TED2013
James Lyne: Everyday cybercrime -- and what you can do about it
Džejms Lajn (James Lyne): Svakodnevni sajber kriminal - i šta možete da učinite povodom toga
Filmed:
Readability: 4.7
1,657,306 views
Kako ste pokupili zlonamjerni virus na mreži, vrstu malvera koji njuška po vašim podacima i troši vaš bankovni račun? Obično, to je kroz jednostavne stvari koje obavljate svakog dana a ne razmislite dva puta. Džejms Lin nas podsjeća da nas ne posmatra samo NSA, nego i sve više sofisticirani sajber kriminalci, koji eksploatišu slabe kodove, i vjeruju ljudskoj prirodi.
James Lyne - Cybersecurity specialist
Whether he’s taking on insecure hotspots, inept passwords, or lax OS designers, James Lyne exposes technology’s vulnerabilities while elevating the security awareness of everyday users. Full bio
Whether he’s taking on insecure hotspots, inept passwords, or lax OS designers, James Lyne exposes technology’s vulnerabilities while elevating the security awareness of everyday users. Full bio
Double-click the English transcript below to play the video.
00:12
I'm going to be showing some of the cybercriminals'
0
713
1632
Pokazaću vam neke od
najnovijih i najzlonamjernijih
najnovijih i najzlonamjernijih
00:14
latest and nastiest creations.
1
2345
2462
kreacija sajber kriminalaca
00:16
So basically, please don't go and download
2
4807
2908
Dakle, molim vas da ne preuzimate
00:19
any of the viruses that I show you.
3
7715
2696
ni jedan od virusa koje vam pokažem.
00:22
Some of you might be wondering what a cybersecurity specialist looks like,
4
10411
3018
Poneko od vas se možda pita kako
specijalci za sajber bezbijednost izgledaju,
specijalci za sajber bezbijednost izgledaju,
00:25
and I thought I'd give you a quick insight
5
13429
2169
i mislio sam da vam na brzinu predstavim
00:27
into my career so far.
6
15598
2678
svoju dosadašnju karijeru.
00:30
It's a pretty accurate description.
7
18276
2501
To je prilično tačan opis.
00:32
This is what someone that specializes
8
20777
1656
Ovako izgleda neko ko je specijalizovan
00:34
in malware and hacking looks like.
9
22433
2420
za malver i hakovanje.
00:36
So today, computer viruses and trojans,
10
24853
3414
Danas su kompjuterski virusi i trojanci
00:40
designed to do everything from stealing data
11
28267
2880
dizajnirani da urade sve,
od krađe vaših podataka,
od krađe vaših podataka,
00:43
to watching you in your webcam
12
31147
2041
posmatranja kroz vašu veb kameru,
00:45
to the theft of billions of dollars.
13
33188
2778
do krađe od milijardu dolara.
00:47
Some malicious code today goes as far
14
35966
2195
Neki zlonamjerni kod
danas ide toliko daleko
danas ide toliko daleko
00:50
as targeting power, utilities and infrastructure.
15
38161
4143
do ciljanja na pogone i infrastrukturu.
00:54
Let me give you a quick snapshot
16
42304
1961
Dozvolite mi da vam dam brz presjek
00:56
of what malicious code is capable of today.
17
44265
2614
za šta je danas zlonamjerni kod sposoban.
00:58
Right now, every second, eight new users
18
46879
3070
Upravo sada, svake sekunde,
osam novih korisnika
osam novih korisnika
01:01
are joining the Internet.
19
49949
2155
se priključi na internet.
01:04
Today, we will see 250,000 individual new computer viruses.
20
52104
7308
Danas, viđećemo 250 000
novih različitih virusa.
novih različitih virusa.
01:11
We will see 30,000 new infected websites.
21
59412
5773
Viđećemo 30 000 novih
inficiranih sajtova.
inficiranih sajtova.
01:17
And, just to kind of tear down a myth here,
22
65185
2086
I sada ćemo srušiti mit ovdje,
01:19
lots of people think that when you get infected
23
67271
2488
mnogo ljudi misli, kada se inficiraju
01:21
with a computer virus, it's because you went to a porn site.
24
69759
3451
kompjuterskim virusom, da je to zato
što su posjetili pornografski sajt.
što su posjetili pornografski sajt.
01:25
Right? Well, actually, statistically speaking,
25
73210
2443
Tačno? Pa, zapravo, statistički govoreći,
01:27
if you only visit porn sites, you're safer.
26
75653
3125
ako samo posjećujete
pornogorafske sajtove, bezbjedniji ste.
pornogorafske sajtove, bezbjedniji ste.
01:30
People normally write that down, by the way. (Laughter)
27
78778
3002
Ljudi normalno zapišu to, uzgred. (smijeh)
01:33
Actually, about 80 percent of these
28
81780
1562
Zapravo, oko 80 odsto
01:35
are small business websites getting infected.
29
83342
3513
malih biznis sajtova biva zaraženo.
01:38
Today's cybercriminal, what do they look like?
30
86855
2285
Kako izgledaju današnji sajber kriminalci?
01:41
Well, many of you have the image, don't you,
31
89140
2426
Pa, većina zamisli
01:43
of the spotty teenager sitting in a basement,
32
91566
2176
pjegavog tinejdžera kako sjedi u podrumu
01:45
hacking away for notoriety.
33
93742
2388
i hakuje, zar ne?
01:48
But actually today, cybercriminals
34
96130
1623
Ali danas, sajber kriminalci
01:49
are wonderfully professional and organized.
35
97753
3311
su izvanredno profesionalni i organizovani.
01:53
In fact, they have product adverts.
36
101064
2871
U stvari, oni imaju reklame svojih proizvoda.
01:55
You can go online and buy a hacking service
37
103935
2131
Možete otići na internet
i kupiti hakersku uslugu
i kupiti hakersku uslugu
01:58
to knock your business competitor offline.
