I love the Internet. It's true. Think about everything it has brought us. Think about all the services we use, all the connectivity, all the entertainment, all the business, all the commerce. And it's happening during our lifetimes. I'm pretty sure that one day we'll be writing history books hundreds of years from now. This time our generation will be remembered as the generation that got online, the generation that built something really and truly global. But yes, it's also true that the Internet has problems, very serious problems, problems with security and problems with privacy. I've spent my career fighting these problems.
我愛網路。 這是實在話。 想想看它所帶給我們的一切。 想想我們所使用的所有服務, 所有的網絡連結與通訊, 一切的娛樂, 全部的商業與經濟活動, 而它就在我們這一代發生了。 我非常肯定將來有一天 我們在撰寫歷史典籍時, 也許等到距今數百年之後, 這一次,我們這一個世代的人類將會永傳千古, 因為這是一個開始使用網際網路的年代, 我們這一代, 建構出貨真價實,具體可見的全球化。 然而,我承認, 網際網路本身是有問題的,而且是非常嚴重的難題。 就是網路的安全性令人堪憂, 還有網路上的隱私疑慮。 我竭盡個人之所能 尋找出這些困境。
So let me show you something. This here is Brain. This is a floppy disk -- five and a quarter-inch floppy disk infected by Brain.A. It's the first virus we ever found for PC computers. And we actually know where Brain came from. We know because it says so inside the code. Let's take a look. All right. That's the boot sector of an infected floppy, and if we take a closer look inside, we'll see that right there, it says, "Welcome to the dungeon." And then it continues, saying, 1986, Basit and Amjad. And Basit and Amjad are first names, Pakistani first names. In fact, there's a phone number and an address in Pakistan.
所以且容我向各位展示一些成果。 在這裡, 就是電腦病毒始祖「大腦」(Brain) 這是一片電腦磁碟片。 5¼ 英吋的古早磁碟片 受到「大腦A」病毒的感染。 對於個人電腦而言 這是有史以來第一個病毒。 而我們的確也知道 「大腦」源自於何處。 我們之所以知道,是因為 在病毒碼裡頭有註明出處。 現在讓我們瞧瞧。 出來了。 那裡是遭到病毒感染的啟動磁區。 倘若我們深入內部去看, 就在那裡,我們會發現, 它說:「歡迎光臨18層地獄。」 接著它說: 「於1986年製造,製造者:Basit 和 Amjad。」 Basit 和 Amjad 是名字, 巴基斯坦人的名字。 其實,這裡有附一支巴基斯坦的電話號碼和住址。
(Laughter)
(笑聲)
Now, 1986. Now it's 2011. That's 25 years ago. The PC virus problem is 25 years old now. So half a year ago, I decided to go to Pakistan myself. So let's see, here's a couple of photos I took while I was in Pakistan. This is from the city of Lahore, which is around 300 kilometers south from Abbottabad, where Bin Laden was caught. Here's a typical street view. And here's the street or road leading to this building, which is 730 Nizam block at Allama Iqbal Town. And I knocked on the door. (Laughter) You want to guess who opened the door? Basit and Amjad; they are still there. (Laughter) (Applause) So here standing up is Basit. Sitting down is his brother Amjad. These are the guys who wrote the first PC virus. Now of course, we had a very interesting discussion. I asked them why. I asked them how they feel about what they started. And I got some sort of satisfaction from learning that both Basit and Amjad had had their computers infected dozens of times by completely unrelated other viruses over these years. So there is some sort of justice in the world after all.
