TEDGlobal 2011
Mikko Hypponen: Fighting viruses, defending the net
米科·哈普宁:对抗病毒,保卫网络
Filmed:
Readability: 4.2
1,847,520 views
自首个电脑病毒(Brain A)攻击网络至今已经25年了,曾经只是让人烦恼的小东西,现在已经变成了为犯罪和间谍服务的尖端工具。电脑安全专家米科·哈普宁为我们展示如何阻止新型病毒对互联网的威胁。
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio
Double-click the English transcript below to play the video.
00:15
I love the Internet.
0
0
3000
我爱网络
00:18
It's true.
1
3000
2000
这是真的
00:20
Think about everything it has brought us.
2
5000
2000
想想它给我们带来的一切
00:22
Think about all the services we use,
3
7000
3000
想想它给我们提供的服务
00:25
all the connectivity,
4
10000
2000
所有的互联性
00:27
all the entertainment,
5
12000
2000
娱乐性
00:29
all the business, all the commerce.
6
14000
3000
商业性,贸易性
00:32
And it's happening during our lifetimes.
7
17000
3000
这些都发生在我们的生活中
00:35
I'm pretty sure that one day
8
20000
3000
我非常肯定将来的某一天
00:38
we'll be writing history books
9
23000
2000
当我们书写从现在开始的
00:40
hundreds of years from now. This time
10
25000
3000
数百年历史的时候
00:43
our generation will be remembered
11
28000
3000
我们现在这段时期将被誉为
00:46
as the generation that got online,
12
31000
3000
网络的一代
00:49
the generation
13
34000
2000
真正的、完全的
00:51
that built something really and truly global.
14
36000
3000
全球化的一代
00:54
But yes, it's also true
15
39000
3000
但是,当然
00:57
that the Internet has problems, very serious problems,
16
42000
3000
也不可否认互联网仍然有许多问题,而且是非常严重的问题
01:00
problems with security
17
45000
3000
安全问题
01:03
and problems with privacy.
18
48000
3000
隐私问题
01:06
I've spent my career
19
51000
2000
我至今的职业生涯
01:08
fighting these problems.
20
53000
3000
都在和这些问题斗争
01:11
So let me show you something.
21
56000
3000
我给大家展示一下
01:15
This here
22
60000
2000
这
01:17
is Brain.
23
62000
2000
是个Brain
01:19
This is a floppy disk
24
64000
2000
这是个软盘
01:21
-- five and a quarter-inch floppy disk
25
66000
2000
--5.25英寸的软盘
01:23
infected by Brain.A.
26
68000
2000
被Brain A 病毒所感染
01:25
It's the first virus we ever found
27
70000
2000
这是我们至今发现的最早的
01:27
for PC computers.
28
72000
2000
个人电脑病毒
01:30
And we actually know
29
75000
2000
我们现在知道
01:32
where Brain came from.
30
77000
2000
它出自何处
01:34
We know because it says so
31
79000
2000
因为它的代码
01:36
inside the code.
32
81000
2000
告诉了我们
01:38
Let's take a look.
33
83000
3000
我们来看一下
01:45
All right.
34
90000
3000
好
01:48
That's the boot sector of an infected floppy,
35
93000
3000
这就是这个被感染软盘的引导区
01:51
and if we take a closer look inside,
36
96000
3000
如果我们仔细观察它的内部
01:54
we'll see that right there,
37
99000
2000
我们会在那里发现,
01:56
it says, "Welcome to the dungeon."
38
101000
4000
它说:“欢迎来到地牢”
02:00
And then it continues,
39
105000
2000
然后它继续提到
02:02
saying, 1986, Basit and Amjad.
40
107000
3000
1986,Basit 和 Amjad
02:05
And Basit and Amjad are first names,
41
110000
3000
Basit和Amjad是名字
02:08
Pakistani first names.
42
113000
2000
巴基斯坦人的名字
02:10
In fact, there's a phone number and an address in Pakistan.
43
115000
3000
事实上,那儿还有个巴基斯坦的电话和地址
02:13
(Laughter)
44
118000
5000
(笑声)
02:18
Now, 1986.
45
123000
3000
1986年
02:21
Now it's 2011.
46
126000
2000
现在是2011年
02:23
That's 25 years ago.
47
128000
2000
那已经是25年前的事情了
02:25
The PC virus problem is 25 years old now.
48
130000
4000
个人电脑病毒现在已经25岁了
02:29
So half a year ago,
49
134000
2000
因此一年半之前
02:31
I decided to go to Pakistan myself.
50
136000
3000
我决定自己去趟巴基斯坦
02:34
So let's see, here's a couple of photos I took while I was in Pakistan.