38
106066
2149
kojom ćete oboriti svog biznis konkurenta.
02:00
Check out this one I found.
39
108215
1559
Pogledajte jednog što sam našao.
02:01
(Video) Man: So you're here for one reason,
40
109774
1819
(Video) Muškarac: Znači ovdje ste
zbog jednog razloga,
zbog jednog razloga,
02:03
and that reason is
41
111593
1465
i razlog je taj
02:05
because you need your business competitors,
42
113058
1912
što želiš da tvoji biznis konkurenti,
02:06
rivals, haters, or whatever the reason is, or who,
43
114970
3952
rivali, hejteri, ili bilo šta ili ko da je razlog,
02:10
they are to go down.
44
118922
1744
nazaduju.
02:12
Well you, my friend, you've came to the right place.
45
120666
2860
Pa prijatelju moj,
došao si na pravo mjesto.
došao si na pravo mjesto.
02:15
If you want your business competitors to go down,
46
123526
2416
Ako zeliš da tvoji biznis konkurenti nazaduju
02:17
well, they can.
47
125942
1336
pa, to je moguće.
02:19
If you want your rivals to go offline, well, they will.
48
127278
3424
Ako želiš da tvoji rivali budu oflajn, biće.
02:22
Not only that, we are providing a short-term-to-long-term
49
130702
3027
Ne samo to, nudimo kratkoročnu i dugoročnu
02:25
DDOS service or scheduled attack,
50
133729
2355
DDOS uslugu ili isplanirani napad,
02:28
starting five dollars per hour for small personal websites
51
136084
3811
počev od pet dolara na sat,
za male lične veb sajtove,
za male lične veb sajtove,
02:31
to 10 to 50 dollars per hour.
52
139895
2904
pa do onih od 10 do 50 dolara na sat.
02:34
James Lyne: Now, I did actually pay
53
142799
1323
Džejms Lajn: Zapravo sam platio
02:36
one of these cybercriminals to attack my own website.
54
144122
2793
jednom od ovih sajber kriminalaca
da napadnu moj sajt.
da napadnu moj sajt.
02:38
Things got a bit tricky when I tried to expense it at the company.
55
146915
3494
Stvari su postale malo nezgodne kada sam
pokušao da prebacim trošak na firmu.
pokušao da prebacim trošak na firmu.
02:42
Turns out that's not cool.
56
150409
1714
Ispostavilo se da to nije u redu.
02:44
But regardless, it's amazing how many products
57
152123
3010
Ali, bez obzira, nevjerovatno je
koliko je sada proizvoda
koliko je sada proizvoda
02:47
and services are available now to cybercriminals.
58
155133
3112
i usluga dostupno sajber kriminalcima.
02:50
For example, this testing platform,
59
158245
2476
Na primjer, ovo je test platforma,
02:52
which enables the cybercriminals
60
160721
1715
koja omogućava sajber kriminalcima
02:54
to test the quality of their viruses
61
162436
2482
da testiraju kvalitet svojih virusa
02:56
before they release them on the world.
62
164918
2452
prije nego što ih objave svijetu.
02:59
For a small fee, they can upload it
63
167370
1957
Uz mali ulog, mogu ih postaviti na internet
03:01
and make sure everything is good.
64
169327
1666
i biti sigurni da je sve u redu.
03:02
But it goes further.
65
170993
1533
Ali to ide dalje.
03:04
Cybercriminals now have crime packs
66
172526
2245
Sajber kriminalci sada
imaju kriminalne pakete
imaju kriminalne pakete
03:06
with business intelligence reporting dashboards
67
174771
3119
sa kontrolnim tablama
na kojim dobijaju izvještaje
na kojim dobijaju izvještaje
03:09
to manage the distribution of their malicious code.
68
177890
3476
o distrubuciji njihovog zlonamjernog koda.
03:13
This is the market leader in malware distribution,
69
181366
3528
Ovo je tržišni lider u distribuciji malvera,
03:16
the Black Hole Exploit Pack,
70
184894
1638
"Black Hole Explot Pack",
03:18
responsible for nearly one third of malware distribution
71
186532
3659
koji je odgovoran za skoro
trećinu distribucije malvera
trećinu distribucije malvera
03:22
in the last couple of quarters.
72
190191
1974
u posljednjih nekoliko kvartala.
03:24
It comes with technical installation guides,
73
192165
3009
Dolazi sa uputstvom za instalaciju,
03:27
video setup routines,
74
195174
1045
video procedurama,
03:28
and get this, technical support.
75
196219
3955
i vidite ovo, sa tehničkom podrškom.
03:32
You can email the cybercriminals and they'll tell you
76
200174
2388
Možete poslati email sajber
kriminalcima i oni će vam reći
kriminalcima i oni će vam reći
03:34
how to set up your illegal hacking server.
77
202562
3622
kako da namjestite
vaš ilegalni hakerski server.
vaš ilegalni hakerski server.
03:38
So let me show you what malicious code looks like today.
78
206184
4284
Dakle, dozvolite mi da vam pokažem
kako zlonamjerni kod izgleda danas.
kako zlonamjerni kod izgleda danas.
03:42
What I've got here is two systems,
79
210468
2312
Ovdje imam dva sistema,
03:44
an attacker, which I've made look all Matrix-y and scary,
80
212780
3690
jedan napadač, kojeg sam napravio
da izgleda kao u Matrix-u i zastrašujuće,
da izgleda kao u Matrix-u i zastrašujuće,
03:48
and a victim, which you might recognize from home or work.
81
216470
3302
i žrtvu, koju možete primijetiti
od kuće ili sa posla.
od kuće ili sa posla.
03:51
Now normally, these would be on different sides
82
219772
2729
Normalno, oni bi bili na različitim stranama
03:54
of the planet or of the Internet,
83
222501
2555
planete ili interneta,
03:57
but I've put them side by side
84
225056
1396
ali, ja sam ih postavio jedno pored drugog
03:58
because it makes things much more interesting.
