TED2014
Keren Elazari: Hackers: the Internet's immune system
Filmed:
Readability: 4.8
2,591,983 views
The beauty of hackers, says cybersecurity expert Keren Elazari, is that they force us to evolve and improve. Yes, some hackers are bad guys, but many are working to fight government corruption and advocate for our rights. By exposing vulnerabilities, they push the Internet to become stronger and healthier, wielding their power to create a better world.
Keren Elazari - Cybersecurity expert
Keren Elazari charts the transformation of hackers from cyberpunk protagonists to powerful hacktivists, lone rangers and digital robin hoods who are the unsung heroes of the digital frontier. Full bio
Keren Elazari charts the transformation of hackers from cyberpunk protagonists to powerful hacktivists, lone rangers and digital robin hoods who are the unsung heroes of the digital frontier. Full bio
Double-click the English transcript below to play the video.
00:12
Four years ago,
0
869
1751
00:14
a security researcher,
1
2620
1802
00:16
or, as most people would call it, a hacker,
2
4422
4249
00:20
found a way to literally
3
8671
2167
00:22
make ATMs throw money at him.
4
10838
3203
00:26
His name was Barnaby Jack,
5
14041
3341
00:29
and this technique was later called "jackpotting"
6
17382
3659
00:33
in his honor.
7
21041
1909
00:34
I'm here today because I think
8
22950
1849
00:36
we actually need hackers.
9
24799
3051
00:39
Barnaby Jack
10
27850
1862
00:41
could have easily turned
11
29712
1487
00:43
into a career criminal or James Bond villain
12
31199
4198
00:47
with his knowledge,
13
35397
1496
00:48
but he chose to show the world
14
36893
2488
00:51
his research instead.
15
39381
2689
00:54
He believed that sometimes
16
42070
1853
00:55
you have to demo a threat
17
43923
2040
00:57
to spark a solution.
18
45963
2917
01:00
And I feel the same way.
19
48880
1930
01:02
That's why I'm here today.
20
50810
1850
01:04
We are often terrified and fascinated
21
52660
3278
01:07
by the power hackers now have.
22
55938
3461
01:11
They scare us.
23
59399
1732
01:13
But the choices they make
24
61131
1985
01:15
have dramatic outcomes
25
63116
2170
01:17
that influence us all.
26
65286
2988
01:20
So I am here today because I think we need hackers,
27
68274
3335
01:23
and in fact, they just might be
28
71609
3583
01:27
the immune system for the information age.
29
75192
4340
01:31
Sometimes they make us sick,
30
79532
2033
01:33
but they also find those hidden threats
31
81565
3355
01:36
in our world,
32
84920
1324
01:38
and they make us fix it.
33
86244
2845
01:41
I knew that I might get hacked
34
89089
2358
01:43
for giving this talk,
35
91447
2408
01:45
so let me save you the effort.
36
93855
2473
01:48
In true TED fashion,
37
96328
1834
01:50
here is my most embarrassing picture.
38
98162
3973
01:54
But it would be difficult for you to find me in it,
39
102135
2870
01:57
because I'm the one who looks like a boy
40
105005
3738
02:00
standing to the side.
41
108743
1805
02:02
I was such a nerd back then
42
110548
2382
02:04
that even the boys on the
Dungeons and Dragons team
Dungeons and Dragons team
43
112930
2602
02:07
wouldn't let me join.
44
115532
2197
02:09
This is who I was,
45
117729
1985
02:11
but this is who I wanted to be:
46
119714
4115
02:15
Angelina Jolie.
47
123829
1898
02:17
She portrayed Acid Burn
48
125727
1555
02:19
in the '95 film "Hackers."
49
127282
2494
02:21
She was pretty and she could rollerblade,
50
129776
3178
02:24
but being a hacker, that made her powerful.
51
132954
4109
02:29
And I wanted to be just like her,
52
137063
2460
02:31
so I started spending a lot of time
53
139523
2366
02:33
on hacker chat rooms and online forums.
