TEDxColumbus
Chris Domas: The 1s and 0s behind cyber warfare
克里斯.杜马斯: 网络战争背后的1和0
Filmed:
Readability: 4
1,109,814 views
克里斯.杜马斯是网络安全研究员,在一场全新的战争——网络——前线工作,在这个引人入胜的演讲里,他向我们展示研究人员是怎样运用图像识别和反向引擎(几个不眠夜的成果)来理解目的和内容未知的二进制的代码数据块。
Chris Domas - Cybersecurity researcher
Chris Domas is an embedded systems engineer and cybersecurity researcher. Full bio
Chris Domas is an embedded systems engineer and cybersecurity researcher. Full bio
Double-click the English transcript below to play the video.
00:12
This is a lot of ones and zeros.
0
770
2262
这儿有许多1和许多0。
00:15
It's what we call binary information.
1
3032
3099
这就是我们所说的二进制信息。
00:18
This is how computers talk.
2
6131
1442
这是计算机所使用的语言。
00:19
It's how they store information.
3
7573
1929
这是计算机存储信息的方式。
00:21
It's how computers think.
4
9502
1626
这是计算机的思考方式,
00:23
It's how computers do
5
11128
1619
计算机通过这些0和1来做所有它们能做的事情。
00:24
everything it is that computers do.
6
12747
2382
我是一名网络安全的研究人员,
00:27
I'm a cybersecurity researcher,
7
15129
2047
00:29
which means my job is to sit
down with this information
down with this information
8
17176
2070
这意味着,我的工作就是坐下跟这种信息打交道,
00:31
and try to make sense of it,
9
19246
1684
试着让这些0和1变得有意义,
00:32
to try to understand what all
the ones and zeroes mean.
the ones and zeroes mean.
10
20930
2753
试着去理解这些0和1的意思。
00:35
Unfortunately for me, we're not just talking
11
23683
1843
对我来说,不幸的是,我们并不只是说
00:37
about the ones and zeros
I have on the screen here.
I have on the screen here.
12
25526
2234
屏幕上的这些0和1。
00:39
We're not just talking about a
few pages of ones and zeros.
few pages of ones and zeros.
13
27760
2683
我们并不是说几页的0和1。
00:42
We're talking about billions and billions
14
30443
2609
我们会讨论多达数十亿的0和1,
00:45
of ones and zeros,
15
33052
1333
00:46
more than anyone could possibly comprehend.
16
34385
2641
多到任何人都无法理解的程度。
00:49
Now, as exciting as that sounds,
17
37026
1859
现在,就像听起来得这么令人兴奋,
00:50
when I first started doing cyber —
18
38885
2492
当我开始做网络的工作时——
(笑声)——
00:53
(Laughter) —
19
41377
1743
00:55
when I first started doing cyber, I wasn't sure
20
43120
2003
当我开始做网络的时候,
00:57
that sifting through ones and zeros
21
45123
1473
我不确定探索0和1是我余生想做的事,
00:58
was what I wanted to do with the rest of my life,
22
46596
2294
因为在我的脑海里,
01:00
because in my mind, cyber
23
48890
2020
“信息技术”就是不让病毒感染我奶奶的电脑,
01:02
was keeping viruses off of my grandma's computer,
24
50910
3681
01:06
it was keeping people's Myspace
pages from being hacked,
pages from being hacked,
25
54591
3348
让"My Space"(聚友,社交网站)主页不被入侵,
01:09
and maybe, maybe on my most glorious day,
26
57939
2185
也许,也许在我最光荣的那一天,
01:12
it was keeping someone's credit
card information from being stolen.
card information from being stolen.
27
60124
3751
防止人们的信用卡信息遭到窃取,
01:15
Those are important things,
28
63875
1363
那些确实是重要的事情,
01:17
but that's not how I wanted to spend my life.
29
65238
2758
但那并不是我打算尽我一生来做的事情。
01:19
But after 30 minutes of work
30
67996
1934
但是作为一个网络防卫服务者,工作了30分钟后,
01:21
as a defense contractor,
31
69930
1353
01:23
I soon found out that my idea of cyber
32
71283
2790
我就发现我对于网络的看法有失偏颇。
01:26
was a little bit off.
33
74073
1869
01:27
In fact, in terms of national security,
34
75942
1945
事实上,在国家安全的意义上说,
01:29
keeping viruses off of my grandma's computer
35
77887
2071
使我奶奶的电脑远离病毒的工作优先级是非常低的。
01:31
was surprisingly low on their priority list.
36
79958
3186
01:35
And the reason for that is cyber
37
83144
1301
网络的意义远远大于任何像这样的事情。
01:36
is so much bigger than any one of those things.
38
84445
3793
01:40
Cyber is an integral part of all of our lives,
39
88238
2825
网络遍布于生活的每个角落,
01:43
because computers are an
integral part of all of our lives,
integral part of all of our lives,
40
91063
3060
因为电脑融入了生活的方方面面,
01:46
even if you don't own a computer.
41
94123
1952
即使你没有电脑。
01:48
Computers control everything in your car,
42
96075
2646
计算机控制着你车里所有的东西,
01:50
from your GPS to your airbags.
43
98721
1880
从你的GPS到你的安全气囊。
01:52
They control your phone.
44
100601
1316
它们控制你的手机。
01:53
They're the reason you can call 911
45
101917
1171
正因为有它们,你才能拨打911和其它人连线。
01:55
and get someone on the other line.
46
103088
1796
01:56
They control our nation's entire infrastructure.
47
104884
2794
它们控制着我们国家的全部基础设施。
01:59
They're the reason you have electricity,
48
107678
1676
是它们让你能用电,暖气,清洁的水,食物。
02:01
heat, clean water, food.
