ABOUT THE SPEAKER
Chris Domas - Cybersecurity researcher
Chris Domas is an embedded systems engineer and cybersecurity researcher.

Why you should listen

Chris Domas is a cyber-security researcher at the Battelle Memorial Institute. He specializes in embedded systems reverse-engineering (RE) and vulnerability analysis, figuring out how to manipulate electronic devices. Applying this towards national security, his group develops cyber technology that protects people on the newest front of global war.

Domas graduated from Ohio State University, where he set out to take every class offered by the school. He bounced between majors in electrical engineering, physics, mathematics, mechanical engineering, biology, chemistry, statistics, biomedical engineering, computer graphics, psychology, and linguistics, but finally ran out of money and was forced to graduate. Settling on a degree in computer science, with an irrelevant handful of minors, he joined Battelle as a cyber security researcher. Today, he strives to incorporate ideas from these disparate fields to tackle the world’s most challenging cyber problems in innovative and unexpected ways. As a result of his work, he received Battelle’s coveted 2013 Emerging Scientist and 2013 Technical Achievement awards. He continues to present research around the country, most recently at the cyber security conferences Black Hat, REcon and DerbyCon.

 

More profile about the speaker
Chris Domas | Speaker | TED.com
TEDxColumbus

Chris Domas: The 1s and 0s behind cyber warfare

Filmed:
1,109,814 views

Chris Domas is a cybersecurity researcher, operating on what's become a new front of war, "cyber." In this engaging talk, he shows how researchers use pattern recognition and reverse engineering (and pull a few all-nighters) to understand a chunk of binary code whose purpose and contents they don't know.
- Cybersecurity researcher
Chris Domas is an embedded systems engineer and cybersecurity researcher. Full bio

Double-click the English transcript below to play the video.

