Four years ago, a security researcher, or, as most people would call it, a hacker, found a way to literally make ATMs throw money at him. His name was Barnaby Jack, and this technique was later called "jackpotting" in his honor.
Pre četiri godine, istraživač informatičke bezbednosti ili, kako bi ga većina zvala, haker, uspeo je da izvede da ga bankomati bukvalno obasipaju parama. Njegovo ime je Barnabi Džek i njegova tehnika nazvana je džekpoting u njegovu čast. Ja sam danas ovde jer mislim
I'm here today because I think we actually need hackers. Barnaby Jack could have easily turned into a career criminal or James Bond villain with his knowledge, but he chose to show the world his research instead. He believed that sometimes you have to demo a threat to spark a solution. And I feel the same way. That's why I'm here today.
da su nam hakeri zapravo potrebni. Barnabi Džek je vrlo lako mogao izgraditi kriminalnu karijeru ili postati kao zlikovac iz Džejmsa Bonda koristeći se svojim znanjem, ali je umesto toga izabrao da svetu pokaže rezultat svog istraživanja. Verovao je da se ponekad mora demonstrirati pretnja da bi se podstaklo rešenje. I ja se slažem sa tim. Zato sam danas ovde. Često smo istovremeno i prestravljeni i oduševljeni
We are often terrified and fascinated by the power hackers now have. They scare us. But the choices they make have dramatic outcomes that influence us all. So I am here today because I think we need hackers, and in fact, they just might be the immune system for the information age. Sometimes they make us sick, but they also find those hidden threats in our world, and they make us fix it.
moći koju hakeri imaju. Oni nas plaše. Ali izbori koji oni prave ostavljaju dramatične posledice koje utiču na sve nas. Dakle, ja sam danas ovde jer mislim da nam hakeri trebaju, i zapravo, oni bi mogli biti imuni sistem digitalnog doba. Ponekad nam se zbog njih smuči ali oni i pronalaze one skrivene pretnje u našem svetu, i teraju nas da ih popravimo. Znam da bih mogla biti hakovana
I knew that I might get hacked for giving this talk, so let me save you the effort. In true TED fashion, here is my most embarrassing picture. But it would be difficult for you to find me in it, because I'm the one who looks like a boy standing to the side. I was such a nerd back then that even the boys on the Dungeons and Dragons team wouldn't let me join. This is who I was, but this is who I wanted to be: Angelina Jolie. She portrayed Acid Burn in the '95 film "Hackers." She was pretty and she could rollerblade, but being a hacker, that made her powerful. And I wanted to be just like her, so I started spending a lot of time on hacker chat rooms and online forums. I remember one late night I found a bit of PHP code. I didn't really know what it did, but I copy-pasted it and used it anyway to get into a password-protected site like that. Open Sesame. It was a simple trick, and I was just a script kiddie back then, but to me, that trick, it felt like this, like I had discovered limitless potential at my fingertips. This is the rush of power that hackers feel. It's geeks just like me discovering they have access to superpower, one that requires the skill and tenacity of their intellect, but thankfully no radioactive spiders.
