I'm going to be showing some of the cybercriminals' latest and nastiest creations. So basically, please don't go and download any of the viruses that I show you.
Pokazat ću neke od posljednjih i najopasnijih djela cyber-kriminalaca. Dakle, molim vas, nemojte preuzimati niti jedan od virusa koje ću vam pokazati.
Some of you might be wondering what a cybersecurity specialist looks like, and I thought I'd give you a quick insight into my career so far. It's a pretty accurate description. This is what someone that specializes in malware and hacking looks like.
Neki od vas se možda pitaju kako izgleda specijalist za cyber sigurnost, pa ću vam dati kratak pregled svoje karijere do sada. Ovo je prilično točan opis. Ovako izgleda osoba koja specijalizira malware i hakiranje.
So today, computer viruses and trojans, designed to do everything from stealing data to watching you in your webcam to the theft of billions of dollars. Some malicious code today goes as far as targeting power, utilities and infrastructure.
Danas su računalni virusi i trojanci dizajnirani da rade sve: od krađe podataka preko gledanja kroz tvoju web kameru do krađe milijarde dolara. Neki zlonamjerni kodovi danas idu tako daleko da mogu udariti na struju, usluge i infrastrukturu.
Let me give you a quick snapshot of what malicious code is capable of today. Right now, every second, eight new users are joining the Internet. Today, we will see 250,000 individual new computer viruses. We will see 30,000 new infected websites. And, just to kind of tear down a myth here, lots of people think that when you get infected with a computer virus, it's because you went to a porn site. Right? Well, actually, statistically speaking, if you only visit porn sites, you're safer. People normally write that down, by the way. (Laughter) Actually, about 80 percent of these are small business websites getting infected.
Dati ću vam kratki pregled onoga što zlonamjerni kod može danas učiniti. Upravo sada, svake sekunde, osam novih korisnika pridružuje se Internetu. Danas ćemo vidjeti 250.000 novih individualnih virusa. Vidjet ćemo 30.000 novih zaraženih web stranica. I, malo da razbijemo mit, mnogi ljudi misle da je razlog zaraze virusom posjećivanje porno web stranica. Zar ne? Zapravo, statistički gledano, ako posjećuješ samo porno stranice, sigurniji si. Usput, ljudi to obično zapišu. (Smijeh) U stvarnosti, oko 80 posto su web stranice malih tvrtki koje su zaražene.
Today's cybercriminal, what do they look like? Well, many of you have the image, don't you, of the spotty teenager sitting in a basement, hacking away for notoriety. But actually today, cybercriminals are wonderfully professional and organized. In fact, they have product adverts. You can go online and buy a hacking service to knock your business competitor offline. Check out this one I found.
Današnji cyber-kriminalci, kako oni izgledaju? Dakle, mnogi od vas imaju sliku pjegavog tinejdžera koji sjedi u podrumu i hakiranjem se probija do ozloglašenosti. Ali današnji su cyber-kriminaci, zapravo, prekrasno profesionalni i organizirani. Naime, imaju oglase za proizvode. Možeš otići on-line i kupiti servis za hakiranje kako bi uništio posao svojeg suparnika. Pogledajte ovaj koji sam pronašao.
(Video) Man: So you're here for one reason, and that reason is because you need your business competitors, rivals, haters, or whatever the reason is, or who, they are to go down. Well you, my friend, you've came to the right place. If you want your business competitors to go down, well, they can. If you want your rivals to go offline, well, they will. Not only that, we are providing a short-term-to-long-term DDOS service or scheduled attack, starting five dollars per hour for small personal websites to 10 to 50 dollars per hour.
(Video) Čovjek: Ovdje ste zbog jednog razloga, a to je zato što vam je potrebno da vaši poslovni suparnici, konkurenti, mrzitelji ili tko god drugi, zbog kojeg god drugog razloga, padnu. Ti si, dakle, prijatelju došao na pravo mjesto. Ako želiš srušiti svoje poslovne suparnike, možeš to postići. Ako želiš da tvoji konkurenti budu offline, bit će. Ne samo to, omogućavamo i kratkoročno-dugoročni DDOS servis ili zakazani napad, počevši od 5 dolara po satu za web stranice malih osobnih tvrtki do 10 do 50 dolara po satu.