51
139000
3000
我们看一下,这有一些我在巴基斯坦时照的照片
02:37
This is from the city of Lahore,
52
142000
2000
这是拉合尔城的照片
02:39
which is around 300 kilometers south
53
144000
2000
它位于本·拉登被击毙的
02:41
from Abbottabad, where Bin Laden was caught.
54
146000
3000
阿伯塔巴德以南大约300公里
02:44
Here's a typical street view.
55
149000
3000
这是个当地典型的街景
02:47
And here's the street or road leading to this building,
56
152000
3000
这个是通往Allama Iqbal城 730尼扎姆街区
02:50
which is 730 Nizam block at Allama Iqbal Town.
57
155000
4000
的建筑物的街道
02:54
And I knocked on the door.
58
159000
2000
我敲了敲门
02:56
(Laughter)
59
161000
2000
(笑声)
02:58
You want to guess who opened the door?
60
163000
2000
你想知道谁开的门吗?
03:00
Basit and Amjad; they are still there.
61
165000
2000
就是Basit和Amjad, 他们还在那住着
03:02
(Laughter)
62
167000
2000
(笑声)
03:04
(Applause)
63
169000
4000
(掌声)
03:08
So here standing up is Basit.
64
173000
3000
站着的就是Basit
03:11
Sitting down is his brother Amjad.
65
176000
3000
坐着的是他的兄弟Amjad
03:14
These are the guys who wrote the first PC virus.
66
179000
3000
这就是编写了第一个个人电脑病毒的两个家伙
03:17
Now of course, we had a very interesting discussion.
67
182000
3000
在当下,我们有一个很有趣的讨论
03:20
I asked them why.
68
185000
2000
我问他们为什么
03:22
I asked them how they feel about what they started.
69
187000
3000
我问他们开始的时候是怎么想的
03:25
And I got some sort of satisfaction
70
190000
3000
同时我也得到了一些满足
03:28
from learning that both Basit and Amjad
71
193000
3000
从获悉他们两个
03:31
had had their computers infected dozens of times
72
196000
3000
的电脑这些年来也感染了很多次
03:34
by completely unrelated other viruses
73
199000
2000
完全不相关的
03:36
over these years.
74
201000
2000
其他病毒
03:38
So there is some sort of justice
75
203000
2000
因此说这个世界上毕竟还是
03:40
in the world after all.
76
205000
3000
有几分正义存在的
03:44
Now, the viruses that we used to see
77
209000
2000
如今,上世纪80-90年代之间
03:46
in the 1980s and 1990s
78
211000
2000
出现的病毒
03:48
obviously are not a problem any more.
79
213000
3000
对我们已经明显不是个问题了
03:51
So let me just show you a couple of examples
80
216000
2000
我给大家几个例子
03:53
of what they used to look like.
81
218000
2000
展示它们以前的样子
03:55
What I'm running here
82
220000
2000
我这里打开的是
03:57
is a system that enables me
83
222000
2000
一个让我可以在现代电脑上
03:59
to run age-old programs on a modern computer.
84
224000
3000
运行老程序的系统
04:02
So let me just mount some drives. Go over there.
85
227000
3000
让我来攻击几个驱动器,来到这一步
04:05
What we have here is a list of old viruses.
86
230000
3000
我们现在看到的是一个老病毒的清单
04:08
So let me just run some viruses on my computer.
87
233000
3000
让我在我的电脑上运行几个病毒
04:11
For example,
88
236000
2000
比如说
04:13
let's go with the Centipede virus first.
89
238000
2000
让我先运行一个蜈蚣病毒
04:15
And you can see at the top of the screen,
90
240000
2000
你可以看见在屏幕的上方
04:17
there's a centipede scrolling across your computer
91
242000
2000
有一个类似蜈蚣的滚轴在穿过你的屏幕
04:19
when you get infected by this one.
92
244000
2000
当你的电脑被感染的时候
04:21
You know that you're infected
93
246000
2000
你就知道你的电脑被感染了
04:23
because it actually shows up.
94
248000
2000
因为它就出现了
04:25
Here's another one. This is the virus called Crash,
95
250000
3000
这是另一个 这是一个叫做崩溃的病毒
04:28
invented in Russia in 1992.
96
253000
2000
1992年一个俄罗斯人发明的
04:30
Let me show you one which actually makes some sound.
97
255000
3000
让我给大家展示一个出声音的病毒
04:34
(Siren noise)
98
259000
6000
(警报噪声)
04:40
And the last example,
99
265000
2000
最后一个例子
04:42
guess what the Walker virus does?
100
267000
2000
猜猜Walker病毒什么样
04:44
Yes, there's a guy walking across your screen
101
269000
2000
对,就是有一个家伙走过你的屏幕
04:46
once you get infected.