曾經,1986年。 如今,已2011年了。 整整25年之久。 個人電腦遭受病毒感染的問題已經存在了25年之久。 所以半年前,我決定 自己親身實地到巴基斯坦走一趟。 來欣賞一下幾張在當地所拍攝的照片。 這是拉合爾城(Lahore,巴國第二大城) 距離阿伯塔巴德南方300公里, 阿伯塔巴德就是賓拉登被狙殺的地點。 這張是典型當地的街道。 沿著這裡的這條路,可以直達那座建築物。 地址是阿拉馬伊克巴爾鎮,尼扎姆區,730號。 我跑去敲敲門。 (笑聲) 猜猜應門的人是誰? 居然是Basit 和 Amjad,他們還住在25年前的地方! (笑聲) (掌聲) 站著的這位就是Basit。 而坐著的是他的兄弟Amjad。 這兩位就是寫出個人電腦病毒始祖的老兄。 想當然爾,我們聊得很愉快。 我問他們原因。 還有他們對於無意間所造成日後病毒肆虐的感想。 結果我得到了某種莫名的滿足感, 因為得知這兩位仁兄 這麼多年來,他們自己的電腦 也一直頻頻中毒,而且是其它人 所寫的新病毒。 正義終於以某種不知名的形式 在這個世界得以伸張。
Now, the viruses that we used to see in the 1980s and 1990s obviously are not a problem any more. So let me just show you a couple of examples of what they used to look like. What I'm running here is a system that enables me to run age-old programs on a modern computer. So let me just mount some drives. Go over there. What we have here is a list of old viruses. So let me just run some viruses on my computer.
對於現在的我們來說, 在1980年代至1990年代間習以為常的病毒 顯然是小巫見大巫,無關痛癢了。 且容我向各位舉幾個例子說明 它們以前長這付模樣。 就是我現在正在寫下的這串文字。 這是一種使我能夠 在新電腦上跑古董程式的作業系統。 讓我開啟一些硬碟。 在此所列的是舊款病毒的清單。 在我的電腦上跑跑看一些病毒。
For example, let's go with the Centipede virus first. And you can see at the top of the screen, there's a centipede scrolling across your computer when you get infected by this one. You know that you're infected because it actually shows up. Here's another one. This is the virus called Crash, invented in Russia in 1992. Let me show you one which actually makes some sound. (Siren noise) And the last example, guess what the Walker virus does? Yes, there's a guy walking across your screen once you get infected. So it used to be fairly easy to know that you're infected by a virus, when the viruses were written by hobbyists and teenagers.
例如這個, 先從「蜈蚣病毒」著手吧。 如果你中了這種病毒的話, 你會在螢幕上方看到, 有一條蜈蚣爬過你的電腦。 你知道你的電腦中毒了, 因為它清楚顯示在你眼前。 這裡有另一種病毒,它叫作「墜毀」, 1992年由俄國人寫的。 讓我秀給各位看一個會製造聲音的病毒。 (救護車警鈴聲) 還有最後一個病毒, 猜猜看「路人病毒」會耍甚麼把戲? 一旦中了毒的話,沒錯,有個人就會在 你電腦螢幕上逛大街呢。 所以,以往, 中毒與否顯而易見。 寫這些病毒的怪咖、青少年 只是為了好玩。
Today, they are no longer being written by hobbyists and teenagers. Today, viruses are a global problem. What we have here in the background is an example of our systems that we run in our labs, where we track virus infections worldwide. So we can actually see in real time that we've just blocked viruses in Sweden and Taiwan and Russia and elsewhere. In fact, if I just connect back to our lab systems through the Web, we can see in real time just some kind of idea of how many viruses, how many new examples of malware we find every single day. Here's the latest virus we've found, in a file called Server.exe. And we found it right over here three seconds ago -- the previous one, six seconds ago. And if we just scroll around, it's just massive. We find tens of thousands, even hundreds of thousands. And that's the last 20 minutes of malware every single day.
今非昔比,現在寫病毒的人 不再是單純的怪咖和青少年了。 今天,病毒儼然已成為全球的問題。 在我們背後的螢幕上, 是在我們的實驗室裡所研發的系統之一 藉此我們追蹤全球各地病毒感染的狀況。 我們可以在第一時間看到 我們不久前才阻絕了在瑞典,台灣, 和俄國以及遍佈全球的病毒。 事實上,假如我經由網路連線到 我們實驗室的系統, 我們便可以立即看到 每天有多少種的病毒, 有多少新的惡意程式被我們發現到。 這是我們目前所發現最新的病毒, 藏在一個稱為「服務」的執行檔裡。 三秒鐘前我們逮到了它-- 再之前的病毒,是六秒鐘前找到的。 如果我們往下看, 數量大得嚇人。 我們發現了成千上萬的病毒。 這些只是每一天,在20分鐘裡 所發現的惡意程式。
So where are all these coming from then? Well today, it's the organized criminal gangs writing these viruses because they make money with their viruses. It's gangs like -- let's go to GangstaBucks.com. This is a website operating in Moscow where these guys are buying infected computers. So if you are a virus writer and you're capable of infecting Windows computers, but you don't know what to do with them, you can sell those infected computers -- somebody else's computers -- to these guys. And they'll actually pay you money for those computers. So how do these guys then monetize those infected computers? Well there's multiple different ways, such as banking trojans, which will steal money from your online banking accounts when you do online banking, or keyloggers. Keyloggers silently sit on your computer, hidden from view, and they record everything you type. So you're sitting on your computer and you're doing Google searches. Every single Google search you type is saved and sent to the criminals. Every single email you write is saved and sent to the criminals. Same thing with every single password and so on.