54
141889
2885
02:36
I remember one late night
55
144774
2333
02:39
I found a bit of PHP code.
56
147107
2261
02:41
I didn't really know what it did,
57
149368
1622
02:42
but I copy-pasted it
58
150990
1625
02:44
and used it anyway
59
152615
1714
02:46
to get into a password-protected site
60
154329
2473
02:48
like that.
61
156802
1804
02:50
Open Sesame.
62
158606
1403
02:52
It was a simple trick,
63
160009
1522
02:53
and I was just a script kiddie back then,
64
161531
3005
02:56
but to me, that trick,
65
164536
1438
02:57
it felt like this,
66
165974
2215
03:00
like I had discovered limitless potential
67
168189
2444
03:02
at my fingertips.
68
170633
1791
03:04
This is the rush of power that hackers feel.
69
172424
3309
03:07
It's geeks just like me
70
175733
2904
03:10
discovering they have access to superpower,
71
178637
3232
03:13
one that requires the skill and tenacity
72
181869
2627
03:16
of their intellect,
73
184496
1508
03:18
but thankfully no radioactive spiders.
74
186004
3561
03:21
But with great power
75
189565
1841
03:23
comes great responsibility,
76
191406
2304
03:25
and you all like to think that if we had such powers,
77
193710
3664
03:29
we would only use them for good.
78
197374
2279
03:31
But what if you could read your ex's emails,
79
199653
3347
03:35
or add a couple zeros to your bank account.
80
203000
3112
03:38
What would you do then?
81
206112
2020
03:40
Indeed, many hackers do not resist
82
208132
2237
03:42
those temptations,
83
210369
1988
03:44
and so they are responsible in one way or another
84
212357
3125
03:47
to billions of dollars lost each year
85
215482
2404
03:49
to fraud, malware or plain old identity theft,
86
217886
3261
03:53
which is a serious issue.
87
221147
1878
03:55
But there are other hackers,
88
223025
1985
03:57
hackers who just like to break things,
89
225010
2762
03:59
and it is precisely those hackers
90
227772
2708
04:02
that can find the weaker elements in our world
91
230480
3293
04:05
and make us fix it.
92
233773
1677
04:07
This is what happened last year
93
235450
1920
04:09
when another security researcher
94
237370
2009
04:11
called Kyle Lovett
95
239379
1565
04:12
discovered a gaping hole
96
240944
1557
04:14
in the design of certain wireless routers
97
242501
2960
04:17
like you might have in your home or office.
98
245461
2539
04:20
He learned that anyone could remotely connect
99
248000
2645
04:22
to these devices over the Internet
100
250645
2322
04:24
and download documents from hard drives
101
252967
2761
04:27
attached to those routers,
102
255728
2175
04:29
no password needed.
103
257903
1847
04:31
He reported it to the company, of course,
104
259750
2337
04:34
but they ignored his report.
105
262087
2314
04:36
Perhaps they thought universal access
106
264401
1864
04:38
was a feature, not a bug,
107
266265
2985
04:41
until two months ago
108
269250
1855
04:43
when a group of hackers used it
109
271105
1433
04:44
to get into people's files.
110
272538
2454
04:46
But they didn't steal anything.
111
274992
2401
04:49
They left a note:
112
277393
2017
04:51
Your router and your documents
113
279410
1878
04:53
can be accessed by anyone in the world.
114
281288
2159
04:55
Here's what you should do to fix it.
115
283447
2268
04:57
We hope we helped.
116
285715
2378
05:00
By getting into people's files like that,
117
288093
2530
05:02
yeah, they broke the law,
118
290623
1460
05:04
but they also forced that company
119
292083
2468
05:06
to fix their product.