James Lyne: Now, I did actually pay one of these cybercriminals to attack my own website. Things got a bit tricky when I tried to expense it at the company. Turns out that's not cool. But regardless, it's amazing how many products and services are available now to cybercriminals. For example, this testing platform, which enables the cybercriminals to test the quality of their viruses before they release them on the world. For a small fee, they can upload it and make sure everything is good.
James Lyne: Naime, zaista sam platio jednom od tih cyber-kriminalaca da napadnu moju web stranicu. Stvari su se zakomplicirale kada sam pokušao trošak staviti na račun poduzeća. Ispalo je da to nije baš u redu. Bez obzira na to, zanimljivo je kako su mnogi proizvodi i usluge sada dostupni cyber-kriminalcima. Na primjer, ova testna platforma, koja omogućuje cyber-kriminacima testiranje kvalitete vlastitih virusa prije nego ih puste u svijet. Za malu naknadu mogu ga postaviti on-line i osigurati da je sve u redu.
But it goes further. Cybercriminals now have crime packs with business intelligence reporting dashboards to manage the distribution of their malicious code. This is the market leader in malware distribution, the Black Hole Exploit Pack, responsible for nearly one third of malware distribution in the last couple of quarters. It comes with technical installation guides, video setup routines, and get this, technical support. You can email the cybercriminals and they'll tell you how to set up your illegal hacking server.
Ali ide to i dalje. Cyber-kriminalci sada imaju krimi pakete sa sučeljima za poslovnu inteligenciju kako bi mogli distribuirati svoje zlonamjerne kodove. Ovo je predvodnik na tržištu u distribuciji malwarea, Black Hole Exploit Pack, odgovoran za distribuciju gotovo jedne trećine malwarea u posljednjih nekoliko kvartala. Dolazi s tehničkim uputama za instalaciju, videom za postavljanje, i, pazite ovo, tehničkom podrškom. Možeš poslati e-poruku cyber-kriminalcu i reći će ti kako postaviti svoj ilegalni server za hakiranje.
So let me show you what malicious code looks like today. What I've got here is two systems, an attacker, which I've made look all Matrix-y and scary, and a victim, which you might recognize from home or work. Now normally, these would be on different sides of the planet or of the Internet, but I've put them side by side because it makes things much more interesting.
Dopustite mi da vam pokažem kako danas izgleda zlonamjerni kod. Ovdje imam dva sustava, napadača, koji izgleda kao Matrix i zastrašujuće, i žrtvu, koju možete prepoznati od kuće ili s posla. Ovo bi se događalo na različitim stranama planeta ili Interneta, ali ja sam ih stavio jedan do drugoga jer su tako stvari mnogo zanimljivije.
Now, there are many ways you can get infected. You will have come in contact with some of them. Maybe some of you have received an email that says something like, "Hi, I'm a Nigerian banker, and I'd like to give you 53 billion dollars because I like your face." Or funnycats.exe, which rumor has it was quite successful in China's recent campaign against America.
E sad, postoji mnogo načina na koji se možete zaraziti. Već ste došli u kontakt s nekima od njih. Možda su neki od vas primili e-poruku koji kaže nešto poput ovoga: "Bok, ja sam nigerijski bankar, i želio bih ti dati 53 milijarde dolara jer mi se sviđa tvoje lice". Ili funnycats.exe, za koje kažu da je bio vrlo uspješan u Kini za vrijeme posljednje kampanje protiv Amerike.
Now there are many ways you can get infected. I want to show you a couple of my favorites. This is a little USB key. Now how do you get a USB key to run in a business? Well, you could try looking really cute. Awww. Or, in my case, awkward and pathetic. So imagine this scenario: I walk into one of your businesses, looking very awkward and pathetic, with a copy of my C.V. which I've covered in coffee, and I ask the receptionist to plug in this USB key and print me a new one. So let's have a look here on my victim computer. What I'm going to do is plug in the USB key. After a couple of seconds, things start to happen on the computer on their own, usually a bad sign. This would, of course, normally happen in a couple of seconds, really, really quickly, but I've kind of slowed it down so you can actually see the attack occurring. Malware is very boring otherwise. So this is writing out the malicious code, and a few seconds later, on the left-hand side, you'll see the attacker's screen get some interesting new text. Now if I place the mouse cursor over it, this is what we call a command prompt, and using this we can navigate around the computer. We can access your documents, your data. You can turn on the webcam. That can be very embarrassing. Or just to really prove a point, we can launch programs like my personal favorite, the Windows Calculator.