00:12
This is a lot of ones and zeros.
0
770
2262
00:15
It's what we call binary information.
1
3032
3099
00:18
This is how computers talk.
2
6131
1442
00:19
It's how they store information.
3
7573
1929
00:21
It's how computers think.
4
9502
1626
00:23
It's how computers do
5
11128
1619
00:24
everything it is that computers do.
6
12747
2382
00:27
I'm a cybersecurity researcher,
7
15129
2047
00:29
which means my job is to sit
down with this information
8
17176
2070
00:31
and try to make sense of it,
9
19246
1684
00:32
to try to understand what all
the ones and zeroes mean.
10
20930
2753
00:35
Unfortunately for me, we're not just talking
11
23683
1843
00:37
about the ones and zeros
I have on the screen here.
12
25526
2234
00:39
We're not just talking about a
few pages of ones and zeros.
13
27760
2683
00:42
We're talking about billions and billions
14
30443
2609
00:45
of ones and zeros,
15
33052
1333
00:46
more than anyone could possibly comprehend.
16
34385
2641
00:49
Now, as exciting as that sounds,
17
37026
1859
00:50
when I first started doing cyber —
18
38885
2492
00:53
(Laughter) —
19
41377
1743
00:55
when I first started doing cyber, I wasn't sure
20
43120
2003
00:57
that sifting through ones and zeros
21
45123
1473
00:58
was what I wanted to do with the rest of my life,
22
46596
2294
01:00
because in my mind, cyber
23
48890
2020
01:02
was keeping viruses off of my grandma's computer,
24
50910
3681
01:06
it was keeping people's Myspace
pages from being hacked,
25
54591
3348
01:09
and maybe, maybe on my most glorious day,
26
57939
2185
01:12
it was keeping someone's credit
card information from being stolen.
27
60124
3751
01:15
Those are important things,
28
63875
1363
01:17
but that's not how I wanted to spend my life.
29
65238
2758
01:19
But after 30 minutes of work
30
67996
1934
01:21
as a defense contractor,
31
69930
1353
01:23
I soon found out that my idea of cyber
32
71283
2790
01:26
was a little bit off.
33
74073
1869
01:27
In fact, in terms of national security,
34
75942
1945
01:29
keeping viruses off of my grandma's computer
35
77887
2071
01:31
was surprisingly low on their priority list.
36
79958
3186
01:35
And the reason for that is cyber
37
83144
1301
01:36
is so much bigger than any one of those things.
38
84445
3793
01:40
Cyber is an integral part of all of our lives,
39
88238
2825
01:43
because computers are an
integral part of all of our lives,
40
91063
3060
01:46
even if you don't own a computer.
41
94123
1952
01:48
Computers control everything in your car,
42
96075
2646
01:50
from your GPS to your airbags.
43
98721
1880
01:52
They control your phone.
44
100601
1316
01:53
They're the reason you can call 911
45
101917
1171
01:55
and get someone on the other line.
46
103088
1796
01:56
They control our nation's entire infrastructure.
47
104884
2794
01:59
They're the reason you have electricity,
48
107678
1676
02:01
heat, clean water, food.
49
109354
2338
02:03
Computers control our military equipment,
50
111692
1901
02:05
everything from missile silos to satellites
51
113593
1677
02:07
to nuclear defense networks.
52
115270
3914
02:11
All of these things are made possible
53
119184
1989
02:13
because of computers,
54
121173
1416
02:14
and therefore because of cyber,
55
122589
1983
02:16
and when something goes wrong,
56
124572
1504
02:18
cyber can make all of these things impossible.
57
126076
3118
02:21
But that's where I step in.
58
129194
1585
02:22
A big part of my job is defending all of these things,
59
130779
2940
02:25
keeping them working,
60
133719
1662
02:27
but once in a while, part of my
job is to break one of these things,
61
135381
2328
02:29
because cyber isn't just about defense,
62
137709
2396
02:32
it's also about offense.
63
140105
2273
02:34
We're entering an age where we talk about
64
142378
1576
02:35
cyberweapons.
65
143954
1461
02:37
In fact, so great is the potential for cyber offense
66
145415
3135
02:40
that cyber is considered a new domain of warfare.
67
148550
3621
02:44
Warfare.
68
152171
1800
02:45
It's not necessarily a bad thing.
69
153971
1929
02:47
On the one hand, it means we have whole new front
70
155900
2751