85
226452
2664
zato što će to činiti stvari
mnogo interesantnijim.
mnogo interesantnijim.
04:01
Now, there are many ways you can get infected.
86
229116
2055
Sada, postoji dosta načina
preko kojih možete biti inficirani.
preko kojih možete biti inficirani.
04:03
You will have come in contact with some of them.
87
231171
2592
Doći ćete u kontakt sa nekim od njih.
04:05
Maybe some of you have received an email
88
233763
2096
Možda su neki od vas primili email
04:07
that says something like, "Hi, I'm a Nigerian banker,
89
235859
4085
koji kaže nešto kao:
"Zdravo, ja sam nigerijski bankar,
"Zdravo, ja sam nigerijski bankar,
04:11
and I'd like to give you 53 billion dollars
90
239944
2764
i želim da Vam dam 53 milijarde dolara
04:14
because I like your face."
91
242708
2427
zato što mi se sviđate."
04:17
Or funnycats.exe, which rumor has it
92
245135
3394
Ili funnycats.exe, za koji se priča
04:20
was quite successful in China's recent campaign against America.
93
248529
3769
da je bio veoma uspješan u Kini
do kampanje protiv Amerike.
do kampanje protiv Amerike.
04:24
Now there are many ways you can get infected.
94
252298
2430
Postoji mnogo načina da se zarazite.
04:26
I want to show you a couple of my favorites.
95
254728
1987
Želim da vam pokažem
neke od mojih omiljenih.
neke od mojih omiljenih.
04:28
This is a little USB key.
96
256715
2660
Ovo je mali USB stik.
04:31
Now how do you get a USB key to run in a business?
97
259375
2157
Kako ćete omogućiti da
USB stik obaviti posao?
USB stik obaviti posao?
04:33
Well, you could try looking really cute.
98
261532
4125
Pa, možete pokušati
da izgledate veoma slatko.
da izgledate veoma slatko.
04:37
Awww.
99
265657
1938
avvvvv
04:39
Or, in my case, awkward and pathetic.
100
267595
2363
Ili, u mom slučaju, nespretan i patetičan.
04:41
So imagine this scenario: I walk into one of your businesses,
101
269958
4189
Pa zamislite scenario: Ušao sam
u neku od vaših poslovnica,
u neku od vaših poslovnica,
04:46
looking very awkward and pathetic, with a copy of my C.V.
102
274147
2842
izgledam veoma nespretno i jadno,
sa kopijom svog CV-a
sa kopijom svog CV-a
04:48
which I've covered in coffee,
103
276989
1899
koji sam prelio kafom,
04:50
and I ask the receptionist to plug in this USB key
104
278888
3387
i pitam na recepciji da li mogu
da povežem svoj USB stik
da povežem svoj USB stik
04:54
and print me a new one.
105
282275
1949
i da mi odštampaju novi.
04:56
So let's have a look here on my victim computer.
106
284224
3230
Pa hajde da pogledamo šta ovdje
imamo na žrtvinom računaru.
imamo na žrtvinom računaru.
04:59
What I'm going to do is plug in the USB key.
107
287454
3246
Ono što ću uraditi jeste
da povežem svoj USB stik.
da povežem svoj USB stik.
05:02
After a couple of seconds,
108
290700
1490
Nakon nekoliko sekundi,
05:04
things start to happen on the computer on their own,
109
292190
2751
na računaru stvari počinju
da se odvijaju same,
da se odvijaju same,
05:06
usually a bad sign.
110
294941
1935
obično loš znak.
05:08
This would, of course, normally happen
111
296876
1694
Ovo bi se naravno dešavalo
05:10
in a couple of seconds, really, really quickly,
112
298570
2758
u par sekundi, stvarno, stvarno brzo,
05:13
but I've kind of slowed it down
113
301328
1660
ali sam ga malo usporio
05:14
so you can actually see the attack occurring.
114
302988
2830
da biste mogli vidjeti odvijanje napada.
05:17
Malware is very boring otherwise.
115
305818
2517
Malver je veoma dosadan inače.
05:20
So this is writing out the malicious code,
116
308335
2597
Dakle, ovo je pisanje neprijateljskog koda,
05:22
and a few seconds later, on the left-hand side,
117
310932
3797
i poslije nekoliko sekundi, na lijevoj strani,
05:26
you'll see the attacker's screen get some interesting new text.
118
314729
4298
viđećete napadačev ekran i na njemu
se pojavljuje neki interesantan tekst.
se pojavljuje neki interesantan tekst.
05:31
Now if I place the mouse cursor over it,
119
319027
1931
I sada ako postavim kursor preko,
05:32
this is what we call a command prompt,
120
320958
2307
to je ono što zovemo komandnom linijom,
05:35
and using this we can navigate around the computer.
121
323265
3797
koristeći to možemo se kretati po računaru.
05:39
We can access your documents, your data.
122
327062
2159
Možemo pristupiti vašim
dokumentima, vašim podacima
dokumentima, vašim podacima
05:41
You can turn on the webcam.
123
329221
1501
Možete upaliti veb kameru.
05:42
That can be very embarrassing.
124
330722
1629
To može da bude veoma neprijatno.
05:44
Or just to really prove a point,
125
332351
1723
Ili samo da dokažemo,
05:46
we can launch programs like my personal favorite,
126
334074
3121
možemo pokretati programe, moj omiljeni,
05:49
the Windows Calculator.
127
337195
2805
Windows Calculator.
05:52
So isn't it amazing how much control
128
340000
2288
Zar nije nevjerovatno koliku kontrolu
05:54
the attackers can get with such a simple operation?
129
342288
2895
napadač može dobiti sa tako
jednostavnom operacijom?
jednostavnom operacijom?
05:57
Let me show you how most malware
130
345183
1931
Dozvolite mi da vam
pokažem kako su većina
pokažem kako su većina
05:59
is now distributed today.