49
109354
2338
02:03
Computers control our military equipment,
50
111692
1901
计算机也控制着我们的军事设备,
02:05
everything from missile silos to satellites
51
113593
1677
从导弹筒仓到卫星,
02:07
to nuclear defense networks.
52
115270
3914
到核防御网络。
02:11
All of these things are made possible
53
119184
1989
这些东西都因为电脑的存在而变得可能。
02:13
because of computers,
54
121173
1416
02:14
and therefore because of cyber,
55
122589
1983
因此,因为网络的存在,
02:16
and when something goes wrong,
56
124572
1504
当某些事情出故障时,
02:18
cyber can make all of these things impossible.
57
126076
3118
网络会让所有的这些故障不复存在。
02:21
But that's where I step in.
58
129194
1585
这恰恰是我所踏入的领域。
02:22
A big part of my job is defending all of these things,
59
130779
2940
我工作中很重要的一部分就是保护这些东西,
02:25
keeping them working,
60
133719
1662
让它们正常工作。
02:27
but once in a while, part of my
job is to break one of these things,
job is to break one of these things,
61
135381
2328
但某些时候,破坏这些东西也是我工作的一部分。
02:29
because cyber isn't just about defense,
62
137709
2396
因为网络并不仅仅是防御,
02:32
it's also about offense.
63
140105
2273
网络也意味着进攻。
02:34
We're entering an age where we talk about
64
142378
1576
我们正在进入我们所说的
02:35
cyberweapons.
65
143954
1461
网络武器时代。
02:37
In fact, so great is the potential for cyber offense
66
145415
3135
实际上,网络进攻的潜力是如此巨大,
02:40
that cyber is considered a new domain of warfare.
67
148550
3621
以至于网络被认为是一个新的战场。
02:44
Warfare.
68
152171
1800
战场。
02:45
It's not necessarily a bad thing.
69
153971
1929
这不一定是坏事。
02:47
On the one hand, it means we have whole new front
70
155900
2751
一方面,这意味着,我们要在一个全新的领域保护自己,
02:50
on which we need to defend ourselves,
71
158651
1743
但另一方面,
02:52
but on the other hand,
72
160394
1485
02:53
it means we have a whole new way to attack,
73
161879
1842
这意味着,我们有新的途径去进攻,
02:55
a whole new way to stop evil people
74
163721
1859
去阻止恶人作恶。
02:57
from doing evil things.
75
165580
2227
02:59
So let's consider an example of this
76
167807
1811
那么,我来举一个完全假想的例子。
03:01
that's completely theoretical.
77
169618
1689
03:03
Suppose a terrorist wants to blow up a building,
78
171307
2258
假定一名恐怖分子想炸毁一栋建筑,
03:05
and he wants to do this again and again
79
173565
2068
而且他还想在将来反复地进行这样的恐怖袭击。
03:07
in the future.
80
175633
1451
03:09
So he doesn't want to be in
that building when it explodes.
that building when it explodes.
81
177084
2840
因此,他可不想在那个建筑爆炸时还呆里面。
03:11
He's going to use a cell phone
82
179924
1518
他打算用一个手机来
03:13
as a remote detonator.
83
181442
2335
做远程导火线。
03:15
Now, it used to be the only way we had
84
183777
1871
在过去,阻止这名恐怖分子的唯一办法是枪战和飙车。
03:17
to stop this terrorist
85
185648
1636
03:19
was with a hail of bullets and a car chase,
86
187284
2673
03:21
but that's not necessarily true anymore.
87
189957
2332
但如今再也不必这样了。
03:24
We're entering an age where we can stop him
88
192289
1563
我们正在进入一个新时代,
1000英里以外的一个按钮就能阻止他。
03:25
with the press of a button
89
193852
1110
03:26
from 1,000 miles away,
90
194962
2007
03:28
because whether he knew it or not,
91
196969
1589
因为无论他知道与否,
03:30
as soon as he decided to use his cell phone,
92
198558
1711
只要他决定用他的手机,
03:32
he stepped into the realm of cyber.
93
200269
3134
他就已踏入了网络控制区。
03:35
A well-crafted cyber attack
could break into his phone,
could break into his phone,
94
203403
3117
一个精心策划的网络袭击可以侵入他的手机,
03:38
disable the overvoltage protections on his battery,
95
206520
2149
破坏他的电池的过压保护,
03:40
drastically overload the circuit,
96
208669
1755
让电路超负荷,
03:42
cause the battery to overheat, and explode.
97
210424
2357
从而引起电池过热而爆炸。
03:44
No more phone, no more detonator,
98
212781
2446
没有了手机,也就没有了导火线,
03:47
maybe no more terrorist,
99
215227
1923
也许再也不会有恐怖分子,
03:49
all with the press of a button
100
217150
1031
这一切都来自于1000英里外的一下按钮。
03:50
from a thousand miles away.
101
218181
2680
03:52
So how does this work?
102
220861
1751
那么这到底是怎么做到的呢?
03:54
It all comes back to those ones and zeros.
103
222612
2268
一切又回到了那些0和1上。
03:56
Binary information makes your phone work,
104
224880
3005
二进制信息让你的手机工作,
03:59
and used correctly, it can make your phone explode.
105
227885
3584
如果正确操纵,它可以引爆你的手机。
04:03
So when you start to look at
cyber from this perspective,
cyber from this perspective,
106
231469
2472
所以,当你开始从这个角度看信息技术时,
04:05
spending your life sifting through binary information
107
233941
3163
穷尽一生跟二进制信息打交道就开始变得让人兴奋了。
04:09
starts to seem kind of exciting.
108
237104
2417
04:11
But here's the catch: This is hard,
109
239521
2646
但问题在于:这个很难。
04:14
really, really hard,
110
242167
1685
真的非常非常难。
04:15
and here's why.