120
294551
1981
05:08
Making vulnerabilities known to the public
121
296532
2168
05:10
is a practice called full disclosure
122
298700
2745
05:13
in the hacker community,
123
301445
1602
05:15
and it is controversial,
124
303047
2034
05:17
but it does make me think of how hackers
125
305081
2532
05:19
have an evolving effect on technologies we use
126
307613
2986
05:22
every day.
127
310599
1496
05:24
This is what Khalil did.
128
312095
2278
05:26
Khalil is a Palestinian hacker from the West Bank,
129
314373
2615
05:28
and he found a serious privacy flaw on Facebook
130
316988
4009
05:32
which he attempted to report
131
320997
1850
05:34
through the company's bug bounty program.
132
322847
2990
05:37
These are usually great arrangements for companies
133
325837
2657
05:40
to reward hackers disclosing vulnerabilities
134
328494
3177
05:43
they find in their code.
135
331671
1689
05:45
Unfortunately, due to some miscommunications,
136
333360
3550
05:48
his report was not acknowledged.
137
336910
3036
05:51
Frustrated with the exchange,
138
339946
1845
05:53
he took to use his own discovery
139
341791
3277
05:57
to post on Mark Zuckerberg's wall.
140
345068
3135
06:00
This got their attention, all right,
141
348203
2767
06:02
and they fixed the bug,
142
350970
3295
06:06
but because he hadn't reported it properly,
143
354265
2855
06:09
he was denied the bounty usually paid out
144
357120
2225
06:11
for such discoveries.
145
359345
2004
06:13
Thankfully for Khalil,
146
361349
1989
06:15
a group of hackers were watching out for him.
147
363338
2886
06:18
In fact, they raised more than 13,000 dollars
148
366224
3809
06:22
to reward him for this discovery,
149
370033
2078
06:24
raising a vital discussion in the technology industry
150
372111
3200
06:27
about how we come up with incentives
151
375311
3059
06:30
for hackers to do the right thing.
152
378370
2590
06:32
But I think there's a greater story here still.
153
380960
3020
06:35
Even companies founded by hackers,
154
383980
2935
06:38
like Facebook was,
155
386915
2387
06:41
still have a complicated relationship
156
389302
2583
06:43
when it comes to hackers.
157
391885
1804
06:45
And so for more conservative organizations,
158
393689
2831
06:48
it is going to take time and adapting
159
396520
3518
06:52
in order to embrace hacker culture
160
400038
2582
06:54
and the creative chaos that it brings with it.
161
402620
3121
06:57
But I think it's worth the effort,
162
405741
2442
07:00
because the alternative,
163
408183
1980
07:02
to blindly fight all hackers,
164
410163
3830
07:05
is to go against the power you cannot control
165
413993
2588
07:08
at the cost of stifling innovation
166
416581
3301
07:11
and regulating knowledge.
167
419882
2194
07:14
These are things that will come back and bite you.
168
422076
4294
07:18
It is even more true
169
426370
1478
07:19
if we go after hackers
170
427848
2079
07:21
that are willing to risk their own freedom
171
429927
3037
07:24
for ideals like the freedom of the web,
172
432964
2903
07:27
especially in times like this, like today even,
173
435867
4063
07:31
as governments and corporates
174
439930
2620
07:34
fight to control the Internet.
175
442550
3226
07:37
I find it astounding
176
445776
2324
07:40
that someone from the shadowy
corners of cyberspace
corners of cyberspace
177
448100
3013
07:43
can become its voice of opposition,
178
451113
2815
07:45
its last line of defense even,
179
453928
2642
07:48
perhaps someone like Anonymous,
180
456570
3417
07:51
the leading brand of global hacktivism.
181
459987
3853
07:55
This universal hacker movement
182
463840
2260
07:58
needs no introduction today,
183
466100
1606
07:59
but six years ago
184
467706
2103
08:01
they were not much more than an Internet subculture
185
469809
3429
08:05
dedicated to sharing silly pictures of funny cats
186
473238
2919
08:08
and Internet trolling campaigns.