102
271000
2000
当你的电脑被它感染的时候
04:48
So it used to be fairly easy to know
103
273000
3000
因此它很容易被发现
04:51
that you're infected by a virus,
104
276000
3000
你的电脑被病毒感染的时候
04:54
when the viruses were written by hobbyists
105
279000
2000
当病毒只是被爱好者以及青少年
04:56
and teenagers.
106
281000
2000
编写的时候
04:58
Today, they are no longer being written
107
283000
2000
现在,病毒的编写者已经不再是
05:00
by hobbyists and teenagers.
108
285000
2000
爱好者和青少年了
05:02
Today, viruses are a global problem.
109
287000
3000
如今,病毒已经是个全球问题
05:05
What we have here in the background
110
290000
2000
我们现在这里的背景情况是
05:07
is an example of our systems that we run in our labs,
111
292000
3000
我们在实验室运行了一个系统作为一个案例
05:10
where we track virus infections worldwide.
112
295000
2000
我们用它追踪世界范围内的病毒感染情况
05:12
So we can actually see in real time
113
297000
2000
因此我们可以进行实时关注
05:14
that we've just blocked viruses in Sweden and Taiwan
114
299000
3000
我们已经阻止了在瑞典、台湾
05:17
and Russia and elsewhere.
115
302000
2000
俄罗斯和其他任何地方的病毒
05:19
In fact, if I just connect back to our lab systems
116
304000
3000
事实上,如果我通过网络和我们实验室系统
05:22
through the Web,
117
307000
2000
进行连接
05:24
we can see in real time
118
309000
2000
我们就可以实时看到
05:26
just some kind of idea of how many viruses,
119
311000
3000
每一天会发现多少的病毒
05:29
how many new examples of malware we find every single day.
120
314000
3000
多少的恶意软件的新案例
05:32
Here's the latest virus we've found,
121
317000
2000
这是我们发现的最新的病毒
05:34
in a file called Server.exe.
122
319000
2000
在一个叫做Server.exe的文件内
05:36
And we found it right over here three seconds ago --
123
321000
3000
我们三秒前发现它在那
05:39
the previous one, six seconds ago.
124
324000
2000
之前一个,六秒之前
05:41
And if we just scroll around,
125
326000
3000
如果我们滚动一下
05:44
it's just massive.
126
329000
2000
会发现有很多
05:46
We find tens of thousands, even hundreds of thousands.
127
331000
3000
我们发现数万个,甚至数百万个
05:49
And that's the last 20 minutes of malware
128
334000
3000
那些是最近20分钟的恶意软件
05:52
every single day.
129
337000
2000
每一天都这样
05:54
So where are all these coming from then?
130
339000
3000
那么所有这些都是从哪里来的呢?
05:57
Well today, it's the organized criminal gangs
131
342000
4000
如今,它们都是有组织的犯罪团伙
06:01
writing these viruses
132
346000
2000
编写病毒程序
06:03
because they make money with their viruses.
133
348000
2000
因为他们通过病毒获利
06:05
It's gangs like --
134
350000
2000
它是个团伙--
06:07
let's go to GangstaBucks.com.
135
352000
3000
就像GangstaBucks.com网站一样
06:10
This is a website operating in Moscow
136
355000
3000
这是一个在莫斯科运行的网站
06:13
where these guys are buying infected computers.
137
358000
4000
他们这些家伙购买被感染的电脑
06:17
So if you are a virus writer
138
362000
2000
因此如果你是一个病毒编写者
06:19
and you're capable of infecting Windows computers,
139
364000
2000
并且你有感染Windows系统电脑的能力
06:21
but you don't know what to do with them,
140
366000
2000
但是你不知道怎么处理它们
06:23
you can sell those infected computers --
141
368000
2000
你可以卖掉这些被感染的电脑--
06:25
somebody else's computers -- to these guys.
142
370000
2000
其他人的电脑--卖给那些家伙
06:27
And they'll actually pay you money for those computers.
143
372000
4000
他们会付给你钱买
06:31
So how do these guys then monetize
144
376000
3000
那么这些家伙如何靠这些染上病毒的电脑
06:34
those infected computers?
145
379000
2000
赚钱的呢?
06:36
Well there's multiple different ways,
146
381000
2000
有许多不同的方法
06:38
such as banking trojans, which will steal money from your online banking accounts
147
383000
3000
比如银行木马,它可以从你的在线银行帐号中盗取你的钱
06:41
when you do online banking,
148
386000
3000
当你在线交易的时候
06:44
or keyloggers.
149
389000
3000
或者键盘记录
06:47
Keyloggers silently sit on your computer, hidden from view,
150
392000
4000
键盘记录潜伏在你的计算机中,在视图中隐藏自己
06:51
and they record everything you type.