111
243852
1834
原因在这。
04:17
Think about everything you have on your cell phone.
112
245686
2766
想想你手机上的所有东西。
04:20
You've got the pictures you've taken.
113
248452
1963
有你拍的照片,
04:22
You've got the music you listen to.
114
250415
1786
你听的歌,
04:24
You've got your contacts list,
115
252201
1648
你的联系人列表,
04:25
your email, and probably 500 apps
116
253849
1625
你的邮件,
还有500个你这辈子大概都不会用的应用软件,
04:27
you've never used in your entire life,
117
255474
3001
04:30
and behind all of this is the software, the code,
118
258475
3987
所有这些的背后都是软件,
控制你手机的代码。
04:34
that controls your phone,
119
262462
1380
04:35
and somewhere, buried inside of that code,
120
263842
2656
隐藏在这茫茫代码中的某小一段代码控制着电池,
04:38
is a tiny piece that controls your battery,
121
266498
2548
04:41
and that's what I'm really after,
122
269046
1871
这就是我真正关心的。
04:42
but all of this, just a bunch of ones and zeros,
123
270917
3686
但所有的这些,都只是一长串0和1,
04:46
and it's all just mixed together.
124
274603
1531
而且所有的都混在一起。
04:48
In cyber, we call this finding a
needle in a stack of needles,
needle in a stack of needles,
125
276134
3545
我们称之为网络领域的“海里捞针",
04:51
because everything pretty much looks alike.
126
279679
2349
因为任何信息看上去都很像。
04:54
I'm looking for one key piece,
127
282028
1732
我在找一个关键的部分,
04:55
but it just blends in with everything else.
128
283760
3234
但它和所有其他的东西混在一起。
04:58
So let's step back from this theoretical situation
129
286994
2252
因此,我们把注意力从这个假象的
引爆恐怖分子的手机的情景中转移开,
引爆恐怖分子的手机的情景中转移开,
05:01
of making a terrorist's phone explode,
130
289246
2344
05:03
and look at something that actually happened to me.
131
291590
2816
看看真正发生在我身上的事情。
05:06
Pretty much no matter what I do,
132
294406
1343
差不多不管我做什么,
05:07
my job always starts with sitting down
133
295749
1442
往往一坐下来就着手处理一整串二进制信息,
05:09
with a whole bunch of binary information,
134
297191
2372
05:11
and I'm always looking for one key piece
135
299563
1727
并且,我总是在找一个关键的片段
05:13
to do something specific.
136
301290
1987
来做点特别的事情。
05:15
In this case, I was looking for a very advanced,
137
303277
2077
在这个案例中,我在寻找一个段非常先进的,
05:17
very high-tech piece of code
138
305354
1518
蕴含高科技的代码,
05:18
that I knew I could hack,
139
306872
1215
我知道我能侵入这段代码,
05:20
but it was somewhere buried
140
308087
1714
但这个片段埋藏在十亿个0和1中的某个地方。
05:21
inside of a billion ones and zeroes.
141
309801
2026
对我来说,不幸的是,我不知道我要找的到底是什么。
05:23
Unfortunately for me, I didn't know
142
311827
1578
05:25
quite what I was looking for.
143
313405
1691
05:27
I didn't know quite what it would look like,
144
315096
1196
我并不完全知道这段代码看上到底会是什么样子,
05:28
which makes finding it really, really hard.
145
316292
2918
这使寻找它的工作变得非常非常难。
05:31
When I have to do that, what I have to do
146
319210
2039
当我必须做这件事情的时候,我需要做的
05:33
is basically look at various pieces
147
321249
2342
基本上就是读取大量二进制片段,
05:35
of this binary information,
148
323591
1723
05:37
try to decipher each piece, and see if it might be
149
325314
2202
努力解码每一段,看看有没有可能找到我想找的那一段。
05:39
what I'm after.
150
327516
1224
05:40
So after a while, I thought I had found the piece
151
328740
1625
这样,一段时间过后,
我以为我找到了我要找的那段代码。
我以为我找到了我要找的那段代码。
05:42
I was looking for.
152
330365
1337
05:43
I thought maybe this was it.
153
331702
2104
我以为,这大概是吧我要找的吧。
05:45
It seemed to be about right, but I couldn't quite tell.
154
333806
2032
它看上去像是对的,但我还不能断定。
05:47
I couldn't tell what those
ones and zeros represented.
ones and zeros represented.
155
335838
2918
我还不知道这些0和1到底表示什么。
05:50
So I spent some time trying to put this together,
156
338756
3374
我花了点时间试着一起考虑它们,
05:54
but wasn't having a whole lot of luck,
157
342130
1670
但没有那么走运。
05:55
and finally I decided,
158
343800
1186
最终我决定了,
05:56
I'm going to get through this,
159
344986
1609
我一定要去征服它,
05:58
I'm going to come in on a weekend,
160
346595
1511
我要花掉一个周末的时间,
06:00
and I'm not going to leave
161
348106
1340
直到弄清它的含义前我不会离开。
06:01
until I figure out what this represents.
162
349446
1712
06:03
So that's what I did. I came
in on a Saturday morning,
in on a Saturday morning,
163
351158
2166
这就是我所做的,我在一个星期六早上开始我的工作,
06:05
and about 10 hours in, I sort of
had all the pieces to the puzzle.
had all the pieces to the puzzle.
164
353324
3645
花了大概10个小时,我获得了这个难题的全部片段。
06:08
I just didn't know how they fit together.
165
356969
1392
但我还是不知道它们怎么能相互联系,
06:10
I didn't know what these ones and zeros meant.