zbog držanja ovog govora, pa evo da vam uštedim trud. U pravom TED maniru, pokazujem svoju najblamantniju sliku. Ali bilo bi vam teško da me na njoj pronađete, jer ja sam ona koja izgleda kao dečak koji stoji po strani. Bila sam takav štreber onda da mi čak ni dečaci koji su igrali "Tamnice i zmajeve" nisu dali da im se pridružim. Eto takva sam bila, ali ovo sam želela da budem: Anđelina Džoli. Glumila je Esid Burn u Hakerima, filmu iz '95. Bila je lepa i znala je da vozi rolere, ali to što je bila haker je nju činilo moćnom. I ja sam htela da budem baš kao ona, pa sam počela da provodim mnogo vremena u hakerskim čet sobama i onlajn forumima. Sećam se da sam jedne večeri pronašla deo PHP koda. Nisam baš tačno znala čemu služi ali sam ga kopirala i svejedno ga iskoristila da bih tako ušla u zaštićeni sajt. Sezame, otvori se. To je bio jednostavan trik, i ja sam tada bila tek početnik, ali tada, taj trik mi je izgledao ovako, kao da sam otkrila neograničeni potencijal pod svojim prstima. To je taj osećaj moći koji hakeri osete. To su štreberi baš kao i ja koji otkrivaju da imaju pristup supermoći za koju je potrebna veština i snaga intelekta, ali srećom ne i radioaktivni pauci. Ali sa velikom moći dolazi i velika odgovornost,
But with great power comes great responsibility, and you all like to think that if we had such powers, we would only use them for good. But what if you could read your ex's emails, or add a couple zeros to your bank account. What would you do then? Indeed, many hackers do not resist those temptations, and so they are responsible in one way or another to billions of dollars lost each year to fraud, malware or plain old identity theft, which is a serious issue. But there are other hackers, hackers who just like to break things, and it is precisely those hackers that can find the weaker elements in our world and make us fix it.
i svi vole da misle da ako bismo imali takvu moć koristili bismo je samo u dobre svrhe. Ali šta ako biste mogli da čitate mejlove vaših bivših, ili da dodate par nula na računu u banci? Šta biste onda uradili? Zaista, mnogi hakeri ne uspevaju da odole tim iskušenjima, pa su tako odgovorni na jedan ili drugi način za gubitke od milijarde dolara svake godine zbog prevare, malvera ili jednostavno krađe identiteta, što je ozbiljan problem. Ali tu su i drugi hakeri, oni koji samo vole da kvare stvari, i baš ti hakeri su oni koji mogu da nađu slabe karike u svetu i podstaknu nas da ih popravimo. Baš se to dogodilo prošle godine
This is what happened last year when another security researcher called Kyle Lovett discovered a gaping hole in the design of certain wireless routers like you might have in your home or office. He learned that anyone could remotely connect to these devices over the Internet and download documents from hard drives attached to those routers, no password needed. He reported it to the company, of course, but they ignored his report. Perhaps they thought universal access was a feature, not a bug, until two months ago when a group of hackers used it to get into people's files. But they didn't steal anything. They left a note: Your router and your documents can be accessed by anyone in the world. Here's what you should do to fix it. We hope we helped. By getting into people's files like that, yeah, they broke the law, but they also forced that company to fix their product.
kada je još jedan istraživač bezbednosti, Kajl Lavet, otkrio veliki propust u dizajnu određenih bežičnih rutera sličnih onima koje možda imate kod kuće. Shvatio je da bi bilo ko mogao iz daleka da se poveže na ove spravice preko interneta i preuzme dokumente sa hard diskova koji su povezani na te rutere, i to bez lozinke. Ovo je, naravno, prijavio kompaniji, ali oni su prijavu ignorisali. Možda su mislili da je univerzalni pristup zapravo pogodnost, a ne bag, sve dok se pre dva meseca, grupa hakera time poslužila da upadne u fajlove korisnika. Ali, nisu ništa ukrali. Ostavili su poruku: Vašem ruteru i vašim dokumentima može pristupiti bilo ko na svetu. Evo šta bi trebalo da uradite da to sprečite. Nadamo se da je od pomoći. Upadajući tako u fajlove korisnika, prekršili su zakon, da, ali su isto tako i naterali kompaniju da poboljša svoj proizvod.