151
396000
3000
同时它可以记录你键入的所有信息
06:54
So you're sitting on your computer and you're doing Google searches.
152
399000
3000
因此当你坐在电脑旁同时在谷歌上进行搜索时
06:57
Every single Google search you type
153
402000
2000
每一次你键入的搜索词
06:59
is saved and sent to the criminals.
154
404000
3000
都会被保存并且发送到犯罪分子那里
07:02
Every single email you write is saved and sent to the criminals.
155
407000
3000
每一封你写的邮件也会遭受同样的经历
07:05
Same thing with every single password and so on.
156
410000
4000
同样的遭遇还会发生在密码及其他资料上
07:09
But the thing that they're actually looking for most
157
414000
2000
但是他们事实上最想获取的是
07:11
are sessions where you go online
158
416000
2000
你的上网记录
07:13
and do online purchases in any online store.
159
418000
3000
以及在网店进行在线交易的过程
07:16
Because when you do purchases in online stores,
160
421000
2000
因为当你进行网上交易的时候
07:18
you will be typing in your name, the delivery address,
161
423000
3000
你会输入你的姓名,邮寄地址
07:21
your credit card number and the credit card security codes.
162
426000
3000
你的信用卡卡号以及安全码
07:24
And here's an example of a file
163
429000
2000
这里有一个案例
07:26
we found from a server a couple of weeks ago.
164
431000
2000
是我们数星期前在一个服务器上获得的
07:28
That's the credit card number,
165
433000
2000
那是信用卡卡号
07:30
that's the expiration date, that's the security code,
166
435000
2000
这是截至日期,这是安全码
07:32
and that's the name of the owner of the card.
167
437000
2000
这是持卡人姓名
07:34
Once you gain access to other people's credit card information,
168
439000
3000
一旦你获取侵入他人信用卡的信息
07:37
you can just go online and buy whatever you want
169
442000
2000
你就可以在线购买任何你想买的东西
07:39
with this information.
170
444000
3000
用所盗取的信息
07:42
And that, obviously, is a problem.
171
447000
2000
当然,很明显,这是一个问题
07:44
We now have a whole underground marketplace
172
449000
4000
我们现在存在着一整套的地下市场
07:48
and business ecosystem
173
453000
3000
以及商业模式生态系统
07:51
built around online crime.
174
456000
3000
围绕着网上犯罪所设立的
07:54
One example of how these guys
175
459000
2000
有一个例子是说这些家伙
07:56
actually are capable of monetizing their operations:
176
461000
3000
如何运作这个系统赚钱
07:59
we go and have a look at the pages of INTERPOL
177
464000
3000
我们打开看一下国际刑警组织的页面
08:02
and search for wanted persons.
178
467000
2000
然后搜索想找的人
08:04
We find guys like Bjorn Sundin, originally from Sweden,
179
469000
3000
我们找到了比约恩·松丁这个人,来自瑞典
08:07
and his partner in crime,
180
472000
2000
与他的伙伴进行了犯罪
08:09
also listed on the INTERPOL wanted pages,
181
474000
2000
同样在国际刑警组页面上列出了
08:11
Mr. Shaileshkumar Jain,
182
476000
2000
Shaileshkumar Jain
08:13
a U.S. citizen.
183
478000
2000
一名美国公民
08:15
These guys were running an operation called I.M.U.,
184
480000
3000
这些家伙在运作着一个叫做I.M.U.的组织
08:18
a cybercrime operation through which they netted millions.
185
483000
3000
是一个网络犯罪系统,净赚到数百万
08:21
They are both right now on the run.
186
486000
3000
他们现在还都在运作着
08:24
Nobody knows where they are.
187
489000
2000
没人知道他们在哪里
08:26
U.S. officials, just a couple of weeks ago,
188
491000
2000
美国官方,就在数星期前
08:28
froze a Swiss bank account
189
493000
2000
冻结了一个瑞士银行账户
08:30
belonging to Mr. Jain,
190
495000
2000
是属于Jain的
08:32
and that bank account had 14.9 million U.S. dollars on it.
191
497000
4000
账户中有1490万美元
08:36
So the amount of money online crime generates
192
501000
3000
因此说网上犯罪的金额是
08:39
is significant.
193
504000
2000
非常大的
08:41
And that means that the online criminals
194
506000
2000
这就意味着网上犯罪
08:43
can actually afford to invest into their attacks.
195
508000
3000
是可以负担的起他们进行攻击的支出
08:46
We know that online criminals
196
511000
2000
我们知道网上犯罪
08:48
are hiring programmers, hiring testing people,
197
513000
3000
要雇佣程序员,测试人员
08:51
testing their code,
198
516000
2000
测试他们的代码
08:53
having back-end systems with SQL databases.