166
358361
2790
也不清楚这些0和1的意义。
06:13
At the 15-hour mark,
167
361151
2067
在第15十五个小时的时候,
06:15
I started to get a better picture of what was there,
168
363218
2602
我的头绪开始变得清晰起来,
06:17
but I had a creeping suspicion
169
365820
1772
但还是心存疑虑,
06:19
that what I was looking at
170
367592
1589
怀疑我看到的跟我想找的没任何联系。
06:21
was not at all related to what I was looking for.
171
369181
2923
06:24
By 20 hours, the pieces started to come together
172
372104
2487
到第20个小时,这些零碎的部分开始汇集,
06:26
very slowly — (Laughter) —
173
374591
3764
非常缓慢 ——(笑声)——
06:30
and I was pretty sure I was going down
174
378355
1266
事已至此,我非常肯定我在一条错误的道路上前进。
06:31
the wrong path at this point,
175
379621
1939
06:33
but I wasn't going to give up.
176
381560
2251
但是不会放弃。
06:35
After 30 hours in the lab,
177
383811
2834
在实验室的30个小时以后,
06:38
I figured out exactly what I was looking at,
178
386645
2261
我真正搞清了我在看的是什么,
06:40
and I was right, it wasn't what I was looking for.
179
388906
2818
我的猜测是正确的,这并不是我想找的。
06:43
I spent 30 hours piecing together
180
391724
1699
我花了30个小时把这些0和1整合到一起,
06:45
the ones and zeros that
formed a picture of a kitten.
formed a picture of a kitten.
181
393423
2722
组成了一个小猫的图像。
06:48
(Laughter)
182
396145
1795
(笑声)
06:49
I wasted 30 hours of my life searching for this kitten
183
397940
3806
在实验室浪费了30个小时光阴,
搜寻了一只没任何用处的小猫,
06:53
that had nothing at all to do
184
401746
1838
06:55
with what I was trying to accomplish.
185
403584
1987
这跟我想实现的成就完全不相及。
06:57
So I was frustrated, I was exhausted.
186
405571
3863
我十分沮丧,精疲力竭。
07:01
After 30 hours in the lab, I probably smelled horrible.
187
409434
3226
在实验室呆了30个小时后,
我很可能都散发难闻的味道了,
我很可能都散发难闻的味道了,
07:04
But instead of just going home
188
412660
2230
但是我并没有选择回家,回家就叫做放弃,
07:06
and calling it quits, I took a step back
189
414890
2530
我回过头,问我自己,到底出了什么错?
07:09
and asked myself, what went wrong here?
190
417420
2541
07:11
How could I make such a stupid mistake?
191
419961
2212
为什么我会犯这么愚蠢的错误?
07:14
I'm really pretty good at this.
192
422173
1398
我在这方面是做得相当好的。
07:15
I do this for a living.
193
423571
1319
我以此谋生。
07:16
So what happened?
194
424890
2148
那么到底发生了什么?
07:19
Well I thought, when you're
looking at information at this level,
looking at information at this level,
195
427038
2775
我想,当你在这个层次上解码信息时,
07:21
it's so easy to lose track of what you're doing.
196
429813
2827
很容易偏离正轨。
07:24
It's easy to not see the forest through the trees.
197
432640
1744
很容易只见树木不见森林。
07:26
It's easy to go down the wrong rabbit hole
198
434384
2164
很容易走到错误的兔子洞里,
07:28
and waste a tremendous amount of time
199
436548
1762
在错误的事情上浪费大量的时间。
07:30
doing the wrong thing.
200
438310
1820
07:32
But I had this epiphany.
201
440130
1600
但我顿悟了。
07:33
We were looking at the data completely incorrectly
202
441730
2999
我们从一开始就以完全错误的方式来处理这些数据。
07:36
since day one.
203
444729
1490
07:38
This is how computers think, ones and zeros.
204
446219
2103
这是电脑的思考方式,0 和1。
07:40
It's not how people think,
205
448322
1392
这不是人类思考的方式。
07:41
but we've been trying to adapt our minds
206
449714
2314
但我们一直试图让我们的脑子以计算机的方式思考,
07:44
to think more like computers
207
452028
1345
07:45
so that we can understand this information.
208
453373
2597
以理解这些信息。
07:47
Instead of trying to make our minds fit the problem,
209
455970
1950
不是让我们的思维适应问题,
07:49
we should have been making the problem
210
457920
1648
我们应该让问题适应我们的思维。
07:51
fit our minds,
211
459568
969
07:52
because our brains have a tremendous potential
212
460537
2109
因为我们的大脑有巨大的潜力
07:54
for analyzing huge amounts of information,
213
462646
3086
来分析大量的信息,
07:57
just not like this.
214
465732
1297
而不是像这样。
07:59
So what if we could unlock that potential
215
467029
1467
那么,如果我们把问题转化为正确形式的信息,
08:00
just by translating this
216
468496
1527
08:02
to the right kind of information?
217
470023
2848
来激发大脑的潜力,将会怎样?
带着这个想法,
08:04
So with these ideas in mind,
218
472871
1194
08:06
I sprinted out of my basement lab at work
219
474065
1618
我从我工作的地下实验室冲出来,
08:07
to my basement lab at home,
220
475683
1307
到了我家里的地下实验室,
08:08
which looked pretty much the same.
221
476990
1996
这两处看起来差不多。
08:10
The main difference is, at work,
222
478986
1824
主要的不同是,在工作的地方,
08:12
I'm surrounded by cyber materials,
223
480810
1579
我被网络包围了,
08:14
and cyber seemed to be the
problem in this situation.
problem in this situation.
224
482389
2605
在这种情况下,网络本身似乎就是个问题。
08:16
At home, I'm surrounded by
everything else I've ever learned.
everything else I've ever learned.
