦勒.巴羅指出了當今資訊保護策略的不足之處。他的解決方案是──面對網路犯罪,我們必須像處理公共衛生危機一樣,集眾人之力,並將疫情與疾病如何散播的即時資訊公開分享。他表示,若是拒絕共享,我們無疑成為網路犯罪的共犯。
Caleb Barlow - Cybercrime fighter
IBM's Caleb Barlow is focused on how we solve the cyber security problem by changing the economics for the bad guys. Full bio
IBM's Caleb Barlow is focused on how we solve the cyber security problem by changing the economics for the bad guys. Full bio
Double-click the English transcript below to play the video.
網路犯罪已經失控了。
00:13
Cybercrime is out of control.
0
1012
4217
00:18
It's everywhere.
1
6186
1365
它無所不在。
我們每天都會耳聞這樣的事件。
00:19
We hear about it every single day.
2
7575
4288
00:24
This year,
3
12771
1214
在今年,超過 20 億筆紀錄
遺失或遭竊。
遺失或遭竊。
00:26
over two billion records lost or stolen.
4
14009
5134
而在去年,有一億人,
其中大部分是美國人,
其中大部分是美國人,
00:32
And last year, 100 million of us,
mostly Americans,
mostly Americans,
5
20050
5635
00:37
lost our health insurance data
to thieves -- myself included.
to thieves -- myself included.
6
25709
5134
健保資料落入竊賊手中,
我也身受其害。
我也身受其害。
更令人擔憂的是:
00:44
What's particularly concerning about this
is that in most cases,
is that in most cases,
7
32303
5448
在大多數事件中,
就算有人回報資料被偷,
往往也是幾個月之後的事了。
往往也是幾個月之後的事了。
00:49
it was months before anyone even
reported that these records were stolen.
reported that these records were stolen.
8
37775
5911
所以你看到晚間新聞報導時,
00:57
So if you watch the evening news,
9
45164
3043
你可能會認為這些大部分是
諜報或國家層級的行動。
諜報或國家層級的行動。
01:00
you would think that most of this
is espionage or nation-state activity.
is espionage or nation-state activity.
10
48231
5206
嗯,有些的確是。
01:05
And, well, some of it is.
11
53993
2093
如你所見,諜報活動
已經是一種「國際慣例」,
已經是一種「國際慣例」,
01:08
Espionage, you see, is an accepted
international practice.
international practice.
12
56694
4438
但在這個案例當中,
01:13
But in this case,
13
61793
1483
它只是我們所面對難題
其中的一小部分。
其中的一小部分。
01:15
it is only a small portion
of the problem that we're dealing with.
of the problem that we're dealing with.
14
63300
5453
我們是否經常聽到這些入侵事件,
01:21
How often do we hear about a breach
15
69639
3335
被描述成:
「這是件精心策劃的國家攻擊行動」
「這是件精心策劃的國家攻擊行動」
01:24
followed by, "... it was the result
of a sophisticated nation-state attack?"
of a sophisticated nation-state attack?"
16
72998
4851
通常,這是公司不願意承認
01:30
Well, often that is companies
not being willing to own up
not being willing to own up
17
78661
4861
自身安全措施失靈的推托之詞。
01:35
to their own lackluster
security practices.
security practices.
18
83546
2980
而且這些公司普遍相信,
01:39
There is also a widely held belief
19
87065
2500
只要將攻擊歸咎於某個國家,
01:42
that by blaming an attack
on a nation-state,
on a nation-state,
20
90355
3851
01:46
you are putting regulators at bay --
21
94230
2681
就可以逃避主管機關的監督──
或是至少拖延一段時間。
01:48
at least for a period of time.
22
96935
2034
那麼實際上網路犯罪從何而來?
01:51
So where is all of this coming from?
23
99837
4483
聯合國估計 80% 的網路犯罪,
01:56
The United Nations estimates
that 80 percent of it
that 80 percent of it
24
104997
5493
來自具有高度組織
且分工精細的犯罪集團。
且分工精細的犯罪集團。
02:02
is from highly organized
and ultrasophisticated criminal gangs.
and ultrasophisticated criminal gangs.