199
518000
3000
拥有带SQL数据库的后端系统
08:56
And they can afford to watch how we work --
200
521000
3000
同时他们可以监视我们如何工作--
08:59
like how security people work --
201
524000
2000
比如安保人员工作状况--
09:01
and try to work their way around
202
526000
2000
并且尝试解决我们在他们周围
09:03
any security precautions we can build.
203
528000
2000
所部属的各种防范措施
09:05
They also use the global nature of Internet
204
530000
3000
他们还利用互联网的全球性质
09:08
to their advantage.
205
533000
2000
使他们自己有利
09:10
I mean, the Internet is international.
206
535000
2000
我的意思是,互联网是个国际性的
09:12
That's why we call it the Internet.
207
537000
2000
这也是我们为什么称它为国际互联网
09:14
And if you just go and take a look
208
539000
2000
如果你只是去看看
09:16
at what's happening in the online world,
209
541000
3000
在网络世界发生了什么
09:19
here's a video built by Clarified Networks,
210
544000
2000
这里有一个 Clarified Networks 制作的视频
09:21
which illustrates how one single malware family is able to move around the world.
211
546000
4000
说明了一个单一的恶意软件家族是如何在世界各地转移的
09:25
This operation, believed to be originally from Estonia,
212
550000
3000
这个操作系统,被认为是来自爱沙尼亚
09:28
moves around from one country to another
213
553000
2000
会从一个国家转移到另一个国家
09:30
as soon as the website is tried to shut down.
214
555000
2000
只要网站一被关闭
09:32
So you just can't shut these guys down.
215
557000
3000
但你不可能阻止住这些家伙
09:35
They will switch from one country to another,
216
560000
2000
他们会从一个国家转到另一个国家
09:37
from one jurisdiction to another --
217
562000
2000
从一种管辖权转移到另一个
09:39
moving around the world,
218
564000
2000
在全球转移
09:41
using the fact that we don't have the capability
219
566000
2000
利用一个现实,也就是说我们不可能有全球警察
09:43
to globally police operations like this.
220
568000
3000
像他们那样运作
09:46
So the Internet is as if
221
571000
2000
所以说,互联网就像
09:48
someone would have given free plane tickets
222
573000
2000
某人获得了免费机票
09:50
to all the online criminals of the world.
223
575000
3000
可以在世界各地进行网上犯罪
09:53
Now, criminals who weren't capable of reaching us before
224
578000
3000
之前,罪犯是不可能追踪到我们的
09:56
can reach us.
225
581000
2000
现在却可以了
09:58
So how do you actually go around finding online criminals?
226
583000
3000
因此 你如何找到网络犯罪分子?
10:01
How do you actually track them down?
227
586000
2000
你是如何追踪到他们的
10:03
Let me give you an example.
228
588000
2000
我来举个例子
10:05
What we have here is one exploit file.
229
590000
3000
我这里有一个有漏洞的文件
10:08
Here, I'm looking at the Hex dump of an image file,
230
593000
4000
这里,我们看一个十六进制的图像文件
10:12
which contains an exploit.
231
597000
2000
它包含了一个漏洞
10:14
And that basically means, if you're trying to view this image file on your Windows computer,
232
599000
3000
这意味着,如果你试着在你的Windows计算机上打开这个图像文件
10:17
it actually takes over your computer and runs code.
233
602000
3000
它将会接管你的计算机并且运行代码
10:20
Now, if you'll take a look at this image file --
234
605000
3000
现在,如果你看一下这个图像文件--
10:23
well there's the image header,
235
608000
2000
这是图像的开始的部分
10:25
and there the actual code of the attack starts.
236
610000
3000
这是真正开始进行攻击的代码
10:28
And that code has been encrypted,
237
613000
2000
这些代码已经被加密了
10:30
so let's decrypt it.
238
615000
2000
让我们把它们解密
10:32
It has been encrypted with XOR function 97.
239
617000
2000
它用的是XOR函数97进行的加密
10:34
You just have to believe me,
240
619000
2000
你只能相信我
10:36
it is, it is.
241
621000
2000
真是这样的
10:38
And we can go here
242
623000
2000
然后我们就来到这里
10:40
and actually start decrypting it.
243
625000
2000
然后开始解密
10:42
Well the yellow part of the code is now decrypted.
244
627000
2000
密码的黄色部分现在已经被解密了
10:44
And I know, it doesn't really look much different from the original.
245
629000
3000
我知道,它们现在看起来和一开始差不多
10:47
But just keep staring at it.