Postoji mnogo načina na koje se možete zaraziti. Želim vam pokazati nekoliko meni najdražih. Ovo je mali USB ključ. Kako postići da se USB ključ pokrene u poduzeću? Pa, možete probati tako da izgledate jako slatko. Aaaaaa. Ili, u mojem slučaju, nespretno i jadno. Zamislite ovaj scenarij: ulazim u jedno od vaših poduzeća, izgledam nespretno i jadno, s kopijom svojeg životopisa koji je zamrljan kavom, i zamolim recepcionara da ukopča moj USB i isprinta mi novi. Pogledajmo sad računalo moje žrtve. Sada ću ukopčati ovaj USB ključ. Nakon nekoliko sekundi, stvari se počnu događati same od sebe na računalu, obično je to loš znak. Ovo bi se, obično, dogodilo u nekoliko sekundi, vrlo, vrlo brzo, ali ja sam to malo usporio tako da možete vidjeti napad. Malware je inače jako dosadan. Ovako izgleda ispisivanje zlonamjernog koda, i nekoliko sekundi kasnije, na lijevoj strani, vidjet ćete napadačev ekran sa zanimljivim novim tekstom. Ako postavim pokazivač preko toga, ovo zovemo prozor naredbenog retka, i pomoću toga možemo upravljati računalom. Možemo pristupiti vašim dokumentima, podatcima. Možete upaliti web kameru. To može biti neugodno. Ili samo da stvarno dokažem, možemo pokrenuti programe, poput mojeg omiljenog, Windows kalkulator.
So isn't it amazing how much control the attackers can get with such a simple operation? Let me show you how most malware is now distributed today. What I'm going to do is open up a website that I wrote. It's a terrible website. It's got really awful graphics. And it's got a comments section here where we can submit comments to the website. Many of you will have used something a bit like this before. Unfortunately, when this was implemented, the developer was slightly inebriated and managed to forget all of the secure coding practices he had learned. So let's imagine that our attacker, called Evil Hacker just for comedy value, inserts something a little nasty. This is a script. It's code which will be interpreted on the webpage. So I'm going to submit this post, and then, on my victim computer, I'm going to open up the web browser and browse to my website, www.incrediblyhacked.com. Notice that after a couple of seconds, I get redirected. That website address at the top there, which you can just about see, microshaft.com, the browser crashes as it hits one of these exploit packs, and up pops fake antivirus. This is a virus pretending to look like antivirus software, and it will go through and it will scan the system, have a look at what its popping up here. It creates some very serious alerts. Oh look, a child porn proxy server. We really should clean that up. What's really insulting about this is not only does it provide the attackers with access to your data, but when the scan finishes, they tell you in order to clean up the fake viruses, you have to register the product. Now I liked it better when viruses were free. (Laughter) People now pay cybercriminals money to run viruses, which I find utterly bizarre.
