Four years ago, a security researcher, or, as most people would call it, a hacker, found a way to literally make ATMs throw money at him. His name was Barnaby Jack, and this technique was later called "jackpotting" in his honor.
四年前, 一位安全研究員, 或者,大部分人會稱之為駭客, 找到一個讓自動提款機 向他吐鈔的方法, 他的名字叫巴拿比傑克 (Barnaby Jack), 而這個技巧後來被稱為「傑克的大奬」, 以表揚他的貢獻。
I'm here today because I think we actually need hackers. Barnaby Jack could have easily turned into a career criminal or James Bond villain with his knowledge, but he chose to show the world his research instead. He believed that sometimes you have to demo a threat to spark a solution. And I feel the same way. That's why I'm here today.
今天,我到這裡來, 是因為我認為 我們其實很需要駭客, 巴拿比傑克 所擁有的能力 很容易會讓他成為一個職業罪犯, 或是占士邦電影中的反派角色, 但他反而選擇向世界 展現他的研究。 他相信有時候, 你必須展現一種威脅, 才能激發出一個解決的方案。 我也抱持同樣的看法, 這是我今天在這裡的原因。
We are often terrified and fascinated by the power hackers now have. They scare us. But the choices they make have dramatic outcomes that influence us all. So I am here today because I think we need hackers, and in fact, they just might be the immune system for the information age. Sometimes they make us sick, but they also find those hidden threats in our world, and they make us fix it.
我們常常害怕駭客的能力 或對之感到著迷, 他們讓我們感到害怕。 然而,他們所作的選擇 卻會帶來戲劇結果, 影響著我們大家的。 今天我來到這裡就是因為 我認為我們需要駭客, 而事實上,他們很可能就是 這個資訊時代中的免疫系統, 有時候他們讓我們頭痛, 但他們同時會在我們的世界中 找出潛在威脅, 迫使我們處理好。
I knew that I might get hacked for giving this talk, so let me save you the effort. In true TED fashion, here is my most embarrassing picture. But it would be difficult for you to find me in it, because I'm the one who looks like a boy standing to the side. I was such a nerd back then that even the boys on the Dungeons and Dragons team wouldn't let me join. This is who I was, but this is who I wanted to be: Angelina Jolie. She portrayed Acid Burn in the '95 film "Hackers." She was pretty and she could rollerblade, but being a hacker, that made her powerful. And I wanted to be just like her, so I started spending a lot of time on hacker chat rooms and online forums. I remember one late night I found a bit of PHP code. I didn't really know what it did, but I copy-pasted it and used it anyway to get into a password-protected site like that. Open Sesame. It was a simple trick, and I was just a script kiddie back then, but to me, that trick, it felt like this, like I had discovered limitless potential at my fingertips. This is the rush of power that hackers feel. It's geeks just like me discovering they have access to superpower, one that requires the skill and tenacity of their intellect, but thankfully no radioactive spiders.
我知道我可能因為這場演講 而成為駭客的目標, 因此讓我為你們省點力氣。 以TED的獨特模式, 這是我最丟臉的照片, 但是你應該無法輕易 在照片中找到我, 因為我就是那個站在旁邊, 看起來像個男孩子的, 那時候我是個書呆子, 連「龍與地下城」團隊中的男孩子 都不會讓我加入, 這就是以前的我。 但這才是我想成為的人: 安潔莉娜‧裘莉 她在1995年的電影《黑客》中 飾演駭客阿斯波恩(Acid Burn), 她既漂亮又會溜直排輪, 可是駭客的身分令她更有力量, 我想成為她那樣, 所以我開始花很多時間 流連於線上的駭客聊天室 和網路論壇, 我記得有一晚深夜中, 找到一段PHP程式碼, 我並不知道它具體的作用, 但我還是把它 複製—轉貼 到一個密碼保護的網站, 就像這樣, 芝麻開門! 這是一個簡單的招數, 當時我只是一個駭客初學者, 可是那招對我來說, 感覺就像這樣, 就像在我的指尖下發現 無限的潛能, 這是駭客會感到擁有能力的快感, 像我這種書呆子 發現自己擁有超人般的能力, 一種需要個人智慧 之才能與堅持的能力, 幸好不需受輻射感染的蜘蛛。
But with great power comes great responsibility, and you all like to think that if we had such powers, we would only use them for good. But what if you could read your ex's emails, or add a couple zeros to your bank account. What would you do then? Indeed, many hackers do not resist those temptations, and so they are responsible in one way or another to billions of dollars lost each year to fraud, malware or plain old identity theft, which is a serious issue. But there are other hackers, hackers who just like to break things, and it is precisely those hackers that can find the weaker elements in our world and make us fix it.