246
632000
2000
但是请继续看下去
10:49
You'll actually see that down here
247
634000
2000
你会看到下半部分
10:51
you can see a Web address:
248
636000
2000
有一个网址:
10:53
unionseek.com/d/ioo.exe
249
638000
6000
unionseek.com/d/ioo.exe
10:59
And when you view this image on your computer
250
644000
2000
当你在电脑上看这个图像的时候
11:01
it actually is going to download and run that program.
251
646000
2000
它将下载且运行这个程序
11:03
And that's a backdoor which will take over your computer.
252
648000
3000
这是个后门程序,它将接管你的电脑
11:06
But even more interestingly,
253
651000
2000
但是更有趣的是
11:08
if we continue decrypting,
254
653000
2000
如果我们继续解密
11:10
we'll find this mysterious string,
255
655000
2000
我们将发现一串奇怪的
11:12
which says O600KO78RUS.
256
657000
5000
叫做O600KO78RUS的代码
11:17
That code is there underneath the encryption
257
662000
2000
这个代码在加密文件的底部
11:19
as some sort of a signature.
258
664000
2000
就像署名一样
11:21
It's not used for anything.
259
666000
2000
它没有什么实际作用
11:23
And I was looking at that, trying to figure out what it means.
260
668000
3000
当我看到它的时候,我试图找到它的作用
11:26
So obviously I Googled for it.
261
671000
2000
于是我自然的用GOOGLE去搜索了一下
11:28
I got zero hits; wasn't there.
262
673000
2000
我什么也没发现
11:30
So I spoke with the guys at the lab.
263
675000
2000
然后我就跟实验室的其他人说了这个事情
11:32
And we have a couple of Russian guys in our labs,
264
677000
2000
我们实验室有几个俄罗斯的人
11:34
and one of them mentioned,
265
679000
2000
他们其中一个提到
11:36
well, it ends in RUS like Russia.
266
681000
2000
恩,结尾字母RUS可能代表俄罗斯
11:38
And 78 is the city code
267
683000
2000
数字78则代表城市代码
11:40
for the city of St. Petersburg.
268
685000
2000
也就是 圣彼得堡
11:42
For example, you can find it from some phone numbers
269
687000
2000
举个例子,你可以从有些电话号码中发现类似的代码
11:44
and car license plates and stuff like that.
270
689000
3000
或者是在车牌之类的东西上
11:47
So I went looking for contacts in St. Petersburg,
271
692000
3000
于是我就去找它圣彼得堡的关系
11:50
and through a long road,
272
695000
2000
经过长时间的努力
11:52
we eventually found this one particular website.
273
697000
4000
我们最终发现了一个特别的网站
11:56
Here's this Russian guy who's been operating online for a number of years
274
701000
3000
这个网站就是这个俄罗斯人运作的,他已经运作这个私人网站
11:59
who runs his own website,
275
704000
2000
很多年了
12:01
and he runs a blog under the popular Live Journal.
276
706000
3000
他在这个流行的 Journal网站下还有一个博客
12:04
And on this blog, he blogs about his life,
277
709000
2000
在博客里,他记录他的生活
12:06
about his life in St. Petersburg --
278
711000
2000
他在圣彼得堡的生活情况--
12:08
he's in his early 20s --
279
713000
2000
他20出头--
12:10
about his cat,
280
715000
2000
有关他的猫的情况
12:12
about his girlfriend.
281
717000
2000
他的女友
12:14
And he drives a very nice car.
282
719000
2000
而且他还有一辆很好的车
12:16
In fact, this guy drives
283
721000
3000
实际上,这家伙开的是
12:19
a Mercedes-Benz S600
284
724000
2000
一辆奔驰S600
12:21
V12
285
726000
2000
12缸
12:23
with a six-liter engine
286
728000
2000
6升发动机
12:25
with more than 400 horsepower.
287
730000
2000
400多马力
12:27
Now that's a nice car for a 20-something year-old kid in St. Petersburg.
288
732000
4000
对于一个在圣彼得堡20岁出头的孩子来说,这已经是一辆非常好的车了
12:31
How do I know about this car?
289
736000
2000
我是如何了解到这辆车的?
12:33
Because he blogged about the car.
290
738000
2000
因为他的微博提到过
12:35
He actually had a car accident.
291
740000
2000
他还有过一次车祸
12:37
In downtown St. Petersburg,
292
742000
2000
在圣彼得堡的市区
12:39
he actually crashed his car into another car.
293
744000
2000
他开车撞到了另一辆车
12:41
And he put blogged images about the car accident --
294
746000
2000
他把车祸的情况放到了博客上--
12:43
that's his Mercedes --
295
748000
2000
就是那辆奔驰--
12:45
right here is the Lada Samara he crashed into.