Making vulnerabilities known to the public is a practice called full disclosure in the hacker community, and it is controversial, but it does make me think of how hackers have an evolving effect on technologies we use every day. This is what Khalil did. Khalil is a Palestinian hacker from the West Bank, and he found a serious privacy flaw on Facebook which he attempted to report through the company's bug bounty program. These are usually great arrangements for companies to reward hackers disclosing vulnerabilities they find in their code. Unfortunately, due to some miscommunications, his report was not acknowledged. Frustrated with the exchange, he took to use his own discovery to post on Mark Zuckerberg's wall. This got their attention, all right, and they fixed the bug, but because he hadn't reported it properly, he was denied the bounty usually paid out for such discoveries. Thankfully for Khalil, a group of hackers were watching out for him. In fact, they raised more than 13,000 dollars to reward him for this discovery, raising a vital discussion in the technology industry about how we come up with incentives for hackers to do the right thing. But I think there's a greater story here still. Even companies founded by hackers, like Facebook was, still have a complicated relationship when it comes to hackers. And so for more conservative organizations, it is going to take time and adapting in order to embrace hacker culture and the creative chaos that it brings with it. But I think it's worth the effort, because the alternative, to blindly fight all hackers, is to go against the power you cannot control at the cost of stifling innovation and regulating knowledge. These are things that will come back and bite you.
Otkrivanje slabosti javnosti je praksa koja se u krugu hakera zove potpuno razotkrivanje, i jeste kontroverzna ali me tera da verujem da hakeri ostavljaju efekat napretka na tehnologiju koju svakodnevno koristimo. Baš ovo je uradio Halil. Halil je palestinski haker sa Zapadne obale i pronašao je ozbiljnu manu na Fejsbuku koju je pokušao da prijavi preko programa kompanije za lovce na bagove. Ovo su uglavnom dobri sporazumi za kompanije da se nagrade hakeri koji otkriju slabe tačke koje pronađu na njihovom kodu. Nažalost, zbog nerazumevanja, njegova prijava nije uvažena. Frustriran razmenom, iskoristio je svoje otkriće da postuje na zidu Marka Cukerberga. Ovo je, naravno, privuklo njihovu pažnju i popravili su bag, ali pošto ga nije propisno prijavio, nije dobio nagradu koja se obično dodeljivala za takva otkrića. Srećom po Halila, grupa hakera ga je motrila. Zapravo, sakupili su više od 13.000 dolara da bi ga nagradili zbog njegovog otkrića, čime su pokrenuli živu raspravu u industriji tehnologije o tome kako podstaći hakere da urade pravu stvar. Ali mislim da ovde postoji i bitnija strana priče. Čak i kompanije koje su osnovali hakeri, kao što je Fejsbuk, imaju komplikovan odnos sa hakerima. I tako će za konzervativnije organizacije trebati vremena i prilagođavanja da bi prihvatili hakersku kulturu i kreativni haos koji ona donosi. Mislim da je ipak vredno truda, jer alternativa, slepa borba protiv svih hakera, predstavlja borbu protiv moći koja se ne može kontrolisati, po cenu gušenja inovacije i ograničavanja znanja. To su stvari koje će se vratiti i uzvratiti udarac.
It is even more true if we go after hackers that are willing to risk their own freedom for ideals like the freedom of the web, especially in times like this, like today even, as governments and corporates fight to control the Internet. I find it astounding that someone from the shadowy corners of cyberspace can become its voice of opposition, its last line of defense even, perhaps someone like Anonymous, the leading brand of global hacktivism. This universal hacker movement needs no introduction today, but six years ago they were not much more than an Internet subculture dedicated to sharing silly pictures of funny cats and Internet trolling campaigns. Their moment of transformation was in early 2008 when the Church of Scientology attempted to remove certain leaked videos from appearing on certain websites. This is when Anonymous was forged out of the seemingly random collection of Internet dwellers. It turns out, the Internet doesn't like it when you try to remove things from it, and it will react with cyberattacks and elaborate pranks and with a series of organized protests all around the world, from my hometown of Tel Aviv to Adelaide, Australia. This proved that Anonymous and this idea can rally the masses from the keyboards to the streets, and it laid the foundations for dozens of future operations against perceived injustices to their online and offline world. Since then, they've gone after many targets. They've uncovered corruption, abuse. They've hacked popes and politicians, and I think their effect is larger than simple denial of service attacks that take down websites or even leak sensitive documents. I think that, like Robin Hood, they are in the business of redistribution, but what they are after isn't your money. It's not your documents. It's your attention. They grab the spotlight for causes they support, forcing us to take note, acting as a global magnifying glass for issues that we are not as aware of but perhaps we should be. They have been called many names from criminals to terrorists, and I cannot justify their illegal means, but the ideas they fight for are ones that matter to us all. The reality is, hackers can do a lot more than break things. They can bring people together.
