I love the Internet. It's true. Think about everything it has brought us. Think about all the services we use, all the connectivity, all the entertainment, all the business, all the commerce. And it's happening during our lifetimes. I'm pretty sure that one day we'll be writing history books hundreds of years from now. This time our generation will be remembered as the generation that got online, the generation that built something really and truly global. But yes, it's also true that the Internet has problems, very serious problems, problems with security and problems with privacy. I've spent my career fighting these problems.
我爱网络 这是真的 想想它给我们带来的一切 想想它给我们提供的服务 所有的互联性 娱乐性 商业性,贸易性 这些都发生在我们的生活中 我非常肯定将来的某一天 当我们书写从现在开始的 数百年历史的时候 我们现在这段时期将被誉为 网络的一代 真正的、完全的 全球化的一代 但是,当然 也不可否认互联网仍然有许多问题,而且是非常严重的问题 安全问题 隐私问题 我至今的职业生涯 都在和这些问题斗争
So let me show you something. This here is Brain. This is a floppy disk -- five and a quarter-inch floppy disk infected by Brain.A. It's the first virus we ever found for PC computers. And we actually know where Brain came from. We know because it says so inside the code. Let's take a look. All right. That's the boot sector of an infected floppy, and if we take a closer look inside, we'll see that right there, it says, "Welcome to the dungeon." And then it continues, saying, 1986, Basit and Amjad. And Basit and Amjad are first names, Pakistani first names. In fact, there's a phone number and an address in Pakistan.
我给大家展示一下 这 是个Brain 这是个软盘 --5.25英寸的软盘 被Brain A 病毒所感染 这是我们至今发现的最早的 个人电脑病毒 我们现在知道 它出自何处 因为它的代码 告诉了我们 我们来看一下 好 这就是这个被感染软盘的引导区 如果我们仔细观察它的内部 我们会在那里发现, 它说:“欢迎来到地牢” 然后它继续提到 1986,Basit 和 Amjad Basit和Amjad是名字 巴基斯坦人的名字 事实上,那儿还有个巴基斯坦的电话和地址
(Laughter)
(笑声)
Now, 1986. Now it's 2011. That's 25 years ago. The PC virus problem is 25 years old now. So half a year ago, I decided to go to Pakistan myself. So let's see, here's a couple of photos I took while I was in Pakistan. This is from the city of Lahore, which is around 300 kilometers south from Abbottabad, where Bin Laden was caught. Here's a typical street view. And here's the street or road leading to this building, which is 730 Nizam block at Allama Iqbal Town. And I knocked on the door. (Laughter) You want to guess who opened the door? Basit and Amjad; they are still there. (Laughter) (Applause) So here standing up is Basit. Sitting down is his brother Amjad. These are the guys who wrote the first PC virus. Now of course, we had a very interesting discussion. I asked them why. I asked them how they feel about what they started. And I got some sort of satisfaction from learning that both Basit and Amjad had had their computers infected dozens of times by completely unrelated other viruses over these years. So there is some sort of justice in the world after all.
1986年 现在是2011年 那已经是25年前的事情了 个人电脑病毒现在已经25岁了 因此一年半之前 我决定自己去趟巴基斯坦 我们看一下,这有一些我在巴基斯坦时照的照片 这是拉合尔城的照片 它位于本·拉登被击毙的 阿伯塔巴德以南大约300公里 这是个当地典型的街景 这个是通往Allama Iqbal城 730尼扎姆街区 的建筑物的街道 我敲了敲门 (笑声) 你想知道谁开的门吗? 就是Basit和Amjad, 他们还在那住着 (笑声) (掌声) 站着的就是Basit 坐着的是他的兄弟Amjad 这就是编写了第一个个人电脑病毒的两个家伙 在当下,我们有一个很有趣的讨论 我问他们为什么 我问他们开始的时候是怎么想的 同时我也得到了一些满足 从获悉他们两个 的电脑这些年来也感染了很多次 完全不相关的 其他病毒 因此说这个世界上毕竟还是 有几分正义存在的
Now, the viruses that we used to see in the 1980s and 1990s obviously are not a problem any more. So let me just show you a couple of examples of what they used to look like. What I'm running here is a system that enables me to run age-old programs on a modern computer. So let me just mount some drives. Go over there. What we have here is a list of old viruses. So let me just run some viruses on my computer.