296
750000
4000
那就是他撞上的 拉达萨马拉
12:49
And you can actually see that the license plate of the Samara
297
754000
3000
你可以很清楚的看见被撞车的车牌
12:52
ends in 78RUS.
298
757000
2000
以78RUS结尾
12:54
And if you actually take a look at the scene picture,
299
759000
3000
如果你看下现场的照片
12:57
you can see that the plate of the Mercedes
300
762000
2000
你可以看见奔驰车的车牌
12:59
is O600KO78RUS.
301
764000
6000
是O600KO78RUS
13:05
Now I'm not a lawyer,
302
770000
2000
我不是一个律师
13:07
but if I would be,
303
772000
2000
但如果我是的话
13:09
this is where I would say, "I rest my case."
304
774000
3000
看到这我想我会说:“我可以结案了”
13:12
(Laughter)
305
777000
2000
(笑声)
13:14
So what happens when online criminals are caught?
306
779000
3000
那么,当网络罪犯被抓获以后又会怎么样呢?
13:17
Well in most cases it never gets this far.
307
782000
3000
大多数案例都不会获得如此详细的信息
13:20
The vast majority of the online crime cases,
308
785000
2000
绝大多数网络罪犯的情况是
13:22
we don't even know which continent the attacks are coming from.
309
787000
3000
我们甚至不知道他们从哪个大洲发动的攻击
13:25
And even if we are able to find online criminals,
310
790000
3000
即使我们有能力去找到这些网络罪犯
13:28
quite often there is no outcome.
311
793000
2000
大多数情况都不了了之
13:30
The local police don't act, or if they do, there's not enough evidence,
312
795000
3000
地方警察不会有所行动,即使他们实施抓捕,也没有充足的证据
13:33
or for some reason we can't take them down.
313
798000
2000
或者因为一些原因无法抓到罪犯
13:35
I wish it would be easier;
314
800000
2000
我希望事情能简单一些
13:37
unfortunately it isn't.
315
802000
2000
不幸的是,并非如此
13:39
But things are also changing
316
804000
3000
但事情总是在改变
13:42
at a very rapid pace.
317
807000
3000
并且速度非常可观
13:45
You've all heard about things like Stuxnet.
318
810000
3000
大家应该都已经听说过Stuxnet震网病毒 的事情了
13:48
So if you look at what Stuxnet did
319
813000
3000
如果你看看Stuxnet震网病毒 的作为
13:51
is that it infected these.
320
816000
2000
它感染了这些
13:53
That's a Siemens S7-400 PLC,
321
818000
3000
那是一台西门子S7-400 PLC
13:56
programmable logic [controller].
322
821000
2000
可编程逻辑控制器
13:58
And this is what runs our infrastructure.
323
823000
3000
它用于我们的基础设施中
14:01
This is what runs everything around us.
324
826000
3000
它用于周遭的一切东西中
14:04
PLC's, these small boxes which have no display,
325
829000
3000
它是这些小盒子,没有显示器
14:07
no keyboard,
326
832000
2000
没有键盘
14:09
which are programmed, are put in place, and they do their job.
327
834000
2000
程式化的,被放到需要的地方后便自动工作
14:11
For example, the elevators in this building
328
836000
2000
举个例子,这栋建筑的电梯
14:13
most likely are controlled by one of these.
329
838000
4000
很有可能就是被这套装置所控制
14:17
And when Stuxnet infects one of these,
330
842000
3000
因此当Stuxnet震网病毒 侵入到它们之中
14:20
that's a massive revolution
331
845000
2000
就会造成我们不得不担心的
14:22
on the kinds of risks we have to worry about.
332
847000
3000
各种风险的重大变革
14:25
Because everything around us is being run by these.
333
850000
3000
因为我们周边的一切都被这种病毒所接管
14:28
I mean, we have critical infrastructure.
334
853000
2000
我的意思是,我们有一些关键性的设施
14:30
You go to any factory, any power plant,
335
855000
3000
你去看任何一个工厂,电站
14:33
any chemical plant, any food processing plant,
336
858000
2000
化学设备,食品制造设备
14:35
you look around --
337
860000
2000
你看看周遭--
14:37
everything is being run by computers.
338
862000
2000
一切都是依靠电脑运行的
14:39
Everything is being run by computers.
339
864000
2000
一切都是依靠电脑运行的
14:41
Everything is reliant on these computers working.
340
866000
3000
一切都是依赖电脑才能工作
14:44
We have become very reliant
341
869000
3000
我们已经变得非常依赖
14:47
on Internet,
342
872000
2000
网络
14:49
on basic things like electricity, obviously,
343
874000
3000
依赖基础资源例如电力,这是很明显的
14:52
on computers working.