25
110514
5770
時至今日,
02:09
To date,
26
117254
1719
02:10
this represents one of the largest
illegal economies in the world,
illegal economies in the world,
27
118997
6600
網路犯罪已是世界上
最大的非法經濟體之一。
最大的非法經濟體之一。
而在這之上
──大家聽好了──
──大家聽好了──
02:17
topping out at, now get this,
28
125621
3120
是 4,450 億美金的獲利。
02:20
445 billion dollars.
29
128765
4316
02:25
Let me put that in perspective
for all of you:
for all of you:
30
133539
2912
我來給大家更具體的概念:
02:28
445 billion dollars is larger than the GDP
31
136475
6104
4,450 億美金已經超過了
160 個國家的國內生產總值,
02:34
of 160 nations,
32
142603
2666
其中包括愛爾蘭、芬蘭、
丹麥和葡萄牙......
丹麥和葡萄牙......
02:37
including Ireland, Finland,
Denmark and Portugal,
Denmark and Portugal,
33
145293
4545
等等國家。
02:41
to name a few.
34
149862
1230
這個體系是如何運作的?
02:44
So how does this work?
35
152293
2004
這些罪犯又如何進行作業?
02:46
How do these criminals operate?
36
154321
1906
讓我說個小故事給你們聽。
02:48
Well, let me tell you a little story.
37
156701
2856
大約一年前,
02:52
About a year ago,
38
160531
1194
我們的資安研究員正在追蹤一個
02:53
our security researchers were tracking
39
161749
3310
看似尋常卻很精密的
銀行木馬程式── Dyre Wolf。
銀行木馬程式── Dyre Wolf。
02:57
a somewhat ordinary but sophisticated
banking Trojan called the Dyre Wolf.
banking Trojan called the Dyre Wolf.
40
165083
6046
這隻程式會進入你的電腦,
03:03
The Dyre Wolf would get on your computer
41
171925
2221
03:06
via you clicking on a link
in a phishing email
in a phishing email
42
174170
3000
是因為你點擊了
釣魚信件中的網址──
釣魚信件中的網址──
03:09
that you probably shouldn't have.
43
177194
1952
你不應該點擊的。
接著它會守株待兔,
03:11
It would then sit and wait.
44
179170
1997
03:13
It would wait until you logged
into your bank account.
into your bank account.
45
181755
3011
等待你登入銀行帳戶。
到時候,歹徒就大手一伸,
03:17
And when you did,
the bad guys would reach in,
the bad guys would reach in,
46
185299
3343
盜用你的身份,
03:20
steal your credentials,
47
188666
1653
03:22
and then use that to steal your money.
48
190343
1901
然後偷走你的錢。
03:25
This sounds terrible,
49
193023
1920
這聽起來很嚇人,
03:26
but the reality is,
in the security industry,
in the security industry,
50
194967
2793
但事實上,在資訊安全領域,
這種形式的攻擊還算常見。
03:29
this form of attack
is somewhat commonplace.
is somewhat commonplace.
51
197784
3682
03:36
However, the Dyre Wolf had
two distinctly different personalities --
two distinctly different personalities --
52
204002
6164
然而,Dyre Wolf 程式
具有雙重人格──
具有雙重人格──
其中一個是針對剛提到的小額交易,
03:42
one for these small transactions,
53
210659
2341
03:45
but it took on an entirely
different persona
different persona
54
213024
3040
但如果你的工作
會接觸到大筆金錢往來,
會接觸到大筆金錢往來,
03:48
if you were in the business of moving
large-scale wire transfers.
large-scale wire transfers.
55
216088
3815
它就會展現出截然不同的另一面。
03:51
Here's what would happen.
