Four years ago, a security researcher, or, as most people would call it, a hacker, found a way to literally make ATMs throw money at him. His name was Barnaby Jack, and this technique was later called "jackpotting" in his honor.
Prije četiri godine jedan istraživač sigurnosti ili, kako bi ga većina nazvala, haker smislio je kako doslovno natjerati bankomate da ga obaspu novcem. Njegovo ime bilo je Barnaby Jack, i ta metoda je kasnije nazvana "jackpotting" u njegovu čast.
I'm here today because I think we actually need hackers. Barnaby Jack could have easily turned into a career criminal or James Bond villain with his knowledge, but he chose to show the world his research instead. He believed that sometimes you have to demo a threat to spark a solution. And I feel the same way. That's why I'm here today.
Ja sam danas ovdje jer mislim da mi zaista trebamo hakere. Barnaby Jack je sa svojim znanjem mogao lako postati kriminalac od karijere ili lopov poput onih iz filmova o Jamesu Bondu no on je odabrao da umjesto toga svijetu pokaže svoje istraživanje. Vjerovao je da ponekad treba demonstrirati prijetnju da se zapali iskra rješenja. I ja osjećam jednako. Zbog toga sam danas ovdje.
We are often terrified and fascinated by the power hackers now have. They scare us. But the choices they make have dramatic outcomes that influence us all. So I am here today because I think we need hackers, and in fact, they just might be the immune system for the information age. Sometimes they make us sick, but they also find those hidden threats in our world, and they make us fix it.
Mi smo često užasnuti i fascinirani snagom koju danas imaju hakeri. Oni nas plaše. No izbori koje oni čine imaju dramatične posljedice koje utječu na sve nas. Dakle ja sam danas ovdje jer mislim da trebamo hakere, i zapravo, možda bi baš oni mogli biti imunosni sustav za informacijsko doba. Ponekad se od njih razbolimo, no oni također pronalaze one skrivene prijetnje u našem svijetu, i tjeraju nas da ih sredimo.
I knew that I might get hacked for giving this talk, so let me save you the effort. In true TED fashion, here is my most embarrassing picture. But it would be difficult for you to find me in it, because I'm the one who looks like a boy standing to the side. I was such a nerd back then that even the boys on the Dungeons and Dragons team wouldn't let me join. This is who I was, but this is who I wanted to be: Angelina Jolie. She portrayed Acid Burn in the '95 film "Hackers." She was pretty and she could rollerblade, but being a hacker, that made her powerful. And I wanted to be just like her, so I started spending a lot of time on hacker chat rooms and online forums. I remember one late night I found a bit of PHP code. I didn't really know what it did, but I copy-pasted it and used it anyway to get into a password-protected site like that. Open Sesame. It was a simple trick, and I was just a script kiddie back then, but to me, that trick, it felt like this, like I had discovered limitless potential at my fingertips. This is the rush of power that hackers feel. It's geeks just like me discovering they have access to superpower, one that requires the skill and tenacity of their intellect, but thankfully no radioactive spiders.
Znala sam da bih mogla biti hakirana zbog ovog govora pa mi dopustite da vam uštedim trud. U pravom TED stilu, ovdje je moja najsramotnija slika. No bilo bi vam teško da me na njoj nađete, zato jer sam ja ona koja izgleda kao dječak stojeći po strani. U to doba bila sam takva štreberica da mi čak ni dečki iz tima Dungeons and Dragons ne bi dali da im se pridružim. Takva sam bila, a ovakva sam željela biti: Angelina Jolie. Ona je glumila Acid Burn u filmu "Hakeri" iz 95. Bila je zgodna i znala se rolati, no to što je bila hakerica činilo ju je moćnom. I ja sam željela biti baš poput nje, pa sam počela mnogo vremena provoditi na chat grupama hakera i online forumima. Sjećam se kako sam kasno jedne noći pronašla komadić PHP koda. Nisam zapravo znala što je radio ali sam ga ipak kopirala i iskoristila da uđem na stranicu zaštićenu lozinkom kao što je ova. Sezame otvori se. Bio je to jednostavan trik, a ja sam u to vrijeme bila samo jedno dijete sa skriptom, ali za mene, taj je trik imao ovakvo značenje, kao da sam otkrila bezgranični potencijal nadohvat ruke. To je ta navala moći koju osjećaju hakeri. Upravo geekovi poput mene otkrivaju da imaju pristup do supermoći, takve koja zahtijeva vještinu i žilavost njihovog intelekta, no srećom bez radioaktivnih pauka.