那麼這些病毒從何而來? 嗯,目前都是犯罪幫派集團在 設計撰寫這些病毒, 因為他們可以由此獲利。 這些幫派組織就像是-- 讓我們造訪一下GangstaBucks.com這個網站, 這個網站在莫斯科管理運作, 這些人買賣中毒的電腦。 假設你會寫病毒程式, 而且能讓微軟作業系統的電腦中毒, 但不知道該拿那些中毒的電腦怎麼辦, 你可以賣掉它們-- 把別人的電腦賣給架設這個網站的人。 他們也真的會付錢給你。 那麼這些人又如何以 中毒的電腦獲利? 嗯,賺錢的方式多的是, 像是銀行木馬,當你使用網路銀行時,就可以 從你的網路銀行帳戶偷錢, 或植入按鍵記錄程式。 按鍵記錄程式靜悄悄地躲在電腦裡,你根本無從得知, 它紀錄你所按下的每個鍵。 所以當你坐在電腦前用Google搜尋時, 你在鍵盤上輸入的每一筆搜尋 都會被儲存並寄給駭客。 你寫的每封電子郵件也會被儲存並寄給駭客。 每當你輸入密碼時,同樣的事情一而再,再而三的發生。
But the thing that they're actually looking for most are sessions where you go online and do online purchases in any online store. Because when you do purchases in online stores, you will be typing in your name, the delivery address, your credit card number and the credit card security codes. And here's an example of a file we found from a server a couple of weeks ago. That's the credit card number, that's the expiration date, that's the security code, and that's the name of the owner of the card. Once you gain access to other people's credit card information, you can just go online and buy whatever you want with this information. And that, obviously, is a problem. We now have a whole underground marketplace and business ecosystem built around online crime.
但是他們最想知道的事情是 你上網的時段, 在哪間線上商店購物。 因為當你在網路購物時, 你會輸入姓名、配送地址、 信用卡號和信用卡的安全碼。 這是一個例子, 幾週前從一個伺服器上發現的。 這是信用卡卡號, 卡片有效期限,和安全碼, 還有持卡人姓名。 一旦取得他人的信用卡資訊, 掌握了這些資訊,你就可以上網買東西, 愛買什麼就買什麼。 這,顯然是個大問題。 現在,非法地下經濟活動, 和網路商務系統, 全被網路犯罪所宰制。
One example of how these guys actually are capable of monetizing their operations: we go and have a look at the pages of INTERPOL and search for wanted persons. We find guys like Bjorn Sundin, originally from Sweden, and his partner in crime, also listed on the INTERPOL wanted pages, Mr. Shaileshkumar Jain, a U.S. citizen. These guys were running an operation called I.M.U., a cybercrime operation through which they netted millions. They are both right now on the run. Nobody knows where they are. U.S. officials, just a couple of weeks ago, froze a Swiss bank account belonging to Mr. Jain, and that bank account had 14.9 million U.S. dollars on it.
來看一個利用種種網路犯罪手法 成功偷到錢的例子。 我們來看看INTERPOL的網頁, 搜尋一些通緝要犯。 可以發現像是從瑞典來的Bjorn Sundin, 和他的犯案同夥, 都在INTERPOL網頁中榜上有名, Shaileshkumar Jain先生 是美國公民。 這批人以前的手法是操作 I.M.U., 一種網路犯罪手法,他們從網路上非法取得好幾百萬元。 他們現在都在跑路。 跑的無影無蹤。 就在幾週前,美國警方 凍結在瑞士,Jain先生名下的 一個銀行帳戶, 戶頭裡有高達1,490萬美元的存款。
So the amount of money online crime generates is significant. And that means that the online criminals can actually afford to invest into their attacks. We know that online criminals are hiring programmers, hiring testing people, testing their code, having back-end systems with SQL databases. And they can afford to watch how we work -- like how security people work -- and try to work their way around any security precautions we can build. They also use the global nature of Internet to their advantage. I mean, the Internet is international. That's why we call it the Internet.
