I'm going to be showing some of the cybercriminals' latest and nastiest creations. So basically, please don't go and download any of the viruses that I show you.
我将向你们展示网络罪犯们的一些 最新、最邪恶的作品。 所以,请不要去下载 我将展示的病毒。
Some of you might be wondering what a cybersecurity specialist looks like, and I thought I'd give you a quick insight into my career so far. It's a pretty accurate description. This is what someone that specializes in malware and hacking looks like.
你们可能会好奇网络安全专家是什么样子的 那就让我来简要介绍一下 我迄今为止的工作经历吧。 (电脑奇客 ->苹果忠粉->Linux研究“猿”->TED演讲人) 这幅图描述得相当准确 (电脑奇客 ->苹果忠粉->Linux研究“猿”->TED演讲人) 这就是一个研究 恶意软件和黑客的人
So today, computer viruses and trojans, designed to do everything from stealing data to watching you in your webcam to the theft of billions of dollars. Some malicious code today goes as far as targeting power, utilities and infrastructure.
今天,计算机病毒和木马程序 被用来做各种事情,如盗取数据, 打开你的网络摄像头偷窥, 甚至窃取数十亿美金。 有些恶意代码甚至能 攻击能源、公共和基础设施。
Let me give you a quick snapshot of what malicious code is capable of today. Right now, every second, eight new users are joining the Internet. Today, we will see 250,000 individual new computer viruses. We will see 30,000 new infected websites. And, just to kind of tear down a myth here, lots of people think that when you get infected with a computer virus, it's because you went to a porn site. Right? Well, actually, statistically speaking, if you only visit porn sites, you're safer. People normally write that down, by the way. (Laughter) Actually, about 80 percent of these are small business websites getting infected.
让我们先迅速了解一下 如今的恶意代码有多大能耐。 现在,每秒钟就有8名新用户 加入互联网 今天,共有25万种新型计算机病毒诞生 3万个中毒网站 对了,在此澄清一个流言, 很多人认为他们的电脑之所以会感染病毒, 是因为他们访问了色情网站 对吧?但其实,据数字统计, 如果你只访问色情网站,那还更安全些。 顺便提一句,人们通常会记下这点 (笑) 事实上,80%的电脑病毒来自 受到病毒感染的商业网站。
Today's cybercriminal, what do they look like? Well, many of you have the image, don't you, of the spotty teenager sitting in a basement, hacking away for notoriety. But actually today, cybercriminals are wonderfully professional and organized. In fact, they have product adverts. You can go online and buy a hacking service to knock your business competitor offline. Check out this one I found.
如今的网络罪犯到底长什么样子? 很多人脑中会浮现出这样的画面, 一个满脸粉刺的小伙子窝在地下室里, 为了出名肆意发动黑客袭击。 但如今的网络罪犯 具有高度的专业性和组织性。 事实上,他们甚至推出了产品广告。 你可以上网购买黑客服务 拉黑你商业对手的网站。 一起来看看我找到的这条广告。
(Video) Man: So you're here for one reason, and that reason is because you need your business competitors, rivals, haters, or whatever the reason is, or who, they are to go down. Well you, my friend, you've came to the right place. If you want your business competitors to go down, well, they can. If you want your rivals to go offline, well, they will. Not only that, we are providing a short-term-to-long-term DDOS service or scheduled attack, starting five dollars per hour for small personal websites to 10 to 50 dollars per hour.
(视频)你来这里只有一个原因, 那就是 你希望打倒你的商业对手、 敌人、仇人,无论什么人、什么原因, 他们就要完蛋了 嘿,朋友,你找对地方了! 想让你的商业对手死机? 是的,他们会的。 想让你的对手掉线?好的,他们会的。 不仅如此,我们还提供短期至长期的 分布式拒绝服务(DDos)攻击和定时攻击。 攻击小型个人网站,每小时起价只需5美金 至10~50美金价格不等。
James Lyne: Now, I did actually pay one of these cybercriminals to attack my own website. Things got a bit tricky when I tried to expense it at the company. Turns out that's not cool. But regardless, it's amazing how many products and services are available now to cybercriminals. For example, this testing platform, which enables the cybercriminals to test the quality of their viruses before they release them on the world. For a small fee, they can upload it and make sure everything is good.