如今,上世纪80-90年代之间 出现的病毒 对我们已经明显不是个问题了 我给大家几个例子 展示它们以前的样子 我这里打开的是 一个让我可以在现代电脑上 运行老程序的系统 让我来攻击几个驱动器,来到这一步 我们现在看到的是一个老病毒的清单 让我在我的电脑上运行几个病毒
For example, let's go with the Centipede virus first. And you can see at the top of the screen, there's a centipede scrolling across your computer when you get infected by this one. You know that you're infected because it actually shows up. Here's another one. This is the virus called Crash, invented in Russia in 1992. Let me show you one which actually makes some sound. (Siren noise) And the last example, guess what the Walker virus does? Yes, there's a guy walking across your screen once you get infected. So it used to be fairly easy to know that you're infected by a virus, when the viruses were written by hobbyists and teenagers.
比如说 让我先运行一个蜈蚣病毒 你可以看见在屏幕的上方 有一个类似蜈蚣的滚轴在穿过你的屏幕 当你的电脑被感染的时候 你就知道你的电脑被感染了 因为它就出现了 这是另一个 这是一个叫做崩溃的病毒 1992年一个俄罗斯人发明的 让我给大家展示一个出声音的病毒 (警报噪声) 最后一个例子 猜猜Walker病毒什么样 对,就是有一个家伙走过你的屏幕 当你的电脑被它感染的时候 因此它很容易被发现 你的电脑被病毒感染的时候 当病毒只是被爱好者以及青少年 编写的时候
Today, they are no longer being written by hobbyists and teenagers. Today, viruses are a global problem. What we have here in the background is an example of our systems that we run in our labs, where we track virus infections worldwide. So we can actually see in real time that we've just blocked viruses in Sweden and Taiwan and Russia and elsewhere. In fact, if I just connect back to our lab systems through the Web, we can see in real time just some kind of idea of how many viruses, how many new examples of malware we find every single day. Here's the latest virus we've found, in a file called Server.exe. And we found it right over here three seconds ago -- the previous one, six seconds ago. And if we just scroll around, it's just massive. We find tens of thousands, even hundreds of thousands. And that's the last 20 minutes of malware every single day.
现在,病毒的编写者已经不再是 爱好者和青少年了 如今,病毒已经是个全球问题 我们现在这里的背景情况是 我们在实验室运行了一个系统作为一个案例 我们用它追踪世界范围内的病毒感染情况 因此我们可以进行实时关注 我们已经阻止了在瑞典、台湾 俄罗斯和其他任何地方的病毒 事实上,如果我通过网络和我们实验室系统 进行连接 我们就可以实时看到 每一天会发现多少的病毒 多少的恶意软件的新案例 这是我们发现的最新的病毒 在一个叫做Server.exe的文件内 我们三秒前发现它在那 之前一个,六秒之前 如果我们滚动一下 会发现有很多 我们发现数万个,甚至数百万个 那些是最近20分钟的恶意软件 每一天都这样
So where are all these coming from then? Well today, it's the organized criminal gangs writing these viruses because they make money with their viruses. It's gangs like -- let's go to GangstaBucks.com. This is a website operating in Moscow where these guys are buying infected computers. So if you are a virus writer and you're capable of infecting Windows computers, but you don't know what to do with them, you can sell those infected computers -- somebody else's computers -- to these guys. And they'll actually pay you money for those computers. So how do these guys then monetize those infected computers? Well there's multiple different ways, such as banking trojans, which will steal money from your online banking accounts when you do online banking, or keyloggers. Keyloggers silently sit on your computer, hidden from view, and they record everything you type. So you're sitting on your computer and you're doing Google searches. Every single Google search you type is saved and sent to the criminals. Every single email you write is saved and sent to the criminals. Same thing with every single password and so on.