02:50
on which we need to defend ourselves,
71
158651
1743
02:52
but on the other hand,
72
160394
1485
02:53
it means we have a whole new way to attack,
73
161879
1842
02:55
a whole new way to stop evil people
74
163721
1859
02:57
from doing evil things.
75
165580
2227
02:59
So let's consider an example of this
76
167807
1811
03:01
that's completely theoretical.
77
169618
1689
03:03
Suppose a terrorist wants to blow up a building,
78
171307
2258
03:05
and he wants to do this again and again
79
173565
2068
03:07
in the future.
80
175633
1451
03:09
So he doesn't want to be in
that building when it explodes.
81
177084
2840
03:11
He's going to use a cell phone
82
179924
1518
03:13
as a remote detonator.
83
181442
2335
03:15
Now, it used to be the only way we had
84
183777
1871
03:17
to stop this terrorist
85
185648
1636
03:19
was with a hail of bullets and a car chase,
86
187284
2673
03:21
but that's not necessarily true anymore.
87
189957
2332
03:24
We're entering an age where we can stop him
88
192289
1563
03:25
with the press of a button
89
193852
1110
03:26
from 1,000 miles away,
90
194962
2007
03:28
because whether he knew it or not,
91
196969
1589
03:30
as soon as he decided to use his cell phone,
92
198558
1711
03:32
he stepped into the realm of cyber.
93
200269
3134
03:35
A well-crafted cyber attack
could break into his phone,
94
203403
3117
03:38
disable the overvoltage protections on his battery,
95
206520
2149
03:40
drastically overload the circuit,
96
208669
1755
03:42
cause the battery to overheat, and explode.
97
210424
2357
03:44
No more phone, no more detonator,
98
212781
2446
03:47
maybe no more terrorist,
99
215227
1923
03:49
all with the press of a button
100
217150
1031
03:50
from a thousand miles away.
101
218181
2680
03:52
So how does this work?
102
220861
1751
03:54
It all comes back to those ones and zeros.
103
222612
2268
03:56
Binary information makes your phone work,
104
224880
3005
03:59
and used correctly, it can make your phone explode.
105
227885
3584
04:03
So when you start to look at
cyber from this perspective,
106
231469
2472
04:05
spending your life sifting through binary information
107
233941
3163
04:09
starts to seem kind of exciting.
108
237104
2417
04:11
But here's the catch: This is hard,
109
239521
2646
04:14
really, really hard,
110
242167
1685
04:15
and here's why.
111
243852
1834
04:17
Think about everything you have on your cell phone.
112
245686
2766
04:20
You've got the pictures you've taken.
113
248452
1963
04:22
You've got the music you listen to.
114
250415
1786
04:24
You've got your contacts list,
115
252201
1648
04:25
your email, and probably 500 apps
116
253849
1625
04:27
you've never used in your entire life,
117
255474
3001
04:30
and behind all of this is the software, the code,
118
258475
3987
04:34
that controls your phone,
119
262462
1380
04:35
and somewhere, buried inside of that code,
120
263842
2656
04:38
is a tiny piece that controls your battery,
121
266498
2548
04:41
and that's what I'm really after,
122
269046
1871
04:42
but all of this, just a bunch of ones and zeros,
123
270917
3686
04:46
and it's all just mixed together.
124
274603
1531
04:48
In cyber, we call this finding a
needle in a stack of needles,
125
276134
3545
04:51
because everything pretty much looks alike.
126
279679
2349
04:54
I'm looking for one key piece,
127
282028
1732
04:55
but it just blends in with everything else.
128
283760
3234
04:58
So let's step back from this theoretical situation
129
286994
2252
05:01
of making a terrorist's phone explode,
130
289246
2344
05:03
and look at something that actually happened to me.
131
291590
2816
05:06
Pretty much no matter what I do,
132
294406
1343
05:07
my job always starts with sitting down
133
295749
1442
05:09
with a whole bunch of binary information,
134
297191
2372
05:11
and I'm always looking for one key piece
135
299563
1727
05:13
to do something specific.
136
301290
1987
05:15
In this case, I was looking for a very advanced,
137
303277
2077
05:17
very high-tech piece of code
138
305354
1518
05:18
that I knew I could hack,
139
306872
1215
05:20
but it was somewhere buried
140