225
484994
3353
在家里,包围我的一切都是我熟知的。
08:20
So I poured through every book I could find,
226
488347
1872
所以,我倾倒出所有我能找到的书,
08:22
every idea I'd ever encountered,
227
490219
1332
所有的想法也从脑海里倾倒而出,
08:23
to see how could we translate a problem
228
491551
2146
看看如何把问题从一个形式
转换成完全不同的形式。
转换成完全不同的形式。
08:25
from one domain to something completely different?
229
493697
3132
08:28
The biggest question was,
230
496829
1394
最大的问题是,
08:30
what do we want to translate it to?
231
498223
1968
我们想把它们转化成什么?
08:32
What do our brains do perfectly naturally
232
500191
2112
大脑通常情况下做什么做得最完美?
08:34
that we could exploit?
233
502303
1878
我们能够利用吗?
08:36
My answer was vision.
234
504181
2289
我的答案是视觉。
08:38
We have a tremendous capability
to analyze visual information.
to analyze visual information.
235
506470
3149
我们具有强大的图像信息分析能力。
08:41
We can combine color gradients, depth cues,
236
509619
2583
我们能够将颜色梯度、层次等各种各样的信号
08:44
all sorts of these different signals
237
512202
1788
08:45
into one coherent picture of the world around us.
238
513990
2395
融合成一幅眼前世界的画卷。
08:48
That's incredible.
239
516385
1407
的确难以置信。
08:49
So if we could find a way to translate
240
517792
1381
如果我们能够找到一个方法
08:51
these binary patterns to visual signals,
241
519173
2186
来将这些二进制信息转化为视觉信号的形式,
08:53
we could really unlock the power of our brains
242
521359
1832
我们就真的能释放大脑的潜力,
08:55
to process this stuff.
243
523191
2710
来处理这些信息。
08:57
So I started looking at the binary information,
244
525901
1843
于是我开始看着二进制的信息,
08:59
and I asked myself, what do I do
245
527744
1090
问自己,当我第一次遇到这样的信息,我会做什么?
09:00
when I first encounter something like this?
246
528834
1876
09:02
And the very first thing I want to do,
247
530710
1623
我想做的第一件事,
09:04
the very first question I want to answer,
248
532333
1359
我想回答的第一个问题,
09:05
is what is this?
249
533692
1278
是它到底是什么?
09:06
I don't care what it does, how it works.
250
534970
2528
我不在乎它有什么作用,它如何发挥作用。
09:09
All I want to know is, what is this?
251
537498
2479
我想知道的就是,它是什么?
09:11
And the way I can figure that out
252
539977
1675
为搞清这个问题,
09:13
is by looking at chunks,
253
541652
1683
我把目光投向于数据块,
09:15
sequential chunks of binary information,
254
543335
2453
整串二进制数据块,
09:17
and I look at the relationships
between those chunks.
between those chunks.
255
545788
2902
并且注意观察这些数据块之间的关系。
09:20
When I gather up enough of these sequences,
256
548690
1772
当我汇集到足够多的序列时,
09:22
I begin to get an idea of exactly
257
550462
2004
我想我确切地明白了这些信息是什么。
09:24
what this information must be.
258
552466
2634
09:27
So let's go back to that
259
555100
1184
让我们回到
09:28
blow up the terrorist's phone situation.
260
556284
2090
那个爆破恐怖分子手机的情景。
09:30
This is what English text looks like
261
558374
2203
这是二进制层面上英文字母的样子。
09:32
at a binary level.
262
560577
1313
09:33
This is what your contacts list would look like
263
561890
2326
在我检测时,你的联系人信息会呈现为这般模样。
09:36
if I were examining it.
264
564216
1560
09:37
It's really hard to analyze this at this level,
265
565776
2234
在这个层次上很难进行分析,
09:40
but if we take those same binary chunks
266
568010
2104
但如果将我正在研究的二进制数据块提取出来,
09:42
that I would be trying to find,
267
570114
1182
进行转化,并以视觉形式呈现出来,
09:43
and instead translate that
268
571296
1764
09:45
to a visual representation,
269
573060
1920
09:46
translate those relationships,
270
574980
1797
将它们转化,
09:48
this is what we get.
271
576777
1556
这是我们得到的结果。
09:50
This is what English text looks like
272
578333
1914
这是从抽象视觉角度来看的英文文字。
09:52
from a visual abstraction perspective.
273
580247
2671
09:54
All of a sudden,
274
582918
1140
就在这一瞬间,
09:56
it shows us all the same information
275
584058
1435
信息以截然不同的形式展现出来,
09:57
that was in the ones and zeros,
276
585493
1172
新形式的信息跟那些0和1完全一样,
09:58
but show us it in an entirely different way,
277
586665
2321
10:00
a way that we can immediately comprehend.
278
588986
1717
以一种我们立即可以理解的方式呈现出来。
10:02
We can instantly see all of the patterns here.
279
590703
2965
我们立即就能看到所有的图案式样,
10:05
It takes me seconds to pick out patterns here,
280
593668
2592
只需花费几秒钟就能获取这些图案式样,
10:08
but hours, days, to pick them out
281
596260
2254
但若是从0和1中挖掘出这些信息,
需要花费数小时,甚至数天。
10:10
in ones and zeros.
282
598514
1320
10:11
It takes minutes for anybody to learn
283
599834
1736
任何人只需学习几分钟,
10:13
what these patterns represent here,
284
601570
1665
就可以知道这些图案式样的含义。
10:15
but years of experience in cyber
285
603235
2247
但若从0和1中理解其含义需具备数年的网络技术经验。
10:17
to learn what those same patterns represent
286
605482
1654
10:19
in ones and zeros.
287
607136
1586
10:20
So this piece is caused by
288
608722
1662
这一个片段代表联系人名单中
10:22
lower case letters followed by lower case letters
289
610384
2024
10:24
inside of that contact list.
290
612408
1767
小写字母挨着小写字母。
10:26
This is upper case by upper case,
291
614175
1341
这是大写字母跟着大写字母,
10:27
upper case by lower case, lower case by upper case.