But with great power comes great responsibility, and you all like to think that if we had such powers, we would only use them for good. But what if you could read your ex's emails, or add a couple zeros to your bank account. What would you do then? Indeed, many hackers do not resist those temptations, and so they are responsible in one way or another to billions of dollars lost each year to fraud, malware or plain old identity theft, which is a serious issue. But there are other hackers, hackers who just like to break things, and it is precisely those hackers that can find the weaker elements in our world and make us fix it.
No s velikom moći dolazi i velika odgovornost, a svi vi želite vjerovati da ako bismo imalu takvu moć, koristili bismo je samo za dobre stvari. No što kad biste mogli čitati mailove svog bivšeg, ili dodati nekoliko nula na svoj bankovni račun. Što biste tada učinili? Uistinu, mnogo hakera ne odolijeva ovim iskušenjima, i zato su u svakom slučaju odgovorni za milijarde dolara koji se gube svake godine zbog prijevare, zlonamjernog softvera ili obične stare krađe identiteta, što je ozbiljan problem. No postoje i drugi hakeri, hakeri koji samo uživaju rastavljati stvari, i upravo su ti hakeri oni koji mogu naći slabe točke u našem svijetu i natjerati nas da ih popravimo.
This is what happened last year when another security researcher called Kyle Lovett discovered a gaping hole in the design of certain wireless routers like you might have in your home or office. He learned that anyone could remotely connect to these devices over the Internet and download documents from hard drives attached to those routers, no password needed. He reported it to the company, of course, but they ignored his report. Perhaps they thought universal access was a feature, not a bug, until two months ago when a group of hackers used it to get into people's files. But they didn't steal anything. They left a note: Your router and your documents can be accessed by anyone in the world. Here's what you should do to fix it. We hope we helped. By getting into people's files like that, yeah, they broke the law, but they also forced that company to fix their product.
Ovo se dogodilo prošle godine kada je jedan drugi istraživač sigurnosti pod imenom Kyle Lovett otkrio zjapeću rupu u dizajnu određenih bežičnih usmjerivača kakve možda i vi imate kod svoje kuće ili u uredu. Ustanovio je da bi se svatko mogao daljinski spojiti na te uređaje preko Interneta i preuzeti dokumente sa tvrdih diskova koji su spojeni na te usmjerivače, bez potrebe za lozinkom. Prijavio je to kompaniji, naravno, ali oni su ignorirali njegovu prijavu. Možda su mislili da je univerzalni pristup odlika, a ne greška, do prije dva mjeseca kada je grupa hakera to iskoristila da bi ljudima ušla u datoteke. No ništa nisu ukrali. Ostavili su poruku: Vašem usmjerivaču i vašim dokumentima može pristupiti bilo tko na svijetu. Ovo morate napraviti da biste to popravili. Nadamo se da smo pomogli. Ulazeći na taj način u tuđe datoteke, da, prekršili su zakon, no također su natjerali kompaniju da popravi svoj proizvod.