其实我曾经付钱 给一个这样的网络罪犯来攻击我自己的网站。 但我在向公司报销这笔费用时有点麻烦 结果不太理想。 但不管怎样,如今竟有如此多产品和服务 可为网络罪犯们提供方便。 比方说,这个测试平台 可以让网络罪犯们 在将病毒传播出去之前 测试它们的效果。 只需花少量的钱,他们就能上传病毒 检查代码是否一切正常。
But it goes further. Cybercriminals now have crime packs with business intelligence reporting dashboards to manage the distribution of their malicious code. This is the market leader in malware distribution, the Black Hole Exploit Pack, responsible for nearly one third of malware distribution in the last couple of quarters. It comes with technical installation guides, video setup routines, and get this, technical support. You can email the cybercriminals and they'll tell you how to set up your illegal hacking server.
不仅如此, 网络罪犯们现在还拥有犯罪工具包, 包括智能商业报告 来管理恶意代码的传播。 这就是流氓软件传播的市场领导者, “黑洞开发包” 在过去的半年里,近三分之一流氓软件的散播 都与其有关。 它自带安装指南, 视频设置程序, 听听这个,技术支持。 你可以给网络罪犯们发邮件,然后他们就会告诉你 如何建立你的非法黑客服务器。
So let me show you what malicious code looks like today. What I've got here is two systems, an attacker, which I've made look all Matrix-y and scary, and a victim, which you might recognize from home or work. Now normally, these would be on different sides of the planet or of the Internet, but I've put them side by side because it makes things much more interesting.
现在,我给各位展示一下今天的恶意代码如何工作。 这里有两个系统, 一个是攻击系统,我给它弄了个恐怖的矩阵形界面, 另一个是受害人系统,也就是你的家用或办公电脑。 通常来说,它们在地球或互联网的 不同两端, 但我把他们放在一起 因为这样让事情变得更有趣。
Now, there are many ways you can get infected. You will have come in contact with some of them. Maybe some of you have received an email that says something like, "Hi, I'm a Nigerian banker, and I'd like to give you 53 billion dollars because I like your face." Or funnycats.exe, which rumor has it was quite successful in China's recent campaign against America.
现在,有许多途径可使你的电脑被感染。 你们可能经历过其中的一些。 例如你们可能收到封邮件说: “嗨,我是一名尼日利亚的银行家, 我打算给你530亿美元 因为我喜欢你的长相。” 或收到 funnycats.exe (“有趣的小猫”)文件,据说 它在最近的中美网络对抗中功不可没。
Now there are many ways you can get infected. I want to show you a couple of my favorites. This is a little USB key. Now how do you get a USB key to run in a business? Well, you could try looking really cute. Awww. Or, in my case, awkward and pathetic. So imagine this scenario: I walk into one of your businesses, looking very awkward and pathetic, with a copy of my C.V. which I've covered in coffee, and I ask the receptionist to plug in this USB key and print me a new one. So let's have a look here on my victim computer. What I'm going to do is plug in the USB key. After a couple of seconds, things start to happen on the computer on their own, usually a bad sign. This would, of course, normally happen in a couple of seconds, really, really quickly, but I've kind of slowed it down so you can actually see the attack occurring. Malware is very boring otherwise. So this is writing out the malicious code, and a few seconds later, on the left-hand side, you'll see the attacker's screen get some interesting new text. Now if I place the mouse cursor over it, this is what we call a command prompt, and using this we can navigate around the computer. We can access your documents, your data. You can turn on the webcam. That can be very embarrassing. Or just to really prove a point, we can launch programs like my personal favorite, the Windows Calculator.