由此可知網路犯罪所竊取的金錢 數量之龐大,非常驚人。 這也意謂著,網路犯罪駭客 其實負擔得起研發這些病毒的開銷。 據我們所知,網路犯罪駭客 聘請程式設計師,和測試人員, 去測試他們程式碼, 並建立支援SQL資料庫查詢語法的後端管理系統。 而且他們負擔得起監視我們-- 好比警衛、保全如何運作-- 然後試圖繞過任何 我們所建立的防毒保護系統。 同樣地,他們也運用網路的全球性 建立優勢。 我的意思是網路是無國界的。 這也正是我們以此命名的原因。
And if you just go and take a look at what's happening in the online world, here's a video built by Clarified Networks, which illustrates how one single malware family is able to move around the world. This operation, believed to be originally from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can't shut these guys down. They will switch from one country to another, from one jurisdiction to another -- moving around the world, using the fact that we don't have the capability to globally police operations like this. So the Internet is as if someone would have given free plane tickets to all the online criminals of the world. Now, criminals who weren't capable of reaching us before can reach us.
如果各位去看一看 網路世界正在發生什麼事, 這是Clarified Networks製作的影片, 描述一個惡意網站如何隨時在世界各地轉換落腳處。 據信該網站源自於愛沙尼亞, 就在有人試圖關閉這個網站時, 它立刻從一個國家轉到另一個國家, 根本關不掉這個網站。 他們會從一個國家鑽到另一個國家, 由這個管轄區鑽到另一個管轄區, 在全世界流竄, 利用我們的弱點-- 無法組織世界警察機構的憾事。 所以網路就好比 贈送免費機票, 給全世界的網路罪犯。 這些罪犯以往無法追蹤到我們, 現在卻可以了。
So how do you actually go around finding online criminals? How do you actually track them down? Let me give you an example. What we have here is one exploit file. Here, I'm looking at the Hex dump of an image file, which contains an exploit. And that basically means, if you're trying to view this image file on your Windows computer, it actually takes over your computer and runs code.
所以該如逮到這些網路罪犯呢? 該如何追蹤他們? 舉個例子。 這是一個木馬程式。 我眼前的是十六進位的圖檔, 裡頭藏了一個木馬。 基本上,這意謂著,如果你在微軟系統電腦上瀏覽該圖檔, 那麼木馬會掌控電腦,執行病毒。
Now, if you'll take a look at this image file -- well there's the image header, and there the actual code of the attack starts. And that code has been encrypted, so let's decrypt it. It has been encrypted with XOR function 97. You just have to believe me, it is, it is. And we can go here and actually start decrypting it. Well the yellow part of the code is now decrypted. And I know, it doesn't really look much different from the original. But just keep staring at it. You'll actually see that down here you can see a Web address: unionseek.com/d/ioo.exe And when you view this image on your computer it actually is going to download and run that program. And that's a backdoor which will take over your computer.
現在,如果請各位看看這個圖檔-- 這裡有個影像的標頭, 這就是攻擊電腦的病毒碼源頭。 病毒碼已事先加密保護。 好,我們來解密。 這是由XOR執行97加密保護的。 你必須相信我, 它真的是,真的。 我們到這裡, 開始解密。 嗯,黃色部份的碼目前已解完了。 我知道,已解碼處的確和原來看似相去不遠。 不過,只要持續盯著看。 各位就可以看到在下方, 有一個網址: unionc.com/d/ioo.exe。 當你在電腦上瀏覽該圖片時, 執行檔就會開始下載並且操作。 那就是控制你的電腦的後門。
But even more interestingly, if we continue decrypting, we'll find this mysterious string, which says O600KO78RUS. That code is there underneath the encryption as some sort of a signature. It's not used for anything. And I was looking at that, trying to figure out what it means. So obviously I Googled for it. I got zero hits; wasn't there. So I spoke with the guys at the lab. And we have a couple of Russian guys in our labs, and one of them mentioned, well, it ends in RUS like Russia. And 78 is the city code for the city of St. Petersburg. For example, you can find it from some phone numbers and car license plates and stuff like that. So I went looking for contacts in St. Petersburg, and through a long road, we eventually found this one particular website.