187
476157
3430
08:11
Their moment of transformation was in early 2008
188
479587
4842
08:16
when the Church of Scientology
189
484429
1650
08:18
attempted to remove certain leaked videos
190
486079
3067
08:21
from appearing on certain websites.
191
489146
4403
08:25
This is when Anonymous was forged
192
493549
2440
08:27
out of the seemingly random collection
193
495989
2631
08:30
of Internet dwellers.
194
498620
1743
08:32
It turns out,
195
500363
2454
08:34
the Internet doesn't like it
196
502817
1329
08:36
when you try to remove things from it,
197
504146
2623
08:38
and it will react with cyberattacks
198
506769
2970
08:41
and elaborate pranks
199
509739
2101
08:43
and with a series of organized protests
200
511840
2649
08:46
all around the world,
201
514489
1345
08:47
from my hometown of Tel Aviv
202
515834
1988
08:49
to Adelaide, Australia.
203
517822
2244
08:52
This proved that Anonymous and this idea
204
520066
3130
08:55
can rally the masses from the keyboards
205
523196
3083
08:58
to the streets,
206
526279
1576
08:59
and it laid the foundations
207
527855
1947
09:01
for dozens of future operations
208
529802
2218
09:04
against perceived injustices
209
532020
1940
09:05
to their online and offline world.
210
533960
3356
09:09
Since then, they've gone after many targets.
211
537316
2025
09:11
They've uncovered corruption, abuse.
212
539341
2789
09:14
They've hacked popes and politicians,
213
542130
2820
09:16
and I think their effect is larger
214
544950
1677
09:18
than simple denial of service attacks
215
546627
2797
09:21
that take down websites
216
549424
1376
09:22
or even leak sensitive documents.
217
550800
3638
09:26
I think that, like Robin Hood,
218
554438
3042
09:29
they are in the business of redistribution,
219
557480
3900
09:33
but what they are after isn't your money.
220
561380
2732
09:36
It's not your documents. It's your attention.
221
564112
4730
09:40
They grab the spotlight for causes they support,
222
568842
4540
09:45
forcing us to take note,
223
573382
2631
09:48
acting as a global magnifying glass
224
576013
2465
09:50
for issues that we are not as aware of
225
578478
2144
09:52
but perhaps we should be.
226
580622
2109
09:54
They have been called many names
227
582731
1853
09:56
from criminals to terrorists,
228
584584
1771
09:58
and I cannot justify their illegal means,
229
586355
3446
10:01
but the ideas they fight for
230
589801
2141
10:03
are ones that matter to us all.
231
591942
4026
10:07
The reality is,
232
595968
1983
10:09
hackers can do a lot more than break things.
233
597951
2805
10:12
They can bring people together.
234
600756
2473
10:15
And if the Internet doesn't like it
235
603229
2323
10:17
when you try to remove things from it,
236
605552
2647
10:20
just watch what happens
237
608199
901
10:21
when you try to shut the Internet down.
238
609100
2829
10:23
This took place in Egypt in January 2011,
239
611929
4592
10:28
and as President Hosni Mubarak
240
616521
3216
10:31
attempted a desperate move
241
619737
2054
10:33
to quash the rising revolution on the streets of Cairo,
242
621791
3842
10:37
he sent his personal troops
243
625633
1870
10:39
down to Egypt's Internet service providers
244
627503
3643
10:43
and had them physically kill the switch
245
631146
2471
10:45
on the country's connection to the world overnight.
246
633617
4245
10:49
For a government to do a thing like that
247
637862
1615
10:51
was unprecedented,
248
639477
1719
10:53
and for hackers, it made it personal.
249
641196
3464
10:56
Hackers like the Telecomix group
250
644660
2088
10:58
were already active on the ground,
251
646748
1873
11:00
helping Egyptians bypass censorship
252
648621
2818
11:03
using clever workarounds like Morse code
253
651439
2490
11:05
and ham radio.