292
615516
2685
大写字母跟着小写字母,小写字母跟着大写字母。
10:30
This is caused by spaces. This
is caused by carriage returns.
is caused by carriage returns.
293
618201
2686
这是空格,这是回车。
10:32
We can go through every little detail
294
620887
1508
我们可以在几秒钟里浏览二进制信息的各个细节。
10:34
of the binary information in seconds,
295
622395
2966
10:37
as opposed to weeks, months, at this level.
296
625361
3534
而不是在这个层面上停留数周,甚至数月。
10:40
This is what an image looks like
297
628895
1512
这是你手机上一个图像看起来的样子,
10:42
from your cell phone.
298
630407
1876
10:44
But this is what it looks like
299
632283
1013
但这是抽象化的视觉图案。
10:45
in a visual abstraction.
300
633296
1891
10:47
This is what your music looks like,
301
635187
1985
这是你的音乐的样子,
10:49
but here's its visual abstraction.
302
637172
2203
抽象的视觉化图案。
10:51
Most importantly for me,
303
639375
1760
对我来说最重要的是,
10:53
this is what the code on your cell phone looks like.
304
641135
3275
这是你手机代码的样子,
10:56
This is what I'm after in the end,
305
644410
2157
正是我最终想找到的,
10:58
but this is its visual abstraction.
306
646567
2140
这是代码的抽象视觉化图案。
11:00
If I can find this, I can't make the phone explode.
307
648707
2509
即便能发现它,我还不能引爆你的手机。
11:03
I could spend weeks trying to find this
308
651216
2619
在0和1中摸索,需要花费数周时间,
11:05
in ones and zeros,
309
653835
1177
11:07
but it takes me seconds to pick out
310
655012
1784
但从这样的抽象图案中获取有用信息只需几秒钟。
11:08
a visual abstraction like this.
311
656796
3304
11:12
One of those most remarkable parts about all of this
312
660100
2492
这一切的一切,最不可思议的地方之一在于
11:14
is it gives us an entirely new way to understand
313
662592
2832
这种思路赋予了我们一种全新的方式,
11:17
new information, stuff that we haven't seen before.
314
665424
3239
来理解我们从未看到过的信息和物质。
11:20
So I know what English looks like at a binary level,
315
668663
2504
我知道在二进制层面的英文的样子,
11:23
and I know what its visual abstraction looks like,
316
671167
2110
我也知道其抽象视觉化图案的样子,
11:25
but I've never seen Russian binary in my entire life.
317
673277
3315
但我从来没见过俄文的二进制信息。
11:28
It would take me weeks just to figure out
318
676592
1800
如果单纯地在0和1的层面来分析,
11:30
what I was looking at from raw ones and zeros,
319
678392
2997
需要花费我数周的时间来摸索,
11:33
but because our brains can instantly pick up
320
681389
1751
但由于我们的大脑可以在瞬间抓取并识别出
11:35
and recognize these subtle patterns inside
321
683140
2817
这些抽象视觉化信息中的细微图案。
11:37
of these visual abstractions,
322
685957
1488
11:39
we can unconsciously apply those
323
687445
1832
我们就会下意识地在新的环境中应用。
11:41
in new situations.
324
689277
1573
这就是俄文经过视觉抽象化处理后的样子。
11:42
So this is what Russian looks like
325
690850
1482
11:44
in a visual abstraction.
326
692332
1580
11:45
Because I know what one language looks like,
327
693912
1804
因为我了解了一个语言的样子,
11:47
I can recognize other languages
328
695716
1576
我就能够识别出其他语言,
11:49
even when I'm not familiar with them.
329
697292
1870
即使我对它们不熟悉。
11:51
This is what a photograph looks like,
330
699162
1786
这是照片的样子,
11:52
but this is what clip art looks like.
331
700948
1887
但这是剪贴画的样子。
11:54
This is what the code on your phone looks like,
332
702835
2555
这是你手机代码的样子,
11:57
but this is what the code on
your computer looks like.
your computer looks like.
333
705390
2707
但这是你电脑代码的样子。
12:00
Our brains can pick up on these patterns
334
708097
1864
我们大脑读取这些图案的方式,
12:01
in ways that we never could have
335
709961
1951
跟读取0和1的方式是截然不同的。
12:03
from looking at raw ones and zeros.
336
711912
2496
12:06
But we've really only scratched the surface
337
714408
1856
但以这种方式来解决问题,
12:08
of what we can do with this approach.
338
716264
2137
事实上目前我们掌握的只是冰山一角。
12:10
We've only begun to unlock the capabilities
339
718401
1678
我们才刚开始激发大脑处理视觉信息的能力。
12:12
of our minds to process visual information.
340
720079
3315
12:15
If we take those same concepts and translate them
341
723394
1990
如果我们运用同样的理念,
12:17
into three dimensions instead,
342
725384
1651
并将其转化为三维信息,
12:19
we find entirely new ways of
making sense of information.
making sense of information.
343
727035
3195
我们就会发现解读信息的全新的方式。
12:22
In seconds, we can pick out every pattern here.
344
730230
2485
在几秒钟里,我们就能获悉每一个图案。
12:24
we can see the cross associated with code.
345
732715
1820
我们能看见与代码相联的十字交叉,
12:26
We can see cubes associated with text.
346
734535
1932
我们能看见与跟文字相联的立方体,
12:28
We can even pick up the tiniest visual artifacts.