Making vulnerabilities known to the public is a practice called full disclosure in the hacker community, and it is controversial, but it does make me think of how hackers have an evolving effect on technologies we use every day. This is what Khalil did. Khalil is a Palestinian hacker from the West Bank, and he found a serious privacy flaw on Facebook which he attempted to report through the company's bug bounty program. These are usually great arrangements for companies to reward hackers disclosing vulnerabilities they find in their code. Unfortunately, due to some miscommunications, his report was not acknowledged. Frustrated with the exchange, he took to use his own discovery to post on Mark Zuckerberg's wall. This got their attention, all right, and they fixed the bug, but because he hadn't reported it properly, he was denied the bounty usually paid out for such discoveries. Thankfully for Khalil, a group of hackers were watching out for him. In fact, they raised more than 13,000 dollars to reward him for this discovery, raising a vital discussion in the technology industry about how we come up with incentives for hackers to do the right thing. But I think there's a greater story here still. Even companies founded by hackers, like Facebook was, still have a complicated relationship when it comes to hackers. And so for more conservative organizations, it is going to take time and adapting in order to embrace hacker culture and the creative chaos that it brings with it. But I think it's worth the effort, because the alternative, to blindly fight all hackers, is to go against the power you cannot control at the cost of stifling innovation and regulating knowledge. These are things that will come back and bite you.
Javno otkrivanje ranjivosti praksa je koja se naziva potpuno raskrinkavanje u hakerskoj zajednici, i ona jest kontraverzna, ali me navodi na razmišljanje kako hakeri imaju evoluirajući utjecaj na tehnologije koje koristimo svaki dan. Upravo je to učinio Khalil. Khalil je palestinski haker sa Zapadne obale, i on je otkrio ozbiljan nedostatak u zaštiti privatnosti na Facebooku koji je pokušao prijaviti preko bug bounty programa te kompanije. To su obično odlični aranžmani kojima kompanije nagrađuju hakere za otkrivanje ranjivosti koje nađu u njihovom kodu. Nažalost, uslijed greške u komunikaciji, njegova prijava nije bila priznata. Frustriran tom prepiskom, on je odlučio vlastito otkriće objaviti na zidu Marka Zuckerberga. E, to im je zaista privuklo pažnju, i ispravili su grešku, no zato što ju nije pravilno prijavio, uskratili su mu poklon koji se obično isplaćuje za takva otkrića. Na Khalilovu sreću, grupa hakera je pazila na njega. U stvari, prikupili su više od 13,000 dolara kako bi ga nagradili za ovo otkriće, potaknuvši vitalnu diskusiju u tehnološkoj industriji o tome kako potičemo hakere da rade ispravne stvari. No ja mislim da se tu krije još jedna veća priča. Čak i kompanije koje su osnovali hakeri, poput Facebooka, još uvijek imaju kompliciran odnos kada se radi o hakerima. Isto tako za konzervativnije organizacije trebat će vremena i prilagodbe da prihvate hakersku kulturu i kreativni kaos koji ona sa sobom donosi. No ja mislim da je to vrijedno truda, jer alternativa, slijepa borba protiv svih hakera, znači ići protiv snage koju ne možete kontrolirati po cijenu gušenja inovacija i regulacije znanja. To su stvari koje se mogu okrenuti protiv vas.
It is even more true if we go after hackers that are willing to risk their own freedom for ideals like the freedom of the web, especially in times like this, like today even, as governments and corporates fight to control the Internet. I find it astounding that someone from the shadowy corners of cyberspace can become its voice of opposition, its last line of defense even, perhaps someone like Anonymous, the leading brand of global hacktivism. This universal hacker movement needs no introduction today, but six years ago they were not much more than an Internet subculture dedicated to sharing silly pictures of funny cats and Internet trolling campaigns. Their moment of transformation was in early 2008 when the Church of Scientology attempted to remove certain leaked videos from appearing on certain websites. This is when Anonymous was forged out of the seemingly random collection of Internet dwellers. It turns out, the Internet doesn't like it when you try to remove things from it, and it will react with cyberattacks and elaborate pranks and with a series of organized protests all around the world, from my hometown of Tel Aviv to Adelaide, Australia. This proved that Anonymous and this idea can rally the masses from the keyboards to the streets, and it laid the foundations for dozens of future operations against perceived injustices to their online and offline world. Since then, they've gone after many targets. They've uncovered corruption, abuse. They've hacked popes and politicians, and I think their effect is larger than simple denial of service attacks that take down websites or even leak sensitive documents. I think that, like Robin Hood, they are in the business of redistribution, but what they are after isn't your money. It's not your documents. It's your attention. They grab the spotlight for causes they support, forcing us to take note, acting as a global magnifying glass for issues that we are not as aware of but perhaps we should be. They have been called many names from criminals to terrorists, and I cannot justify their illegal means, but the ideas they fight for are ones that matter to us all. The reality is, hackers can do a lot more than break things. They can bring people together.