但是能力越大, 責任也越大, 而你們都會希望 即使我們擁有這樣的能力, 也只會用在好的方面。 但如果你可以閱讀前男友的信件, 或是把你的銀行餘額中 多加上幾個零, 那你會怎麼做呢? 的確,有不少駭客無法抗拒 這些誘惑, 因此他們或多或少 需要為每年因詐騙、惡意程式 或是普通的身份盜竊, 而損失的數十億美元負起責任, 這的確是個嚴重的問題。 然而,另外有一些駭客 他們只想搞一點破壞, 也正是這樣的駭客 能夠找出世上較脆弱的環節, 迫使我們把問題處理好。
This is what happened last year when another security researcher called Kyle Lovett discovered a gaping hole in the design of certain wireless routers like you might have in your home or office. He learned that anyone could remotely connect to these devices over the Internet and download documents from hard drives attached to those routers, no password needed. He reported it to the company, of course, but they ignored his report. Perhaps they thought universal access was a feature, not a bug, until two months ago when a group of hackers used it to get into people's files. But they didn't steal anything. They left a note: Your router and your documents can be accessed by anyone in the world. Here's what you should do to fix it. We hope we helped. By getting into people's files like that, yeah, they broke the law, but they also forced that company to fix their product.
這是一件發生在去年的事, 另一位資訊安全研究人員, 名叫凱爾洛維特, 他在你們家裡或公司或會有裝設的 無線路由器的設計上 找到了很大的漏洞, 他發現任何人都能夠 透過網路遠端連線, 下載連在這些路由器上的硬碟資料, 下載連在這些路由器上的硬碟資料, 完全不需要密碼。 他當然把這個發現報告給公司, 但他們沒有理會他的報告, 或許他們認為普遍網路存取 是一種特色,不是漏洞, 一直到兩個月後, 有一群駭客利用這個漏洞 去存取人家的檔案, 但他們並沒有偷走任何資料, 他們只是留下一則訊息: 「你的路由器和你的檔案 可以被世界上任何人存取, 這是你應當處理的問題。 希望這對你有幫助!」 如此存取別人的檔案, 嗯,他們的確犯了法, 但他們也迫使這家公司 修正他們的產品,
Making vulnerabilities known to the public is a practice called full disclosure in the hacker community, and it is controversial, but it does make me think of how hackers have an evolving effect on technologies we use every day. This is what Khalil did. Khalil is a Palestinian hacker from the West Bank, and he found a serious privacy flaw on Facebook which he attempted to report through the company's bug bounty program. These are usually great arrangements for companies to reward hackers disclosing vulnerabilities they find in their code. Unfortunately, due to some miscommunications, his report was not acknowledged. Frustrated with the exchange, he took to use his own discovery to post on Mark Zuckerberg's wall. This got their attention, all right, and they fixed the bug, but because he hadn't reported it properly, he was denied the bounty usually paid out for such discoveries. Thankfully for Khalil, a group of hackers were watching out for him. In fact, they raised more than 13,000 dollars to reward him for this discovery, raising a vital discussion in the technology industry about how we come up with incentives for hackers to do the right thing. But I think there's a greater story here still. Even companies founded by hackers, like Facebook was, still have a complicated relationship when it comes to hackers. And so for more conservative organizations, it is going to take time and adapting in order to embrace hacker culture and the creative chaos that it brings with it. But I think it's worth the effort, because the alternative, to blindly fight all hackers, is to go against the power you cannot control at the cost of stifling innovation and regulating knowledge. These are things that will come back and bite you.