那么所有这些都是从哪里来的呢? 如今,它们都是有组织的犯罪团伙 编写病毒程序 因为他们通过病毒获利 它是个团伙-- 就像GangstaBucks.com网站一样 这是一个在莫斯科运行的网站 他们这些家伙购买被感染的电脑 因此如果你是一个病毒编写者 并且你有感染Windows系统电脑的能力 但是你不知道怎么处理它们 你可以卖掉这些被感染的电脑-- 其他人的电脑--卖给那些家伙 他们会付给你钱买 那么这些家伙如何靠这些染上病毒的电脑 赚钱的呢? 有许多不同的方法 比如银行木马,它可以从你的在线银行帐号中盗取你的钱 当你在线交易的时候 或者键盘记录 键盘记录潜伏在你的计算机中,在视图中隐藏自己 同时它可以记录你键入的所有信息 因此当你坐在电脑旁同时在谷歌上进行搜索时 每一次你键入的搜索词 都会被保存并且发送到犯罪分子那里 每一封你写的邮件也会遭受同样的经历 同样的遭遇还会发生在密码及其他资料上
But the thing that they're actually looking for most are sessions where you go online and do online purchases in any online store. Because when you do purchases in online stores, you will be typing in your name, the delivery address, your credit card number and the credit card security codes. And here's an example of a file we found from a server a couple of weeks ago. That's the credit card number, that's the expiration date, that's the security code, and that's the name of the owner of the card. Once you gain access to other people's credit card information, you can just go online and buy whatever you want with this information. And that, obviously, is a problem. We now have a whole underground marketplace and business ecosystem built around online crime.
但是他们事实上最想获取的是 你的上网记录 以及在网店进行在线交易的过程 因为当你进行网上交易的时候 你会输入你的姓名,邮寄地址 你的信用卡卡号以及安全码 这里有一个案例 是我们数星期前在一个服务器上获得的 那是信用卡卡号 这是截至日期,这是安全码 这是持卡人姓名 一旦你获取侵入他人信用卡的信息 你就可以在线购买任何你想买的东西 用所盗取的信息 当然,很明显,这是一个问题 我们现在存在着一整套的地下市场 以及商业模式生态系统 围绕着网上犯罪所设立的
One example of how these guys actually are capable of monetizing their operations: we go and have a look at the pages of INTERPOL and search for wanted persons. We find guys like Bjorn Sundin, originally from Sweden, and his partner in crime, also listed on the INTERPOL wanted pages, Mr. Shaileshkumar Jain, a U.S. citizen. These guys were running an operation called I.M.U., a cybercrime operation through which they netted millions. They are both right now on the run. Nobody knows where they are. U.S. officials, just a couple of weeks ago, froze a Swiss bank account belonging to Mr. Jain, and that bank account had 14.9 million U.S. dollars on it.
有一个例子是说这些家伙 如何运作这个系统赚钱 我们打开看一下国际刑警组织的页面 然后搜索想找的人 我们找到了比约恩·松丁这个人,来自瑞典 与他的伙伴进行了犯罪 同样在国际刑警组页面上列出了 Shaileshkumar Jain 一名美国公民 这些家伙在运作着一个叫做I.M.U.的组织 是一个网络犯罪系统,净赚到数百万 他们现在还都在运作着 没人知道他们在哪里 美国官方,就在数星期前 冻结了一个瑞士银行账户 是属于Jain的 账户中有1490万美元
So the amount of money online crime generates is significant. And that means that the online criminals can actually afford to invest into their attacks. We know that online criminals are hiring programmers, hiring testing people, testing their code, having back-end systems with SQL databases. And they can afford to watch how we work -- like how security people work -- and try to work their way around any security precautions we can build. They also use the global nature of Internet to their advantage. I mean, the Internet is international. That's why we call it the Internet.
