TED@IBM
Caleb Barlow: Where is cybercrime really coming from?
迦勒·巴洛: 网络犯罪到底来源何处?
Filmed:
Readability: 4.3
1,639,157 views
网络犯罪行为在去年估计达到了4万5千亿的经济规模,全球范围内超过20亿条数据被盗取。安全专家迦勒·巴洛指出我们现有的保护策略是低效的。他的解决方案是我们合作打击网络犯罪,就像是国际卫生组织合作应对疾病感染一样,及时的分享有关谁被感染、疾病如何传播的信息。如果我们不这么做,他说,那么我们就变成了问题的一部分。
Caleb Barlow - Cybercrime fighter
IBM's Caleb Barlow is focused on how we solve the cyber security problem by changing the economics for the bad guys. Full bio
IBM's Caleb Barlow is focused on how we solve the cyber security problem by changing the economics for the bad guys. Full bio
Double-click the English transcript below to play the video.
00:13
Cybercrime is out of control.
0
1012
4217
网络犯罪行为已经难以遏制,
00:18
It's everywhere.
1
6186
1365
它无处不在。
00:19
We hear about it every single day.
2
7575
4288
我们每天都能听到它。
00:24
This year,
3
12771
1214
今年,
00:26
over two billion records lost or stolen.
4
14009
5134
有超过20亿的数据记录丢失或被盗取。
00:32
And last year, 100 million of us,
mostly Americans,
mostly Americans,
5
20050
5635
在去年,
1亿人的医保信息落入盗贼手中,
1亿人的医保信息落入盗贼手中,
绝大多数是美国人,包括我自己。
00:37
lost our health insurance data
to thieves -- myself included.
to thieves -- myself included.
6
25709
5134
00:44
What's particularly concerning about this
is that in most cases,
is that in most cases,
7
32303
5448
尤其令人感到担忧的是,
在大多数情况下,
在大多数情况下,
00:49
it was months before anyone even
reported that these records were stolen.
reported that these records were stolen.
8
37775
5911
人们要在几个月后才会
报告这些资料已经泄露。
报告这些资料已经泄露。
00:57
So if you watch the evening news,
9
45164
3043
如果你留意晚间新闻,
01:00
you would think that most of this
is espionage or nation-state activity.
is espionage or nation-state activity.
10
48231
5206
你可能觉得这是
国家级别的间谍行为,
国家级别的间谍行为,
01:05
And, well, some of it is.
11
53993
2093
没错,某些事件确实是这样,
01:08
Espionage, you see, is an accepted
international practice.
international practice.
12
56694
4438
间谍活动是国际上合法的。
01:13
But in this case,
13
61793
1483
但是对网络犯罪来说,
01:15
it is only a small portion
of the problem that we're dealing with.
of the problem that we're dealing with.
14
63300
5453
间谍行为只占网络犯罪的
很小的一部分。
很小的一部分。
01:21
How often do we hear about a breach
15
69639
3335
我们很少听到报道说
某次信息泄露是由于精心谋划的
国际间谍行为。
国际间谍行为。
01:24
followed by, "... it was the result
of a sophisticated nation-state attack?"
of a sophisticated nation-state attack?"
16
72998
4851
01:30
Well, often that is companies
not being willing to own up
not being willing to own up
17
78661
4861
事实上,常常是由于那些公司不愿意承认
01:35
to their own lackluster
security practices.
security practices.
18
83546
2980
自己的安保措施不堪一击。
01:39
There is also a widely held belief
19
87065
2500
很多人相信
01:42
that by blaming an attack
on a nation-state,
on a nation-state,
20
90355
3851
把网络攻击归咎于国家行动,
这样监管机构就没办法监管这些公司了,
01:46
you are putting regulators at bay --
21
94230
2681
起码在一段时间内。
01:48
at least for a period of time.
22
96935
2034
01:51
So where is all of this coming from?
23
99837
4483
那么,这些网络攻击到底
是从何而来呢?
是从何而来呢?
01:56
The United Nations estimates
that 80 percent of it
that 80 percent of it
24
104997
5493
联合国估计80%的网络犯罪,
是由高度组织化且十分老练的
犯罪团伙实施的。
犯罪团伙实施的。
02:02
is from highly organized
and ultrasophisticated criminal gangs.
and ultrasophisticated criminal gangs.