Još više to vrijedi ako proganjamo hakere koji su voljni riskirati vlastitu slobodu za ideale poput slobode weba, posebno u vremenima kao što je današnje kada se vlade i korporacije bore za kontrolu Interneta. Mene zapanjuje da netko iz mračnih zakutaka cyber-prostora može postati glas opozicije, ili čak zadnja linija obrane, možda netko poput Anonymousa, vodećeg brenda u globalnom haktivizmu. Taj univerzalni hakerski pokret danas ne treba predstavljati, ali prije šest godina oni nisu bili puno više od jedne internetske subkulture posvećene razmjeni luckastih slika smiješnih mačaka i internetskih trolovskih kampanja. Trenutak transformacije dogodio se početkom 2008. kada je Scientološka crkva pokušala ukloniti određene video snimke koje su procurili na određenim web stranicama. Tada se Anonymous oblikovao iz naoko slučajne kolekcije Internetskih građana. Pokazalo se da Internet ne voli kada pokušavate sa njega ukloniti stvari i reagirat će cyber-napadima i dobro smišljenim podvalama i nizom organiziranih protesta širom svijeta, od mog rodnog grada Tel Aviva do Adelaide u Australiji. To je bio dokaz da Anonymousi i njihova ideja mogu povesti mase od tipkovnica na ulice i to je udarilo temelje za tucet budućih operacija protiv uočenih nepravdi prema njihovom online i offline svijetu. Od tada su mnogi bili njihove mete. Razotkrili su korupciju, zlostavljanje. Hakirali su pape i političare, i ja mislim da je njihov učinak veći od jednostavnih napada poput uskraćivanja usluga što uzrokuje rušenje web stranica ili čak curenje osjetljivih dokumenata. Ja mislim da se oni, poput Robina Hooda, bave redistribucijom, no njihov cilj nije vaš novac. Nisu ni vaši dokumenti. To je vaša pažnja. Oni žele biti u centru pažnje zbog ideja koje zastupaju prisiljavajući nas da obratimo pažnju, djelujući poput globalnog povećala za sporna pitanja kojih mi nismo svjesni a možda bismo trebali biti. Nazivaju ih raznim imenima od kriminalci do teroristi, i ja ne mogu opravdati njihove ilegalne metode, ali ideje za koje se bore važne su za sve nas. Istina je da hakeri mogu učiniti puno više od rastavljanja stvari. Oni mogu okupiti ljude.
And if the Internet doesn't like it when you try to remove things from it, just watch what happens when you try to shut the Internet down. This took place in Egypt in January 2011, and as President Hosni Mubarak attempted a desperate move to quash the rising revolution on the streets of Cairo, he sent his personal troops down to Egypt's Internet service providers and had them physically kill the switch on the country's connection to the world overnight. For a government to do a thing like that was unprecedented, and for hackers, it made it personal. Hackers like the Telecomix group were already active on the ground, helping Egyptians bypass censorship using clever workarounds like Morse code and ham radio. It was high season for low tech, which the government couldn't block, but when the Net went completely down, Telecomix brought in the big guns. They found European service providers that still had 20-year-old analog dial-up access infrastructure. They opened up 300 of those lines for Egyptians to use, serving slow but sweet Internet connection for Egyptians. This worked. It worked so well, in fact, one guy even used it to download an episode of "How I Met Your Mother." But while Egypt's future is still uncertain, when the same thing happened in Syria just one year later, Telecomix were prepared with those Internet lines, and Anonymous, they were perhaps the first international group to officially denounce the actions of the Syrian military by defacing their website.