347
736467
2476
我们甚至可以获悉最细微的视觉化图像。
12:30
Things that would take us weeks,
348
738943
2130
在0和1的层面上需花费耗费数周的事情,
12:33
months to find in ones and zeroes,
349
741073
2194
12:35
are immediately apparent
350
743267
1803
在抽象视觉的层面上探究则会瞬间豁然开朗,
12:37
in some sort of visual abstraction,
351
745070
2270
12:39
and as we continue to go through this
352
747340
1132
我们按照这个思路继续前进,
12:40
and throw more and more information at it,
353
748472
2016
纳入越来越多的信息,
12:42
what we find is that we're capable of processing
354
750488
2281
我们发现,仅仅利用大脑固有的样式分析的能力,
我们有能力在几秒钟内处理无数的0和1。
我们有能力在几秒钟内处理无数的0和1。
12:44
billions of ones and zeros
355
752769
2416
12:47
in a matter of seconds
356
755185
1168
12:48
just by using our brain's built-in ability
357
756353
3234
12:51
to analyze patterns.
358
759587
1954
12:53
So this is really nice and helpful,
359
761541
2303
所以这种方式真的很棒,很有用,
12:55
but all this tells me is what I'm looking at.
360
763844
2359
这一切都告诉了我我要寻找的是什么。
12:58
So at this point, based on visual patterns,
361
766203
1484
至此,根据视觉化图案,
12:59
I can find the code on the phone.
362
767687
2409
我可以找到手机上的代码。
13:02
But that's not enough to blow up a battery.
363
770096
2665
但那还不足以引爆电池。
13:04
The next thing I need to find is the code
364
772761
1568
我需要做的下一件事就是寻找控制电池的代码,
13:06
that controls the battery, but we're back
365
774329
1761
但我们又遇到了大海捞针的困难。
13:08
to the needle in a stack of needles problem.
366
776090
1731
13:09
That code looks pretty much like all the other code
367
777821
2389
这段代码跟手机系统上其他所有代码都极为相似。
13:12
on that system.
368
780210
2238
13:14
So I might not be able to find the
code that controls the battery,
code that controls the battery,
369
782448
2401
我也许找不到控制电池的代码,
13:16
but there's a lot of things
that are very similar to that.
that are very similar to that.
370
784849
2011
但有很多段代码跟它极其相似。
13:18
You have code that controls your screen,
371
786860
1854
有控制手机屏幕的代码,
13:20
that controls your buttons,
that controls your microphones,
that controls your microphones,
372
788714
2216
有控制按钮的,有控制耳机的,
13:22
so even if I can't find the code for the battery,
373
790930
1928
因此,即使我发现不了控制电池的代码,
13:24
I bet I can find one of those things.
374
792858
2245
但我肯定能发现这么多相似代码中的一个。
13:27
So the next step in my binary analysis process
375
795103
2705
二进制分析的下一步就是
13:29
is to look at pieces of information
376
797808
1231
研究这些极为相似的信息,
13:31
that are similar to each other.
377
799039
2018
13:33
It's really, really hard to do at a binary level,
378
801057
3983
在二进制的层面分析真的很难,
13:37
but if we translate those similarities
to a visual abstraction instead,
to a visual abstraction instead,
379
805040
3643
但如果我们将这些相似的信息转化为抽象视觉化图像,
13:40
I don't even have to sift through the raw data.
380
808683
2438
我甚至不需要筛选原始的数据。
13:43
All I have to do is wait for the image to light up
381
811121
2155
我所要做的只是等待图像显示,
13:45
to see when I'm at similar pieces.
382
813276
2236
来决定我要看哪一段信息。
13:47
I follow these strands of similarity
like a trail of bread crumbs
like a trail of bread crumbs
383
815512
3028
我追随这些像极了面包屑的信息图线,
13:50
to find exactly what I'm looking for.
384
818540
3106
来获取我要寻找的信息。
13:53
So at this point in the process,
385
821646
1734
至此,我已发现了控制电池的代码,
13:55
I've located the code
386
823380
1318
13:56
responsible for controlling your battery,
387
824698
1685
但那还不足以引爆手机。
13:58
but that's still not enough to blow up a phone.
388
826383
2576
14:00
The last piece of the puzzle
389
828959
1564
这个难题的最后一步,
14:02
is understanding how that code
390
830523
2679
是理解那段代码控制电池的方式。
14:05
controls your battery.
391
833202
1202
14:06
For this, I need to identify
392
834404
2388
为解决这个问题,
我需要在二进制数据里辨识信息之间极其细微的关系,
14:08
very subtle, very detailed relationships
393
836792
1716
14:10
within that binary information,
394
838508
2089
14:12
another very hard thing to do
395
840597
1755
在0和1的层面上,又是一个难题,
14:14
when looking at ones and zeros.
396
842352
2312
但如果将其转化为图像信息,
14:16
But if we translate that information
397
844664
1396
14:18
into a physical representation,
398
846060
2180
14:20
we can sit back and let our
visual cortex do all the hard work.
visual cortex do all the hard work.
399
848240
3016
我们就可以袖手旁观,地让视觉皮质处理这些难题,
14:23
It can find all the detailed patterns,
400
851256
1734
它能发现所有具体的图像,
14:24
all the important pieces, for us.
401
852990
2020
对我们来说所有重要的片段。
14:27
It can find out exactly how the pieces of that code
402
855010
2593
它能发现这些代码是如何
14:29
work together to control that battery.
403
857603
2934
一起运作来控制电池。
14:32
All of this can be done in a matter of hours,
404
860537
3004
这一切在数小时之内就可完成,
14:35
whereas the same process
405
863541
1356
而相同的程序
14:36
would have taken months in the past.
406
864897
2922
在过去要花好几个月。
14:39
This is all well and good
407
867819
1189
这就是理论上引爆恐怖分子手机的思路与方法,
14:41
in a theoretical blow up a terrorist's phone situation.
408
869008
2942
我想弄清楚在日常工作中这种方法是否有效,
14:43
I wanted to find out if this would really work
409
871950
2847
14:46
in the work I do every day.