25
110514
5770
02:09
To date,
26
117254
1719
迄今为止,
02:10
this represents one of the largest
illegal economies in the world,
illegal economies in the world,
27
118997
6600
网络犯罪是金额最庞大的
全球非法经济之一,
全球非法经济之一,
目前已经达到了
02:17
topping out at, now get this,
28
125621
3120
4450亿美元。
02:20
445 billion dollars.
29
128765
4316
02:25
Let me put that in perspective
for all of you:
for all of you:
30
133539
2912
我来做个对比让大家感受下,
02:28
445 billion dollars is larger than the GDP
31
136475
6104
4450亿美元比160个国家的GDP还要高,
02:34
of 160 nations,
32
142603
2666
其中包括
02:37
including Ireland, Finland,
Denmark and Portugal,
Denmark and Portugal,
33
145293
4545
爱尔兰、芬兰、丹麦、葡萄牙等等。
02:41
to name a few.
34
149862
1230
02:44
So how does this work?
35
152293
2004
网络犯罪是如何运转的?
这些犯罪行为是如何发生的?
02:46
How do these criminals operate?
36
154321
1906
02:48
Well, let me tell you a little story.
37
156701
2856
请先让我讲一个小故事。
02:52
About a year ago,
38
160531
1194
大约一年之前,
02:53
our security researchers were tracking
39
161749
3310
我们的网络安全人员在追踪一种
看似普通但复杂的,叫做
"Dyre Wolf"的木马病毒。
"Dyre Wolf"的木马病毒。
02:57
a somewhat ordinary but sophisticated
banking Trojan called the Dyre Wolf.
banking Trojan called the Dyre Wolf.
40
165083
6046
03:03
The Dyre Wolf would get on your computer
41
171925
2221
在你点击了钓鱼邮件的链接之后,
03:06
via you clicking on a link
in a phishing email
in a phishing email
42
174170
3000
这种病毒感会染电脑,
你其实不应该受到这些邮件。
03:09
that you probably shouldn't have.
43
177194
1952
它会在你的电脑里安静地等待,
03:11
It would then sit and wait.
44
179170
1997
03:13
It would wait until you logged
into your bank account.
into your bank account.
45
181755
3011
直到你登录自己的银行账户。
03:17
And when you did,
the bad guys would reach in,
the bad guys would reach in,
46
185299
3343
然后,坏人会侵入你的账户,
盗取你的安全证书,
03:20
steal your credentials,
47
188666
1653
利用你的证书偷走你的存款。
03:22
and then use that to steal your money.
48
190343
1901
03:25
This sounds terrible,
49
193023
1920
这听上去很糟糕,
03:26
but the reality is,
in the security industry,
in the security industry,
50
194967
2793
但事实上,在安保领域,
这种形式的攻击是很常见的。
03:29
this form of attack
is somewhat commonplace.
is somewhat commonplace.
51
197784
3682
03:36
However, the Dyre Wolf had
two distinctly different personalities --
two distinctly different personalities --
52
204002
6164
但是,Dyre Wolf病毒具有
两种截然不同的行动方式。
两种截然不同的行动方式。
03:42
one for these small transactions,
53
210659
2341
其一用来针对小额转账,
03:45
but it took on an entirely
different persona
different persona
54
213024
3040
但当你进行巨额在线商业转账时,
03:48
if you were in the business of moving
large-scale wire transfers.
large-scale wire transfers.
55
216088
3815
它会有完全不同的表现。
这样的表现在于,
03:51
Here's what would happen.
56
219927
1699
03:53
You start the process
of issuing a wire transfer,
of issuing a wire transfer,
57
221650
2800
当你开始处理这笔转账时,
03:56
and up in your browser would pop
a screen from your bank,
a screen from your bank,
58
224474
3008
你的浏览器会弹出一个银行窗口,
提示你的账户遇到了问题,
03:59
indicating that there's a problem
with your account,
with your account,
59
227506
2597
04:02
and that you need to call
the bank immediately,
the bank immediately,
60
230127
3191
需要你立即打电话联系银行,
同时给你提供一个假冒的银行电话。
04:05
along with the number
to the bank's fraud department.
to the bank's fraud department.
61
233342
2742
04:08
So you pick up the phone and you call.
62
236835
2170
此时你会拿起手机拨打电话。
04:11
And after going through
the normal voice prompts,
the normal voice prompts,
63
239029
3011
在经过通常的语音流程后,
04:14
you're met with
an English-speaking operator.
an English-speaking operator.