308087
1714
05:21
inside of a billion ones and zeroes.
141
309801
2026
05:23
Unfortunately for me, I didn't know
142
311827
1578
05:25
quite what I was looking for.
143
313405
1691
05:27
I didn't know quite what it would look like,
144
315096
1196
05:28
which makes finding it really, really hard.
145
316292
2918
05:31
When I have to do that, what I have to do
146
319210
2039
05:33
is basically look at various pieces
147
321249
2342
05:35
of this binary information,
148
323591
1723
05:37
try to decipher each piece, and see if it might be
149
325314
2202
05:39
what I'm after.
150
327516
1224
05:40
So after a while, I thought I had found the piece
151
328740
1625
05:42
I was looking for.
152
330365
1337
05:43
I thought maybe this was it.
153
331702
2104
05:45
It seemed to be about right, but I couldn't quite tell.
154
333806
2032
05:47
I couldn't tell what those
ones and zeros represented.
155
335838
2918
05:50
So I spent some time trying to put this together,
156
338756
3374
05:54
but wasn't having a whole lot of luck,
157
342130
1670
05:55
and finally I decided,
158
343800
1186
05:56
I'm going to get through this,
159
344986
1609
05:58
I'm going to come in on a weekend,
160
346595
1511
06:00
and I'm not going to leave
161
348106
1340
06:01
until I figure out what this represents.
162
349446
1712
06:03
So that's what I did. I came
in on a Saturday morning,
163
351158
2166
06:05
and about 10 hours in, I sort of
had all the pieces to the puzzle.
164
353324
3645
06:08
I just didn't know how they fit together.
165
356969
1392
06:10
I didn't know what these ones and zeros meant.
166
358361
2790
06:13
At the 15-hour mark,
167
361151
2067
06:15
I started to get a better picture of what was there,
168
363218
2602
06:17
but I had a creeping suspicion
169
365820
1772
06:19
that what I was looking at
170
367592
1589
06:21
was not at all related to what I was looking for.
171
369181
2923
06:24
By 20 hours, the pieces started to come together
172
372104
2487
06:26
very slowly — (Laughter) —
173
374591
3764
06:30
and I was pretty sure I was going down
174
378355
1266
06:31
the wrong path at this point,
175
379621
1939
06:33
but I wasn't going to give up.
176
381560
2251
06:35
After 30 hours in the lab,
177
383811
2834
06:38
I figured out exactly what I was looking at,
178
386645
2261
06:40
and I was right, it wasn't what I was looking for.
179
388906
2818
06:43
I spent 30 hours piecing together
180
391724
1699
06:45
the ones and zeros that
formed a picture of a kitten.
181
393423
2722
06:48
(Laughter)
182
396145
1795
06:49
I wasted 30 hours of my life searching for this kitten
183
397940
3806
06:53
that had nothing at all to do
184
401746
1838
06:55
with what I was trying to accomplish.
185
403584
1987
06:57
So I was frustrated, I was exhausted.
186
405571
3863
07:01
After 30 hours in the lab, I probably smelled horrible.
187
409434
3226
07:04
But instead of just going home
188
412660
2230
07:06
and calling it quits, I took a step back
189
414890
2530
07:09
and asked myself, what went wrong here?
190
417420
2541
07:11
How could I make such a stupid mistake?
191
419961
2212
07:14
I'm really pretty good at this.
192
422173
1398
07:15
I do this for a living.
193
423571
1319
07:16
So what happened?
194
424890
2148
07:19
Well I thought, when you're
looking at information at this level,
195
427038
2775
07:21
it's so easy to lose track of what you're doing.
196
429813
2827
07:24
It's easy to not see the forest through the trees.
197
432640
1744
07:26
It's easy to go down the wrong rabbit hole
198
434384
2164
07:28
and waste a tremendous amount of time
199
436548
1762
07:30
doing the wrong thing.
200
438310
1820
07:32
But I had this epiphany.
201
440130
1600
07:33
We were looking at the data completely incorrectly
202
441730
2999
07:36
since day one.
203
444729
1490
07:38
This is how computers think, ones and zeros.
204
446219
2103
07:40
It's not how people think,
205
448322
1392
07:41
but we've been trying to adapt our minds
206
449714
2314
07:44
to think more like computers
207
452028
1345
07:45
so that we can understand this information.
208
453373
2597
07:47