你会从很多渠道受到病毒攻击。 我想展示我最喜欢的几个。 这是一只小U盘 然而你怎么才能将你的U盘插到一个公司的电脑里呢? 你可以尝试卖萌。 喔~~~ 或者像我一样,装可怜。 请想象这样的情景:我可怜兮兮地走进你的公司, 手里拿着我的简历, 上面留着咖啡渍, 我请求前台人员插入我的U盘 来帮我打印一份新的简历。 让我们来看看这边受攻击的电脑。 我将要插入这只U盘。 几秒钟后, 有些东西开始在这台电脑里自动运行了, 通常这是个坏兆头。 当然,这些通常会在 几秒之内发生,非常非常快, 但我让这个过程慢了下来, 这样你就能实际看到攻击是如何发生的。 不然,恶意程序是很无聊的。 这是在写出恶意代码, 几秒后,在左侧, 你会看到攻击者的电脑屏幕上出现了一些有趣的新文本。 现在如果我把光标移过去, 就会出现一个所谓的命令提示符, 通过它,我们就可以随意操纵受害者电脑了。 我们可以访问你的文件,你的数据。 还可以打开网络摄像头。 这有点尴尬。 为了进一步证明我的观点, 我们可以启动一些程序,比如说我最喜欢的, Windows 计算器。
So isn't it amazing how much control the attackers can get with such a simple operation? Let me show you how most malware is now distributed today. What I'm going to do is open up a website that I wrote. It's a terrible website. It's got really awful graphics. And it's got a comments section here where we can submit comments to the website. Many of you will have used something a bit like this before. Unfortunately, when this was implemented, the developer was slightly inebriated and managed to forget all of the secure coding practices he had learned. So let's imagine that our attacker, called Evil Hacker just for comedy value, inserts something a little nasty. This is a script. It's code which will be interpreted on the webpage. So I'm going to submit this post, and then, on my victim computer, I'm going to open up the web browser and browse to my website, www.incrediblyhacked.com. Notice that after a couple of seconds, I get redirected. That website address at the top there, which you can just about see, microshaft.com, the browser crashes as it hits one of these exploit packs, and up pops fake antivirus. This is a virus pretending to look like antivirus software, and it will go through and it will scan the system, have a look at what its popping up here. It creates some very serious alerts. Oh look, a child porn proxy server. We really should clean that up. What's really insulting about this is not only does it provide the attackers with access to your data, but when the scan finishes, they tell you in order to clean up the fake viruses, you have to register the product. Now I liked it better when viruses were free. (Laughter) People now pay cybercriminals money to run viruses, which I find utterly bizarre.
这难道不令人惊讶吗? 一个简单操作竟可让攻击者尽在掌控。 请让我展示一下今天的恶意程序 是如何传播的。 我要打开一个 我自己编的网站。 这是一个糟糕的网站,页面很丑。 这里有一个留言板 我们可以在此提交评论。 你们以前可能用过类似的东西。 可惜,当评论提交成功后, 开发者就会有些自我陶醉, 以至于忘记了 他接受过的所有的安全编程训练。 想象一下,我们的攻击系统, 为了好玩,就叫它“邪恶黑客”吧, 它嵌入了一些有点邪恶的东西。 这是一个脚本。 它是一段可通过网页读取的代码。 下面我将发出这条讯息, 然后,在我的受害电脑上, 我要打开网页浏览器, 浏览我的网站, www.incrediblyhacked.com. 请注意,几秒钟后, 页面跳转了, 你马上就能看到, 屏幕上方的网址是:microshaft.com 浏览器读取了某个开发包而崩溃 并弹出了假冒的杀毒软件提示。 其实这是病毒伪装成了杀毒软件, 它将开始运行,并扫面你的系统。 看一下这里弹出来了什么。 它制造了一些严重警告, 快看,一个儿童色情代理服务器。 我们应该彻底清除它。 最不能忍受的是, 它不仅能让黑客获取你的数据, 在扫描完成后,它还会通知你 为彻底杀掉假病毒, 你必须要注册此产品。 现在我不得不说,我更喜欢病毒免费的日子。 (笑) 现在的人们付钱给网络罪犯们 让他们运行病毒程序。 对此我完全无法理解。
So anyway, let me change pace a little bit. Chasing 250,000 pieces of malware a day is a massive challenge, and those numbers are only growing directly in proportion to the length of my stress line, you'll note here. So I want to talk to you briefly about a group of hackers we tracked for a year and actually found -- and this is a rare treat in our job. Now this was a cross-industry collaboration, people from Facebook, independent researchers, guys from Sophos. So here we have a couple of documents which our cybercriminals had uploaded to a cloud service, kind of like Dropbox or SkyDrive, like many of you might use. At the top, you'll notice a section of source code. What this would do is send the cybercriminals a text message every day telling them how much money they'd made that day, so a kind of cybercriminal billings report, if you will. If you look closely, you'll notice a series of what are Russian telephone numbers. Now that's obviously interesting, because that gives us a way of finding our cybercriminals. Down below, highlighted in red, in the other section of source code, is this bit "leded:leded." That's a username, kind of like you might have on Twitter.