56
219927
1699
過程會是這樣的。
03:53
You start the process
of issuing a wire transfer,
of issuing a wire transfer,
57
221650
2800
當你啟動匯款流程,
03:56
and up in your browser would pop
a screen from your bank,
a screen from your bank,
58
224474
3008
在瀏覽器上,
你的網路銀行會跳出一個畫面,
你的網路銀行會跳出一個畫面,
顯示你的帳戶出現問題,
03:59
indicating that there's a problem
with your account,
with your account,
59
227506
2597
你必須馬上打電話給銀行,
04:02
and that you need to call
the bank immediately,
the bank immediately,
60
230127
3191
並附上銀行防詐騙部門的專線號碼。
04:05
along with the number
to the bank's fraud department.
to the bank's fraud department.
61
233342
2742
於是你拿起電話撥過去。
04:08
So you pick up the phone and you call.
62
236835
2170
經過一連串看似正常的語音指示後,
04:11
And after going through
the normal voice prompts,
the normal voice prompts,
63
239029
3011
你被轉接給一位英語客服。
04:14
you're met with
an English-speaking operator.
an English-speaking operator.
64
242064
2117
「哈囉!奧多羅互助銀行。
很高興為您服務。」
很高興為您服務。」
04:16
"Hello, Altoro Mutual Bank.
How can I help you?"
How can I help you?"
65
244205
2868
04:20
And you go through the process
like you do every time you call your bank,
like you do every time you call your bank,
66
248033
3653
接著你一如往常進行整個流程:
04:23
of giving them your name
and your account number,
and your account number,
67
251710
2791
給出你的名字、帳戶、
回答安全問題以確認你的身份。
04:26
going through the security checks
to verify you are who you said you are.
to verify you are who you said you are.
68
254525
3923
大部分的人可能不知道,
04:31
Most of us may not know this,
69
259809
1488
04:33
but in many large-scale wire transfers,
70
261321
2229
在許多的鉅額轉帳中,
規定要經過兩個人的確認,
04:35
it requires two people to sign off
on the wire transfer,
on the wire transfer,
71
263574
3111
04:38
so the operator then asks you
to get the second person on the line,
to get the second person on the line,
72
266709
3199
接著客服請第二個人聽電話,
04:41
and goes through the same set
of verifications and checks.
of verifications and checks.
73
269932
2801
然後進行同樣的確認流程。
聽起來很正常吧?
04:45
Sounds normal, right?
74
273960
1346
04:47
Only one problem:
75
275909
1442
只有一個問題:
在電話另一端的不是銀行。
04:49
you're not talking to the bank.
76
277375
1825
04:51
You're talking to the criminals.
77
279224
1586
和你通電話的是歹徒。
他們還設置了英語客服中心,
04:52
They had built
an English-speaking help desk,
an English-speaking help desk,
78
280834
2198
04:55
fake overlays to the banking website.
79
283056
2065
並製作了假的銀行網站。
04:57
And this was so flawlessly executed
80
285145
3100
在這天衣無縫的過程中,
每一次作案,就會有 50 萬
至 150 萬美金的不法所得
至 150 萬美金的不法所得
05:00
that they were moving
between a half a million
between a half a million
81
288269
2143
05:02
and a million and a half
dollars per attempt
dollars per attempt
82
290436
3087
落入歹徒的口袋。
05:05
into their criminal coffers.
83
293547
1558
這些犯罪組織的運作
05:08
These criminal organizations operate
84
296140
2615
就像紀律嚴明的合法企業。
05:10
like highly regimented,
legitimate businesses.
legitimate businesses.
85
298779
3025
他們的員工從週一工作到週五,
05:14
Their employees work
Monday through Friday.
Monday through Friday.
86
302345
2483
週末則是放假休息。
05:17
They take the weekends off.
87
305309
1536
我們為什麼知道?
05:18
How do we know this?
88
306869
1383
這是因為我們的資安研究人員發現
05:20
We know this because
our security researchers see
our security researchers see
89
308276
3133
每當週五下午,
惡意程式都會大量出現。
惡意程式都會大量出現。
05:23
repeated spikes of malware
on a Friday afternoon.
on a Friday afternoon.