131
347114
2183
malvera danas rasprostranjeni.
06:01
What I'm going to do is open up a website
132
349297
2520
Ono što ću uraditi jeste, otvoriću veb sajt
06:03
that I wrote.
133
351817
1316
koji sam ja kodirao.
06:05
It's a terrible website. It's got really awful graphics.
134
353133
4315
Sajt je užasan, loše je dizajniran.
06:09
And it's got a comments section here
135
357448
2194
I ima sekciju za komentare ovdje
06:11
where we can submit comments to the website.
136
359642
3681
gdje možemo postaviti komentar na sajt.
06:15
Many of you will have used something a bit like this before.
137
363323
3007
Mnogi od vas su koristili
nešto slično ranije.
nešto slično ranije.
06:18
Unfortunately, when this was implemented,
138
366330
1947
Nažalost, kada se ovo realizovalo,
06:20
the developer was slightly inebriated
139
368277
2425
programer je bio malo pijan
06:22
and managed to forget
140
370702
1242
i uspio je da zaboravi
06:23
all of the secure coding practices he had learned.
141
371944
2989
svo sigurnosno kodiranje koje je naučio.
06:26
So let's imagine that our attacker,
142
374933
3066
Pa zamislimo da naš napadač,
06:29
called Evil Hacker just for comedy value,
143
377999
3448
zvani Evil Hacker, čisto iz zezanja,
06:33
inserts something a little nasty.
144
381447
2023
unese nešto malo gadno.
06:35
This is a script.
145
383470
1699
Ovo je skripta.
06:37
It's code which will be interpreted on the webpage.
146
385169
4077
To je kod koji će se
interpretirati na veb stranici.
interpretirati na veb stranici.
06:41
So I'm going to submit this post,
147
389246
2325
Poslaću ovaj post,
06:43
and then, on my victim computer,
148
391571
2382
a zatim, na mom zaraženom kompjuteru,
06:45
I'm going to open up the web browser
149
393953
2027
otvoriću pretraživač
06:47
and browse to my website,
150
395980
2253
i doći do mog sajta,
06:50
www.incrediblyhacked.com.
151
398233
3789
www.incrediblyhacked.com.
06:54
Notice that after a couple of seconds,
152
402022
2124
Obratite pažnju da sam
poslije nekoliko sekundi
poslije nekoliko sekundi
06:56
I get redirected.
153
404146
1457
preusmjeren.
06:57
That website address at the top there,
154
405603
1977
Ta adresa koju vidite tu na vrhu,
06:59
which you can just about see, microshaft.com,
155
407580
3331
koju sada vidite, microshaft.com,
07:02
the browser crashes as it hits one of these exploit packs,
156
410911
3193
pretraživač se srušio jer je pogođen
jednim od eksploit paketa,
jednim od eksploit paketa,
07:06
and up pops fake antivirus.
157
414104
4024
i iskočio je lažni antivirus.
07:10
This is a virus pretending to look like antivirus software,
158
418128
5056
Ovo je virus koji izgleda
kao antivirusni program.
kao antivirusni program.
07:15
and it will go through and it will scan the system,
159
423184
2365
i proći će, i skenirati sistem,
07:17
have a look at what its popping up here.
160
425549
1508
pogledajmo šta se pojavljuje ovdje.
07:19
It creates some very serious alerts.
161
427057
1748
Prikazuje neka veoma ozbiljna upozorenja.
07:20
Oh look, a child porn proxy server.
162
428805
2343
Oh pogledajte, server sa
dječjom pornografijom.
dječjom pornografijom.
07:23
We really should clean that up.
163
431148
2432
Stvarno bi trebalo obrisati ovo.
07:25
What's really insulting about this is
164
433580
1584
Ono što je zaista uvrjedljivo
oko ovoga jeste da
oko ovoga jeste da
07:27
not only does it provide the attackers with access to your data,
165
435164
4238
ne pruža napadaču samo
pristup vašim podacima,
pristup vašim podacima,
07:31
but when the scan finishes, they tell you
166
439402
2823
već kada se skeniranje završi, reći će vam
07:34
in order to clean up the fake viruses,
167
442225
3123
da biste očistili lažne viruse,
07:37
you have to register the product.
168
445348
2676
morate registrovati ovaj proizvod.
07:40
Now I liked it better when viruses were free.
169
448024
3336
Više mi se dopadalo
kada su virusi bili besplatni.
kada su virusi bili besplatni.
07:43
(Laughter)
170
451360
2779
(smijeh)
07:46
People now pay cybercriminals money
171
454139
2526
Ljudi sada plaćaju sajber kriminalcima
07:48
to run viruses,
172
456665
2101
da pokreću viruse
07:50
which I find utterly bizarre.
173
458766
2761
što smatram potpuno bizarnim.
07:53
So anyway, let me change pace a little bit.
174
461527
3536
U svakom slučaju, dozvolite mi
da promijenim malo tempo.
da promijenim malo tempo.
07:57
Chasing 250,000 pieces of malware a day
175
465063
3506
Jurenje 250 000 komada malvera na dan
08:00
is a massive challenge,
176
468569
1655
je ogroman izazov,
08:02
and those numbers are only growing
177
470224
2070
a ti brojevi samo rastu
08:04
directly in proportion to the length of my stress line, you'll note here.
178
472294
3879
direktno srazmjerno dužini moje
linije stresa, primijetićete to ovdje.
linije stresa, primijetićete to ovdje.
08:08
So I want to talk to you briefly
179
476173
1876
Želim da vam ukratko kažem nešto
08:10
about a group of hackers we tracked for a year
180
478049
3050
o grupi hakera koju smo
pratili godinu dana
pratili godinu dana
08:13
and actually found --
181
481099
2007
i čak ih našli
08:15
and this is a rare treat in our job.
182
483106
2577
a to je rijetka poslastica u našem poslu.