Instead of trying to make our minds fit the problem,
209
455970
1950
07:49
we should have been making the problem
210
457920
1648
07:51
fit our minds,
211
459568
969
07:52
because our brains have a tremendous potential
212
460537
2109
07:54
for analyzing huge amounts of information,
213
462646
3086
07:57
just not like this.
214
465732
1297
07:59
So what if we could unlock that potential
215
467029
1467
08:00
just by translating this
216
468496
1527
08:02
to the right kind of information?
217
470023
2848
08:04
So with these ideas in mind,
218
472871
1194
08:06
I sprinted out of my basement lab at work
219
474065
1618
08:07
to my basement lab at home,
220
475683
1307
08:08
which looked pretty much the same.
221
476990
1996
08:10
The main difference is, at work,
222
478986
1824
08:12
I'm surrounded by cyber materials,
223
480810
1579
08:14
and cyber seemed to be the
problem in this situation.
224
482389
2605
08:16
At home, I'm surrounded by
everything else I've ever learned.
225
484994
3353
08:20
So I poured through every book I could find,
226
488347
1872
08:22
every idea I'd ever encountered,
227
490219
1332
08:23
to see how could we translate a problem
228
491551
2146
08:25
from one domain to something completely different?
229
493697
3132
08:28
The biggest question was,
230
496829
1394
08:30
what do we want to translate it to?
231
498223
1968
08:32
What do our brains do perfectly naturally
232
500191
2112
08:34
that we could exploit?
233
502303
1878
08:36
My answer was vision.
234
504181
2289
08:38
We have a tremendous capability
to analyze visual information.
235
506470
3149
08:41
We can combine color gradients, depth cues,
236
509619
2583
08:44
all sorts of these different signals
237
512202
1788
08:45
into one coherent picture of the world around us.
238
513990
2395
08:48
That's incredible.
239
516385
1407
08:49
So if we could find a way to translate
240
517792
1381
08:51
these binary patterns to visual signals,
241
519173
2186
08:53
we could really unlock the power of our brains
242
521359
1832
08:55
to process this stuff.
243
523191
2710
08:57
So I started looking at the binary information,
244
525901
1843
08:59
and I asked myself, what do I do
245
527744
1090
09:00
when I first encounter something like this?
246
528834
1876
09:02
And the very first thing I want to do,
247
530710
1623
09:04
the very first question I want to answer,
248
532333
1359
09:05
is what is this?
249
533692
1278
09:06
I don't care what it does, how it works.
250
534970
2528
09:09
All I want to know is, what is this?
251
537498
2479
09:11
And the way I can figure that out
252
539977
1675
09:13
is by looking at chunks,
253
541652
1683
09:15
sequential chunks of binary information,
254
543335
2453
09:17
and I look at the relationships
between those chunks.
255
545788
2902
09:20
When I gather up enough of these sequences,
256
548690
1772
09:22
I begin to get an idea of exactly
257
550462
2004
09:24
what this information must be.
258
552466
2634
09:27
So let's go back to that
259
555100
1184
09:28
blow up the terrorist's phone situation.
260
556284
2090
09:30
This is what English text looks like
261
558374
2203
09:32
at a binary level.
262
560577
1313
09:33
This is what your contacts list would look like
263
561890
2326
09:36
if I were examining it.
264
564216
1560
09:37
It's really hard to analyze this at this level,
265
565776
2234
09:40
but if we take those same binary chunks
266
568010
2104
09:42
that I would be trying to find,
267
570114
1182
09:43
and instead translate that
268
571296
1764
09:45
to a visual representation,
269
573060
1920
09:46
translate those relationships,
270
574980
1797
09:48
this is what we get.
271
576777
1556
09:50
This is what English text looks like
272
578333
1914
09:52
from a visual abstraction perspective.
273
580247
2671
09:54
All of a sudden,
274
582918
1140
09:56
it shows us all the same information
275
584058
1435
09:57
that was in the ones and zeros,
276
585493
1172
09:58
but show us it in an entirely different way,
277
586665
2321
10:00
a way that we can immediately comprehend.
278
588986
1717
10:02
We can instantly see all of the patterns here.
279
590703
2965
10:05