但是更引人入勝的是, 假如我們繼續解密, 會找到這條隱密的線索, O600KO78RUS。 那組碼就藏匿於加密下, 類似某種簽名檔。 沒有任何功能。 我看著簽名檔,試著解開謎底。 當然我上Google搜尋。 零; 毫無任何結果。 所以我和實驗室的人討論。 有幾個人是從俄國來的, 其中一個提到, 嗯,它結尾的rus和俄國前三個字母相同。 78是聖彼得堡的 城市代碼。 可以從電話號碼或汽車牌照 之類的東西找到。 所以我開始找和聖彼得堡的關聯性。 經過漫長的搜尋, 終於有所獲展,鎖定了這個網站。
Here's this Russian guy who's been operating online for a number of years who runs his own website, and he runs a blog under the popular Live Journal. And on this blog, he blogs about his life, about his life in St. Petersburg -- he's in his early 20s -- about his cat, about his girlfriend. And he drives a very nice car. In fact, this guy drives a Mercedes-Benz S600 V12 with a six-liter engine with more than 400 horsepower. Now that's a nice car for a 20-something year-old kid in St. Petersburg.
某個俄國人經營多年 這個屬於他自己的網站, 他也寫一個Live期刊網站上,頗受歡迎的的部落格。 在部落格裡,有他生活的紀錄, 在聖彼得堡的點點滴滴-- 他正值20出頭-- 寫他的貓咪, 寫他的女友。 還有寫他開的頂級轎車。 事實上,他開的是 賓士S600 V12 配備六加侖 超過400馬力的引擎。 對於一個住在聖彼得堡,20出頭的年輕小夥子,這的確是台好車。
How do I know about this car? Because he blogged about the car. He actually had a car accident. In downtown St. Petersburg, he actually crashed his car into another car. And he put blogged images about the car accident -- that's his Mercedes -- right here is the Lada Samara he crashed into. And you can actually see that the license plate of the Samara ends in 78RUS. And if you actually take a look at the scene picture, you can see that the plate of the Mercedes is O600KO78RUS. Now I'm not a lawyer, but if I would be, this is where I would say, "I rest my case."
我從何得知這部車的資訊呢? 因為他寫在網誌裡。 他出過一次車禍, 在聖彼得堡市中心, 他的車撞上另一輛車。 而且他還上傳車禍的照片-- 這就是他撞壞的賓士-- 這就是被撞的拉達車(Lada Samara,前蘇聯國營車廠)。 你可以看到 Samara的車牌號碼, 結尾是78RUS。 如果睜大眼睛仔細看這張照片, 可以找到賓士的車牌號碼 就是O600KO78RUS。 我不是律師, 但假如我是, 我就會說:「案子可以結了。」
(Laughter)
(笑聲)
So what happens when online criminals are caught? Well in most cases it never gets this far. The vast majority of the online crime cases, we don't even know which continent the attacks are coming from. And even if we are able to find online criminals, quite often there is no outcome. The local police don't act, or if they do, there's not enough evidence, or for some reason we can't take them down. I wish it would be easier; unfortunately it isn't.
所以要是網路罪犯被抓到了呢? 嗯,大部分案子從沒這種圓滿的結局。 絕大多數的網路犯罪案件中, 我們甚至不清楚攻擊來自於哪洲。 就算我們找到網路罪犯, 通常很有可能是毫無所獲, 當地警方不會採取行動,即便行動了,也沒有足夠證據, 或因為某些因素無法逮捕他們。 我希望事情可以簡單點; 不幸的是,事與願違。
But things are also changing at a very rapid pace. You've all heard about things like Stuxnet. So if you look at what Stuxnet did is that it infected these. That's a Siemens S7-400 PLC, programmable logic [controller]. And this is what runs our infrastructure. This is what runs everything around us. PLC's, these small boxes which have no display, no keyboard, which are programmed, are put in place, and they do their job. For example, the elevators in this building most likely are controlled by one of these. And when Stuxnet infects one of these, that's a massive revolution on the kinds of risks we have to worry about. Because everything around us is being run by these. I mean, we have critical infrastructure. You go to any factory, any power plant, any chemical plant, any food processing plant, you look around -- everything is being run by computers.