254
653929
2028
11:07
It was high season for low tech,
255
655957
2129
11:10
which the government couldn't block,
256
658086
2564
11:12
but when the Net went completely down,
257
660650
3242
11:15
Telecomix brought in the big guns.
258
663892
2938
11:18
They found European service providers
259
666830
2171
11:21
that still had 20-year-old
260
669001
2309
11:23
analog dial-up access infrastructure.
261
671310
2580
11:25
They opened up 300 of those lines
262
673890
3402
11:29
for Egyptians to use,
263
677292
2474
11:31
serving slow but sweet Internet connection
264
679766
2837
11:34
for Egyptians.
265
682603
1401
11:36
This worked.
266
684004
1295
11:37
It worked so well, in fact,
267
685299
1793
11:39
one guy even used it to download an episode
268
687092
2280
11:41
of "How I Met Your Mother."
269
689372
4338
11:45
But while Egypt's future is still uncertain,
270
693710
3921
11:49
when the same thing happened in Syria
271
697631
2653
11:52
just one year later,
272
700284
1520
11:53
Telecomix were prepared with those Internet lines,
273
701804
3735
11:57
and Anonymous,
274
705539
1169
11:58
they were perhaps the first international group
275
706708
2246
12:00
to officially denounce the actions
276
708954
1704
12:02
of the Syrian military
277
710658
1913
12:04
by defacing their website.
278
712571
2804
12:07
But with this sort of power,
279
715375
3492
12:10
it really depends on where you stand,
280
718867
2346
12:13
because one man's hero
281
721213
3509
12:16
can be another's villain,
282
724722
2247
12:18
and so the Syrian Electronic Army
283
726969
2398
12:21
is a pro-Assad group of hackers
284
729367
2471
12:23
who support his contentious regime.
285
731838
2665
12:26
They've taken down multiple high-profile targets
286
734503
2682
12:29
in the past few years,
287
737185
1635
12:30
including the Associated Press's Twitter account,
288
738820
3383
12:34
in which they posted a message
289
742203
3016
12:37
about an attack on the White House
290
745219
2156
12:39
injuring President Obama.
291
747375
3263
12:42
This tweet was fake, of course,
292
750638
2145
12:44
but the resulting drop in the Dow Jones index
293
752783
2939
12:47
that day was most certainly not,
294
755722
3377
12:51
and a lot of people lost a lot of money.
295
759099
3262
12:54
This sort of thing is happening
all over the world right now.
all over the world right now.
296
762361
3906
12:58
In conflicts from the Crimean Peninsula
297
766267
2947
13:01
to Latin America,
298
769214
2362
13:03
from Europe to the United States,
299
771576
2304
13:05
hackers are a force for social,
300
773880
3057
13:08
political and military influence.
301
776937
3766
13:12
As individuals or in groups,
302
780703
2251
13:14
volunteers or military conflicts,
303
782954
2640
13:17
there are hackers everywhere.
304
785594
2641
13:20
They come from all walks of life,
305
788235
2095
13:22
ethnicities, ideologies and genders, I might add.
306
790330
4924
13:27
They are now shaping the world's stage.
307
795254
3799
13:31
Hackers represent an exceptional force for change
308
799053
2845
13:33
in the 21st century.
309
801898
2164
13:36
This is because access to information
310
804062
2537
13:38
is a critical currency of power,
311
806599
3313
13:41
one which governments would like to control,
312
809912
2966
13:44
a thing they attempt to do by setting up
313
812878
2461
13:47
all-you-can-eat surveillance programs,
314
815339
3660
13:50
a thing they need hackers for, by the way.
315
818999
2738
13:53
And so the establishment has long had
316
821737
2647
13:56
a love-hate relationship when it comes to hackers,
317
824384
3707
14:00
because the same people who demonize hacking
318
828091
2758
14:02
also utilize it at large.
319
830849
5082
14:07
Two years ago,
320
835931
1248
14:09
I saw General Keith Alexander.
