English-Video.net comment policy

The comment field is common to all languages

Let's write in your language and use "Google Translate" together

Please refer to informative community guidelines on TED.com

TEDxBrussels

Mikko Hypponen: Three types of online attack

Filmed
Views 961,034

Cybercrime expert Mikko Hypponen talks us through three types of online attack on our privacy and data -- and only two are considered crimes. "Do we blindly trust any future government? Because any right we give away, we give away for good."

- Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio

In the 1980s
00:20
in the communist Eastern Germany,
00:23
if you owned a typewriter,
00:26
you had to register it with the government.
00:30
You had to register
00:32
a sample sheet of text
00:34
out of the typewriter.
00:36
And this was done
00:38
so the government could track where text was coming from.
00:40
If they found a paper
00:43
which had the wrong kind of thought,
00:46
they could track down
00:49
who created that thought.
00:51
And we in the West
00:53
couldn't understand how anybody could do this,
00:56
how much this would restrict freedom of speech.
00:59
We would never do that
01:02
in our own countries.
01:04
But today in 2011,
01:07
if you go and buy a color laser printer
01:10
from any major laser printer manufacturer
01:14
and print a page,
01:17
that page will end up
01:19
having slight yellow dots
01:21
printed on every single page
01:24
in a pattern which makes the page unique
01:26
to you and to your printer.
01:29
This is happening
01:33
to us today.
01:35
And nobody seems to be making a fuss about it.
01:38
And this is an example
01:42
of the ways
01:45
that our own governments
01:47
are using technology
01:50
against us, the citizens.
01:52
And this is one of the main three sources
01:56
of online problems today.
01:59
If we take a look at what's really happening in the online world,
02:01
we can group the attacks based on the attackers.
02:04
We have three main groups.
02:07
We have online criminals.
02:09
Like here, we have Mr. Dimitry Golubov
02:11
from the city of Kiev in Ukraine.
02:13
And the motives of online criminals
02:15
are very easy to understand.
02:18
These guys make money.
02:20
They use online attacks
02:22
to make lots of money,
02:24
and lots and lots of it.
02:26
We actually have several cases
02:28
of millionaires online, multimillionaires,
02:30
who made money with their attacks.
02:33
Here's Vladimir Tsastsin form Tartu in Estonia.
02:35
This is Alfred Gonzalez.
02:38
This is Stephen Watt.
02:40
This is Bjorn Sundin.
02:42
This is Matthew Anderson, Tariq Al-Daour
02:44
and so on and so on.
02:47
These guys
02:49
make their fortunes online,
02:51
but they make it through the illegal means
02:53
of using things like banking trojans
02:56
to steal money from our bank accounts
02:58
while we do online banking,
03:00
or with keyloggers
03:02
to collect our credit card information
03:04
while we are doing online shopping from an infected computer.
03:07
The U.S. Secret Service,
03:10
two months ago,
03:12
froze the Swiss bank account
03:14
of Mr. Sam Jain right here,
03:16
and that bank account had 14.9 million U.S. dollars on it
03:18
when it was frozen.
03:21
Mr. Jain himself is on the loose;
03:23
nobody knows where he is.
03:25
And I claim it's already today
03:28
that it's more likely for any of us
03:31
to become the victim of a crime online
03:34
than here in the real world.
03:37
And it's very obvious
03:40
that this is only going to get worse.
03:42
In the future, the majority of crime
03:44
will be happening online.
03:46
The second major group of attackers
03:50
that we are watching today
03:52
are not motivated by money.
03:54
They're motivated by something else --
03:56
motivated by protests,
03:58
motivated by an opinion,
04:00
motivated by the laughs.
04:02
Groups like Anonymous
04:05
have risen up over the last 12 months
04:07
and have become a major player
04:10
in the field of online attacks.
04:12
So those are the three main attackers:
04:15
criminals who do it for the money,
04:17
hacktivists like Anonymous
04:19
doing it for the protest,
04:22
but then the last group are nation states,
04:24