410
874797
2629
14:49
So I was playing around with these same concepts
411
877426
3055
于是我运用相同的理念,
14:52
with some of the data I've looked at in the past,
412
880481
3024
来处理我们过去研究过的数据,
14:55
and yet again, I was trying to find
413
883505
2492
而且,我依旧试图从海量的二进制信息中
14:57
a very detailed, specific piece of code
414
885997
2208
15:00
inside of a massive piece of binary information.
415
888205
3595
寻找极其细微的特定的代码。
15:03
So I looked at it at this level,
416
891800
1773
在这个层面分析时,
15:05
thinking I was looking at the right thing,
417
893573
1950
我认为我找准了正确的信息,
15:07
only to see this doesn't have
418
895523
2321
但结果没达到我的预期,
15:09
the connectivity I would have expected
419
897844
1740
15:11
for the code I was looking for.
420
899584
1905
它与我要寻找的代码直接没有联系。
15:13
In fact, I'm not really sure what this is,
421
901489
2603
事实上,我并不确定这到底是什么,
15:16
but when I stepped back a level
422
904092
1012
但当我退后一个层次,
15:17
and looked at the similarities within the code
423
905104
1715
寻找这段代码中的相似之处,
15:18
I saw, this doesn't have similarities
424
906819
2294
却并没有我所熟知的相似之处,
15:21
like any code that exists out there.
425
909113
1491
15:22
I can't even be looking at code.
426
910604
2225
我看到的甚至不是代码。
15:24
In fact, from this perspective,
427
912829
2386
事实上,从这个角度来看,
15:27
I could tell, this isn't code.
428
915215
2048
我可以说,这不是代码。
15:29
This is an image of some sort.
429
917263
2048
这是某种图像。
15:31
And from here, I can see,
430
919311
1682
从这个角度,我能看到,
15:32
it's not just an image, this is a photograph.
431
920993
2911
它不仅仅是一个图像,而是一张照片。
15:35
Now that I know it's a photograph,
432
923904
1392
现在我确认这是一张照片了,
15:37
I've got dozens of other
binary translation techniques
binary translation techniques
433
925296
2930
我有许多其他的二进制转化工具,
15:40
to visualize and understand that information,
434
928226
2421
来将其视觉化,以理解其含义,
15:42
so in a matter of seconds,
we can take this information,
we can take this information,
435
930647
2543
因此,在几秒钟内,
15:45
shove it through a dozen other
visual translation techniques
visual translation techniques
436
933190
2397
我们就可以利用视觉化工具处理这些信息,
15:47
in order to find out exactly what we were looking at.
437
935587
3731
来找出我们寻找的东西。
15:51
I saw — (Laughter) —
438
939318
1682
我看见了——(笑声)——
15:53
it was that darn kitten again.
439
941000
3456
又是那只可恶的猫。
15:56
All this is enabled
440
944456
1050
我们找到了一个将难题转化为
15:57
because we were able to find a way
441
945506
1495
15:59
to translate a very hard problem
442
947001
2029
一个对大脑而言再自然不过的问题,
16:01
to something our brains do very naturally.
443
949030
2512
正是这个方法让这一切变得可能。
16:03
So what does this mean?
444
951542
2238
那么这意味着什么呢?
16:05
Well, for kittens, it means
445
953780
1545
对小猫来说,
16:07
no more hiding in ones and zeros.
446
955325
2417
藏身于1和0中的游戏不复存在。
16:09
For me, it means no more wasted weekends.
447
957742
3303
而对我来说,这意味着再没有一无所获的周末了。
16:13
For cyber, it means we have a radical new way
448
961045
2612
对网络,这意味着我们有了一个全新方法
16:15
to tackle the most impossible problems.
449
963657
2965
来解决看似根本解决不了的问题。
16:18
It means we have a new weapon
450
966622
1812
这意味着在日新月异的网络战争里,
我们扛起了新的武器,
我们扛起了新的武器,
16:20
in the evolving theater of cyber warfare,
451
968434
2416
16:22
but for all of us,
452
970850
1420
但对我们所有人来说,
16:24
it means that cyber engineers
453
972270
1475
这意味着网络工程师
16:25
now have the ability to become first responders
454
973745
2146
能在紧急情况下最先挺身而出,
16:27
in emergency situations.
455
975891
2583
16:30
When seconds count,
456
978474
1047
只需短短几秒,
16:31
we've unlocked the means to stop the bad guys.
457
979521
3409
敌人就被我们制服。
16:34
Thank you.
458
982930
2000
(谢谢)
16:36
(Applause)
459
984930
2962
(掌声)
ABOUT THE SPEAKER
Chris Domas - Cybersecurity researcherChris Domas is an embedded systems engineer and cybersecurity researcher.
Why you should listen
Chris Domas is a cyber-security researcher at the Battelle Memorial Institute. He specializes in embedded systems reverse-engineering (RE) and vulnerability analysis, figuring out how to manipulate electronic devices. Applying this towards national security, his group develops cyber technology that protects people on the newest front of global war.
Domas graduated from Ohio State University, where he set out to take every class offered by the school. He bounced between majors in electrical engineering, physics, mathematics, mechanical engineering, biology, chemistry, statistics, biomedical engineering, computer graphics, psychology, and linguistics, but finally ran out of money and was forced to graduate. Settling on a degree in computer science, with an irrelevant handful of minors, he joined Battelle as a cyber security researcher. Today, he strives to incorporate ideas from these disparate fields to tackle the world’s most challenging cyber problems in innovative and unexpected ways. As a result of his work, he received Battelle’s coveted 2013 Emerging Scientist and 2013 Technical Achievement awards. He continues to present research around the country, most recently at the cyber security conferences Black Hat, REcon and DerbyCon.
Chris Domas | Speaker | TED.com