使這些漏洞公開曝光, 在駭客社群中,這是一種 稱為「全面披露」的做法, 是頗具爭議性的, 但它讓我思考 駭客是如何逐漸影響著 我們每天所使用的科技, 駭客是如何逐漸影響著 我們每天所使用的科技, 這是哈利勒做的一件事。 哈利勒是一位 來自巴勒斯坦西岸的駭客, 他發現了臉書一個嚴重的私隠漏洞, 於是嘗試透過公司的 程式漏洞賞金計劃報告這事, 於是嘗試透過公司的 程式漏洞賞金計劃報告這事, 一般來說,對於能幫忙 找到程式漏洞的駭客, 一般來說,對於能幫忙 找到程式漏洞的駭客, 這些公司都會施以重賞。 不幸地,由於一些溝通問題, 他的報告沒有獲確認, 為此過程感到沮喪, 他把自己的發現, 貼在馬克扎克伯格的臉書牆上, 這樣終於獲得他們的關注, 他們也修正了這個漏洞, 但由於哈利勒沒能依規定報告漏洞, 臉書拒絕照以往發現 此類漏洞的獎金獎賞他, 臉書拒絕照以往發現 此類漏洞的獎金獎賞他, 還好有一群駭客正觀照著哈利勒, 還好有一群駭客正觀照著哈利勒, 他們為哈利勒籌了超過一萬三千美元 以酬報他的發現, 而在科技產業中引發重要的討論, 關於我們應該如何激勵 駭客去做正當的事, 關於我們應該如何激勵 駭客去做正當的事, 但我認為這涉及一個更大的問題, 即使由駭客所創辦的公司, 就如同臉書, 他們仍與駭客抱持著複雜的關係, 他們仍與駭客抱持著複雜的關係, 因此對於較傳統組織而言, 這會需要時間和調整 才能擁抱這樣的駭客文化, 和伴隨而來的那種 具備創造性的混亂狀態。 但我相信這種努力是值得的, 因為另一個選擇, 也就是盲目地打擊所有的駭客, 對抗著你無法掌控的力量, 並因此扼殺創新和規範知識為代價, 並因此扼殺創新和規範知識為代價, 這些東西只會回頭來咬你一口,
It is even more true if we go after hackers that are willing to risk their own freedom for ideals like the freedom of the web, especially in times like this, like today even, as governments and corporates fight to control the Internet. I find it astounding that someone from the shadowy corners of cyberspace can become its voice of opposition, its last line of defense even, perhaps someone like Anonymous, the leading brand of global hacktivism. This universal hacker movement needs no introduction today, but six years ago they were not much more than an Internet subculture dedicated to sharing silly pictures of funny cats and Internet trolling campaigns. Their moment of transformation was in early 2008 when the Church of Scientology attempted to remove certain leaked videos from appearing on certain websites. This is when Anonymous was forged out of the seemingly random collection of Internet dwellers. It turns out, the Internet doesn't like it when you try to remove things from it, and it will react with cyberattacks and elaborate pranks and with a series of organized protests all around the world, from my hometown of Tel Aviv to Adelaide, Australia. This proved that Anonymous and this idea can rally the masses from the keyboards to the streets, and it laid the foundations for dozens of future operations against perceived injustices to their online and offline world. Since then, they've gone after many targets. They've uncovered corruption, abuse. They've hacked popes and politicians, and I think their effect is larger than simple denial of service attacks that take down websites or even leak sensitive documents. I think that, like Robin Hood, they are in the business of redistribution, but what they are after isn't your money. It's not your documents. It's your attention. They grab the spotlight for causes they support, forcing us to take note, acting as a global magnifying glass for issues that we are not as aware of but perhaps we should be. They have been called many names from criminals to terrorists, and I cannot justify their illegal means, but the ideas they fight for are ones that matter to us all. The reality is, hackers can do a lot more than break things. They can bring people together.