08:17
Now this was a cross-industry collaboration,
183
485683
2483
Ovo je bila unakrsno industrijska saradnja,
08:20
people from Facebook, independent researchers,
184
488166
2389
ljudi sa Facebook-a, nezavisnih istraživača,
08:22
guys from Sophos.
185
490555
2081
momaka iz Sophos-a.
08:24
So here we have a couple of documents
186
492636
2655
Dakle, ovdje imamo nekoliko dokumenata
08:27
which our cybercriminals had uploaded
187
495291
2826
koje su sajber kriminalci postavili
08:30
to a cloud service, kind of like Dropbox or SkyDrive,
188
498117
4377
na servis, kao sto je Dropbox ili SkyDrive,
08:34
like many of you might use.
189
502494
2209
ili neki koji možda koristite.
08:36
At the top, you'll notice a section of source code.
190
504703
3392
Na vrhu, primijetićete dio izvornog koda.
08:40
What this would do is send the cybercriminals
191
508095
2968
Ovo bi slalo sajber kriminalcima
08:43
a text message every day telling them how much money
192
511063
5040
tekstualnu poruku svaki dan,
obavještavajući ih koliko novca
obavještavajući ih koliko novca
08:48
they'd made that day,
193
516103
1666
su zaradili tog dana,
08:49
so a kind of cybercriminal billings report, if you will.
194
517769
3296
kao neka vrsta sajber izvještaja.
08:53
If you look closely, you'll notice a series
195
521065
2757
Ako pogledate bliže, primijetićete niz
08:55
of what are Russian telephone numbers.
196
523822
2983
ruskih telefonskih brojeva.
08:58
Now that's obviously interesting,
197
526805
1479
Sada je očigledno interesantno,
09:00
because that gives us a way of finding our cybercriminals.
198
528284
3237
jer to nam daje način za pronalaženje
naših sajber kriminalaca.
naših sajber kriminalaca.
09:03
Down below, highlighted in red,
199
531521
2115
Ispod, označeno crvenom bojom,
09:05
in the other section of source code,
200
533636
1751
u drugom dijelu izvornog koda,
09:07
is this bit "leded:leded."
201
535387
2743
ovo malo je "leded : leded ."
09:10
That's a username,
202
538130
1289
To je korisničko ime,
09:11
kind of like you might have on Twitter.
203
539419
2859
nešto kao što imate na tviteru.
09:14
So let's take this a little further.
204
542278
1231
Pa hajde da to pogledamo malo bolje.
09:15
There are a few other interesting pieces
205
543509
2258
Postoji nekoliko drugih zanimljivih djelova
09:17
the cybercriminals had uploaded.
206
545767
2275
koje su sajber kriminalci postavili.
09:20
Lots of you here will use smartphones
207
548042
2572
Mnogo vas ovdje će koristiti pametne telefone
09:22
to take photos and post them from the conference.
208
550614
2647
da fotografišete i postavite
slike sa konferencije.
slike sa konferencije.
09:25
An interesting feature of lots of modern smartphones
209
553261
2837
Interesantna karakteristika većine
modernih pametnih telefona
modernih pametnih telefona
09:28
is that when you take a photo,
210
556098
1667
je da kada fotografišete,
09:29
it embeds GPS data about where that photo was taken.
211
557765
4237
ugrađuje GPS podatke o tome
gdje je fotografija snimljena.
gdje je fotografija snimljena.
09:34
In fact, I've been spending a lot of time
212
562002
2443
U stvari sam proveo dosta vremena
09:36
on Internet dating sites recently,
213
564445
2244
na internet dejting sajtovima nedavno,
09:38
obviously for research purposes,
214
566689
2411
očigledno za istraživačke svrhe,
09:41
and I've noticed that about 60 percent
215
569100
3521
i primijetio sam da oko 60 odsto
09:44
of the profile pictures on Internet dating sites
216
572621
2823
profilnih slika na internet dejting sajtovima
09:47
contain the GPS coordinates of where the photo was taken,
217
575444
4451
sadrže GPS koordinate gdje je
fotografija snimljena,
fotografija snimljena,
09:51
which is kind of scary
218
579895
1061
što je nekako strašno
09:52
because you wouldn't give out your home address
219
580956
2562
jer ne biste dali svoju kućnu adresu
09:55
to lots of strangers,
220
583518
1449
mnogim strancima,
09:56
but we're happy to give away our GPS coordinates
221
584967
1994
ali mi rado dajemo svoje GPS koordinate
09:58
to plus or minus 15 meters.
222
586961
4029
na plus ili minus 15 metara.
10:02
And our cybercriminals had done the same thing.
223
590990
3234
A naši sajber kriminalci su uradili istu stvar.
10:06
So here's a photo which resolves to St. Petersburg.
224
594224
3204
Dakle, ovdje je slika koja
sve rješava, u Sankt Petersburgu.
sve rješava, u Sankt Petersburgu.
10:09
We then deploy the incredibly advanced hacking tool.
225
597428
3686
Zatim smo primijenili nevjerovatno
naprednu hakersku alatku.
naprednu hakersku alatku.
10:13
We used Google.
226
601114
2395
Koristili smo Google.
10:15
Using the email address, the telephone number
227
603509
2225
Koristeći email, broj telefona
10:17
and the GPS data, on the left you see an advert
228
605734
3549
i GPS podatke, sa lijeve strane vidite reklamu
10:21
for a BMW that one of our cybercriminals is selling,
229
609283
3669
za BMW koji jedan od
sajber kriminalaca prodaje,
sajber kriminalaca prodaje,
10:24
on the other side an advert for the sale of sphynx kittens.
230
612952
5348
na drugoj strani postoji reklama
za prodaju sfinks mačića.
za prodaju sfinks mačića.
10:30
One of these was more stereotypical for me.
231
618300
3100
Jedna od njih bila je više stereotipna za mene.
10:33
A little more searching, and here's our cybercriminal.
232
621400
3989
Malo više pretraživanja, i evo
naših sajber kriminalaca.
naših sajber kriminalaca.