64
242064
2117
你会接通到一个说英语的接线员。
04:16
"Hello, Altoro Mutual Bank.
How can I help you?"
How can I help you?"
65
244205
2868
“你好,这里是奥特罗银行,
有什么可以帮到您的?”
有什么可以帮到您的?”
04:20
And you go through the process
like you do every time you call your bank,
like you do every time you call your bank,
66
248033
3653
然后你会按照每次电话银行
都要走的流程,
都要走的流程,
给他们提供你的姓名,账户号,
04:23
of giving them your name
and your account number,
and your account number,
67
251710
2791
并且通过安全查验来确定你的身份。
04:26
going through the security checks
to verify you are who you said you are.
to verify you are who you said you are.
68
254525
3923
04:31
Most of us may not know this,
69
259809
1488
可能许多人并不知道这些,
04:33
but in many large-scale wire transfers,
70
261321
2229
但在很多大额转账中,
04:35
it requires two people to sign off
on the wire transfer,
on the wire transfer,
71
263574
3111
要求有两个人一起确认交易,
04:38
so the operator then asks you
to get the second person on the line,
to get the second person on the line,
72
266709
3199
所以那个接线员会要求你
让另外一个人加入通话,
让另外一个人加入通话,
并且经过相同的安全信息查验。
04:41
and goes through the same set
of verifications and checks.
of verifications and checks.
73
269932
2801
04:45
Sounds normal, right?
74
273960
1346
听起来还挺正常的吧?
04:47
Only one problem:
75
275909
1442
然而关键问题是,
04:49
you're not talking to the bank.
76
277375
1825
你并不是在和银行通话,
04:51
You're talking to the criminals.
77
279224
1586
而是犯罪分子,
04:52
They had built
an English-speaking help desk,
an English-speaking help desk,
78
280834
2198
他们安排了说英语的接线员,
04:55
fake overlays to the banking website.
79
283056
2065
用假的界面冒充原本的银行网站。
04:57
And this was so flawlessly executed
80
285145
3100
这些行径被完美无瑕地执行,
05:00
that they were moving
between a half a million
between a half a million
81
288269
2143
让犯罪分子每次能成功转移
五十万至一百五十万美元
05:02
and a million and a half
dollars per attempt
dollars per attempt
82
290436
3087
到他们自己的保险箱里。
05:05
into their criminal coffers.
83
293547
1558
05:08
These criminal organizations operate
84
296140
2615
这些犯罪集团像受到严格监管的,
05:10
like highly regimented,
legitimate businesses.
legitimate businesses.
85
298779
3025
合法的商业集团一样运作。
05:14
Their employees work
Monday through Friday.
Monday through Friday.
86
302345
2483
他们的雇员在周一至周五工作,
05:17
They take the weekends off.
87
305309
1536
并且拥有双休。
那我们是怎么知道这些的呢?
05:18
How do we know this?
88
306869
1383
05:20
We know this because
our security researchers see
our security researchers see
89
308276
3133
我们的安全人员发现
05:23
repeated spikes of malware
on a Friday afternoon.
on a Friday afternoon.
90
311433
3066
这些病毒软件会在周五下午持续入侵。
05:27
The bad guys, after a long weekend
with the wife and kids,
with the wife and kids,
91
315254
3215
这些犯罪分子在经过有妻儿陪伴的周末后,
05:30
come back in to see how well things went.
92
318493
2240
回到工作岗位检查病毒的工作进程。
05:35
The Dark Web is where
they spend their time.
they spend their time.
93
323701
2674
他们把时间都花在了暗网中。
05:39
That is a term used to describe
the anonymous underbelly of the internet,
the anonymous underbelly of the internet,
94
327295
5789
暗网用来表示互联网中的隐藏的阴暗面,
罪犯可以在其中匿名活动,
05:45
where thieves can operate with anonymity
95
333108
2925
05:48
and without detection.
96
336057
1445
并且不会被检测到。
05:50
Here they peddle their attack software
97
338209
3027
在这里他们兜售木马软件,
并且分享最新木马技术的讯息。
05:53
and share information
on new attack techniques.
on new attack techniques.
98
341260
3456
05:57
You can buy everything there,
99
345571
1850
你几乎能在这里买到所有东西,
05:59
from a base-level attack
to a much more advanced version.
to a much more advanced version.