90
311433
3066
05:27
The bad guys, after a long weekend
with the wife and kids,
with the wife and kids,
91
315254
3215
這些壞蛋們陪老婆小孩度過週末,
05:30
come back in to see how well things went.
92
318493
2240
之後就可以回來驗收成果。
05:35
The Dark Web is where
they spend their time.
they spend their time.
93
323701
2674
「暗網」是他們棲息的地方。
05:39
That is a term used to describe
the anonymous underbelly of the internet,
the anonymous underbelly of the internet,
94
327295
5789
這個詞是用來描述
隱藏在網際網路中的匿名空間。
隱藏在網際網路中的匿名空間。
05:45
where thieves can operate with anonymity
95
333108
2925
竊賊們在此得以匿名行事,
05:48
and without detection.
96
336057
1445
而不會被人發現。
05:50
Here they peddle their attack software
97
338209
3027
他們在此兜售攻擊軟體,
並且分享各種新的攻擊技術。
05:53
and share information
on new attack techniques.
on new attack techniques.
98
341260
3456
在那裡,你能買到任何東西,
05:57
You can buy everything there,
99
345571
1850
05:59
from a base-level attack
to a much more advanced version.
to a much more advanced version.
100
347445
3656
從基本等級的攻擊服務
到更進階的版本都有。
在很多地方,你甚至會看到
06:03
In fact, in many cases, you even see
101
351842
2292
06:06
gold, silver and bronze levels of service.
102
354158
3172
被區分為金、銀、銅等級
的各種攻擊服務。
的各種攻擊服務。
你可以查詢他人的推薦心得。
06:09
You can check references.
103
357903
1671
06:11
You can even buy attacks
104
359977
2560
你所購買的攻擊服務
甚至還能有退款保證──
06:14
that come with a money-back guarantee --
105
362561
3328
06:17
(Laughter)
106
365913
1045
(笑聲)
如果你的攻擊沒有成功。
06:18
if you're not successful.
107
366982
1655
這樣的環境、這樣的交易市集,
06:21
Now, these environments,
these marketplaces --
these marketplaces --
108
369931
3091
06:25
they look like an Amazon or an eBay.
109
373046
3347
看起來跟亞馬遜或 eBay 一模一樣。
06:28
You see products, prices,
ratings and reviews.
ratings and reviews.
110
376417
3956
你看得到產品、價格、評分跟評論。
如果你要買攻擊服務,
06:32
Of course, if you're going
to buy an attack,
to buy an attack,
111
380397
2254
你當然會向評分高、
名聲好的罪犯購買,對吧?
名聲好的罪犯購買,對吧?
06:34
you're going to buy from a reputable
criminal with good ratings, right?
criminal with good ratings, right?
112
382675
3449
(笑聲)
06:38
(Laughter)
113
386148
1004
這就像你要到一間新的餐廳之前,
06:39
This isn't any different
114
387176
1201
06:40
than checking on Yelp or TripAdvisor
before going to a new restaurant.
before going to a new restaurant.
115
388401
5190
會先到 Yelp 或 TripAdvisor 網站
查詢評價一樣。
查詢評價一樣。
我舉個例子。
06:46
So, here is an example.
116
394503
2093
06:48
This is an actual screenshot
of a vendor selling malware.
of a vendor selling malware.
117
396620
5421
這是從惡意軟體販賣者的網頁
所擷取的真實畫面。
所擷取的真實畫面。
他是屬於第四級的販賣商,
06:54
Notice they're a vendor level four,
118
402065
1815
他的信賴度則是第六級。
06:55
they have a trust level of six.
119
403904
1841
他在去年得到 400 個正面評價,
06:57
They've had 400 positive reviews
in the last year,
in the last year,
120
405769
2335
07:00
and only two negative reviews
in the last month.
in the last month.
121
408128
2380
而在上個月的負面評價只有兩個。
我們甚至在上面看到授權條款。
07:03
We even see things like licensing terms.
