ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com
TEDxBrussels

Mikko Hypponen: Three types of online attack

米科·哈普宁(Mikko Hypponen) :在线攻击的三种类型

Filmed:
1,057,532 views

网络犯罪专家米科·哈普宁给我们讲述威胁我们隐私和资料的三类在线攻击—只有两种被看为犯罪。 “我们是不是盲目相信未来的政府?因为,我们失去的任何权利,就永远地失去了。”
- Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio

Double-click the English transcript below to play the video.

00:20
In the 1980s
0
5000
3000
20世纪80年代
00:23
in the communist共产 Eastern Germany德国,
1
8000
3000
在共产主义的东德,
00:26
if you owned拥有的 a typewriter打字机,
2
11000
4000
如果你有一台打字机,
00:30
you had to register寄存器 it with the government政府.
3
15000
2000
你就得去跟政府登记。
00:32
You had to register寄存器
4
17000
2000
你必须登记
00:34
a sample样品 sheet of text文本
5
19000
2000
出自那台打字机的
00:36
out of the typewriter打字机.
6
21000
2000
一份文本的样本。
00:38
And this was doneDONE
7
23000
2000
这样做后,
00:40
so the government政府 could track跟踪 where text文本 was coming未来 from.
8
25000
3000
政府就能跟踪文本出自何方。
00:43
If they found发现 a paper
9
28000
3000
如果他们发现一张纸上
00:46
which哪一个 had the wrong错误 kind of thought,
10
31000
3000
写着错误的观点,
00:49
they could track跟踪 down
11
34000
2000
他们就能跟踪
00:51
who created创建 that thought.
12
36000
2000
是谁产生这样的观点。
00:53
And we in the West西
13
38000
3000
而在西方
00:56
couldn't不能 understand理解 how anybody任何人 could do this,
14
41000
3000
我们不能理解有人怎么能做这种事,
00:59
how much this would restrict限制 freedom自由 of speech言语.
15
44000
3000
这将会多么限制言论自由啊。
01:02
We would never do that
16
47000
2000
我们永远不会在我们自己的国家
01:04
in our own拥有 countries国家.
17
49000
3000
里这样做。
01:07
But today今天 in 2011,
18
52000
3000
可是,2011年的今天,
01:10
if you go and buy购买 a color颜色 laser激光 printer打印机
19
55000
4000
如果你从任何一家大型的激光打印机厂商
01:14
from any major重大的 laser激光 printer打印机 manufacturer生产厂家
20
59000
3000
买一台彩色激光打印机
01:17
and print打印 a page,
21
62000
2000
打印出一页,
01:19
that page will end结束 up
22
64000
2000
这页纸最后
01:21
having slight轻微 yellow黄色 dots
23
66000
3000
会有一些小黄点
01:24
printed印刷的 on every一切 single page
24
69000
2000
印在每一页上
01:26
in a pattern模式 which哪一个 makes品牌 the page unique独特
25
71000
3000
图案让这页纸是独特
01:29
to you and to your printer打印机.
26
74000
4000
对你和你的打印机都是。
01:33
This is happening事件
27
78000
2000
这就是今天
01:35
to us today今天.
28
80000
3000
发生在我们身上的。
01:38
And nobody没有人 seems似乎 to be making制造 a fuss小题大作 about it.
29
83000
4000
似乎没有人为此大惊小怪。
01:42
And this is an example
30
87000
3000
这是个
01:45
of the ways方法
31
90000
2000
展示
01:47
that our own拥有 governments政府
32
92000
3000
我们的政府
01:50
are using运用 technology技术
33
95000
2000
使用科技
01:52
against反对 us, the citizens公民.
34
97000
4000
来对付我们这些公民们的例子。
01:56
And this is one of the main主要 three sources来源
35
101000
3000
这是今天网络问题的
01:59
of online线上 problems问题 today今天.
36
104000
2000
三大来源之一。
02:01
If we take a look at what's really happening事件 in the online线上 world世界,
37
106000
3000
如果我们看一下在线世界到底发生了什么,
02:04
we can group the attacks攻击 based基于 on the attackers攻击者.
38
109000
3000
我们根据攻击者来分组。
02:07
We have three main主要 groups.
39
112000
2000
我们有三个主要的组。
02:09
We have online线上 criminals罪犯.
40
114000
2000
我们有在线罪犯。
02:11