Nije li nevjerojatno koliko kontrole ima napadač tako malom radnjom? Dozvolite da vam pokažem kako se većina malwarea danas distribuira. Otvorit ću web stranicu koju sam napisao. Grozna je stranica. Ima baš užasnu grafiku. I ima dio za komentare ovdje gdje možemo postavljati komentare na web stranicu. Mnogi od vas su koristili nešto slično prije. Na žalost, kada je ovo implementirano, programer je bio malo opijen i uspio je zaboraviti svo znanje za sigurnosno kodiranje koje je imao. Zamislimo da naš napadač, zvan Zločesti Haker, da bude zanimljivije, umetnuo nešto opasno. Ovo je skripta. To je kod koji će se interpretirati na web stranici. Stoga ću objaviti ovaj komentar, i tada, na računalu moje žrtve, otvorit ću pretraživač i pretražiti svoju web stranicu, www.incrediblyhacked.com. Primijetite da sam nakon nekoliko sekundi, preusmjeren. Web adresa na vrhu ovdje, koju možete upravo vidjeti, microshaft.com, pretraživač se ruši čim pogodi jedan od ovih paketa za iskorištavanje, i iskače lažni antivirus. Ovo je virus koji izgleda kao antivirusni software, i proći će kroz sustav te skenirati, pogledajte što je ovdje iskočilo. Stvara veoma važna upozorenja. Oh pogledajte, proxy poslužitelj dječje pornografije. Stvarno bismo to trebali počistiti. A najuvredljivije je što ne samo da daje dozvolu napadačima da pristupe vašim podacima, već će vam, kada skeniranje završi, reći da morate, kako biste očistili lažne viruse, registrirati proizvod. Meni se više sviđalo kada su virusi bili besplatni. (Smijeh) Danas ljudi plaćaju cyber-kriminalcima da pokreću viruse, što je, smatram, krajnje bizarno.
So anyway, let me change pace a little bit. Chasing 250,000 pieces of malware a day is a massive challenge, and those numbers are only growing directly in proportion to the length of my stress line, you'll note here. So I want to talk to you briefly about a group of hackers we tracked for a year and actually found -- and this is a rare treat in our job. Now this was a cross-industry collaboration, people from Facebook, independent researchers, guys from Sophos. So here we have a couple of documents which our cybercriminals had uploaded to a cloud service, kind of like Dropbox or SkyDrive, like many of you might use. At the top, you'll notice a section of source code. What this would do is send the cybercriminals a text message every day telling them how much money they'd made that day, so a kind of cybercriminal billings report, if you will. If you look closely, you'll notice a series of what are Russian telephone numbers. Now that's obviously interesting, because that gives us a way of finding our cybercriminals. Down below, highlighted in red, in the other section of source code, is this bit "leded:leded." That's a username, kind of like you might have on Twitter.
Dakle, da malo promijenim priču. Jurnjava za 250.000 komada malwarea na dan je veliki izazov, i taj broj se povećava proporcionalno s dužinom moje linije stresa, ovdje. Želim vam kratko ispričati o grupi hakera koju smo pratili godinu dana i zaista ih pronašli -- a to je rijetka čast u našem poslu. Ovo je bila suradnja više industrija, ljudi s Facebooka, neovisnih istraživača, dečkiju is Sophosa. Ovdje imamo nekoliko dokumenata koje su naši cyber-kriminalci postavili na cloud servis, poput Dropboxa ili SkyDrivea, koje mnogi od vas možda koristite. Na vrhu možete primijetiti dio s izvornim kodom. Ovo radi na način da šalje cyber kriminalcima tekstualnu poruku svaki dan o tome koliko su novaca zaradili taj dan, kao stanje računa cyber-kriminalca. Ako pogledate pažljivije, primijetit ćete niz ruskih telefonskih brojeva. To nam je, očito, zanimljivo jer daje način pronalaženja cyber-kriminalaca. Dolje na dnu, označeno crvenim, u drugom dijelu izvornog koda, je ova sitnica "leded:leded". To je korisničko ime, kao ono koje koristite za Twitter.
So let's take this a little further. There are a few other interesting pieces the cybercriminals had uploaded. Lots of you here will use smartphones to take photos and post them from the conference. An interesting feature of lots of modern smartphones is that when you take a photo, it embeds GPS data about where that photo was taken. In fact, I've been spending a lot of time on Internet dating sites recently, obviously for research purposes, and I've noticed that about 60 percent of the profile pictures on Internet dating sites contain the GPS coordinates of where the photo was taken, which is kind of scary because you wouldn't give out your home address to lots of strangers, but we're happy to give away our GPS coordinates to plus or minus 15 meters. And our cybercriminals had done the same thing. So here's a photo which resolves to St. Petersburg. We then deploy the incredibly advanced hacking tool. We used Google. Using the email address, the telephone number and the GPS data, on the left you see an advert for a BMW that one of our cybercriminals is selling, on the other side an advert for the sale of sphynx kittens. One of these was more stereotypical for me. A little more searching, and here's our cybercriminal. Imagine, these are hardened cybercriminals sharing information scarcely. Imagine what you could find about each of the people in this room. A bit more searching through the profile and there's a photo of their office. They were working on the third floor. And you can also see some photos from his business companion where he has a taste in a certain kind of image. It turns out he's a member of the Russian Adult Webmasters Federation.