A, ako Internet to ne voli kada želite ukloniti stvari s njega, samo gledajte što se događa kada pokušate ugasiti Internet. Ovo se dogodilo u Egiptu u siječnju 2011., kada je predsjednik Hosni Mubarak očajnički pokušavao ugušiti revoluciju na ulicama Kaira poslao je svoje osobne trupe na davatelje internetskih usluga u Egiptu i prisilio ih da fizički okrenu prekidač i preko noći ugase vezu zemlje sa svijetom. Za jednu vladu, učiniti takvu stvar bilo je bez presedana, a hakeri su to shvatili osobno. Hakeri poput Telecomix grupe već su bili aktivni na tom području, pomažući Egipćanima da izbjegnu cenzuru koristeći pametne zaobilaznice poput Morzeovog koda i amaterskih radiostanica. Bio je to vrhunac sezone za jednostavnu tehnologiju koju vlada nije mogla blokirati no kada je Net bio potpuno ugašen, Telecomix je doveo tešku artiljeriju. Pronašli su europske davatelje internetskih usluga koji su još uvijek imali 20 godina staru analognu infrastrukturu za pristup preko telefonskih linija. Otvorili su 300 takvih linija za korištenje Egipćanima, koje su omogućavale sporu, ali slatku internetsku vezu za Egipćane. To je radilo. Radilo je tako dobro, u stvari, jedan momak je čak uspio skinuti epizodu serije "Kako sam upoznao tvoju majku." No dok je budućnost Egipta još uvijek nesigurna, kada se ista stvar dogodila u Siriji samo godinu dana kasnije, Telecomix je bio spreman s tim internetskim linijama, a Anonymusi, oni su vjerojatno bili prva međunarodna grupa koja je službeno obznanila akcije sirijske vojske šarajaći po njihovom websiteu.
But with this sort of power, it really depends on where you stand, because one man's hero can be another's villain, and so the Syrian Electronic Army is a pro-Assad group of hackers who support his contentious regime. They've taken down multiple high-profile targets in the past few years, including the Associated Press's Twitter account, in which they posted a message about an attack on the White House injuring President Obama. This tweet was fake, of course, but the resulting drop in the Dow Jones index that day was most certainly not, and a lot of people lost a lot of money.
No, s takvom vrstom moći, stvarno ovisi na čijoj ste strani, jer nečiji heroj može biti nitkov za drugoga, pa je tako Sirijska elektronska armija grupa hakera na strani Assada koja podržava njegov sporni režim. Oni su srušili brojne istaknute mete u zadnjih nekoliko godina, uključujući Twitter account Associated Pressa, na kojem su objavili poruku o napadu na Bijelu kuću u kojem je ranjen predsjednik Obama. Taj tweet je bio lažan, naravno, ali posljedični pad Dow Jones indeksa toga dana, sigurno nije, i mnogo ljudi je izgubilo gomilu novca.
This sort of thing is happening all over the world right now. In conflicts from the Crimean Peninsula to Latin America, from Europe to the United States, hackers are a force for social, political and military influence. As individuals or in groups, volunteers or military conflicts, there are hackers everywhere. They come from all walks of life, ethnicities, ideologies and genders, I might add. They are now shaping the world's stage. Hackers represent an exceptional force for change in the 21st century. This is because access to information is a critical currency of power, one which governments would like to control, a thing they attempt to do by setting up all-you-can-eat surveillance programs, a thing they need hackers for, by the way. And so the establishment has long had a love-hate relationship when it comes to hackers, because the same people who demonize hacking also utilize it at large.
Ovakve stvari događaju se danas diljem svijeta. U sukobima od Krimskog poluotoka do Latinske Amerike, od Europe do Sjedinjenih država, hakeri su sila društvenog, političkog i vojnog utjecaja. Kao pojedinci ili u grupama, volonteri ili vojni povjerenici, hakeri su posvuda. Oni dolaze iz svih slojeva društva, etniciteta, ideologija i rodova, mogla bih dodati. Oni danas oblikuju svjetsku pozornicu. Hakeri predstavljaju izuzetnu snagu za promjenu u 21. stoljeću. To je zbog toga jer je pristup informacijama kritična valuta moći, ona koju bi vlade željele kontrolirati, stvar koju pokušavaju uz pomoć bogate ponude programa za nadzor, stvar za koju su im potrebni hakeri, usput budi rečeno. I tako je ustanova odavno imala odnos ljubavi i mržnje što se tiče hakera, zato jer isti oni ljudi koji demoniziraju hakiranje također ga koriste, naveliko.