It takes me seconds to pick out patterns here,
280
593668
2592
10:08
but hours, days, to pick them out
281
596260
2254
10:10
in ones and zeros.
282
598514
1320
10:11
It takes minutes for anybody to learn
283
599834
1736
10:13
what these patterns represent here,
284
601570
1665
10:15
but years of experience in cyber
285
603235
2247
10:17
to learn what those same patterns represent
286
605482
1654
10:19
in ones and zeros.
287
607136
1586
10:20
So this piece is caused by
288
608722
1662
10:22
lower case letters followed by lower case letters
289
610384
2024
10:24
inside of that contact list.
290
612408
1767
10:26
This is upper case by upper case,
291
614175
1341
10:27
upper case by lower case, lower case by upper case.
292
615516
2685
10:30
This is caused by spaces. This
is caused by carriage returns.
293
618201
2686
10:32
We can go through every little detail
294
620887
1508
10:34
of the binary information in seconds,
295
622395
2966
10:37
as opposed to weeks, months, at this level.
296
625361
3534
10:40
This is what an image looks like
297
628895
1512
10:42
from your cell phone.
298
630407
1876
10:44
But this is what it looks like
299
632283
1013
10:45
in a visual abstraction.
300
633296
1891
10:47
This is what your music looks like,
301
635187
1985
10:49
but here's its visual abstraction.
302
637172
2203
10:51
Most importantly for me,
303
639375
1760
10:53
this is what the code on your cell phone looks like.
304
641135
3275
10:56
This is what I'm after in the end,
305
644410
2157
10:58
but this is its visual abstraction.
306
646567
2140
11:00
If I can find this, I can't make the phone explode.
307
648707
2509
11:03
I could spend weeks trying to find this
308
651216
2619
11:05
in ones and zeros,
309
653835
1177
11:07
but it takes me seconds to pick out
310
655012
1784
11:08
a visual abstraction like this.
311
656796
3304
11:12
One of those most remarkable parts about all of this
312
660100
2492
11:14
is it gives us an entirely new way to understand
313
662592
2832
11:17
new information, stuff that we haven't seen before.
314
665424
3239
11:20
So I know what English looks like at a binary level,
315
668663
2504
11:23
and I know what its visual abstraction looks like,
316
671167
2110
11:25
but I've never seen Russian binary in my entire life.
317
673277
3315
11:28
It would take me weeks just to figure out
318
676592
1800
11:30
what I was looking at from raw ones and zeros,
319
678392
2997
11:33
but because our brains can instantly pick up
320
681389
1751
11:35
and recognize these subtle patterns inside
321
683140
2817
11:37
of these visual abstractions,
322
685957
1488
11:39
we can unconsciously apply those
323
687445
1832
11:41
in new situations.
324
689277
1573
11:42
So this is what Russian looks like
325
690850
1482
11:44
in a visual abstraction.
326
692332
1580
11:45
Because I know what one language looks like,
327
693912
1804
11:47
I can recognize other languages
328
695716
1576
11:49
even when I'm not familiar with them.
329
697292
1870
11:51
This is what a photograph looks like,
330
699162
1786
11:52
but this is what clip art looks like.
331
700948
1887
11:54
This is what the code on your phone looks like,
332
702835
2555
11:57
but this is what the code on
your computer looks like.
333
705390
2707
12:00
Our brains can pick up on these patterns
334
708097
1864
12:01
in ways that we never could have
335
709961
1951
12:03
from looking at raw ones and zeros.
336
711912
2496
12:06
But we've really only scratched the surface
337
714408
1856
12:08
of what we can do with this approach.
338
716264
2137
12:10
We've only begun to unlock the capabilities
339
718401
1678
12:12
of our minds to process visual information.
340
720079
3315
12:15
If we take those same concepts and translate them
341
723394
1990
12:17
into three dimensions instead,
342
725384
1651
12:19
we find entirely new ways of
making sense of information.
343
727035
3195
12:22
In seconds, we can pick out every pattern here.
344
730230
2485
12:24
we can see the cross associated with code.
345
732715
1820
12:26
We can see cubes associated with text.
346
734535
1932
12:28
We can even pick up the tiniest visual artifacts.