不管怎样,让我变换一下节奏, 每天追踪25万种恶意程序 实在是很大的挑战, 而数字仍在上升, 你可以看到,这和我皱纹的长度成正比。 所以我想很快地介绍一下 我们追踪了一年的一个黑客团体, 事实上,我们已经找到了他们, 这是我们的工作中少有的成果。 现在,追踪黑客已成为一项跨界合作, Fackbook网友、独立研究者、 Sophos防毒软件专家等均在其中。 这里有一些文件, 是网络罪犯们上传到 Dropbox或SkyDrive一类云服务器中的。 就像你们使用的方法一样。 在文件上方能看到一段源代码 它的作用是每天发给网络罪犯们 一条讯息,告诉他们 每天的收入 你也可以把它看做网络罪犯们的对账单。 如果你仔细看,就会发现一连串的 俄罗斯电话号码。 这就很有趣了, 因为这就为我们的追踪提供了一条线索。 下方,红色显示的, 另一段源代码, 这里写道:“leded:leded.” 这个是用户名, 有点类似于你在推特上用的。
So let's take this a little further. There are a few other interesting pieces the cybercriminals had uploaded. Lots of you here will use smartphones to take photos and post them from the conference. An interesting feature of lots of modern smartphones is that when you take a photo, it embeds GPS data about where that photo was taken. In fact, I've been spending a lot of time on Internet dating sites recently, obviously for research purposes, and I've noticed that about 60 percent of the profile pictures on Internet dating sites contain the GPS coordinates of where the photo was taken, which is kind of scary because you wouldn't give out your home address to lots of strangers, but we're happy to give away our GPS coordinates to plus or minus 15 meters. And our cybercriminals had done the same thing. So here's a photo which resolves to St. Petersburg. We then deploy the incredibly advanced hacking tool. We used Google. Using the email address, the telephone number and the GPS data, on the left you see an advert for a BMW that one of our cybercriminals is selling, on the other side an advert for the sale of sphynx kittens. One of these was more stereotypical for me. A little more searching, and here's our cybercriminal. Imagine, these are hardened cybercriminals sharing information scarcely. Imagine what you could find about each of the people in this room. A bit more searching through the profile and there's a photo of their office. They were working on the third floor. And you can also see some photos from his business companion where he has a taste in a certain kind of image. It turns out he's a member of the Russian Adult Webmasters Federation.
让我们再进一步了解一下 网络罪犯们还上传了 一些其他的有意思的东西。 你们当中有很多人会在开会时, 用智能手机拍照并上传。 很多现代智能手机都有一个有趣的特点, 就是当你拍了一张照片时, 它都会自动嵌入GPS数据以显示照片的拍摄位置。 事实上,最近,我在交友网站上 花费了很多时间, 当然,我是为了做研究。 我注意到,在交友网站上 约有60%的头像照片 包含了照片的GPS定位信息。 这有点恐怖, 因为你肯定不愿意把你的家庭住址 告诉陌生人, 但是我们愿意将自己的GPS坐标 公布给你周围15米左右人, 我们的网络罪犯们也做了同样的事情。 这里有一张拍摄于圣彼得堡的照片。 我们随后部署了非常先进的黑客工具, 也就是谷歌。 利用电子邮件地址,电话号码 和GPS数据,在左侧,你可以看到一则 网络罪犯正在出售的宝马车广告, 另一侧广告在出售一只斯芬克斯小猫。 对于我来讲,其中一则更常见。 经过进一步调查,这位网络罪犯浮出水面。 别忘了,这是些顽固的网络罪犯, 几乎从不分享他们的信息。 想象一下你能从中发现 这间房中每个人的哪些信息。 透过个人资料进一步搜寻, 找到了一张他办公室的照片。 他的办公室在三楼, 还有一些照片, 来自于他的工作伙伴, 看来他对某一类照片情有独钟。 结果发现,他是“俄罗斯成人网络管理联盟”成员。
But this is where our investigation starts to slow down. The cybercriminals have locked down their profiles quite well. And herein is the greatest lesson of social media and mobile devices for all of us right now. Our friends, our families and our colleagues can break our security even when we do the right things. This is MobSoft, one of the companies that this cybercriminal gang owned, and an interesting thing about MobSoft is the 50-percent owner of this posted a job advert, and this job advert matched one of the telephone numbers from the code earlier. This woman was Maria, and Maria is the wife of one of our cybercriminals. And it's kind of like she went into her social media settings and clicked on every option imaginable to make herself really, really insecure. By the end of the investigation, where you can read the full 27-page report at that link, we had photos of the cybercriminals, even the office Christmas party when they were out on an outing. That's right, cybercriminals do have Christmas parties, as it turns out. Now you're probably wondering what happened to these guys. Let me come back to that in just a minute.