10:37
Imagine, these are hardened cybercriminals
233
625389
3546
Zamislite, to su okorjeli sajber kriminalci
10:40
sharing information scarcely.
234
628935
1868
koji rijetko objavljuju informacije.
10:42
Imagine what you could find
235
630803
1148
Zamislite šta možete naći
10:43
about each of the people in this room.
236
631951
1703
o svakoj osobi u ovoj prostoriji.
10:45
A bit more searching through the profile
237
633654
1806
Malo više pretrage kroz profil
10:47
and there's a photo of their office.
238
635460
1860
i eto je slika njihove kancelarije.
10:49
They were working on the third floor.
239
637320
2048
Radili su na trećem spratu.
10:51
And you can also see some photos
240
639368
2199
I takođe možete vidjeti neke fotografije
10:53
from his business companion
241
641567
1175
njegovog poslovnog kolege
10:54
where he has a taste in a certain kind of image.
242
642742
4839
gdje ima poseban ukus
za određenu vrstu slike.
za određenu vrstu slike.
10:59
It turns out he's a member of the Russian Adult Webmasters Federation.
243
647581
3995
Ispostavilo se da je on član
Ruske Webmasters federacije.
Ruske Webmasters federacije.
11:03
But this is where our investigation starts to slow down.
244
651576
3017
Ali, ovo je mjesto gdje
naša istraga počinje da usporava.
naša istraga počinje da usporava.
11:06
The cybercriminals have locked down their profiles quite well.
245
654593
3943
Sajber kriminalci su zaključali
svoje profile prilično dobro.
svoje profile prilično dobro.
11:10
And herein is the greatest lesson
246
658536
2035
I ovdje je najveća lekcija
11:12
of social media and mobile devices for all of us right now.
247
660571
4578
o društvenim medijima i mobilnim uređajima
za sve nas u ovom trenutku.
za sve nas u ovom trenutku.
11:17
Our friends, our families and our colleagues
248
665149
3730
Naši prijatelji, naše porodice i naše kolege
11:20
can break our security even when we do the right things.
249
668879
4689
mogu razbiti našu sigurnost
čak i kada radimo prave stvari.
čak i kada radimo prave stvari.
11:25
This is MobSoft, one of the companies
250
673568
2780
Ovo je MobSoft, jedna od kompanija
11:28
that this cybercriminal gang owned,
251
676348
2166
koju je sajber kriminalna banda preuzela,
11:30
and an interesting thing about MobSoft
252
678514
1589
i zanimljiva stvar u vezi MobSoft-a
11:32
is the 50-percent owner of this
253
680103
2871
je da je njegov 50 - procentni vlasnik
11:34
posted a job advert,
254
682974
1947
postavio oglas za posao,
11:36
and this job advert matched one of the telephone numbers
255
684921
3380
i ovom oglasu za posao odgovara
jedan od telefonskih brojeva
jedan od telefonskih brojeva
11:40
from the code earlier.
256
688301
2152
iz ranijeg koda.
11:42
This woman was Maria,
257
690453
2125
Ova žena je bila Maria,
11:44
and Maria is the wife of one of our cybercriminals.
258
692578
2880
i Maria je žena jednog od sajber kriminalaca
11:47
And it's kind of like she went into her social media settings
259
695458
3520
I to je nešto kao da je otišla u podešavanja
svojih društvenih medija
svojih društvenih medija
11:50
and clicked on every option imaginable
260
698978
2795
i kliknula na svaku opciju koju je zamislila
11:53
to make herself really, really insecure.
261
701773
3697
da bi sebe učinila stvarno nesigurnom.
11:57
By the end of the investigation,
262
705470
1567
Na kraju istrage,
11:59
where you can read the full 27-page report at that link,
263
707037
3559
gdje možete pročitati izvještaj
od 27 strana na tom linku,
od 27 strana na tom linku,
12:02
we had photos of the cybercriminals,
264
710596
2034
imamo slike sajber kriminalaca,
12:04
even the office Christmas party
265
712630
2895
čak i Božićne žurke u kancelariji
12:07
when they were out on an outing.
266
715525
1866
kada su izlazili.
12:09
That's right, cybercriminals do have Christmas parties,
267
717391
3249
Tačno tako, sajber kriminalci
imaju Božićne žurke
imaju Božićne žurke
12:12
as it turns out.
268
720640
1588
kako se ispostavilo.
12:14
Now you're probably wondering what happened to these guys.
269
722228
2235
Sada se vjerovatno pitate
šta se desilo sa ovim momcima.
šta se desilo sa ovim momcima.
12:16
Let me come back to that in just a minute.
270
724463
2937
Dozvolite mi da se vratim na to samo na minut.
12:19
I want to change pace to one last little demonstration,
271
727400
2747
Želim da promijenim ritam
za posljednju malu demonstraciju,
za posljednju malu demonstraciju,
12:22
a technique that is wonderfully simple and basic,
272
730147
3969
tehnike koja je predivno jednostavna,
12:26
but is interesting in exposing how much information
273
734116
3065
ali je zanimljiva za otkrivanje
koliko informacija
koliko informacija
12:29
we're all giving away,
274
737181
1776
odajemo,
12:30
and it's relevant because it applies to us as a TED audience.
275
738957
4278
i to je relevantno jer se odnosi
na nas kao TED publiku.
na nas kao TED publiku.
12:35
This is normally when people start kind of shuffling in their pockets
276
743235
2450
To je normalno kada ljudi počnu da
šunjaju po svojim džepovima
šunjaju po svojim džepovima
12:37
trying to turn their phones onto airplane mode desperately.
277
745685
4218
pokušavajući da svoje telefone prebace
na režim letjenja, očajnički.
na režim letjenja, očajnički.
12:41
Many of you all know about the concept
278
749903
1686
Mnogi od vas znaju za koncept
12:43
of scanning for wireless networks.