因此说网上犯罪的金额是 非常大的 这就意味着网上犯罪 是可以负担的起他们进行攻击的支出 我们知道网上犯罪 要雇佣程序员,测试人员 测试他们的代码 拥有带SQL数据库的后端系统 同时他们可以监视我们如何工作-- 比如安保人员工作状况-- 并且尝试解决我们在他们周围 所部属的各种防范措施 他们还利用互联网的全球性质 使他们自己有利 我的意思是,互联网是个国际性的 这也是我们为什么称它为国际互联网
And if you just go and take a look at what's happening in the online world, here's a video built by Clarified Networks, which illustrates how one single malware family is able to move around the world. This operation, believed to be originally from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can't shut these guys down. They will switch from one country to another, from one jurisdiction to another -- moving around the world, using the fact that we don't have the capability to globally police operations like this. So the Internet is as if someone would have given free plane tickets to all the online criminals of the world. Now, criminals who weren't capable of reaching us before can reach us.
如果你只是去看看 在网络世界发生了什么 这里有一个 Clarified Networks 制作的视频 说明了一个单一的恶意软件家族是如何在世界各地转移的 这个操作系统,被认为是来自爱沙尼亚 会从一个国家转移到另一个国家 只要网站一被关闭 但你不可能阻止住这些家伙 他们会从一个国家转到另一个国家 从一种管辖权转移到另一个 在全球转移 利用一个现实,也就是说我们不可能有全球警察 像他们那样运作 所以说,互联网就像 某人获得了免费机票 可以在世界各地进行网上犯罪 之前,罪犯是不可能追踪到我们的 现在却可以了
So how do you actually go around finding online criminals? How do you actually track them down? Let me give you an example. What we have here is one exploit file. Here, I'm looking at the Hex dump of an image file, which contains an exploit. And that basically means, if you're trying to view this image file on your Windows computer, it actually takes over your computer and runs code.
因此 你如何找到网络犯罪分子? 你是如何追踪到他们的 我来举个例子 我这里有一个有漏洞的文件 这里,我们看一个十六进制的图像文件 它包含了一个漏洞 这意味着,如果你试着在你的Windows计算机上打开这个图像文件 它将会接管你的计算机并且运行代码
Now, if you'll take a look at this image file -- well there's the image header, and there the actual code of the attack starts. And that code has been encrypted, so let's decrypt it. It has been encrypted with XOR function 97. You just have to believe me, it is, it is. And we can go here and actually start decrypting it. Well the yellow part of the code is now decrypted. And I know, it doesn't really look much different from the original. But just keep staring at it. You'll actually see that down here you can see a Web address: unionseek.com/d/ioo.exe And when you view this image on your computer it actually is going to download and run that program. And that's a backdoor which will take over your computer.
现在,如果你看一下这个图像文件-- 这是图像的开始的部分 这是真正开始进行攻击的代码 这些代码已经被加密了 让我们把它们解密 它用的是XOR函数97进行的加密 你只能相信我 真是这样的 然后我们就来到这里 然后开始解密 密码的黄色部分现在已经被解密了 我知道,它们现在看起来和一开始差不多 但是请继续看下去 你会看到下半部分 有一个网址: unionseek.com/d/ioo.exe 当你在电脑上看这个图像的时候 它将下载且运行这个程序 这是个后门程序,它将接管你的电脑
But even more interestingly, if we continue decrypting, we'll find this mysterious string, which says O600KO78RUS. That code is there underneath the encryption as some sort of a signature. It's not used for anything. And I was looking at that, trying to figure out what it means. So obviously I Googled for it. I got zero hits; wasn't there. So I spoke with the guys at the lab. And we have a couple of Russian guys in our labs, and one of them mentioned, well, it ends in RUS like Russia. And 78 is the city code for the city of St. Petersburg. For example, you can find it from some phone numbers and car license plates and stuff like that. So I went looking for contacts in St. Petersburg, and through a long road, we eventually found this one particular website.