Krenimo još malo dalje. Postoji još nekoliko zanimljivih dijelova koje su cyber-kriminalci postavili. Mnogi od vas ovdje koriste pametne telefone za slikanje i postavljanje slika s konferencije. Zanimljiva mogućnost mnogih modernih pametnih telefona jest ta da slika sadrži GPS podatke o tome gdje je slika napravljena. Naime, proveo sam dosta vremena na stranicama za upoznavanje nedavno, zbog istraživačke prirode, naravno, i primijetio sam da oko 60 posto profilnih slika na stranicama za upoznavanje sadrže GPS koordinate gdje je slika napravljena, što je, zapravo, zastrašujuće jer ne biste dali podatke o adresi stanovanja strancima, ali rado dajemo GPS koordinate na plus ili minus 15 metara. I naši cyber-kriminalci su napravili istu stvar. Ovo je slika koja nas dovodi do St. Petersburga. Nakon toga smo postavili nevjerojatno napredni hakerski alat. Koristili smo Google. Koristeći e-adresu, broj telefona i GPS koordinate, s lijeve strane vidite oglas za BMW koji jedan od naših cyber kriminalca prodaje, na drugoj strani oglas za prodaju sphynx mačića. Jedan od ta dva je više stereotipan za mene. Još malo pretraživanja, i evo našeg cyber-kriminalca. Zamislite, to su okorjeli cyber-kriminalci koji dijele informacije na kapaljku. Zamislite što biste mogli pronašli o ljudima koji se nalaze u ovoj prostoriji. Još malo pretraživanja po profilu i evo slike njihovog ureda. Radili su na trećem katu. I, također, možete vidjeti neke slike njegovog poslovnog partnera kojemu je po ukusu posebna vrsta fotografije. Ispada da je član Ruske federacije za odrasle webmastere.
But this is where our investigation starts to slow down. The cybercriminals have locked down their profiles quite well. And herein is the greatest lesson of social media and mobile devices for all of us right now. Our friends, our families and our colleagues can break our security even when we do the right things. This is MobSoft, one of the companies that this cybercriminal gang owned, and an interesting thing about MobSoft is the 50-percent owner of this posted a job advert, and this job advert matched one of the telephone numbers from the code earlier. This woman was Maria, and Maria is the wife of one of our cybercriminals. And it's kind of like she went into her social media settings and clicked on every option imaginable to make herself really, really insecure. By the end of the investigation, where you can read the full 27-page report at that link, we had photos of the cybercriminals, even the office Christmas party when they were out on an outing. That's right, cybercriminals do have Christmas parties, as it turns out. Now you're probably wondering what happened to these guys. Let me come back to that in just a minute.
Ali ovdje naše istraživanje počinje usporavati. Cyber-kriminalci su zaključali svoje profile jako dobro. A ovo je najveća lekcija društvenih medija i mobilnih uređaja za sve nas. Naši prijatelji, naše obitelji i kolege mogu probiti našu sigurnost i kada napravimo sve pravilno. Ovo je MobSoft, jedna od tvrtki koju je ova cyber-kriminalna banda posjedovala, a zanimljiva stvar u vezi MobSofta jest da je 50-postotni vlasnik postavio oglas za posao, a taj oglas za posao je odgovarao jednom od telefonskih brojeva iz ranije prikazanog koda. Ova žena je Maria, a Maria je žena jednog od cyber-kriminalaca. I izgleda kao da je u svim postavkama na društvenim mrežama kliknula na svaku moguću opciju da joj profil bude jako, jako nesiguran. Do kraja istrage, gdje možete pročitati 27 stranica dug izvještaj na ovom linku, imali smo slike cyber-kriminalaca, čak i poslovne božićne zabave kada su bili na izlasku. Tako je, cyber-kriminalci imaju božićne zabave, prema svemu sudeći. Sigurno se pitate što se s njima dogodilo. Vratit ćemo se na to za minutu.