279
751589
2343
skeniranja wireless mreže.
12:45
You do it every time you take out your iPhone or your Blackberry
280
753932
3401
Radite to kad god uzmete
vaš iPhone ili Blackberry
vaš iPhone ili Blackberry
12:49
and connect to something like TEDAttendees.
281
757333
4020
i konektujete se na nešto kao TEDAttendees.
12:53
But what you might not know
282
761353
1747
Ali ono što možda ne znate jeste
12:55
is that you're also beaming out a list of networks
283
763100
4751
da takođe odajete i listu mreža
12:59
you've previously connected to,
284
767851
2422
na koje ste se ranije konektovali,
13:02
even when you're not using wireless actively.
285
770273
4147
čak i kad ne koristite wireless aktivno.
13:06
So I ran a little scan.
286
774420
1727
Pokrenuo sam malo skreniranje.
13:08
I was relatively inhibited compared to the cybercriminals,
287
776147
2926
Bio sam relativno inhibiran u
odnosu na sajber kriminalce
odnosu na sajber kriminalce
13:11
who wouldn't be so concerned by law,
288
779073
2544
koje nije toliko brinuo zakon,
13:13
and here you can see my mobile device.
289
781617
2587
i ovdje možete vidjeti moj mobilni telefon.
13:16
Okay? So you can see a list of wireless networks.
290
784204
2654
U redu? Dakle možete vidjeti
listu wireless mreža.
listu wireless mreža.
13:18
TEDAttendees, HyattLB. Where do you think I'm staying?
291
786858
4627
TEDAttendees, HyattLB.
Šta mislite gdje sam?
Šta mislite gdje sam?
13:23
My home network, PrettyFlyForAWifi,
292
791485
3493
Moja mreža kod kuće, PrettyFlyForAWifi,
13:26
which I think is a great name.
293
794978
1765
za koju mislim da ima odlično ime.
13:28
Sophos_Visitors, SANSEMEA, companies I work with.
294
796743
2767
Sophos_Visitors, SANSEMEA,
kompanije u kojima radim,
kompanije u kojima radim,
13:31
Loganwifi, that's in Boston. HiltonLondon.
295
799510
3308
Loganwifi, koji je u Bostonu. HiltonLondon.
13:34
CIASurveillanceVan.
296
802818
2441
CIASurveillanceVan.
13:37
We called it that at one of our conferences
297
805259
1609
Tako smo ga zvali na nekoj
od naših konferencija
od naših konferencija
13:38
because we thought that would freak people out,
298
806868
1736
zato što smo mislili da ćemo zaluđeti ljude,
13:40
which is quite fun.
299
808604
1994
što je malo zabavno.
13:42
This is how geeks party.
300
810598
4658
Ovako stručnjaci slave.
13:47
So let's make this a little bit more interesting.
301
815256
2207
Hajde da ovo učinimo malo interesantnijim.
13:49
Let's talk about you.
302
817463
2538
Pričajmo o vama.
13:52
Twenty-three percent of you have been to Starbucks
303
820001
2110
23 odsto vas je skorije bilo u Starbucks-u
13:54
recently and used the wireless network.
304
822111
3115
i koristili ste wireless mrežu.
13:57
Things get more interesting.
305
825226
1164
Stvari postaju zanimljivije.
13:58
Forty-six percent of you I could link to a business,
306
826390
2446
46 odsto vas mogu povezati sa poslom,
14:00
XYZ Employee network.
307
828836
2870
XYZ Zaposleni mreža.
14:03
This isn't an exact science, but it gets pretty accurate.
308
831706
4179
Ovo nije neka nauka,
ali postaje prilično tačno.
ali postaje prilično tačno.
14:07
Seven hundred and sixty-one of you I could identify a hotel you'd been to recently,
309
835885
4469
761 vas mogu identifikovati hotel
u kojem ste skoro boravili,
u kojem ste skoro boravili,
14:12
absolutely with pinpoint precision somewhere on the globe.
310
840354
3839
sa velikom preciznošću negdje na planeti.
14:16
Two hundred and thirty-four of you, well, I know where you live.
311
844193
3948
234 vas, pa, znam gdje živite.
14:20
Your wireless network name is so unique
312
848141
2319
Naziv vaše wireless mreže je toliko jedinstven
14:22
that I was able to pinpoint it
313
850460
1549
da sam u mogućnosti da vas lociram
14:24
using data available openly on the Internet
314
852009
2667
koristeći dostupne podatake na Internetu
14:26
with no hacking or clever, clever tricks.
315
854676
4248
bez hakovanja ili prepametnih trikova.
14:30
And I should mention as well that
316
858924
1820
I mogu pomenuti da
14:32
some of you do use your names,
317
860744
1542
neki od vas koriste sopstvena imena,
14:34
"James Lyne's iPhone," for example.
318
862286
2596
na primjer: "James Lyne's iPhone".
14:36
And two percent of you have a tendency to extreme profanity.
319
864882
4358
I 2 odsto vas ima tendenciju za
ekstremnim psovkama.
ekstremnim psovkama.
14:41
So something for you to think about:
320
869240
2004
Nešto o čemu bi trebalo da razmislite:
14:43
As we adopt these new applications and mobile devices,
321
871244
3913
Kao što smo prisvojili nove aplikacije i telefone,
14:47
as we play with these shiny new toys,
322
875157
2317
kao što se igramo sjajnim novim igračkama,
14:49
how much are we trading off convenience
323
877474
3822
koliko pogodnosti kupujemo
14:53
for privacy and security?
324
881296
2890
za privatnost i bezbjednost?
14:56
Next time you install something,
325
884186
2058
Sljedeći put kada instalirate nešto,
14:58
look at the settings and ask yourself,
326
886244
2304
pogledajte podešavanja i zapitajte se,
15:00
"Is this information that I want to share?
327
888548
3552
"Da li je ovo informacija
koju želim da podijelim?
koju želim da podijelim?