100
347445
3656
从最基础的网络攻击到更高级的版本。
06:03
In fact, in many cases, you even see
101
351842
2292
事实上,许多时候你还能发现,
06:06
gold, silver and bronze levels of service.
102
354158
3172
这些服务有金、银、铜的等级。
06:09
You can check references.
103
357903
1671
你可以查看他们的履历,
06:11
You can even buy attacks
104
359977
2560
你甚至也可以购买
承诺无效退款的黑客攻击,
06:14
that come with a money-back guarantee --
105
362561
3328
(笑声)
06:17
(Laughter)
106
365913
1045
如果入侵没有成功。
06:18
if you're not successful.
107
366982
1655
06:21
Now, these environments,
these marketplaces --
these marketplaces --
108
369931
3091
现在看来,这些地下环境,这些市场,
06:25
they look like an Amazon or an eBay.
109
373046
3347
似乎就和亚马逊和易贝一样。
06:28
You see products, prices,
ratings and reviews.
ratings and reviews.
110
376417
3956
你可以看见产品,以及它们的价格,评分和评价。
06:32
Of course, if you're going
to buy an attack,
to buy an attack,
111
380397
2254
理所当然的,如果你要购买一次网络攻击,
06:34
you're going to buy from a reputable
criminal with good ratings, right?
criminal with good ratings, right?
112
382675
3449
你肯定会选择好评多的,
信誉高的犯罪团伙吧?
信誉高的犯罪团伙吧?
(笑声)
06:38
(Laughter)
113
386148
1004
这就像在去一家新的餐厅之前
06:39
This isn't any different
114
387176
1201
06:40
than checking on Yelp or TripAdvisor
before going to a new restaurant.
before going to a new restaurant.
115
388401
5190
上Yelp或TripAdvisor先了解一下。
06:46
So, here is an example.
116
394503
2093
这就是一个例子。
06:48
This is an actual screenshot
of a vendor selling malware.
of a vendor selling malware.
117
396620
5421
这是一张木马软件
卖家信息的真实截图,
卖家信息的真实截图,
06:54
Notice they're a vendor level four,
118
402065
1815
他们的卖家等级达到了4级,
信用等级为6。
06:55
they have a trust level of six.
119
403904
1841
他们在去年收到400封好评,
06:57
They've had 400 positive reviews
in the last year,
in the last year,
120
405769
2335
07:00
and only two negative reviews
in the last month.
in the last month.
121
408128
2380
在上个月也只有两封差评。
07:03
We even see things like licensing terms.
122
411072
3357
我们甚至能找到伪造证件。
07:06
Here's an example of a site you can go to
123
414762
2004
你可以访问像这样的网站,
07:08
if you want to change your identity.
124
416790
1757
如果你需要伪造的身份证明。
07:10
They will sell you a fake ID,
125
418571
1857
他们会卖给你假的身份证,
07:12
fake passports.
126
420452
1594
伪造的护照。
07:14
But note the legally binding terms
for purchasing your fake ID.
for purchasing your fake ID.
127
422603
5049
但请注意购买假身份证时要
遵守相关法律条款。
遵守相关法律条款。
07:20
Give me a break.
128
428518
1521
开玩笑吧。
07:22
What are they going to do --
sue you if you violate them?
sue you if you violate them?
129
430063
2858
就算你违反了,他们能怎么做?告你吗?
07:24
(Laughter)
130
432945
1150
(笑声)
07:27
This occurred a couple of months ago.
131
435458
2423
这发生在几个月之前。
07:29
One of our security
researchers was looking
researchers was looking
132
437905
3615
我们的一位安全研究人员在调查一种
07:33
at a new Android malware application
that we had discovered.
that we had discovered.
133
441544
4998
在安卓系统中新发现的木马病毒
07:38
It was called Bilal Bot.
134
446566
1920
叫做Bilal Bot。
07:41
In a blog post,
135
449514
1926
在一篇博文中,
她认为Bilal Bot是先进的GM Bot病毒的
07:43
she positioned Bilal Bot
as a new, inexpensive and beta alternative
as a new, inexpensive and beta alternative
136
451464
6805
07:50
to the much more advanced GM Bot
137
458870
3338
新版的,更便宜的测试版替代品。
GM Bot在黑市中是很常见的软件。
07:54
that was commonplace
in the criminal underground.
in the criminal underground.
138
462232
2815
07:58
This review did not sit well
with the authors of Bilal Bot.
with the authors of Bilal Bot.