I want to change pace to one last little demonstration, a technique that is wonderfully simple and basic, but is interesting in exposing how much information we're all giving away, and it's relevant because it applies to us as a TED audience. This is normally when people start kind of shuffling in their pockets trying to turn their phones onto airplane mode desperately.
Želim vam samo još nešto demonstrirati,, tehniku koja je prekrasno jednostavna i bazična, ali je zanimljiva za otkrivanje koliko informacija dajemo na uvid; i važna je jer se odnosi na nas, TED-ovu publiku. Obično je ovo dio kada ljudi počnu prevrtati po džepovima u očajničkim pokušajima stavljanja postavki telefona na zrakoplovni način rada.
Many of you all know about the concept of scanning for wireless networks. You do it every time you take out your iPhone or your Blackberry and connect to something like TEDAttendees. But what you might not know is that you're also beaming out a list of networks you've previously connected to, even when you're not using wireless actively. So I ran a little scan. I was relatively inhibited compared to the cybercriminals, who wouldn't be so concerned by law, and here you can see my mobile device. Okay? So you can see a list of wireless networks. TEDAttendees, HyattLB. Where do you think I'm staying? My home network, PrettyFlyForAWifi, which I think is a great name. Sophos_Visitors, SANSEMEA, companies I work with. Loganwifi, that's in Boston. HiltonLondon. CIASurveillanceVan. We called it that at one of our conferences because we thought that would freak people out, which is quite fun. This is how geeks party.
Mnogi od vas znaju za pojam skeniniranja bežičnih mreža. Radite to svaki put kad uzmete svoj iPhone ili Blackberry i povežete se na nešto poput TEDAttendees. Ali ono što možda ne znate jest da također odašiljete popis mreža na koje ste prije bili spojeni, čak i kad ne koristite bežičnu mrežu aktivno. Napravio sam malo pretraživanje. Bio sam relativno sputan u odnosu na cyber-kriminace koji se ne bi toliko zamarali zakonom. Ovdje možete vidjeti moj mobilni uređaj. U redu? Vidite popis bežičnih mreža. TEDAttendees, HyattLB. Što mislite, gdje odsjedam? Moja mreža kod kuće, PrettyFlyForAWifi, što je, po mom mišljenju, super ime. Sophos_Visitors, SANSEMEA, tvrtke za koje radim. Loganwifi, to je u Bostonu. HiltonLondon. CIASurveillanceVan. Tako smo je nazvali na jednoj od naših konferencija jer smo mislili da će se ljudi uplašiti; što je zapravo vrlo zabavno. Tako se štreberi zabavljaju.
So let's make this a little bit more interesting. Let's talk about you. Twenty-three percent of you have been to Starbucks recently and used the wireless network. Things get more interesting. Forty-six percent of you I could link to a business, XYZ Employee network. This isn't an exact science, but it gets pretty accurate. Seven hundred and sixty-one of you I could identify a hotel you'd been to recently, absolutely with pinpoint precision somewhere on the globe. Two hundred and thirty-four of you, well, I know where you live. Your wireless network name is so unique that I was able to pinpoint it using data available openly on the Internet with no hacking or clever, clever tricks. And I should mention as well that some of you do use your names, "James Lyne's iPhone," for example. And two percent of you have a tendency to extreme profanity.
Učinimo ovo još malo zanimljivijim. Pričajmo o vama. Dvadeset i tri posto vas je bilo u Starbucksu nedavno i koristili ste njihovu bežičnu mrežu. Stvari postaju još zanimljivije. Četrdeset i šest posto vas mogao sam povezati s privredom, XYZ mreža zaposlenika. Ovo nije egzaktna znanost, ali može biti vrlo precizno. Vas 761 mogao sam povezati s hotelom u kojem ste nedavno bili, i točno locirati točkicom na karti. Za vas 234, dakle, znam gdje živite. Ime vaše bežične mreže je toliko jedinstveno da sam mogao točno locirati pomoću podataka koji su dostupni na Internetu bez hakerskih ili pametnih trikova. I trebao bih spomenuti, također, da neki od vas koriste vlastito ime, "James Lyne's iPhone", na primjer. A dva posto vas je sklono iznimnoj vulgarnosti.