但是更有趣的是 如果我们继续解密 我们将发现一串奇怪的 叫做O600KO78RUS的代码 这个代码在加密文件的底部 就像署名一样 它没有什么实际作用 当我看到它的时候,我试图找到它的作用 于是我自然的用GOOGLE去搜索了一下 我什么也没发现 然后我就跟实验室的其他人说了这个事情 我们实验室有几个俄罗斯的人 他们其中一个提到 恩,结尾字母RUS可能代表俄罗斯 数字78则代表城市代码 也就是 圣彼得堡 举个例子,你可以从有些电话号码中发现类似的代码 或者是在车牌之类的东西上 于是我就去找它圣彼得堡的关系 经过长时间的努力 我们最终发现了一个特别的网站
Here's this Russian guy who's been operating online for a number of years who runs his own website, and he runs a blog under the popular Live Journal. And on this blog, he blogs about his life, about his life in St. Petersburg -- he's in his early 20s -- about his cat, about his girlfriend. And he drives a very nice car. In fact, this guy drives a Mercedes-Benz S600 V12 with a six-liter engine with more than 400 horsepower. Now that's a nice car for a 20-something year-old kid in St. Petersburg.
这个网站就是这个俄罗斯人运作的,他已经运作这个私人网站 很多年了 他在这个流行的 Journal网站下还有一个博客 在博客里,他记录他的生活 他在圣彼得堡的生活情况-- 他20出头-- 有关他的猫的情况 他的女友 而且他还有一辆很好的车 实际上,这家伙开的是 一辆奔驰S600 12缸 6升发动机 400多马力 对于一个在圣彼得堡20岁出头的孩子来说,这已经是一辆非常好的车了
How do I know about this car? Because he blogged about the car. He actually had a car accident. In downtown St. Petersburg, he actually crashed his car into another car. And he put blogged images about the car accident -- that's his Mercedes -- right here is the Lada Samara he crashed into. And you can actually see that the license plate of the Samara ends in 78RUS. And if you actually take a look at the scene picture, you can see that the plate of the Mercedes is O600KO78RUS. Now I'm not a lawyer, but if I would be, this is where I would say, "I rest my case."
我是如何了解到这辆车的? 因为他的微博提到过 他还有过一次车祸 在圣彼得堡的市区 他开车撞到了另一辆车 他把车祸的情况放到了博客上-- 就是那辆奔驰-- 那就是他撞上的 拉达萨马拉 你可以很清楚的看见被撞车的车牌 以78RUS结尾 如果你看下现场的照片 你可以看见奔驰车的车牌 是O600KO78RUS 我不是一个律师 但如果我是的话 看到这我想我会说:“我可以结案了”
(Laughter)
(笑声)
So what happens when online criminals are caught? Well in most cases it never gets this far. The vast majority of the online crime cases, we don't even know which continent the attacks are coming from. And even if we are able to find online criminals, quite often there is no outcome. The local police don't act, or if they do, there's not enough evidence, or for some reason we can't take them down. I wish it would be easier; unfortunately it isn't.
那么,当网络罪犯被抓获以后又会怎么样呢? 大多数案例都不会获得如此详细的信息 绝大多数网络罪犯的情况是 我们甚至不知道他们从哪个大洲发动的攻击 即使我们有能力去找到这些网络罪犯 大多数情况都不了了之 地方警察不会有所行动,即使他们实施抓捕,也没有充足的证据 或者因为一些原因无法抓到罪犯 我希望事情能简单一些 不幸的是,并非如此
But things are also changing at a very rapid pace. You've all heard about things like Stuxnet. So if you look at what Stuxnet did is that it infected these. That's a Siemens S7-400 PLC, programmable logic [controller]. And this is what runs our infrastructure. This is what runs everything around us. PLC's, these small boxes which have no display, no keyboard, which are programmed, are put in place, and they do their job. For example, the elevators in this building most likely are controlled by one of these. And when Stuxnet infects one of these, that's a massive revolution on the kinds of risks we have to worry about. Because everything around us is being run by these. I mean, we have critical infrastructure. You go to any factory, any power plant, any chemical plant, any food processing plant, you look around -- everything is being run by computers.