139
466658
4010
这条评价令Bilal Bot的作者感到不服,
08:03
So they wrote her this very email,
140
471237
2580
于是他们给她写了封Email,
08:07
pleading their case
and making the argument
and making the argument
141
475028
2757
说明了他们的情况,并争论说,
08:09
that they felt she had evaluated
an older version.
an older version.
142
477809
5429
她评估的是较旧的版本。
08:16
They asked her to please update
her blog with more accurate information
her blog with more accurate information
143
484198
4709
他们要求她在博客中更新更准确的信息,
甚至提供面谈的机会,
08:20
and even offered to do an interview
144
488931
3412
来作出清楚地展示出
08:24
to describe to her in detail
145
492367
2221
他们的病毒远比市面上的要强。
08:26
how their attack software was now
far better than the competition.
far better than the competition.
146
494612
4599
08:32
So look,
147
500365
1325
所以,
08:33
you don't have to like what they do,
148
501714
3864
你可以不喜欢他们做的事情,
08:37
but you do have to respect
the entrepreneurial nature
the entrepreneurial nature
149
505602
4919
但你应该尊重他们的努力
以及表现出来的
以及表现出来的
企业家气质。
08:42
of their endeavors.
150
510545
1207
(笑声)
08:43
(Laughter)
151
511776
1150
08:46
So how are we going to stop this?
152
514476
3855
那么我们该如何阻止这些事情发生呢?
08:51
It's not like we're going to be able
to identify who's responsible --
to identify who's responsible --
153
519714
5564
我们并不需要去确定这是谁的责任。
08:57
remember, they operate with anonymity
154
525302
2962
记住,他们是匿名操作的
09:00
and outside the reach of the law.
155
528288
1985
而且是违法的。
09:03
We're certainly not going to be able
to prosecute the offenders.
to prosecute the offenders.
156
531217
3284
我们肯定没办法起诉他们。
09:07
I would propose that we need
a completely new approach.
a completely new approach.
157
535156
5545
我认为我们需要一种全新的方式
09:13
And that approach needs
to be centered on the idea
to be centered on the idea
158
541763
3906
而且这种方式要以一种想法为中心,
09:17
that we need to change
the economics for the bad guys.
the economics for the bad guys.
159
545693
3895
那就是我们要改变网络犯罪的
经济运作方式。
经济运作方式。
09:22
And to give you a perspective
on how this can work,
on how this can work,
160
550245
3101
向大家解释一下这将如何生效,
09:25
let's think of the response we see
to a healthcare pandemic:
to a healthcare pandemic:
161
553370
4988
想想我们对流行病的对应方式,
09:30
SARS, Ebola, bird flu, Zika.
162
558382
3003
非典、埃博拉病毒、禽流感、寨卡病毒,
09:34
What is the top priority?
163
562036
1921
优先顺序是什么?
09:35
It's knowing who is infected
and how the disease is spreading.
and how the disease is spreading.
164
563981
5293
先要知道谁被感染了,
而且这种疾病是如何传播的,
而且这种疾病是如何传播的,
09:44
Now, governments, private institutions,
hospitals, physicians --
hospitals, physicians --
165
572015
6147
现在,政府、私人机构、医院、医生
09:51
everyone responds openly and quickly.
166
579061
3720
每个人都公开快速地回应。
09:55
This is a collective and altruistic effort
167
583334
3971
这是一种集体和无私的努力
去阻止疾病的传播
09:59
to stop the spread in its tracks
168
587329
3900
并且让没被感染的人了解
10:03
and to inform anyone not infected
169
591253
2877
如何保护和预防。
10:06
how to protect or inoculate themselves.
170
594154
2380
10:10
Unfortunately, this is not at all
what we see in response to a cyber attack.
what we see in response to a cyber attack.
171
598900
5694
不幸的是,这并不是我们
对网络攻击的应对方式。
对网络攻击的应对方式。
10:17
Organizations are far more likely
to keep information on that attack
to keep information on that attack
172
605850
4451
机构在被攻击之后
更有可能把信息保密。
10:22
to themselves.
173
610325
1625
10:25
Why?
174
613082
1156
为什么会这样?
因为他们担心会损伤竞争力,
10:26
Because they're worried
about competitive advantage,
about competitive advantage,
175
614262
2970
10:30
litigation
176
618043
1571
引发诉讼,
或是监管部门介入。
10:31
or regulation.