但随后,我们的调查开始进展缓慢。 网络罪犯们完全锁住了他们的资料。 接下来,就是我们在使用 社交媒体和手机时最大的教训: 即使我们没有做任何事, 我们的朋友,家人和同事也可能破坏我们的安全。 Mob Soft是这群网络罪犯 拥有的公司之一, 有趣的是,Mob Soft公司 50%的所有者 上传过一则招聘广告, 这则广告显示的联系电话,刚好在 之前的代码里出现过。 这位女士叫玛利亚, 她是一名网络罪犯的妻子。 她似乎在自己的社交网页设置中, 开放了所有你能想象的选项, 这时她的网络状态非常不安全。 在调查的最后, 你能够通过链接阅读整整27页的报告, 我们拥有了网络罪犯的照片, 甚至他们他们在圣诞派对上 在户外拍摄的照片 你没听错,网络罪犯也会举办 圣诞节派对。 现在,你会问他们到底是怎么回事。 我们回头再说这个。
I want to change pace to one last little demonstration, a technique that is wonderfully simple and basic, but is interesting in exposing how much information we're all giving away, and it's relevant because it applies to us as a TED audience. This is normally when people start kind of shuffling in their pockets trying to turn their phones onto airplane mode desperately.
现在我想做最后一次展示, 这是一个非常简单、基本的技巧 但它将生动地告诉我们究竟有多少个人信息 我们正在泄漏出去, 而且这和每位在座的TED观众有关。 听到这,人们通常赶紧把手伸进口袋 试图把手机调成飞行模式。
Many of you all know about the concept of scanning for wireless networks. You do it every time you take out your iPhone or your Blackberry and connect to something like TEDAttendees. But what you might not know is that you're also beaming out a list of networks you've previously connected to, even when you're not using wireless actively. So I ran a little scan. I was relatively inhibited compared to the cybercriminals, who wouldn't be so concerned by law, and here you can see my mobile device. Okay? So you can see a list of wireless networks. TEDAttendees, HyattLB. Where do you think I'm staying? My home network, PrettyFlyForAWifi, which I think is a great name. Sophos_Visitors, SANSEMEA, companies I work with. Loganwifi, that's in Boston. HiltonLondon. CIASurveillanceVan. We called it that at one of our conferences because we thought that would freak people out, which is quite fun. This is how geeks party.
你们基本都会用 搜索无线网络的功能。 每当你拿出苹果或者黑莓手机时,你都会搜索 并连接类似于“TED出席者”名称的网络。 但是你可能不知道, 你同时也发出了一连串 之前连接过的网络信息, 就算你并不经常使用无线网络。 所以我稍微扫描了一下。 比起不法分子, 我更加节制一些。 这里,你能看到我的移动设备。 看到了吗?你能看到一串无线网络列表。 有TEDAttendees,HyattLB等。你知道我住在哪儿了吗? 这是我家的网络,PrettyFlyForAWifi(找网络的小苍蝇), 我觉得名字起得不错。 Sophos_Visitors, SANSEMEA.这是我的工作网络。 Loganwifi,这是在波士顿,HiltonLondon(伦敦希尔顿) 还有CIA SurveillanceVan(CIA 监控车). 这是我们在会议上起的名字, 因为我们觉得它挺唬人的, 很好玩。 这就是网络奇客们的娱乐方式。
So let's make this a little bit more interesting. Let's talk about you. Twenty-three percent of you have been to Starbucks recently and used the wireless network. Things get more interesting. Forty-six percent of you I could link to a business, XYZ Employee network. This isn't an exact science, but it gets pretty accurate. Seven hundred and sixty-one of you I could identify a hotel you'd been to recently, absolutely with pinpoint precision somewhere on the globe. Two hundred and thirty-four of you, well, I know where you live. Your wireless network name is so unique that I was able to pinpoint it using data available openly on the Internet with no hacking or clever, clever tricks. And I should mention as well that some of you do use your names, "James Lyne's iPhone," for example. And two percent of you have a tendency to extreme profanity.