321
837179
2773
14:11
He's the NSA director and U.S. cyber commander,
322
839952
4218
14:16
but instead of his four star general uniform,
323
844170
3708
14:19
he was wearing jeans and a t-shirt.
324
847878
2296
14:22
This was at DEF CON,
325
850174
1744
14:23
the world's largest hacker conference.
326
851918
3105
14:27
Perhaps like me, General Alexander
327
855023
1927
14:28
didn't see 12,000 criminals that day in Vegas.
328
856950
3820
14:32
I think he saw untapped potential.
329
860770
3111
14:35
In fact, he was there to give a hiring pitch.
330
863881
3373
14:39
"In this room right here," he said,
331
867254
2640
14:41
"is the talent our nation needs."
332
869894
2390
14:44
Well, hackers in the back row replied,
333
872284
3380
14:47
"Then stop arresting us."
334
875664
2126
14:49
(Applause)
335
877790
3434
14:53
Indeed, for years,
336
881224
2579
14:55
hackers have been on the wrong side of the fence,
337
883803
2816
14:58
but in light of what we know now,
338
886619
2908
15:01
who is more watchful of our online world?
339
889527
4273
15:05
The rules of the game are not that clear anymore,
340
893800
3006
15:08
but hackers are perhaps the only ones
341
896806
3412
15:12
still capable of challenging
overreaching governments
overreaching governments
342
900218
3883
15:16
and data-hoarding corporates
343
904101
2215
15:18
on their own playing field.
344
906316
2478
15:20
To me, that represents hope.
345
908794
3120
15:23
For the past three decades,
346
911914
1324
15:25
hackers have done a lot of things,
347
913238
1551
15:26
but they have also impacted civil liberties,
348
914789
3217
15:30
innovation and Internet freedom,
349
918006
2370
15:32
so I think it's time we take a good look
350
920376
2929
15:35
at how we choose to portray them,
351
923305
2130
15:37
because if we keep expecting
them to be the bad guys,
them to be the bad guys,
352
925435
3584
15:41
how can they be the heroes too?
353
929019
3470
15:44
My years in the hacker world
354
932489
2011
15:46
have made me realize
355
934500
1642
15:48
both the problem and the beauty about hackers:
356
936142
5733
15:53
They just can't see something broken in the world
357
941875
3158
15:57
and leave it be.
358
945033
1647
15:58
They are compelled
359
946680
1680
16:00
to either exploit it or try and change it,
360
948360
3530
16:03
and so they find the vulnerable aspects
361
951890
3916
16:07
in our rapidly changing world.
362
955806
2134
16:09
They make us, they force us to fix things
363
957940
4342
16:14
or demand something better,
364
962282
1719
16:16
and I think we need them
365
964001
1994
16:17
to do just that,
366
965995
2206
16:20
because after all, it is not information
367
968201
3269
16:23
that wants to be free, it's us.
368
971470
3105
16:26
Thank you very much.
369
974575
3362
16:29
Thank you. (Applause)
370
977937
2358
16:32
Hack the planet!
371
980295
1885
ABOUT THE SPEAKER
Keren Elazari - Cybersecurity expertKeren Elazari charts the transformation of hackers from cyberpunk protagonists to powerful hacktivists, lone rangers and digital robin hoods who are the unsung heroes of the digital frontier.
Why you should listen
A GigaOM analyst and Israeli hacking scene insider, Keren Elazari moves through business, academic and security circles, researching new technologies and emerging security threats. Inspired by science fiction in her teenage years and fuelled by insatiable curiosity, Elazari spent years investigating the darker corners of cyberspace.
Today, she emerges with a new understanding of the hacker underworld. Information is the new currency of our digital society, and those who can control it have become powerful actors -- whether they choose to be heroes or villains. As she says, "Hacking has become a superpower that can positively impact millions worldwide – if we learn how to harness it.”
Keren Elazari | Speaker | TED.com