Like here, we have Mr先生. Dimitry迪米特里 GolubovGolubov
41
116000
2000
这里,我们有位德米特里 戈卢博夫(Dimitry Golubov)先生
02:13
from the city of Kiev基辅 in Ukraine乌克兰.
42
118000
2000
来自乌克兰的基辅市。
02:15
And the motives动机 of online线上 criminals罪犯
43
120000
3000
在线罪犯的动机
02:18
are very easy简单 to understand理解.
44
123000
2000
非常容易理解。
02:20
These guys make money.
45
125000
2000
这些家伙为了赚钱。
02:22
They use online线上 attacks攻击
46
127000
2000
他们通过在线攻击
02:24
to make lots of money,
47
129000
2000
赚很多钱,
02:26
and lots and lots of it.
48
131000
2000
很多很多钱。
02:28
We actually其实 have several一些 cases
49
133000
2000
我们实际上有好几个案子
02:30
of millionaires百万富翁 online线上, multimillionaires千万富翁,
50
135000
3000
都是在线百万富翁,千万富翁,
02:33
who made制作 money with their attacks攻击.
51
138000
2000
都是通过在线攻击赚的。
02:35
Here's这里的 Vladimir弗拉基米尔 TsastsinTsastsin form形成 Tartu塔尔图 in Estonia爱沙尼亚.
52
140000
3000
这里还有来自爱沙尼亚的塔尔图的弗拉基米尔·莎斯森。
02:38
This is Alfred阿尔弗雷德 Gonzalez冈萨雷斯.
53
143000
2000
这位是阿尔弗雷德·冈萨雷斯(Alfred Gonzalez)。
02:40
This is Stephen斯蒂芬 Watt.
54
145000
2000
这是斯蒂芬·瓦特 (Stephen Watt)
02:42
This is Bjorn比约恩 Sundin桑丁.
55
147000
2000
这是比昂·松丁(Bjorn Sundin)
02:44
This is Matthew马修 Anderson安德森, Tariq塔里克 Al-Daour铝Daour
56
149000
3000
这是马修·安德森( Matthew Anderson),塔利克·阿尔杜(Tariq Al-Daour)
02:47
and so on and so on.
57
152000
2000
等等等等。
02:49
These guys
58
154000
2000
这些人
02:51
make their fortunes命运 online线上,
59
156000
2000
在线挣了很多钱,
02:53
but they make it through通过 the illegal非法 means手段
60
158000
3000
但他们挣的钱是非法的
02:56
of using运用 things like banking银行业 trojans木马
61
161000
2000
通过使用类似银行木马
02:58
to steal money from our bank银行 accounts账户
62
163000
2000
从我们账户偷钱
03:00
while we do online线上 banking银行业,
63
165000
2000
当我们在网上进行银行业务,
03:02
or with keyloggers键盘记录器
64
167000
2000
或者使用键盘记录
03:04
to collect搜集 our credit信用 card information信息
65
169000
3000
来收集我们的信用卡信息
03:07
while we are doing online线上 shopping购物 from an infected感染 computer电脑.
66
172000
3000
当我们通过被感染的电脑来在线购物的时候。
03:10
The U.S. Secret秘密 Service服务,
67
175000
2000
美国情报局,
03:12
two months个月 ago,
68
177000
2000
两个月前,
03:14
froze冻结 the Swiss瑞士人 bank银行 account帐户
69
179000
2000
冻结了萨姆 杰恩先生
03:16
of Mr先生. Sam山姆 Jain耆那教 right here,
70
181000
2000
在瑞士的银行账户,
03:18
and that bank银行 account帐户 had 14.9 million百万 U.S. dollars美元 on it
71
183000
3000
那个账户冻结的时候
03:21
when it was frozen冻结的.
72
186000
2000
帐上有一千四百九十万美金。
03:23
Mr先生. Jain耆那教 himself他自己 is on the loose疏松;
73
188000
2000
杰恩先生本人仍逍遥法外;
03:25
nobody没有人 knows知道 where he is.
74
190000
3000
没人知道他在哪。
03:28
And I claim要求 it's already已经 today今天
75
193000
3000
今天我断言
03:31
that it's more likely容易 for any of us
76
196000
3000
我们当中的任何一位都有可能
03:34
to become成为 the victim受害者 of a crime犯罪 online线上
77
199000
3000
成为在线犯罪的受害者
03:37
than here in the real真实 world世界.
78
202000
3000
甚至超越现实世界。
03:40
And it's very obvious明显
79
205000
2000
而且很显然
03:42
that this is only going to get worse更差.
80
207000
2000
这种情况越来越糟。
03:44
In the future未来, the majority多数 of crime犯罪
81
209000
2000
将来,大多数的犯罪
03:46
will be happening事件 online线上.
82
211000
3000
会发生在线上。
03:50
The second第二 major重大的 group of attackers攻击者
83