122
411072
3357
07:06
Here's an example of a site you can go to
123
414762
2004
另外這個網站,
如果你想要改變個人身分,
可以上去看看。
可以上去看看。
07:08
if you want to change your identity.
124
416790
1757
他們販賣假身分證、
07:10
They will sell you a fake ID,
125
418571
1857
假護照。
07:12
fake passports.
126
420452
1594
07:14
But note the legally binding terms
for purchasing your fake ID.
for purchasing your fake ID.
127
422603
5049
特別注意有關購買假證件的法律條款。
07:20
Give me a break.
128
428518
1521
饒了我吧!
07:22
What are they going to do --
sue you if you violate them?
sue you if you violate them?
129
430063
2858
就算你違反了這些條款,
他們能怎樣?控告你嗎?
他們能怎樣?控告你嗎?
(笑聲)
07:24
(Laughter)
130
432945
1150
07:27
This occurred a couple of months ago.
131
435458
2423
就在幾個月前,
07:29
One of our security
researchers was looking
researchers was looking
132
437905
3615
我們的一位資安研究員
正在分析新發現的一個
Android 惡意程式。
Android 惡意程式。
07:33
at a new Android malware application
that we had discovered.
that we had discovered.
133
441544
4998
這個程式叫 Bilal Bot。
07:38
It was called Bilal Bot.
134
446566
1920
在一篇部落格文章中,
07:41
In a blog post,
135
449514
1926
07:43
she positioned Bilal Bot
as a new, inexpensive and beta alternative
as a new, inexpensive and beta alternative
136
451464
6805
她(部落格作者) 將 Bilal Bot 定位為
新穎、便宜、待測試修正的、
另一個 GM Bot 程式的替代品,
另一個 GM Bot 程式的替代品,
07:50
to the much more advanced GM Bot
137
458870
3338
而 GM Bot 更為先進,
在地下黑市非常普及。
在地下黑市非常普及。
07:54
that was commonplace
in the criminal underground.
in the criminal underground.
138
462232
2815
Bilal Bot 作者對此評論感到不滿。
07:58
This review did not sit well
with the authors of Bilal Bot.
with the authors of Bilal Bot.
139
466658
4010
08:03
So they wrote her this very email,
140
471237
2580
所以他們寫了這封信給她,
除了為產品辯護,
08:07
pleading their case
and making the argument
and making the argument
141
475028
2757
並認為她所評測的是舊版程式。
08:09
that they felt she had evaluated
an older version.
an older version.
142
477809
5429
08:16
They asked her to please update
her blog with more accurate information
her blog with more accurate information
143
484198
4709
他們要求她更新部落格
以提供更正確的資訊,
以提供更正確的資訊,
甚至要求當面對談,
08:20
and even offered to do an interview
144
488931
3412
好向她詳細解釋
08:24
to describe to her in detail
145
492367
2221
08:26
how their attack software was now
far better than the competition.
far better than the competition.
146
494612
4599
他們的攻擊程式如何比競爭對手更好。
所以你瞧,
08:32
So look,
147
500365
1325
08:33
you don't have to like what they do,
148
501714
3864
你不需認同他們的行為,
但你得敬佩他們
08:37
but you do have to respect
the entrepreneurial nature
the entrepreneurial nature
149
505602
4919
在努力的過程中
所流露出的創業家特質。
所流露出的創業家特質。
08:42
of their endeavors.
150
510545
1207
(笑聲)
08:43
(Laughter)
151
511776
1150
08:46
So how are we going to stop this?
152
514476
3855
所以,我們要如何阻止這一切?
08:51
It's not like we're going to be able
to identify who's responsible --
to identify who's responsible --
153
519714
5564
並不是說我們要找出某個人
來追究責任──
來追究責任──
記住,他們都匿名行事,
08:57
remember, they operate with anonymity
154
525302
2962
置身法律之外。
09:00
and outside the reach of the law.