347
736467
2476
12:30
Things that would take us weeks,
348
738943
2130
12:33
months to find in ones and zeroes,
349
741073
2194
12:35
are immediately apparent
350
743267
1803
12:37
in some sort of visual abstraction,
351
745070
2270
12:39
and as we continue to go through this
352
747340
1132
12:40
and throw more and more information at it,
353
748472
2016
12:42
what we find is that we're capable of processing
354
750488
2281
12:44
billions of ones and zeros
355
752769
2416
12:47
in a matter of seconds
356
755185
1168
12:48
just by using our brain's built-in ability
357
756353
3234
12:51
to analyze patterns.
358
759587
1954
12:53
So this is really nice and helpful,
359
761541
2303
12:55
but all this tells me is what I'm looking at.
360
763844
2359
12:58
So at this point, based on visual patterns,
361
766203
1484
12:59
I can find the code on the phone.
362
767687
2409
13:02
But that's not enough to blow up a battery.
363
770096
2665
13:04
The next thing I need to find is the code
364
772761
1568
13:06
that controls the battery, but we're back
365
774329
1761
13:08
to the needle in a stack of needles problem.
366
776090
1731
13:09
That code looks pretty much like all the other code
367
777821
2389
13:12
on that system.
368
780210
2238
13:14
So I might not be able to find the
code that controls the battery,
369
782448
2401
13:16
but there's a lot of things
that are very similar to that.
370
784849
2011
13:18
You have code that controls your screen,
371
786860
1854
13:20
that controls your buttons,
that controls your microphones,
372
788714
2216
13:22
so even if I can't find the code for the battery,
373
790930
1928
13:24
I bet I can find one of those things.
374
792858
2245
13:27
So the next step in my binary analysis process
375
795103
2705
13:29
is to look at pieces of information
376
797808
1231
13:31
that are similar to each other.
377
799039
2018
13:33
It's really, really hard to do at a binary level,
378
801057
3983
13:37
but if we translate those similarities
to a visual abstraction instead,
379
805040
3643
13:40
I don't even have to sift through the raw data.
380
808683
2438
13:43
All I have to do is wait for the image to light up
381
811121
2155
13:45
to see when I'm at similar pieces.
382
813276
2236
13:47
I follow these strands of similarity
like a trail of bread crumbs
383
815512
3028
13:50
to find exactly what I'm looking for.
384
818540
3106
13:53
So at this point in the process,
385
821646
1734
13:55
I've located the code
386
823380
1318
13:56
responsible for controlling your battery,
387
824698
1685
13:58
but that's still not enough to blow up a phone.
388
826383
2576
14:00
The last piece of the puzzle
389
828959
1564
14:02
is understanding how that code
390
830523
2679
14:05
controls your battery.
391
833202
1202
14:06
For this, I need to identify
392
834404
2388
14:08
very subtle, very detailed relationships
393
836792
1716
14:10
within that binary information,
394
838508
2089
14:12
another very hard thing to do
395
840597
1755
14:14
when looking at ones and zeros.
396
842352
2312
14:16
But if we translate that information
397
844664
1396
14:18
into a physical representation,
398
846060
2180
14:20
we can sit back and let our
visual cortex do all the hard work.
399
848240
3016
14:23
It can find all the detailed patterns,
400
851256
1734
14:24
all the important pieces, for us.
401
852990
2020
14:27
It can find out exactly how the pieces of that code
402
855010
2593
14:29
work together to control that battery.
403
857603
2934
14:32
All of this can be done in a matter of hours,
404
860537
3004
14:35
whereas the same process
405
863541
1356
14:36
would have taken months in the past.
406
864897
2922
14:39
This is all well and good
407
867819
1189
14:41
in a theoretical blow up a terrorist's phone situation.
408
869008
2942
14:43
I wanted to find out if this would really work
409
871950
2847
14:46
in the work I do every day.
410
874797
2629
14:49
So I was playing around with these same concepts
411
877426
3055
14:52
with some of the data I've looked at in the past,
412
880481
3024
14:55
and yet again, I was trying to find
413
883505
2492
14:57