177
619638
1306
10:33
We need to effectively democratize
threat intelligence data.
threat intelligence data.
178
621827
5770
我们要把威胁的数据有效地公布给大众。
10:39
We need to get all of these organizations
to open up and share
to open up and share
179
627975
5476
我们要让这些组织公开共享
他们私人武器库里的信息。
10:45
what is in their private arsenal
of information.
of information.
180
633475
3622
10:51
The bad guys are moving fast;
181
639010
2794
犯罪分子的动作很快,
我们就要比他们更快。
10:53
we've got to move faster.
182
641828
2117
10:56
And the best way to do that is to open up
183
644750
3722
最好的方式就是
共享数据。
11:00
and share data on what's happening.
184
648496
2347
11:03
Let's think about this in the construct
of security professionals.
of security professionals.
185
651304
4326
让我们看看安全专家的想法,
11:08
Remember, they're programmed right
into their DNA to keep secrets.
into their DNA to keep secrets.
186
656164
4976
这些安全专家都非常注重保守秘密。
现在我们已经让这些安全专家有了共识。
11:13
We've got to turn
that thinking on its head.
that thinking on its head.
187
661164
3024
我们让政府、私人机构
11:16
We've got to get governments,
private institutions
private institutions
188
664212
3281
和安全企业
11:19
and security companies
189
667517
1443
都愿意能够快速分享信息。
11:20
willing to share information at speed.
190
668984
2731
原因是
11:23
And here's why:
191
671739
1676
当你分享安全攻击信息的时候,
11:25
because if you share the information,
192
673439
1877
你类似于接种了疫苗。
11:27
it's equivalent to inoculation.
193
675340
2017
11:30
And if you're not sharing,
194
678663
1547
如果你选择保密,
那么你实际上就变成了问题的一部分,
11:32
you're actually part of the problem,
195
680234
2101
因为你增加了其他人被同样的黑客技术
11:34
because you're increasing the odds
that other people could be impacted
that other people could be impacted
196
682359
5768
攻击的可能性。
11:40
by the same attack techniques.
197
688151
2630
11:43
But there's an even bigger benefit.
198
691986
2049
但是还有一个更大的好处,
11:47
By destroying criminals' devices
closer to real time,
closer to real time,
199
695198
4746
就是这能快速毁灭犯罪分子的病毒
破坏了他们的计划。
11:51
we break their plans.
200
699968
1753
11:55
We inform the people they aim to hurt
201
703462
3240
我们在那些网络犯罪分子
实施攻击之前,
实施攻击之前,
就通知潜在的受害者。
11:58
far sooner than they had ever anticipated.
202
706726
2645
12:02
We ruin their reputations,
203
710520
2201
我们破坏他们的名声,
降低他们的用户评分和评价结果。
12:04
we crush their ratings and reviews.
204
712745
3092
12:08
We make cybercrime not pay.
205
716305
3832
我们让网络犯罪赚不到钱。
12:12
We change the economics for the bad guys.
206
720931
3768
我们把坏人赚钱的模式改变了。
12:18
But to do this,
a first mover was required --
a first mover was required --
207
726315
3972
但是实现这些,
一个重要的前提条件是必须的,
一个重要的前提条件是必须的,
整个信息安全产业的观念都需要改变。
12:22
someone to change the thinking
in the security industry overall.
in the security industry overall.
208
730311
4601
12:28
About a year ago,
209
736067
1270
大概一年前,
我和同事有了一个大胆的想法。
12:29
my colleagues and I had a radical idea.
210
737361
2506
12:32
What if IBM were to take our data --
211
740624
4584
如果IBM将我们的数据,
12:37
we had one of the largest threat
intelligence databases in the world --
intelligence databases in the world --
212
745987
3988
我们有世界上最大的威胁情报库,
并把它公开会怎样?
12:41
and open it up?
213
749999
1359
12:43
It had information not just
on what had happened in the past,
on what had happened in the past,
214
751757
3461
库中不仅仅有过去发生的攻击信息,
同时也包括正在发生的攻击信息。
12:47
but what was happening in near-real time.
215
755242
2475
如果我们免费公开的放在
互联网上会怎样?
互联网上会怎样?
12:49
What if we were to publish it all
openly on the internet?
openly on the internet?
216
757741
3897
12:54
As you can imagine,
this got quite a reaction.
this got quite a reaction.