155
528288
1985
09:03
We're certainly not going to be able
to prosecute the offenders.
to prosecute the offenders.
156
531217
3284
我們確實無法起訴這些犯罪份子。
我提議,採用完全不同的作法。
09:07
I would propose that we need
a completely new approach.
a completely new approach.
157
535156
5545
09:13
And that approach needs
to be centered on the idea
to be centered on the idea
158
541763
3906
這個作法的核心觀念是:
我們要顛覆那些壞蛋的經濟體系。
09:17
that we need to change
the economics for the bad guys.
the economics for the bad guys.
159
545693
3895
09:22
And to give you a perspective
on how this can work,
on how this can work,
160
550245
3101
為了讓你們了解這個方法為何有效,
09:25
let's think of the response we see
to a healthcare pandemic:
to a healthcare pandemic:
161
553370
4988
先回想我們如何面對以下這些傳染病:
SARS、伊波拉、禽流感、茲卡病毒。
09:30
SARS, Ebola, bird flu, Zika.
162
558382
3003
09:34
What is the top priority?
163
562036
1921
第一要務是什麼?
09:35
It's knowing who is infected
and how the disease is spreading.
and how the disease is spreading.
164
563981
5293
是知道誰受到感染
以及疾病如何傳播。
以及疾病如何傳播。
現在,包括政府、私人機構、
醫院、醫師──
醫院、醫師──
09:44
Now, governments, private institutions,
hospitals, physicians --
hospitals, physicians --
165
572015
6147
09:51
everyone responds openly and quickly.
166
579061
3720
所有人都能開放、迅速地
做好應對工作。
做好應對工作。
這樣的集體利他行為,
09:55
This is a collective and altruistic effort
167
583334
3971
遏止了疾病的傳播,
09:59
to stop the spread in its tracks
168
587329
3900
10:03
and to inform anyone not infected
169
591253
2877
並告知尚未被感染者
10:06
how to protect or inoculate themselves.
170
594154
2380
如何自保或接種疫苗。
不幸地,在面對網路攻擊時,
我們看到的完全不是這樣。
我們看到的完全不是這樣。
10:10
Unfortunately, this is not at all
what we see in response to a cyber attack.
what we see in response to a cyber attack.
171
598900
5694
組織更傾向於
將受到攻擊的相關資訊
將受到攻擊的相關資訊
10:17
Organizations are far more likely
to keep information on that attack
to keep information on that attack
172
605850
4451
採取保密。
10:22
to themselves.
173
610325
1625
為什麼?
10:25
Why?
174
613082
1156
因為他們擔心失去競爭優勢、
10:26
Because they're worried
about competitive advantage,
about competitive advantage,
175
614262
2970
面對法律訴訟、
10:30
litigation
176
618043
1571
或是接受監督管理。
10:31
or regulation.
177
619638
1306
我們必須有效率地
將網路威脅情資公開。
將網路威脅情資公開。
10:33
We need to effectively democratize
threat intelligence data.
threat intelligence data.
178
621827
5770
10:39
We need to get all of these organizations
to open up and share
to open up and share
179
627975
5476
我們必須讓這些組織
開放並分享他們的情報資料庫。
10:45
what is in their private arsenal
of information.
of information.
180
633475
3622
10:51
The bad guys are moving fast;
181
639010
2794
犯罪份子的手法一日千里,
我們必須走在他們之前。
10:53
we've got to move faster.
182
641828
2117
10:56
And the best way to do that is to open up
183
644750
3722
最好的方式便是開放
11:00
and share data on what's happening.
184
648496
2347
並且共享即時資訊。
讓我們從資訊安全人員的角度
來反思一下。
來反思一下。
11:03
Let's think about this in the construct
of security professionals.
of security professionals.
185
651304
4326
11:08
Remember, they're programmed right
into their DNA to keep secrets.
into their DNA to keep secrets.
186
656164
4976
要知道,這群人
保密的天性深入骨子裡。
保密的天性深入骨子裡。
11:13
We've got to turn
that thinking on its head.
that thinking on its head.