215000
2000
第二类主要的攻击集团
03:52
that we are watching观看 today今天
84
217000
2000
我们今天观察的
03:54
are not motivated动机 by money.
85
219000
2000
不是出于金钱。
03:56
They're motivated动机 by something else其他 --
86
221000
2000
他们的动机源于别处 --
03:58
motivated动机 by protests抗议,
87
223000
2000
出于抗议,
04:00
motivated动机 by an opinion意见,
88
225000
2000
出于发表意见,
04:02
motivated动机 by the laughs.
89
227000
3000
出于被嘲笑过。
04:05
Groups like Anonymous匿名
90
230000
2000
这些匿名集团
04:07
have risen上升 up over the last 12 months个月
91
232000
3000
在过去的12个月中很活跃
04:10
and have become成为 a major重大的 player播放机
92
235000
2000
并且变成了在线攻击领域的
04:12
in the field领域 of online线上 attacks攻击.
93
237000
3000
主要的参与者
04:15
So those are the three main主要 attackers攻击者:
94
240000
2000
这些就是三组主要的攻击者:
04:17
criminals罪犯 who do it for the money,
95
242000
2000
为了钱的罪犯,
04:19
hacktivists黑客行动主义者 like Anonymous匿名
96
244000
3000
匿名的攻击活跃者
04:22
doing it for the protest抗议,
97
247000
2000
为了抗议而作的,
04:24
but then the last group are nation国家 states状态,
98
249000
3000
而最后一组是民族国家,
04:27
governments政府 doing the attacks攻击.
99
252000
3000
政府在攻击。
04:31
And then we look at cases
100
256000
2000
我们看一下例子
04:33
like what happened发生 in DigiNotarDigiNotar.
101
258000
2000
就像DigiNotar公司发生的。
04:35
This is a prime主要 example of what happens发生
102
260000
2000
这是政府攻击的
04:37
when governments政府 attack攻击
103
262000
2000
典型例子
04:39
against反对 their own拥有 citizens公民.
104
264000
2000
来反对自己的民众。
04:41
DigiNotarDigiNotar is a Certificate证书 Authority权威
105
266000
3000
DigiNotar是荷兰的
04:44
from The Netherlands荷兰 --
106
269000
2000
一个权威证书
04:46
or actually其实, it was.
107
271000
2000
或者说它曾经是。
04:48
It was running赛跑 into bankruptcy破产
108
273000
2000
它去年秋天遭遇
04:50
last fall秋季
109
275000
3000
破产
04:53
because they were hacked砍死 into.
110
278000
2000
因为他们遭到入侵。
04:55
Somebody broke打破 in
111
280000
2000
有人闯进去
04:57
and they hacked砍死 it thoroughly.
112
282000
3000
彻底毁了它。
05:00
And I asked last week
113
285000
2000
我上周
05:02
in a meeting会议 with Dutch荷兰人 government政府 representatives代表,
114
287000
4000
在与荷兰政府代表开会时问过,
05:06
I asked one of the leaders领导者 of the team球队
115
291000
5000
我问一位领导
05:11
whether是否 he found发现 plausible似是而非
116
296000
3000
是否他发现有可能
05:14
that people died死亡
117
299000
3000
有人会
05:17
because of the DigiNotarDigiNotar hack.
118
302000
3000
因为Diginotar攻击而死亡。
05:20
And his answer回答 was yes.
119
305000
5000
他的回答是肯定的。
05:25
So how do people die
120
310000
2000
那么,究竟如何人们的死亡
05:27
as the result结果 of a hack like this?
121
312000
3000
归咎于这样一个攻击呢?
05:30
Well DigiNotarDigiNotar is a C.A.
122
315000
2000
DigiNotar是一个权威证书。
05:32
They sell certificates证书.
123
317000
2000
他们卖证书。
05:34
What do you do with certificates证书?
124
319000
2000
你用证书做什么?
05:36
Well you need a certificate证书
125
321000
2000
你需要证书的情况会是
05:38
if you have a website网站 that has httpsHTTPS,
126
323000
2000
你有一个有https的网站,
05:40
SSLSSL encrypted加密 services服务,
127
325000
3000
SSL加密服务,
05:43
services服务 like GmailGmail的.
128
328000
3000
类似Gmail的服务。
05:46
Now we all, or a big part部分 of us,
129
331000
2000
当今我们所有人或大部分人,
05:48