a very detailed, specific piece of code
414
885997
2208
15:00
inside of a massive piece of binary information.
415
888205
3595
15:03
So I looked at it at this level,
416
891800
1773
15:05
thinking I was looking at the right thing,
417
893573
1950
15:07
only to see this doesn't have
418
895523
2321
15:09
the connectivity I would have expected
419
897844
1740
15:11
for the code I was looking for.
420
899584
1905
15:13
In fact, I'm not really sure what this is,
421
901489
2603
15:16
but when I stepped back a level
422
904092
1012
15:17
and looked at the similarities within the code
423
905104
1715
15:18
I saw, this doesn't have similarities
424
906819
2294
15:21
like any code that exists out there.
425
909113
1491
15:22
I can't even be looking at code.
426
910604
2225
15:24
In fact, from this perspective,
427
912829
2386
15:27
I could tell, this isn't code.
428
915215
2048
15:29
This is an image of some sort.
429
917263
2048
15:31
And from here, I can see,
430
919311
1682
15:32
it's not just an image, this is a photograph.
431
920993
2911
15:35
Now that I know it's a photograph,
432
923904
1392
15:37
I've got dozens of other
binary translation techniques
433
925296
2930
15:40
to visualize and understand that information,
434
928226
2421
15:42
so in a matter of seconds,
we can take this information,
435
930647
2543
15:45
shove it through a dozen other
visual translation techniques
436
933190
2397
15:47
in order to find out exactly what we were looking at.
437
935587
3731
15:51
I saw — (Laughter) —
438
939318
1682
15:53
it was that darn kitten again.
439
941000
3456
15:56
All this is enabled
440
944456
1050
15:57
because we were able to find a way
441
945506
1495
15:59
to translate a very hard problem
442
947001
2029
16:01
to something our brains do very naturally.
443
949030
2512
16:03
So what does this mean?
444
951542
2238
16:05
Well, for kittens, it means
445
953780
1545
16:07
no more hiding in ones and zeros.
446
955325
2417
16:09
For me, it means no more wasted weekends.
447
957742
3303
16:13
For cyber, it means we have a radical new way
448
961045
2612
16:15
to tackle the most impossible problems.
449
963657
2965
16:18
It means we have a new weapon
450
966622
1812
16:20
in the evolving theater of cyber warfare,
451
968434
2416
16:22
but for all of us,
452
970850
1420
16:24
it means that cyber engineers
453
972270
1475
16:25
now have the ability to become first responders
454
973745
2146
16:27
in emergency situations.
455
975891
2583
16:30
When seconds count,
456
978474
1047
16:31
we've unlocked the means to stop the bad guys.
457
979521
3409
16:34
Thank you.
458
982930
2000
16:36
(Applause)
459
984930
2962

▲Back to top

ABOUT THE SPEAKER
Chris Domas - Cybersecurity researcher
Chris Domas is an embedded systems engineer and cybersecurity researcher.

Why you should listen

Chris Domas is a cyber-security researcher at the Battelle Memorial Institute. He specializes in embedded systems reverse-engineering (RE) and vulnerability analysis, figuring out how to manipulate electronic devices. Applying this towards national security, his group develops cyber technology that protects people on the newest front of global war.

Domas graduated from Ohio State University, where he set out to take every class offered by the school. He bounced between majors in electrical engineering, physics, mathematics, mechanical engineering, biology, chemistry, statistics, biomedical engineering, computer graphics, psychology, and linguistics, but finally ran out of money and was forced to graduate. Settling on a degree in computer science, with an irrelevant handful of minors, he joined Battelle as a cyber security researcher. Today, he strives to incorporate ideas from these disparate fields to tackle the world’s most challenging cyber problems in innovative and unexpected ways. As a result of his work, he received Battelle’s coveted 2013 Emerging Scientist and 2013 Technical Achievement awards. He continues to present research around the country, most recently at the cyber security conferences Black Hat, REcon and DerbyCon.

 

More profile about the speaker
Chris Domas | Speaker | TED.com