344
877000
2000
依赖电脑工作
14:54
And this really is something
345
879000
2000
这就是些
14:56
which creates completely new problems for us.
346
881000
2000
对我们来说全新的问题
14:58
We must have some way
347
883000
2000
我们必须找到其他的途径
15:00
of continuing to work
348
885000
2000
来继续工作
15:02
even if computers fail.
349
887000
3000
即使在电脑不能运行的情况下
15:12
(Laughter)
350
897000
2000
(笑声)
15:14
(Applause)
351
899000
10000
(掌声)
15:24
So preparedness means that we can do stuff
352
909000
3000
应此,有备无患意味着即使我们认为理所当然
15:27
even when the things we take for granted
353
912000
2000
的事情发生了意料之外的改变,我们仍然可以
15:29
aren't there.
354
914000
2000
照常工作
15:31
It's actually very basic stuff --
355
916000
2000
这其实是基本常识--
15:33
thinking about continuity, thinking about backups,
356
918000
3000
要考虑到持续性,后备方案
15:36
thinking about the things that actually matter.
357
921000
3000
以及真正至关重要的问题
15:39
Now I told you --
358
924000
3000
我把这些都告诉你们了--
15:42
(Laughter)
359
927000
2000
(笑声)
15:44
I love the Internet. I do.
360
929000
4000
我真的很爱网络
15:48
Think about all the services we have online.
361
933000
3000
想想那些我们通过网络得到的服务
15:51
Think about if they are taken away from you,
362
936000
3000
想想如果把它们从你身边拿走
15:54
if one day you don't actually have them
363
939000
2000
如果有一天因为这样或那样的原因
15:56
for some reason or another.
364
941000
2000
你真的失去了它们
15:58
I see beauty in the future of the Internet,
365
943000
3000
我看到了网络美好的未来
16:01
but I'm worried
366
946000
2000
但是我同样担心
16:03
that we might not see that.
367
948000
2000
我们可能看不到它
16:05
I'm worried that we are running into problems
368
950000
2000
我担心我们正在因为网络犯罪的原因
16:07
because of online crime.
369
952000
2000
陷入到问题之中
16:09
Online crime is the one thing
370
954000
2000
网络犯罪是一个可能把
16:11
that might take these things away from us.
371
956000
2000
这些美好的事物从我们身边夺走的原因之一
16:13
(Laughter)
372
958000
3000
(笑声)
16:16
I've spent my life
373
961000
2000
我用尽我的一生
16:18
defending the Net,
374
963000
3000
去保卫网络
16:21
and I do feel that if we don't fight online crime,
375
966000
3000
我真正的感觉到如果我们不对抗网络犯罪
16:24
we are running a risk of losing it all.
376
969000
4000
我们将走向一条失去一切的不归之路
16:28
We have to do this globally,
377
973000
3000
我们必须全球联手
16:31
and we have to do it right now.
378
976000
3000
且刻不容缓
16:34
What we need
379
979000
2000
我们需要的
16:36
is more global, international law enforcement work
380
981000
3000
是更加全球化,国际性法规强制性的
16:39
to find online criminal gangs --
381
984000
2000
抓捕网络罪犯
16:41
these organized gangs
382
986000
2000
这些有组织的
16:43
that are making millions out of their attacks.
383
988000
2000
从攻击中创造百万利润的罪犯们
16:45
That's much more important
384
990000
2000
这要比研发反病毒软件
16:47
than running anti-viruses or running firewalls.
385
992000
2000
研发防火墙要重要的多
16:49
What actually matters
386
994000
2000
真正重要的是
16:51
is actually finding the people behind these attacks,
387
996000
2000
找到在这些攻击的幕后指使者
16:53
and even more importantly,
388
998000
2000
更重要的是
16:55
we have to find the people
389
1000000
2000
我们必须要找出
16:57
who are about to become
390
1002000
2000
将要成为网络犯罪世界
16:59
part of this online world of crime,
391
1004000
2000
其中一部分
17:01
but haven't yet done it.
392
1006000
2000
但是还没有那样做的人
17:03
We have to find the people with the skills,
393
1008000
3000
我们要发现有才之人
17:06
but without the opportunities
394
1011000
2000
只是怀才不遇
17:08
and give them the opportunities
395
1013000
2000
并且给他们机会
17:10
to use their skills for good.
396
1015000
3000
让他们的才能为我们所用
17:13
Thank you very much.
397
1018000
2000
非常感谢
17:15
(Applause)
398
1020000
13000
(掌声)
ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expertAs computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?
Why you should listen
The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.
As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."
Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?
Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.
See the full documentary on the search for the Brain virus.
Mikko Hypponen | Speaker | TED.com