但事情正在 快速的改變。 各位都聽過Stuxnet的事。 如果你看看Stuxnet所做的 就是使這些遭受病毒感染。 那是西門子的S7 400PLC, 可程式化的邏輯運算電腦。 使基礎建設得以運轉的電腦。 我們身邊所有配備都需要它。 這些PLC's只有小巧的盒子,毋需顯示器, 也不用鍵盤, 設定好程式,就定位,各司其職。 例如,這棟建築物的電梯, 很有可能由PLC所控制。 當Stunet使其中之一中毒, 會出大亂的, 我們得擔心這一類的危險。 因為生活裡充滿了PLC控制的東西。 尤其是重要的基礎建設。 任何一座工廠、電廠、 化學工廠、食物處理廠, 映入眼簾的-- 一切都由電腦所控制。
Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, obviously, on computers working. And this really is something which creates completely new problems for us. We must have some way of continuing to work even if computers fail.
全部都是電腦化。 一切都仰賴電腦。 我們變得非常 依靠網路, 基本的事情,像是電力, 還有電腦運算。 代誌真的很大條了, 新的問題產生了。 萬一有一天,電腦再也不行了, 我們要有因應之道 才能永續經營。
(Laughter)
(笑聲)
(Applause)
(掌聲)
So preparedness means that we can do stuff even when the things we take for granted aren't there. It's actually very basic stuff -- thinking about continuity, thinking about backups, thinking about the things that actually matter.
所以我們要未雨綢繆,以因應 我們視為理所當然的事物 萬一停擺了。 這是非常基本的想法-- 思考永續經營、思考退路與備案、 思考關於真正重要的事情。
Now I told you -- (Laughter) I love the Internet. I do. Think about all the services we have online. Think about if they are taken away from you, if one day you don't actually have them for some reason or another. I see beauty in the future of the Internet, but I'm worried that we might not see that. I'm worried that we are running into problems because of online crime. Online crime is the one thing that might take these things away from us.
現在,我跟各位說-- (笑聲) 我真的愛網路。真的。 想想看網路上的所有服務。 想想看萬一有天它們不存在了, 因為某些因素, 哪天就再也不能使用了。 我可以預見網路的未來之美, 但是我也擔憂 我們可能看不到。 我憂心的是我們將會遇到 網路犯罪的問題。 網路犯罪是有可能 把這一切從我們身邊奪走。
(Laughter)
(笑聲)
I've spent my life defending the Net, and I do feel that if we don't fight online crime, we are running a risk of losing it all. We have to do this globally, and we have to do it right now. What we need is more global, international law enforcement work to find online criminal gangs -- these organized gangs that are making millions out of their attacks. That's much more important than running anti-viruses or running firewalls. What actually matters is actually finding the people behind these attacks, and even more importantly, we have to find the people who are about to become part of this online world of crime, but haven't yet done it. We have to find the people with the skills, but without the opportunities and give them the opportunities to use their skills for good.
我窮盡一生精力 去捍衛網路安全。 我的確感到,假如我們不打擊網路犯罪, 有極大的風險會全盤盡失。 我們必須以全球化的方式, 從這一刻起,打擊網路犯罪。 我們需要確實執行 更全球化、跨國的法律 以揪出網路罪犯的幫派-- 這些藉由病毒攻擊 獲利數百萬美元集團化的幫派。 相較於防毒軟體或防火牆, 這才是治本之道。 重要的是如何直搗 發動病毒攻擊的藏鏡人的巢穴。 還有更重要的是, 我們得找出這群 潛在的未來 網路犯罪份子。 革命尚未成功,同志仍需努力。 我們得找出具備網路犯罪能力, 但還沒犯案的人, 給他們機會 造福網路社群。
Thank you very much.
非常感謝各位。
(Applause)
(掌聲)