governments doing the attacks.
04:27
And then we look at cases
04:31
like what happened in DigiNotar.
04:33
This is a prime example of what happens
04:35
when governments attack
04:37
against their own citizens.
04:39
DigiNotar is a Certificate Authority
04:41
from The Netherlands --
04:44
or actually, it was.
04:46
It was running into bankruptcy
04:48
last fall
04:50
because they were hacked into.
04:53
Somebody broke in
04:55
and they hacked it thoroughly.
04:57
And I asked last week
05:00
in a meeting with Dutch government representatives,
05:02
I asked one of the leaders of the team
05:06
whether he found plausible
05:11
that people died
05:14
because of the DigiNotar hack.
05:17
And his answer was yes.
05:20
So how do people die
05:25
as the result of a hack like this?
05:27
Well DigiNotar is a C.A.
05:30
They sell certificates.
05:32
What do you do with certificates?
05:34
Well you need a certificate
05:36
if you have a website that has https,
05:38
SSL encrypted services,
05:40
services like Gmail.
05:43
Now we all, or a big part of us,
05:46
use Gmail or one of their competitors,
05:48
but these services are especially popular
05:50
in totalitarian states
05:52
like Iran,
05:54
where dissidents
05:56
use foreign services like Gmail
05:58
because they know they are more trustworthy than the local services
06:01
and they are encrypted over SSL connections,
06:04
so the local government can't snoop
06:07
on their discussions.
06:09
Except they can if they hack into a foreign C.A.
06:11
and issue rogue certificates.
06:14
And this is exactly what happened
06:16
with the case of DigiNotar.
06:18
What about Arab Spring
06:24
and things that have been happening, for example, in Egypt?
06:26
Well in Egypt,
06:29
the rioters looted the headquarters
06:31
of the Egyptian secret police
06:33
in April 2011,
06:35
and when they were looting the building they found lots of papers.
06:37
Among those papers,
06:40
was this binder entitled "FINFISHER."
06:42
And within that binder were notes
06:44
from a company based in Germany
06:47
which had sold the Egyptian government
06:49
a set of tools
06:52
for intercepting --
06:54
and in very large scale --
06:56
all the communication of the citizens of the country.
06:58
They had sold this tool
07:00
for 280,000 Euros to the Egyptian government.
07:02
The company headquarters are right here.
07:05
So Western governments
07:08
are providing totalitarian governments with tools
07:10
to do this against their own citizens.
07:13
But Western governments are doing it to themselves as well.
07:16
For example, in Germany,
07:19
just a couple of weeks ago
07:21
the so-called State Trojan was found,
07:23
which was a trojan
07:26
used by German government officials
07:28
to investigate their own citizens.
07:30
If you are a suspect in a criminal case,
07:32
well it's pretty obvious, your phone will be tapped.
07:36
But today, it goes beyond that.
07:38
They will tap your Internet connection.
07:40
They will even use tools like State Trojan
07:42
to infect your computer with a trojan,
07:45
which enables them
07:48
to watch all your communication,
07:50
to listen to your online discussions,
07:52
to collect your passwords.
07:55
Now when we think deeper
08:01
about things like these,
08:03
the obvious response from people should be
08:06
that, "Okay, that sounds bad,
08:11
but that doesn't really affect me because I'm a legal citizen.
08:14
Why should I worry?
08:17
Because I have nothing to hide."
08:19
And this is an argument,
08:22
which doesn't make sense.
08:24
Privacy is implied.
08:26
Privacy is not up for discussion.
08:29
This is not a question
08:34
between privacy
08:36
against security.
08:40
It's a question of freedom
08:43
against control.
08:46
And while we might trust our governments
08:49
right now, right here in 2011,
08:53
any right we give away will be given away for good.
08:56
And do we trust, do we blindly trust,
08:59
any future government,
09:02
a government we might have
09:04
50 years from now?
09:06
And these are the questions
09:10
that we have to worry about for the next 50 years.
09:13

▲Back to top

About the speaker:

Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com