217
762463
2494
你大概能想象到,大家反应很大。
12:56
First came the lawyers:
218
764981
1364
律师先坐不住了,
12:58
What are the legal
implications of doing that?
implications of doing that?
219
766369
2315
这样做有没有什么法律问题?
13:01
Then came the business:
220
769385
1335
然后是商务,
13:02
What are the business
implications of doing that?
implications of doing that?
221
770744
2400
这样做对于我们的商业利益
有什么影响?
有什么影响?
13:05
And this was also met with a good dose
222
773622
2173
同时我们也遇到了很多人
13:07
of a lot of people just asking
if we were completely crazy.
if we were completely crazy.
223
775819
3108
他们直接认为我们是不是疯了。
13:11
But there was one conversation
that kept floating to the surface
that kept floating to the surface
224
779928
3786
然而在每一次我们跟人们的谈话中
有一句对白始终会出现:
13:15
in every dialogue that we would have:
225
783738
2051
13:18
the realization that if we didn't do this,
226
786400
3547
我们意识到如果我们不这么做,
我们就成了问题的一部分。
13:21
then we were part of the problem.
227
789971
2631
13:25
So we did something unheard of
in the security industry.
in the security industry.
228
793514
2860
所以我们做了一件安全领域
从未有人做的事。
从未有人做的事。
13:29
We started publishing.
229
797045
1673
我们开始公开情报。
13:30
Over 700 terabytes of actionable
threat intelligence data,
threat intelligence data,
230
798742
4410
超过700TB数据的威胁情报信息,
13:35
including information on real-time attacks
231
803176
3005
包括正在发生的攻击情报
13:38
that can be used to stop
cybercrime in its tracks.
cybercrime in its tracks.
232
806205
2863
都可以帮助停止正在发生的
网络攻击行为。
网络攻击行为。
13:41
And to date,
233
809813
1370
到今天,
13:43
over 4,000 organizations
are leveraging this data,
are leveraging this data,
234
811207
4044
超过4000家组织从这个情报中获益,
包括半数以上财富100强企业。
13:47
including half of the Fortune 100.
235
815275
1879
13:50
And our hope as a next step
is to get all of those organizations
is to get all of those organizations
236
818599
4017
下一步,我们希望能够让这些组织
都加入我们的战斗,
13:54
to join us in the fight,
237
822640
1961
跟我们一样,
13:56
and do the same thing
238
824625
1551
13:58
and share their information
239
826200
2088
共享威胁信息,
报告他们何时以何种方式被入侵。
14:00
on when and how
they're being attacked as well.
they're being attacked as well.
240
828312
2534
14:03
We all have the opportunity to stop it,
241
831552
3018
我们都有机会来阻止网络犯罪,
我们也已经知道方法。
14:06
and we already all know how.
242
834594
2161
14:09
All we have to do is look
to the response that we see
to the response that we see
243
837372
4370
我们要做的就是
向世界医疗机构学习,
14:13
in the world of health care,
244
841766
1506
学习他们是如何应对传染病的。
14:15
and how they respond to a pandemic.
245
843296
1903
14:17
Simply put,
246
845623
1379
简单说,
我们需要开放和合作。
14:19
we need to be open and collaborative.
247
847026
2276
14:21
Thank you.
248
849876
1151
谢谢大家。
(掌声)
14:23
(Applause)
249
851051
3792
ABOUT THE SPEAKER
Caleb Barlow - Cybercrime fighterIBM's Caleb Barlow is focused on how we solve the cyber security problem by changing the economics for the bad guys.
Why you should listen
As a vice president at IBM Security, Caleb Barlow has insight into to one of the largest security intelligence operations in the world. His team stands watch protecting the information security of thousands of customers in more than a hundred countries. On a busy day they can process upwards of 35 billion potential security events across their global operations centers.
Barlow has been advising chief information security officers, boards of directors and government officials on security practices, frameworks and strategies for risk mitigation on a global basis. He is a sought-after speaker on the subject of security and regularly appears in both print and broadcast media, including NBC News, CNBC, BBC World Service, NPR, the Wall Street Journal and the Washington Post. His opinions have been solicited by members of Congress, the NSA, and NATO, and he was invited by the President of the UN General Assembly to discuss his views at the United Nations.
Most recently, Barlow is focusing on building a large-scale simulation environment to educate C-level executives on how to better prevent and respond to a cyber attack so they can maintain business resiliency in the face of crisis.
Caleb Barlow | Speaker | TED.com