use GmailGmail的 or one of their competitors竞争对手,
130
333000
2000
使用Gmail或它对手们中的任何一家,
05:50
but these services服务 are especially特别 popular流行
131
335000
2000
这些服务在极权主义国家
05:52
in totalitarian极权主义 states状态
132
337000
2000
尤其流行
05:54
like Iran伊朗,
133
339000
2000
比如伊朗,
05:56
where dissidents持不同政见者
134
341000
2000
持异议者
05:58
use foreign国外 services服务 like GmailGmail的
135
343000
3000
使用诸如Gmail的国外服务
06:01
because they know they are more trustworthy可靠 than the local本地 services服务
136
346000
3000
因为他们知道这些比当地的服务更可靠
06:04
and they are encrypted加密 over SSLSSL connections连接,
137
349000
3000
他们通过SSL的连接加密,
06:07
so the local本地 government政府 can't snoop窥探
138
352000
2000
所以当地政府窥探不到
06:09
on their discussions讨论.
139
354000
2000
他们的讨论。
06:11
Except they can if they hack into a foreign国外 C.A.
140
356000
3000
他们也能,如果他们攻击了一个国外权威证书,
06:14
and issue问题 rogue流氓 certificates证书.
141
359000
2000
出具伪劣证书。
06:16
And this is exactly究竟 what happened发生
142
361000
2000
这恰恰就是发生在
06:18
with the case案件 of DigiNotarDigiNotar.
143
363000
3000
DigiNotar的案子中。
06:24
What about Arab阿拉伯 Spring弹簧
144
369000
2000
阿拉伯跳是怎么回事?
06:26
and things that have been happening事件, for example, in Egypt埃及?
145
371000
3000
比如说在埃及发生的那些事?
06:29
Well in Egypt埃及,
146
374000
2000
在埃及,
06:31
the rioters暴徒 looted洗劫一空 the headquarters司令部
147
376000
2000
暴徒们洗劫了
06:33
of the Egyptian埃及人 secret秘密 police警察
148
378000
2000
埃及秘密警察的总部
06:35
in April四月 2011,
149
380000
2000
那是2011年4月,
06:37
and when they were looting抢劫 the building建造 they found发现 lots of papers文件.
150
382000
3000
他们洗劫时找到很多文件。
06:40
Among其中 those papers文件,
151
385000
2000
在这些文件中,
06:42
was this binder粘合剂 entitled标题 "FINFISHERFINFISHER."
152
387000
2000
有一个名叫FINFISHER的夹子。
06:44
And within that binder粘合剂 were notes笔记
153
389000
3000
夹子中有些笔记
06:47
from a company公司 based基于 in Germany德国
154
392000
2000
是来自一家德国公司
06:49
which哪一个 had sold出售 the Egyptian埃及人 government政府
155
394000
3000
这家公司卖给埃及政府
06:52
a set of tools工具
156
397000
2000
一套工具
06:54
for intercepting拦截 --
157
399000
2000
用来截取--
06:56
and in very large scale规模 --
158
401000
2000
很大比例是
06:58
all the communication通讯 of the citizens公民 of the country国家.
159
403000
2000
国家公众的所有通信。
07:00
They had sold出售 this tool工具
160
405000
2000
他们把这套工具
07:02
for 280,000 Euros欧元 to the Egyptian埃及人 government政府.
161
407000
3000
以28万欧元卖给埃及政府。
07:05
The company公司 headquarters司令部 are right here.
162
410000
3000
公司的总部就在那里。
07:08
So Western西 governments政府
163
413000
2000
所以,西方政府
07:10
are providing提供 totalitarian极权主义 governments政府 with tools工具
164
415000
3000
给极权政府提供工具
07:13
to do this against反对 their own拥有 citizens公民.
165
418000
3000
来反对他们自己的民众。
07:16
But Western西 governments政府 are doing it to themselves他们自己 as well.
166
421000
3000
但西方政府也同样对他们自己这样做。
07:19
For example, in Germany德国,
167
424000
2000
比如,在德国,
07:21
just a couple一对 of weeks ago
168
426000
2000
就是几周前
07:23
the so-called所谓 State Trojan木马 was found发现,
169
428000
3000
发现一个叫Scuinst Trojan 的
07:26
which哪一个 was a trojan木马
170
431000
2000
木马病毒
07:28
used by German德语 government政府 officials官员