Two years ago, I saw General Keith Alexander. He's the NSA director and U.S. cyber commander, but instead of his four star general uniform, he was wearing jeans and a t-shirt. This was at DEF CON, the world's largest hacker conference. Perhaps like me, General Alexander didn't see 12,000 criminals that day in Vegas. I think he saw untapped potential. In fact, he was there to give a hiring pitch. "In this room right here," he said, "is the talent our nation needs." Well, hackers in the back row replied, "Then stop arresting us." (Applause)
Prije dvije godine, vidjela sam generala Keitha Alexandera. On je direktor NSA i U.S. cyber zapovjednik, ali umjesto svoje uniforme sa četiri zvjezdice nosio je traperice i majcu. Bilo je to na DEF CON-u, najvećoj svjetskoj konferenciji hakera. Možda kao i ja, general Alexander nije vidio 12,000 kriminalaca toga dana u Las Vegasu. Ja mislim da je vidio neiskorišteni potencijal. U stvari, on je tamo bio radi vrbovanja novih radnika. "Upravo ovdje u ovoj sobi," rekao je, "nalazi se talent koji naša nacija treba." Hakeri u zadnjem redu su mu odgovorili, "Onda nas prestanite hapsiti." (Pljesak)
Indeed, for years, hackers have been on the wrong side of the fence, but in light of what we know now, who is more watchful of our online world? The rules of the game are not that clear anymore, but hackers are perhaps the only ones still capable of challenging overreaching governments and data-hoarding corporates on their own playing field. To me, that represents hope.
Uistinu, godinama su hakeri bili na krivoj strani ograde, no u svijetlu onoga što danas znamo tko više od njih budno pazi na naš online svijet? Pravila igre više nisu tako jasna, no hakeri su možda jedini još uvijek u stanju izazivati svemoćne vlade i korporacije koje tajno gomilaju podatke, na njihovom vlastitom terenu. Za mene to predstavlja nadu.
For the past three decades, hackers have done a lot of things, but they have also impacted civil liberties, innovation and Internet freedom, so I think it's time we take a good look at how we choose to portray them, because if we keep expecting them to be the bad guys, how can they be the heroes too? My years in the hacker world have made me realize both the problem and the beauty about hackers: They just can't see something broken in the world and leave it be. They are compelled to either exploit it or try and change it, and so they find the vulnerable aspects in our rapidly changing world. They make us, they force us to fix things or demand something better, and I think we need them to do just that, because after all, it is not information that wants to be free, it's us.
Tijekom zadnja tri desetljeća hakeri su napravili mnogo stvari, no također su utjecali na civilne slobode, inovacije i slobodu Interneta, zato mislim da je vrijeme da dobro razmislimo na koji način ćemo ih prikazivati, jer ako nastavimo očekivati od njih da budu zločesti dečki kako onda mogu istovremeno biti heroji? Godine provedene u svijetu hakera učinile su da shvatim oboje, problem i ljepotu u hakerima: Oni jednostavno ne mogu vidjeti nešto slomljeno u svijetu i ostaviti to na miru. Oni su prinuđeni da to ili iskoriste ili pokušaju promijeniti, i tako pronalaze ranjive aspekte u našem svijetu koji se tako brzo mijenja. Oni nas tjeraju, oni nas prisiljavaju da popravimo stvari ili zahtijevaju nešto bolje, i ja mislim da ih trebamo da rade upravo to, jer nakon svega, nisu informacije te koje žele biti slobodne, to smo mi.
Thank you very much.
Puno vam hvala.
Thank you. (Applause)
Hvala vam. (Pljesak)
Hack the planet!
Hakirajmo planet!