So something for you to think about: As we adopt these new applications and mobile devices, as we play with these shiny new toys, how much are we trading off convenience for privacy and security? Next time you install something, look at the settings and ask yourself, "Is this information that I want to share? Would someone be able to abuse it?"
Nešto o čemu biste trebali razmisliti jest: kada prihvaćamo nove aplikacije i mobilne uređaje, i kada se igramo s tim sjajnim novim igračkama, koliko udobnosti mijenjamo za privatnosti i sigurnost? Sljedeći put kad nešto instalirate, pogledajte u postavke i zapitajte se: "Jesu li to informacije koje želim dijeliti Bi li ih netko mogao zloupotrijebiti?"
We also need to think very carefully about how we develop our future talent pool. You see, technology's changing at a staggering rate, and that 250,000 pieces of malware won't stay the same for long. There's a very concerning trend that whilst many people coming out of schools now are much more technology-savvy, they know how to use technology, fewer and fewer people are following the feeder subjects to know how that technology works under the covers. In the U.K., a 60 percent reduction since 2003, and there are similar statistics all over the world.
Moramo, također, pažljivo razmišljati o tome kako razvijamo budući bazen talenata. Vidite, tehnologija se mijenja zapanjujućom brzinom, i onih 250.000 malwarea neće ostati isti zadugo. Zabrinjavajuć je trend što, dok su mnogi ljudi koji završavaju škole tehnološki potkovani, znaju kako koristiti tehnologiju, sve je manje i manje ljudi koji prate dodatne izvore da bi shvatili kako tehnologija zapravo funkcionira. U Velikoj Britaniji smanjenje od 60 posto od 2003., a slične su statistike i diljem svijeta.
We also need to think about the legal issues in this area. The cybercriminals I talked about, despite theft of millions of dollars, actually still haven't been arrested, and at this point possibly never will. Most laws are national in their implementation, despite cybercrime conventions, where the Internet is borderless and international by definition. Countries do not agree, which makes this area exceptionally challenging from a legal perspective.
Moramo misliti i na pravna pitanje u ovom području. Cyber kriminalci o kojima sam pričao, unatoč krađi milijuna dolara, još uvijek nisu uhićeni, a možda nikad niti neće biti. Većina je zakona nacionalna u primjeni, unatoč konvencijama o cyber-kriminalu, dok je Internet bezgraničan i međunarodan prema definiciji. Države se ne slažu, što ovo područje čini iznimno izazovnim s pravne perspektive.
But my biggest ask is this: You see, you're going to leave here and you're going to see some astonishing stories in the news. You're going to read about malware doing incredible and terrifying, scary things. However, 99 percent of it works because people fail to do the basics. So my ask is this: Go online, find these simple best practices, find out how to update and patch your computer. Get a secure password. Make sure you use a different password on each of your sites and services online. Find these resources. Apply them.
No, moje najveće pitanje je sljedeće. Vidite, otići ćete odavde i vidjet ćete neke iznenađujuće priče u vijestima. Čitat ćete kako malwarei rade nevjerojatne i zastrašujuće stvari. Ipak, 99 posto toga radi jer ljudi ne znaju osnove. Stoga vas molim: idite on-line, pronađite jednostavne najbolje prakse, pronađite kako ažurirati i popraviti svoje računalo. Postavite sigurnu lozinku. Pobrinite se da koristite drugačiji lozinku za svaku vašu stranicu ili on-line servis. Pronađite te izvore. Upotrijebite ih.
The Internet is a fantastic resource for business, for political expression, for art and for learning. Help me and the security community make life much, much more difficult for cybercriminals.
Internet je izvanredan izvor informacija za posao, političko izražavanje, umjetnost i učenje. Pomozite meni i sigurnosnoj zajednici da učinimo život mnogo, mnogo težim za cyber-kriminalce.
Thank you.
Hvala.
(Applause)
(Pljesak)