171
433000
2000
被德国政府官方用来
07:30
to investigate调查 their own拥有 citizens公民.
172
435000
2000
调查他们自己的民众。
07:32
If you are a suspect疑似 in a criminal刑事 case案件,
173
437000
4000
如果你是一宗刑事案件的嫌疑,
07:36
well it's pretty漂亮 obvious明显, your phone电话 will be tapped窃听.
174
441000
2000
很显然,你的电话会被监听。
07:38
But today今天, it goes beyond that.
175
443000
2000
可是今天,事情已经超越了。
07:40
They will tap龙头 your Internet互联网 connection连接.
176
445000
2000
他们会监视你的网络连接。
07:42
They will even use tools工具 like State Trojan木马
177
447000
3000
他们会用类似Scuinst Trojan的工具
07:45
to infect感染 your computer电脑 with a trojan木马,
178
450000
3000
用一个木马来感染你的电脑,
07:48
which哪一个 enables使 them
179
453000
2000
这样就让他们
07:50
to watch all your communication通讯,
180
455000
2000
监视你所有的通信,
07:52
to listen to your online线上 discussions讨论,
181
457000
3000
监听你的在线讨论,
07:55
to collect搜集 your passwords密码.
182
460000
3000
收集你的密码。
08:01
Now when we think deeper更深
183
466000
2000
当我们更深的想一下
08:03
about things like these,
184
468000
3000
这些事情,
08:06
the obvious明显 response响应 from people should be
185
471000
5000
人们的反应显然应是
08:11
that, "Okay, that sounds声音 bad,
186
476000
3000
“对啊,听起来很糟糕,
08:14
but that doesn't really affect影响 me because I'm a legal法律 citizen公民.
187
479000
3000
但因为我是合法公民,也不会真正影响我啦。
08:17
Why should I worry担心?
188
482000
2000
为什么我要担忧呢?
08:19
Because I have nothing to hide隐藏."
189
484000
3000
我没有什么可隐藏的。”
08:22
And this is an argument论据,
190
487000
2000
这就是争论所在,
08:24
which哪一个 doesn't make sense.
191
489000
2000
没什么道理。
08:26
Privacy隐私 is implied默示.
192
491000
3000
隐私是不言而喻。
08:29
Privacy隐私 is not up for discussion讨论.
193
494000
5000
隐私用不着讨论。
08:34
This is not a question
194
499000
2000
这不是个
08:36
between之间 privacy隐私
195
501000
4000
隐私
08:40
against反对 security安全.
196
505000
3000
反对安全的问题。
08:43
It's a question of freedom自由
197
508000
3000
而是一个
08:46
against反对 control控制.
198
511000
3000
自由反对管制的问题。
08:49
And while we might威力 trust相信 our governments政府
199
514000
4000
我们2011年的当下
08:53
right now, right here in 2011,
200
518000
3000
会信任我们的政府,
08:56
any right we give away will be given特定 away for good.
201
521000
3000
我们放弃的任何权力会永远失去。
08:59
And do we trust相信, do we blindly盲目地 trust相信,
202
524000
3000
我们会不会信任未来的政府,
09:02
any future未来 government政府,
203
527000
2000
盲目地信任,
09:04
a government政府 we might威力 have
204
529000
2000
一个50年后的
09:06
50 years年份 from now?
205
531000
2000
政府呢?
09:10
And these are the questions问题
206
535000
3000
这些就是我们要为下一个50年
09:13
that we have to worry担心 about for the next下一个 50 years年份.
207
538000
3000
而担忧的问题。
Translated by Emma Zhao
Reviewed by Felix Chen

▲Back to top

ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com

Data provided by TED.

This site was created in May 2015 and the last update was on January 12, 2020. It will no longer be updated.

We are currently creating a new site called "eng.lish.video" and would be grateful if you could access it.

If you have any questions or suggestions, please feel free to write comments in your language on the contact form.

Privacy Policy

Developer's Blog

Buy Me A Coffee