但事情总是在改变 并且速度非常可观 大家应该都已经听说过Stuxnet震网病毒 的事情了 如果你看看Stuxnet震网病毒 的作为 它感染了这些 那是一台西门子S7-400 PLC 可编程逻辑控制器 它用于我们的基础设施中 它用于周遭的一切东西中 它是这些小盒子,没有显示器 没有键盘 程式化的,被放到需要的地方后便自动工作 举个例子,这栋建筑的电梯 很有可能就是被这套装置所控制 因此当Stuxnet震网病毒 侵入到它们之中 就会造成我们不得不担心的 各种风险的重大变革 因为我们周边的一切都被这种病毒所接管 我的意思是,我们有一些关键性的设施 你去看任何一个工厂,电站 化学设备,食品制造设备 你看看周遭-- 一切都是依靠电脑运行的
Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, obviously, on computers working. And this really is something which creates completely new problems for us. We must have some way of continuing to work even if computers fail.
一切都是依靠电脑运行的 一切都是依赖电脑才能工作 我们已经变得非常依赖 网络 依赖基础资源例如电力,这是很明显的 依赖电脑工作 这就是些 对我们来说全新的问题 我们必须找到其他的途径 来继续工作 即使在电脑不能运行的情况下
(Laughter)
(笑声)
(Applause)
(掌声)
So preparedness means that we can do stuff even when the things we take for granted aren't there. It's actually very basic stuff -- thinking about continuity, thinking about backups, thinking about the things that actually matter.
应此,有备无患意味着即使我们认为理所当然 的事情发生了意料之外的改变,我们仍然可以 照常工作 这其实是基本常识-- 要考虑到持续性,后备方案 以及真正至关重要的问题
Now I told you -- (Laughter) I love the Internet. I do. Think about all the services we have online. Think about if they are taken away from you, if one day you don't actually have them for some reason or another. I see beauty in the future of the Internet, but I'm worried that we might not see that. I'm worried that we are running into problems because of online crime. Online crime is the one thing that might take these things away from us.
我把这些都告诉你们了-- (笑声) 我真的很爱网络 想想那些我们通过网络得到的服务 想想如果把它们从你身边拿走 如果有一天因为这样或那样的原因 你真的失去了它们 我看到了网络美好的未来 但是我同样担心 我们可能看不到它 我担心我们正在因为网络犯罪的原因 陷入到问题之中 网络犯罪是一个可能把 这些美好的事物从我们身边夺走的原因之一
(Laughter)
(笑声)
I've spent my life defending the Net, and I do feel that if we don't fight online crime, we are running a risk of losing it all. We have to do this globally, and we have to do it right now. What we need is more global, international law enforcement work to find online criminal gangs -- these organized gangs that are making millions out of their attacks. That's much more important than running anti-viruses or running firewalls. What actually matters is actually finding the people behind these attacks, and even more importantly, we have to find the people who are about to become part of this online world of crime, but haven't yet done it. We have to find the people with the skills, but without the opportunities and give them the opportunities to use their skills for good.
我用尽我的一生 去保卫网络 我真正的感觉到如果我们不对抗网络犯罪 我们将走向一条失去一切的不归之路 我们必须全球联手 且刻不容缓 我们需要的 是更加全球化,国际性法规强制性的 抓捕网络罪犯 这些有组织的 从攻击中创造百万利润的罪犯们 这要比研发反病毒软件 研发防火墙要重要的多 真正重要的是 找到在这些攻击的幕后指使者 更重要的是 我们必须要找出 将要成为网络犯罪世界 其中一部分 但是还没有那样做的人 我们要发现有才之人 只是怀才不遇 并且给他们机会 让他们的才能为我们所用
Thank you very much.
非常感谢
(Applause)
(掌声)