這樣會變得更為嚴重, 如果我們針對那些 為了網路自由之理念, 而願意犧牲自由的駭客份子, 尤其是在這種時候, 甚至包括此時此刻, 當政府和企業 都在掙著要控制網路的時候。 我認為這是很不可思議的: 來自網路世界裡陰暗角落的人, 竟然能夠成為反抗的聲音, 甚至是反抗的最後的一道防線, 就如同「匿名者」— 全球駭客行動主義的代表象徵。 這股全球的駭客運動 現在已不需再多的介紹了, 但六年前,他們只不過是 網路上的一種次文化, 投入於分享好笑的貓咪照片, 以及進行集體網路洗板活動。 他們在2008年初轉型, 當時「山達基教會」試圖 要從某些網站 當時「山達基教會」試圖 要從某些網站 移除外洩的影片。 這是從幾個看似隨機湊成的向民中, 「匿名者」被打造出來的時候。 「匿名者」被打造出來的時候。 原來,網路並不喜歡你 原來,網路並不喜歡你 移除它的東西, 它會以各種方式反抗, 如網絡攻擊和高明的惡作劇, 以及全球發起的一系列組織性抗爭, 以及全球發起的一系列組織性抗爭, 來自我的故鄉特拉維夫 到澳洲阿得萊德, 這證明了「匿名者」及這樣的概念 能夠將眾人從鍵盤前 集結到街上, 它也為了後續幾個線上和真實生活中 它也為了後續幾個線上和真實生活中 因不公平爭議而發起的反抗行動鋪路, 因不公平爭議而發起的反抗行動鋪路, 自從那個時候,他們鎖定過很多的目標, 他們將貪污和濫用掀露, 教皇和政治人物都被他們駭客侵入, 我覺得他們所帶來的效應 大過於因單純反對而癱瘓網站 大過於因單純反對而癱瘓網站 甚至洩漏機密文件的攻擊行動。 我認為,就像羅賓漢一樣, 他們從事的是「重新分配」的工作, 但是他們要的不是你的錢, 不是你的資料,而是你的關注。 他們要的是他們所支持的議題 能夠受到矚目, 迫使我們去注意, 他們像一個全球放大鏡, 放大那些應被關注, 卻往往被我們忽略的的議題, 他們被叫過很多名字 如犯人和恐怖分子 我無法替他們所採取的非法手段辯護, 但是他們在爭取的思想 都與我們息息相關。 事實上,駭客的能力不僅是搞破壞, 事實上,駭客的能力不僅是搞破壞, 他們能夠將人們團結,
And if the Internet doesn't like it when you try to remove things from it, just watch what happens when you try to shut the Internet down. This took place in Egypt in January 2011, and as President Hosni Mubarak attempted a desperate move to quash the rising revolution on the streets of Cairo, he sent his personal troops down to Egypt's Internet service providers and had them physically kill the switch on the country's connection to the world overnight. For a government to do a thing like that was unprecedented, and for hackers, it made it personal. Hackers like the Telecomix group were already active on the ground, helping Egyptians bypass censorship using clever workarounds like Morse code and ham radio. It was high season for low tech, which the government couldn't block, but when the Net went completely down, Telecomix brought in the big guns. They found European service providers that still had 20-year-old analog dial-up access infrastructure. They opened up 300 of those lines for Egyptians to use, serving slow but sweet Internet connection for Egyptians. This worked. It worked so well, in fact, one guy even used it to download an episode of "How I Met Your Mother." But while Egypt's future is still uncertain, when the same thing happened in Syria just one year later, Telecomix were prepared with those Internet lines, and Anonymous, they were perhaps the first international group to officially denounce the actions of the Syrian military by defacing their website.