To je još verovatnije, ako pogledamo hakere koji su spremni da rizikuju svoju slobodu za ideale kao što je sloboda interneta, pogotovo u vremenima kao što su ova, čak i danas, kada se vlade i korporacije bore za kontrolu nad internetom. Zapanjujuće je kako neko iz mračnih ćoškova sajberspejsa može da postane glas opozicije, čak i njena poslednja linija odbrane, možda neko kao Anonimusi, vodeći brend globalnog haktivizma. Sa ovim univerzalnim hakerskim pokretom danas ne moram da vas upoznajem, ali pre šest godina nisu bili ništa više od internet potkulture posvećene objavljivanju slika smešnih mačaka i po internet kampanjama trolovanja. Trenutak njihove transformacije je bio početkom 2008, kada je Sajentološka crkva pokušala da ukloni određene procurele video snimke sa određenih vebsajtova. Tada su se Anonimusi sastavili od naizgled nasumične grupe korisnika interneta. Ispostavilo se da se internetu ne sviđa kada probate da oduzmete nešto od njega, i reagovaće sajber napadima i razrađenim praktičnim šalama i serijom organizovanih protesta širom celog sveta, od mog rodnog grada Tel Aviva do Adelajda u Australiji. Ovo dokazuje da Anonimusi i ova ideja zaista mogu odvojiti mase od tastatura i odvući na ulice, i postavljeni su temelji za mnoge buduće pokrete protiv nepravde i u oflajn i u onlajn svetu. Od tada, napadali su mnoge mete. Razotkrili su korupciju, zlostavljanje. Hakovali su pape i političare, i mislim da je njihov učinak veći od jednostavnih napada onemogućavanjem servisa, koji ruše sajtove ili čak dolaze do osetljivih podataka. Mislim da se oni, kao Robin Hud, bave preraspodelom ali oni ne jure vaš novac. Niti vaša dokumenta. To je vaša pažnja. Oni grabe mesto pod reflektorom za ono što podržavaju, terajući nas da obratimo pažnju, ponašajući se kao svetska lupa koja uveličava probleme kojih nismo ni svesni ali možda bismo trebali biti. Zvali su ih mnogim imenima: kriminalcima, teroristima, i ja ne mogu opravdati njihovo ilegalno delovanje, ali ideje za koje se bore su važne za sve nas. U realnosti, hakeri mogu da urade mnogo više od kvarenja stvari. Mogu da spoje ljude.
And if the Internet doesn't like it when you try to remove things from it, just watch what happens when you try to shut the Internet down. This took place in Egypt in January 2011, and as President Hosni Mubarak attempted a desperate move to quash the rising revolution on the streets of Cairo, he sent his personal troops down to Egypt's Internet service providers and had them physically kill the switch on the country's connection to the world overnight. For a government to do a thing like that was unprecedented, and for hackers, it made it personal. Hackers like the Telecomix group were already active on the ground, helping Egyptians bypass censorship using clever workarounds like Morse code and ham radio. It was high season for low tech, which the government couldn't block, but when the Net went completely down, Telecomix brought in the big guns. They found European service providers that still had 20-year-old analog dial-up access infrastructure. They opened up 300 of those lines for Egyptians to use, serving slow but sweet Internet connection for Egyptians. This worked. It worked so well, in fact, one guy even used it to download an episode of "How I Met Your Mother." But while Egypt's future is still uncertain, when the same thing happened in Syria just one year later, Telecomix were prepared with those Internet lines, and Anonymous, they were perhaps the first international group to officially denounce the actions of the Syrian military by defacing their website.