187
661164
3024
我們得扭轉這樣的習性。
11:16
We've got to get governments,
private institutions
private institutions
188
664212
3281
我們得想辦法讓政府、私人機構,
還有資安服務業者,
11:19
and security companies
189
667517
1443
11:20
willing to share information at speed.
190
668984
2731
願意迅速地分享資訊。
11:23
And here's why:
191
671739
1676
原因如下:
11:25
because if you share the information,
192
673439
1877
若是共享訊息,
11:27
it's equivalent to inoculation.
193
675340
2017
就像是接種了疫苗。
若是拒絕共享,
11:30
And if you're not sharing,
194
678663
1547
11:32
you're actually part of the problem,
195
680234
2101
我們就等於是共犯,
11:34
because you're increasing the odds
that other people could be impacted
that other people could be impacted
196
682359
5768
因為你可能助長了他人
被相同手法攻擊的機會。
11:40
by the same attack techniques.
197
688151
2630
11:43
But there's an even bigger benefit.
198
691986
2049
這麼做還有更大的好處。
11:47
By destroying criminals' devices
closer to real time,
closer to real time,
199
695198
4746
用近乎即時的速度消滅犯罪工具,
我們也破壞了歹徒的計畫。
11:51
we break their plans.
200
699968
1753
11:55
We inform the people they aim to hurt
201
703462
3240
我們能用罪犯措手不及的速度,
預先告知民眾,
他們已經成為攻擊目標。
他們已經成為攻擊目標。
11:58
far sooner than they had ever anticipated.
202
706726
2645
我們能破壞他們的聲譽,
12:02
We ruin their reputations,
203
710520
2201
12:04
we crush their ratings and reviews.
204
712745
3092
毀掉他們的評分及評論。
我們讓網路犯罪無利可圖。
12:08
We make cybercrime not pay.
205
716305
3832
12:12
We change the economics for the bad guys.
206
720931
3768
我們顛覆犯罪份子的經濟體系。
但要達成這個目標的第一步,
12:18
But to do this,
a first mover was required --
a first mover was required --
207
726315
3972
是要有人來改變
整個資安產業的思維。
整個資安產業的思維。
12:22
someone to change the thinking
in the security industry overall.
in the security industry overall.
208
730311
4601
大約一年前,
12:28
About a year ago,
209
736067
1270
我同事和我有個大膽的想法。
12:29
my colleagues and I had a radical idea.
210
737361
2506
如果把全球最大的
網路威脅情報資料庫──
網路威脅情報資料庫──
12:32
What if IBM were to take our data --
211
740624
4584
12:37
we had one of the largest threat
intelligence databases in the world --
intelligence databases in the world --
212
745987
3988
也就是 IBM 擁有的資料庫──
12:41
and open it up?
213
749999
1359
把它開放出來如何?
12:43
It had information not just
on what had happened in the past,
on what had happened in the past,
214
751757
3461
這裡面不只有過去事件的歷史紀錄,
12:47
but what was happening in near-real time.
215
755242
2475
還有近乎即時的資安動態資訊。
12:49
What if we were to publish it all
openly on the internet?
openly on the internet?
216
757741
3897
把這些資料都公開會變成怎樣呢?
12:54
As you can imagine,
this got quite a reaction.
this got quite a reaction.
217
762463
2494
可想而知,這構想招來激烈反應。
首先是律師問:
12:56
First came the lawyers:
218
764981
1364
「在法律上會有什麼瓜葛?」
12:58
What are the legal
implications of doing that?
implications of doing that?
219
766369
2315
13:01
Then came the business:
220
769385
1335
接著是商業人士:
「在商業上會有什麼含義?」
13:02
What are the business
implications of doing that?
implications of doing that?
221
770744
2400
13:05
And this was also met with a good dose
222
773622
2173
我們還遇到許多聲音
質疑我們是不是徹底瘋了?