既然網路不喜歡你移除它的東西, 那請看看當你要將它關閉時, 那請看看當你要將它關閉時, 這會發生什麼事。 這發生於埃及,於2011年1月, 當胡斯尼•穆巴拉克總統 在窮途末路之際, 為了鎮壓開鑼街上 逐漸掀起的革命運動, 他派了自己的兵 到埃及的網路服務供應商, 他派了自己的兵 到埃及的網路服務供應商, 要求他們一夜間 確實切斷國家與世界的聯繫, 要求他們一夜間 確實切斷國家與世界的聯繫, 一個政府如此的作為是前所未有的, 一個政府如此的作為是前所未有的, 而對於駭客來說, 這就結下了私人恩怨。 駭客們如 Telecomix 集團 早就在實際行動, 他們協助埃及人偷渡 越過網路封鎖線, 利用摩斯碼和無線電之類的聰明手法, 利用摩斯碼和無線電之類的聰明手法, 那時正是低科技的高峰期, 是政府無法阻擋的, 但是當網路完全被封鎖時, Telecomix 就大規模出擊了。 他們找到使用了20年 現在仍用著的 模擬撥號服務設備的 數家歐洲服務供應商, 他們開通了300條線路 供埃及人使用, 為他們供應緩慢 但討人喜歡的網路連線, 為他們供應緩慢 但討人喜歡的網路連線, 這就成功了, 甚至成功到有人還利用它 下載了一集的 「追愛總動員」 (How I Met Your Mother)。 然而,在埃及的未來仍不明的時候, 一年後,敘利亞也發生著同樣的事, 一年後,敘利亞也發生著同樣的事, Telecomix早就準備好 那些網路連線, 而「匿名者」應該是第一批 而「匿名者」應該是第一批 為了公開指責敘利亞軍方的作為 而入侵毀壞他們網站的國際團體。 而入侵毀壞他們網站的國際團體。
But with this sort of power, it really depends on where you stand, because one man's hero can be another's villain, and so the Syrian Electronic Army is a pro-Assad group of hackers who support his contentious regime. They've taken down multiple high-profile targets in the past few years, including the Associated Press's Twitter account, in which they posted a message about an attack on the White House injuring President Obama. This tweet was fake, of course, but the resulting drop in the Dow Jones index that day was most certainly not, and a lot of people lost a lot of money.
但其實這樣的能力, 真的與你的立場有關, 因為一人心目中的英雄 可能是另一人心目中的惡棍, 敘利亞電子軍 是支持具爭議性的阿薩德政權 的一群駭客份子, 是支持具爭議性的阿薩德政權 的一群駭客份子, 在過去幾年中, 他們駭客侵入好幾個知名的目標, 包括美聯社的推特帳號, 並張貼了一則有關攻擊白宮 並張貼了一則有關攻擊白宮 且歐巴馬總統受傷的訊息。 這訊息當然是假的, 卻造成當天道瓊斯工業平均指數下跌, 這樣就很真實了, 讓很多人喪失了很多錢。
This sort of thing is happening all over the world right now. In conflicts from the Crimean Peninsula to Latin America, from Europe to the United States, hackers are a force for social, political and military influence. As individuals or in groups, volunteers or military conflicts, there are hackers everywhere. They come from all walks of life, ethnicities, ideologies and genders, I might add. They are now shaping the world's stage. Hackers represent an exceptional force for change in the 21st century. This is because access to information is a critical currency of power, one which governments would like to control, a thing they attempt to do by setting up all-you-can-eat surveillance programs, a thing they need hackers for, by the way. And so the establishment has long had a love-hate relationship when it comes to hackers, because the same people who demonize hacking also utilize it at large.