I ako se internetu ne sviđa kada se sa njega uklanjaju stvari, samo pogledajte šta se dešava kada pokušate da ga ugasite. Ovo se dogodilo u Egiptu, u januaru 2011, i pošto je predsednik Hosni Mubarak očajničkim potezom pokušao da uguši revoluciju koja se spremala u Kairu, poslao je svoje trupe do egipatskog internet provajdera da fizički unište prekidač za konekciju zemlje sa ostatkom sveta, preko noći. Ovakav postupak vlade je bio bez presedana, a za hakere je to postalo lično. Hakeri, kao što je grupa Telekomiks su već bili aktivni na tom području i pomagali Egipćanima da zaobiđu cenzuru koristeći pametne zaobilaznice kao što je Morzeova azbuka i amaterski radio. Bila je to dobra sezona za jednostavnu tehnologiju koju vlada nije mogla da zaustavi ali kada je internet potpuno nestao Telekomiks je pokazao svoje glavno oružje. Pronašli su evropske provajdere koji su još uvek imali 20 godina staru infrastrukturu sa analognim dial-up pristupom. Otvorili su 300 ovakvih linija za Egipćane, obezbeđujući sporu ali njima slatku internet vezu. Ovo je upalilo. Zapravo funkcionisalo je tako dobro da je jedan momak čak uspeo da skine epizodu serije ''Kako sam upoznao vašu majku''. Ali dok je budućnost Egipta i dalje bila neizvesna, kada se ista stvar dogodila u Siriji samo godinu dana kasnije, Telekomiks je bio spreman sa tim internet vezama, i Anonimusi su bili verovatno prva internacionalna grupa koja je zvanično obznanila radnje sirijske vojske ružeći njihov sajt. Ali sa ovom vrstom moći
But with this sort of power, it really depends on where you stand, because one man's hero can be another's villain, and so the Syrian Electronic Army is a pro-Assad group of hackers who support his contentious regime. They've taken down multiple high-profile targets in the past few years, including the Associated Press's Twitter account, in which they posted a message about an attack on the White House injuring President Obama. This tweet was fake, of course, but the resulting drop in the Dow Jones index that day was most certainly not, and a lot of people lost a lot of money.
zaista zavisi na kojoj ste strani, jer onaj ko je jednom čoveku heroj za drugog je zlikovac, pa je tako Sirijska elektronska armija, grupa hakera koji su bili na strani Asada i podržavali njegov režim, napala mnoge poznate mete u poslednjih nekoliko godina, uključujući tviter nalog Asošijeted presa, preko koga su objavili poruku o napadu na Belu kuću u kome je povređen predsednik Obama. Ovaj tvit je, naravno, bio lažan, ali ne i pad koji je tog dana pokazao industrijski indeks Dau Džons, i mnogi su izgubili veliku sumu novca.
This sort of thing is happening all over the world right now. In conflicts from the Crimean Peninsula to Latin America, from Europe to the United States, hackers are a force for social, political and military influence. As individuals or in groups, volunteers or military conflicts, there are hackers everywhere. They come from all walks of life, ethnicities, ideologies and genders, I might add. They are now shaping the world's stage. Hackers represent an exceptional force for change in the 21st century. This is because access to information is a critical currency of power, one which governments would like to control, a thing they attempt to do by setting up all-you-can-eat surveillance programs, a thing they need hackers for, by the way. And so the establishment has long had a love-hate relationship when it comes to hackers, because the same people who demonize hacking also utilize it at large.