15:04
Would someone be able to abuse it?"
328
892100
2890
Da li bi neko mogao da je zloupotrijebi?"
15:06
We also need to think very carefully
329
894990
2072
Takođe treba pažljivo da razmislimo
15:09
about how we develop our future talent pool.
330
897062
4141
o tome kako ćemo u budućnosti
razviti naš talenat.
razviti naš talenat.
15:13
You see, technology's changing at a staggering rate,
331
901203
2979
Vidite, tehnologija se mijenja
nevjerovatnom brzinom,
nevjerovatnom brzinom,
15:16
and that 250,000 pieces of malware
332
904182
3176
i tih 250 000 malvera
15:19
won't stay the same for long.
333
907358
2872
neće dugo ostati isti.
15:22
There's a very concerning trend
334
910230
2198
Postoji jedan veoma zanimljiv trend
15:24
that whilst many people coming out of schools now
335
912428
3193
da iako mnogo ljudi dolazi iz škola
15:27
are much more technology-savvy, they know how to use technology,
336
915621
4412
i tehnološki su obrazovani,
znaju da koriste tehnologiju,
znaju da koriste tehnologiju,
15:32
fewer and fewer people are following the feeder subjects
337
920033
3613
sve manje i manje ljudi prati
uputstva proizvođača
uputstva proizvođača
15:35
to know how that technology works under the covers.
338
923646
4324
da bi znali kako tehnologija zaista radi.
15:39
In the U.K., a 60 percent reduction since 2003,
339
927970
4385
U UK, 60 odsto je smanjenja od 2003.
15:44
and there are similar statistics all over the world.
340
932355
3775
i slična je statistika širom svijeta.
15:48
We also need to think about the legal issues in this area.
341
936130
4076
Takođe treba razmisliti
o pravnim pitanjima iz ove oblasti.
o pravnim pitanjima iz ove oblasti.
15:52
The cybercriminals I talked about,
342
940206
1527
Sajber kriminalci o kojima sam pričao,
15:53
despite theft of millions of dollars,
343
941733
2139
uprkos krađi od milion dolara,
15:55
actually still haven't been arrested,
344
943872
2109
zapravo još nijesu uhapšeni,
15:57
and at this point possibly never will.
345
945981
3559
a vjerovatno nikada i neće.
16:01
Most laws are national in their implementation,
346
949540
3500
Većina zakona su nacionalni u njihovoj realizaciji,
16:05
despite cybercrime conventions, where the Internet
347
953040
3999
uprkos konvencijama o visokotehnološkom
kriminalu, gdje je internet
kriminalu, gdje je internet
16:09
is borderless and international by definition.
348
957039
3106
bezgraničan i međunarodan po definiciji.
16:12
Countries do not agree, which makes this area
349
960145
2833
Države se ne slažu, što čini ovu oblast
16:14
exceptionally challenging from a legal perspective.
350
962978
3617
izuzetno izazovnom sa pravne tačke gledišta.
16:18
But my biggest ask is this:
351
966595
4360
Ali moje najveće pitanje je:
16:22
You see, you're going to leave here
352
970955
1642
Vidite, napuštićete ovo mjesto
16:24
and you're going to see some astonishing stories in the news.
353
972597
3717
i viđećete neke zapanjujuće priče u vijestima.
16:28
You're going to read about malware doing incredible
354
976314
2174
Pročitaćete kako malver radi nevjerovatne
16:30
and terrifying, scary things.
355
978488
3261
i zastrašujuće stvari.
16:33
However, 99 percent of it works
356
981749
3929
Međutim, 99 odsto ovoga radi
16:37
because people fail to do the basics.
357
985678
4190
zato što ljudi ne urade osnovno.
16:41
So my ask is this: Go online,
358
989868
3022
Dakle, ono što tražim je sljedeće:
Otiđite na mrežu,
Otiđite na mrežu,
16:44
find these simple best practices,
359
992890
2645
pronađite najbolje rješenje,
16:47
find out how to update and patch your computer.
360
995535
2554
saznajte kako da ažurirate i zakrpite računar.
16:50
Get a secure password.
361
998089
1551
Napravite sigurnu šifru.
16:51
Make sure you use a different password
362
999640
1530
Budite sigurni da koristite različite šifre
16:53
on each of your sites and services online.
363
1001170
3351
na svakom od sajtova i onlajn usluga.
16:56
Find these resources. Apply them.
364
1004521
3243
Nađite ove resurse. Primijenite ih.
16:59
The Internet is a fantastic resource
365
1007764
2611
Internet je fantastično mjesto
17:02
for business, for political expression,
366
1010375
2065
za biznis, za političko oglašavanje,
17:04
for art and for learning.
367
1012440
2331
za umjetnost i učenje.
17:06
Help me and the security community
368
1014771
3182
Pomozite mi, i bezbjednosne zajednice
17:09
make life much, much more difficult
369
1017953
3468
će učiniti život mnogo, mnogo težim
17:13
for cybercriminals.
370
1021421
1952
sajber kriminalcima.
17:15
Thank you.
371
1023373
1328
Hvala vam.
17:16
(Applause)
372
1024701
4539
(Aplauz)
ABOUT THE SPEAKER
James Lyne - Cybersecurity specialistWhether he’s taking on insecure hotspots, inept passwords, or lax OS designers, James Lyne exposes technology’s vulnerabilities while elevating the security awareness of everyday users.
Why you should listen
In an ever-expanding world of networked mobile devices, security threats -- and our ignorance of them -- are more widespread than ever. James Lyne of security firm Sophos believes that if we continue to ignore basic best practices, security is on a trajectory of failure.
A self-described geek, Lyne spends time ripping apart the latest gadgets and software, builds true random number generators out of tinfoil and smoke alarm parts, among other unlikely objects. But his gift lies in his ability to explain complicated concepts and abstract threats to diverse audiences around the world.
James Lyne | Speaker | TED.com