13:07
of a lot of people just asking
if we were completely crazy.
if we were completely crazy.
223
775819
3108
13:11
But there was one conversation
that kept floating to the surface
that kept floating to the surface
224
779928
3786
但是在我們參與的每場對話當中,
有一個論點持續、逐漸地浮出檯面,
13:15
in every dialogue that we would have:
225
783738
2051
就是我們瞭解到:
13:18
the realization that if we didn't do this,
226
786400
3547
如果不開放資訊,
13:21
then we were part of the problem.
227
789971
2631
我們就成為網路犯罪的共犯。
13:25
So we did something unheard of
in the security industry.
in the security industry.
228
793514
2860
所以我們做了
在資安產業中前所未有的事。
在資安產業中前所未有的事。
13:29
We started publishing.
229
797045
1673
我們開始將資料公開。
13:30
Over 700 terabytes of actionable
threat intelligence data,
threat intelligence data,
230
798742
4410
超過 700 兆位元組的資安威脅情報,
其中包含即時的攻擊資訊,
13:35
including information on real-time attacks
231
803176
3005
13:38
that can be used to stop
cybercrime in its tracks.
cybercrime in its tracks.
232
806205
2863
可以協助我們阻斷網路犯罪。
時至今日,
13:41
And to date,
233
809813
1370
13:43
over 4,000 organizations
are leveraging this data,
are leveraging this data,
234
811207
4044
超過四千個組織正在利用這些資料,
包含全球百大企業的一半以上。
13:47
including half of the Fortune 100.
235
815275
1879
下一步,我們希望所有的組織
13:50
And our hope as a next step
is to get all of those organizations
is to get all of those organizations
236
818599
4017
13:54
to join us in the fight,
237
822640
1961
都能夠加入這場戰役,
13:56
and do the same thing
238
824625
1551
跟我們一樣,
13:58
and share their information
239
826200
2088
公開分享他們的資訊──
14:00
on when and how
they're being attacked as well.
they're being attacked as well.
240
828312
2534
關於他們何時、如何遭受攻擊。
我們都有機會阻止這一切,
14:03
We all have the opportunity to stop it,
241
831552
3018
也已經知道該怎麼做了。
14:06
and we already all know how.
242
834594
2161
14:09
All we have to do is look
to the response that we see
to the response that we see
243
837372
4370
我們要做的只不過是:
借鑑全球公共衛生體系
作為他山之石,
作為他山之石,
14:13
in the world of health care,
244
841766
1506
以及應對傳染病的做法。
14:15
and how they respond to a pandemic.
245
843296
1903
14:17
Simply put,
246
845623
1379
簡而言之,
14:19
we need to be open and collaborative.
247
847026
2276
我們必須開放,並且彼此合作。
謝謝。
14:21
Thank you.
248
849876
1151
(掌聲)
14:23
(Applause)
249
851051
3792
ABOUT THE SPEAKER
Caleb Barlow - Cybercrime fighterIBM's Caleb Barlow is focused on how we solve the cyber security problem by changing the economics for the bad guys.
Why you should listen
As a vice president at IBM Security, Caleb Barlow has insight into to one of the largest security intelligence operations in the world. His team stands watch protecting the information security of thousands of customers in more than a hundred countries. On a busy day they can process upwards of 35 billion potential security events across their global operations centers.
Barlow has been advising chief information security officers, boards of directors and government officials on security practices, frameworks and strategies for risk mitigation on a global basis. He is a sought-after speaker on the subject of security and regularly appears in both print and broadcast media, including NBC News, CNBC, BBC World Service, NPR, the Wall Street Journal and the Washington Post. His opinions have been solicited by members of Congress, the NSA, and NATO, and he was invited by the President of the UN General Assembly to discuss his views at the United Nations.
Most recently, Barlow is focusing on building a large-scale simulation environment to educate C-level executives on how to better prevent and respond to a cyber attack so they can maintain business resiliency in the face of crisis.
Caleb Barlow | Speaker | TED.com