Ovakve stvari se sada dešavaju po celom svetu. Počev od konflikta na Krimu do Latinske Amerike, od Evrope do SAD, hakeri su sila koja može da vrši socijalni, politički i vojni uticaj. Individualno ili u grupama, volonterski ili u vojnim sukobima, hakeri deluju svuda. Ima ih svih zanimanja, etničkih pripadnosti, ideologija i roda. Oni sada oblikuju svetsku pozornicu. Hakeri predstavljaju izuzetnu snagu promene u 21. veku. To je zbog toga što je pristup informacijama značajna valuta moći, koju bi vlade želele da kontrolišu, što pokušavaju da urade postavljajući svakojake programe za nadzor, za šta su im inače potrebni hakeri. I tako je organizacija dugo imala ''volim te - ne volim te'' odnos sa hakerima jer su isti ti ljudi koji su demonizovali hakere, hakere isto tako i koristili. Pre dve godine, videla sam generala Kita Aleksandra.
Two years ago, I saw General Keith Alexander. He's the NSA director and U.S. cyber commander, but instead of his four star general uniform, he was wearing jeans and a t-shirt. This was at DEF CON, the world's largest hacker conference. Perhaps like me, General Alexander didn't see 12,000 criminals that day in Vegas. I think he saw untapped potential. In fact, he was there to give a hiring pitch. "In this room right here," he said, "is the talent our nation needs." Well, hackers in the back row replied, "Then stop arresting us." (Applause)
on je direktor Državne bezbednosne agencije i sajber komandant SAD-a ali umesto svoje uniforme sa četiri zvezdice, nosio je majicu i farmerke. To je bio Defkon, najveća hakerska konferencija na svetu. Možda kao ni ja, general Aleksandar toga dana u Vegasu nije video 12 000 kriminalaca. Mislim da je video neiskorišćen potencijal. Zapravo, bio je tu da bi podstakao zapošljavanje. ''Baš u ovoj prostoriji ovde'', rekao je, ''jeste talenat koji treba našoj naciji''. Pa, hakeri u zadnjem redu su mu odgovorili, ''Onda prestanite da nas hapsite.'' (Aplauz)
Indeed, for years, hackers have been on the wrong side of the fence, but in light of what we know now, who is more watchful of our online world? The rules of the game are not that clear anymore, but hackers are perhaps the only ones still capable of challenging overreaching governments and data-hoarding corporates on their own playing field. To me, that represents hope.
Zaista, godinama su hakeri bili na pogrešnoj strani ali u svetlu onoga što znamo sada, ko više pazi na naš onlajn svet? Pravila igre više nisu tako jasna, ali hakeri su možda jedini koji su u mogućnosti da izazovu vlade koje uvek žele više i kompanije koje prikupljaju podatke, i to na njihovom terenu. Za mene, to predstavlja nadu. U poslednje tri decenije hakeri su uradili mnogo stvari,
For the past three decades, hackers have done a lot of things, but they have also impacted civil liberties, innovation and Internet freedom, so I think it's time we take a good look at how we choose to portray them, because if we keep expecting them to be the bad guys, how can they be the heroes too? My years in the hacker world have made me realize both the problem and the beauty about hackers: They just can't see something broken in the world and leave it be. They are compelled to either exploit it or try and change it, and so they find the vulnerable aspects in our rapidly changing world. They make us, they force us to fix things or demand something better, and I think we need them to do just that, because after all, it is not information that wants to be free, it's us.
ali su i uticali na ljudske slobode, inovaciju i slobodu interneta, pa mislim da je sada vreme da pažljivo razmislimo o tome kako ćemo ih opisati, jer ako očekujemo da su loši momci, kako onda mogu biti i heroji? Moje godine u svetu hakera su mi pomogle da shvatim i dobru i lošu stranu o hakerima: oni jednostavno ne mogu da vide da na svetu nešto nije u redu i da ga ostave tako. Oni jednostavno moraju ili da to iskoriste ili da ga promene, i tako nalaze osetljiva mesta u ovom svetu koji se brzo menja. Oni nas teraju da popravljamo stvari, ili tražimo nešto bolje, i mislim da su oni nama baš potrebni da rade upravo to jer ipak, sloboda nije potrebna informacijama već nama samima.
Thank you very much.
Hvala vam mnogo.
Thank you. (Applause)
Hvala. (Aplauz)
Hack the planet!
Hakujmo planetu!