現在全世界都在發生這樣的事情, 從克里米亞半島到拉丁美洲的爭議, 從克里米亞半島到拉丁美洲的爭議, 從歐洲到美國, 駭客是一股影響社會、 政治和軍事的力量, 駭客是一股影響社會、 政治和軍事的力量, 以個人或團體、志工 或軍事抗爭的身份存在著。 以個人或團體、志工 或軍事抗爭的身份存在著。 駭客無所不在, 他們來自各行各業 各種種族、信仰甚至性別。 他們正在塑造世界的舞台, 駭客代表的是改變 21 世紀的 一股獨特的力量, 駭客代表的是改變 21 世紀的 一股獨特的力量, 這是因為資訊存取 是掌權最重要的籌碼, 是政府想要掌控的, 為了這個目的, 他們還設置了一項 「吃到飽」監控計畫, 順便說,他們需要的就是駭客, 因此,這種制度一直以來 都對駭客抱著又愛又恨的關係, 因將駭客妖魔化的人 是最有效利用他們的同樣一群人。
Two years ago, I saw General Keith Alexander. He's the NSA director and U.S. cyber commander, but instead of his four star general uniform, he was wearing jeans and a t-shirt. This was at DEF CON, the world's largest hacker conference. Perhaps like me, General Alexander didn't see 12,000 criminals that day in Vegas. I think he saw untapped potential. In fact, he was there to give a hiring pitch. "In this room right here," he said, "is the talent our nation needs." Well, hackers in the back row replied, "Then stop arresting us." (Applause)
兩年前,我見到 基思‧亞歷山大將軍, 兩年前,我見到 基思‧亞歷山大將軍, 他是美國國家安全局局長, 也是美國網路司令總監, 但與其穿著四顆星的將軍制服, 他穿的是牛仔褲和T恤, 這是在 DEF CON, 世界上最大的駭客大會, 或許和我一樣,當天在拉斯維加斯 亞歷山大將軍並沒有 看到12,000個壞蛋, 我想他看到的是未開發的潛能, 事實上,他到那裡是為了要徵人, 他說:「此時在這裡, 有我們國家最需要的才能。」 嗯,結果在後方的駭客回答他: 「那就不要再逮捕我們了!」 (掌聲)
Indeed, for years, hackers have been on the wrong side of the fence, but in light of what we know now, who is more watchful of our online world? The rules of the game are not that clear anymore, but hackers are perhaps the only ones still capable of challenging overreaching governments and data-hoarding corporates on their own playing field. To me, that represents hope.
的確,好幾年來, 駭客一直站在錯誤的一邊, 但依目前我們所看到的, 是誰在觀守著我們的網路世界? 遊戲規則已不再明確, 或許只有駭客才有能力 去挑戰做事過頭的政府 和在公平的競爭環境中 隱匿資訊的企業。 對我而言,那代表的是希望。
For the past three decades, hackers have done a lot of things, but they have also impacted civil liberties, innovation and Internet freedom, so I think it's time we take a good look at how we choose to portray them, because if we keep expecting them to be the bad guys, how can they be the heroes too? My years in the hacker world have made me realize both the problem and the beauty about hackers: They just can't see something broken in the world and leave it be. They are compelled to either exploit it or try and change it, and so they find the vulnerable aspects in our rapidly changing world. They make us, they force us to fix things or demand something better, and I think we need them to do just that, because after all, it is not information that wants to be free, it's us.
在過去的三十年中, 駭客做過很多事情, 但他們也影響了民權、 創意和網路自由, 但他們也影響了民權、 創意和網路自由, 所以我覺得這是我們好好思考 如何看待他們的時候, 因為如果我們一直把他們當作壞蛋, 他們要如何成為英雄呢? 我在駭客世界的日子中, 讓我瞭解到駭客的魅力和問題, 讓我瞭解到駭客的魅力和問題, 他們就是無法看著世上的問題, 卻放著不管, 他們使不得已利用它, 不然就是試圖改變, 因此他們能在這快速改變的世界中, 看到世界脆弱的地方, 他們迫使我們把事情處理好, 不然他們要求的就會更好。 我認為這就是他們應該做的, 我認為這就是他們應該做的, 畢竟,嚮往自由的並不是資訊, 而是我們。
Thank you very much.
非常感謝大家
Thank you. (Applause)
謝謝 (掌聲)
Hack the planet!
入侵地球!