让我们把事情变得更有趣些。 说说你们吧。 在座有23%的人最近去过星巴克 并用了那里的无线网络。 越来越有意思了。 你们当中,有46%的人连接过 叫做 “某某某雇员”的公司网络。 这并不算科学验算,但是它准确率很高。 我能说出你们当中761个人最近去过的酒店。 并且可以准确定位。 我知道在场234个人的家庭住址。 你们的无线网络名称太独特了, 因此我能准确定位。 我不需要黑客技术或聪明的技巧, 只需网络上公开可得的数据就可以办到。 我还要提一下, 有些人用自己的名字命名网络, 比如说“詹姆士·莱恩的苹果手机”。 还有2%的人用了不雅的名称。
So something for you to think about: As we adopt these new applications and mobile devices, as we play with these shiny new toys, how much are we trading off convenience for privacy and security? Next time you install something, look at the settings and ask yourself, "Is this information that I want to share? Would someone be able to abuse it?"
因此我们要思考一下: 当我们使用新的应用和移动设备时, 当我们把玩这些亮闪闪的新玩具时, 为了方便,我们交换出了多少 隐私和安全? 下次当你安装东西时, 看一下设置,同时问问自己, “ 这些信息是我愿意分享的吗? 它们是否会被人滥用?”
We also need to think very carefully about how we develop our future talent pool. You see, technology's changing at a staggering rate, and that 250,000 pieces of malware won't stay the same for long. There's a very concerning trend that whilst many people coming out of schools now are much more technology-savvy, they know how to use technology, fewer and fewer people are following the feeder subjects to know how that technology works under the covers. In the U.K., a 60 percent reduction since 2003, and there are similar statistics all over the world.
我们还要非常仔细地想一下, 我们如何建设未来的人才库。 想想看,科技发展日新月异, 那25万种恶意软件 不会一成不变。 还有一个令人堪忧的趋势, 就是现在很多毕业生 科技水平很高,他们知道如何应用科技, 但越来越少的人关注编程课题 去了解科技背后的运行方式。 在英国,2003年以来,IT成绩优异的学生减少了60%, 全世界皆是如此。
We also need to think about the legal issues in this area. The cybercriminals I talked about, despite theft of millions of dollars, actually still haven't been arrested, and at this point possibly never will. Most laws are national in their implementation, despite cybercrime conventions, where the Internet is borderless and international by definition. Countries do not agree, which makes this area exceptionally challenging from a legal perspective.
我们还要考虑这一领域中的法律问题。 我提到过的网络罪犯, 尽管盗取了数百万美元, 事实上仍然逍遥法外, 目前看来,很难让他们落网。 虽然有打击网络犯罪的国际公约, 大部分法律却在国家层面执行, 而网络实际上就是无国界、全球性的。 国家间无法达成协议,使得这一领域 在法律层面上充满挑战。
But my biggest ask is this: You see, you're going to leave here and you're going to see some astonishing stories in the news. You're going to read about malware doing incredible and terrifying, scary things. However, 99 percent of it works because people fail to do the basics. So my ask is this: Go online, find these simple best practices, find out how to update and patch your computer. Get a secure password. Make sure you use a different password on each of your sites and services online. Find these resources. Apply them.
但是,我今天最大的请求是: 你们即将离开这里, 今后会在新闻里看到一些惊人的消息。 你们会读到关于恶意软件所做的 无法想象的恐怖行为。 然而,其中的99%能够生效 是因为人们没能做到最基本的事情。 所以我的请求是:上网, 找到这些简单且有效的方法, 找出如何更新并修补你的电脑。 设置一个安全的密码, 确定在每个网站和在线服务中 使用不同的密码。 找到并应用这些资源。
The Internet is a fantastic resource for business, for political expression, for art and for learning. Help me and the security community make life much, much more difficult for cybercriminals.
互联网无论对于经济、政治、 艺术或学习, 都是极好的资源。 帮助我和网络安全人员 让网络罪犯更加 难以生存。
Thank you.
谢谢。
(Applause)
(掌声)