In the 1980s, in communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where the text was coming from. If they found a paper which had the wrong kind of thought, they could track down who created that thought. And we in the West couldn't understand how anybody would do this, how much this would restrict freedom of speech. We would never do that in our own countries.
Tijekom 1980-tih u komunističkoj Istočnoj Njemačkoj, ako ste posjedovali pisaći stroj, vlada je tražila da ga registrirate. Morali ste evidentirati običnu stranicu teksta koja je izišla iz pisaćeg stroja. To se činilo kako bi vlada mogla pratiti odakle tekstovi potječu. Ako bi otkrili dokument koji je sadržavao pogrešne misli, mogli su ući u trag onome tko je stvorio tu misao. Mi na Zapadu nismo mogli razumjeti kako je netko to mogao, koliko je to ograničavalo slobodu govora. Mi nikada ne bismo učinili takvo što u našim vlastitim zemljama.
But today, in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page, in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it. And this is an example of the ways our own governments are using technology against us, the citizens. And this is one of the main three sources of online problems today.
Ali danas, 2011., ako idete kupiti laserski pisač u boji bilo kojeg vodećeg proizvođača i ispišete stranicu, taj će ispis imati diskretne žute točkice ispisane na baš svakoj stranici, s obrascem koji tu stranicu čini jedinstvenom u odnosu na Vas i Vaš pisač. To se događa nama danas. I čini se da nitko ne pravi problem oko toga. To je primjer načina na koje naše vlade rabe tehnologiju protiv nas, građana. I to je jedan od tri glavna izvora problema na mreži danas.
If we look at what's really happening in the online world, we can group the attacks based on the attackers. We have three main groups. We have online criminals. Like here, we have Mr. Dmitry Golubov, from the city of Kiev in Ukraine. And the motives of online criminals are very easy to understand. These guys make money. They use online attacks to make lots of money -- and lots and lots of it. We actually have several cases of millionaires online, multimillionaires, who made money with their attacks. Here's Vladimir Tsastsin, from Tartu in Estonia. This is [Albert] Gonzalez. This is Stephen Watt. This is Bjorn Sundin. This is Matthew Anderson, Tariq Al-Daour and so on and so on.
Ako pogledamo što se doista događa na Internetu, možemo klasificirati napade prema napadačima. Imamo tri glavne skupine. Imamo mrežne kriminalce. Ovdje imamo g. Dimitrija Golubova iz Kijeva u Ukrajini. Motive mrežnih kriminalaca lako je razumjeti. Ti tipovi zarađuju novac. Koriste mrežne napade da zarade puno novca, puno, puno novca. Imamo i nekoliko slučajeva mrežnih milijunaša, multimilijunaša, koji su zaradili svojim napadima. Ovo je Vladimir Čačin iz Tartua u Estoniji. Ovo je Alfred Gonzalez. Ovo je Stephen Watt. Ovo je Bjorn Sundin. Ovo je Matthew Anderson, Tariq Al-Daour i tako dalje, i tako dalje.
These guys make their fortunes online, but they make it through the illegal means of using things like banking Trojans to steal money from our bank accounts while we do online banking, or with keyloggers to collect our credit card information while we are doing online shopping from an infected computer. The US Secret Service, two months ago, froze the Swiss bank account of Mr. Sam Jain right here, and that bank account had 14.9 million US dollars in it when it was frozen. Mr. Jain himself is on the loose; nobody knows where he is. And I claim it's already today that it's more likely for any of us to become the victim of a crime online than here in the real world. And it's very obvious that this is only going to get worse. In the future, the majority of crime will be happening online.
Ti tipovi zarađuju bogatstvo na mreži, ali ga zarađuju na nezakonit način koristeći bankovne trojance kako bi krali novac s naših bankovnih računa dok mi obavljamo internetsko bankarstvo, ili pomoću programa za bilježenje pritisnutih tipki kojima prikupljaju podatke o našim kreditnim karticama dok obavljamo internetsku kupnju sa zaraženog računala. Tajna služba SAD-a blokirala je prije dva mjeseca bankovni račun u Švicarskoj ovog gospodina, Sama Jaina, a na tom je računu bilo 14,9 milijuna dolara, u trenutku blokade. G. Jain je u bijegu; nitko ne zna gdje je. Tvrdim da je danas već vjerojatnije da će bilo tko od nas postati žrtvom mrežnog kriminala nego žrtvom kriminala u stvarnom svijetu. I sasvim je očito da će se stvari samo pogoršati. U budućnosti, većina zločina odvijat će se na Internetu.
The second major group of attackers that we are watching today are not motivated by money. They're motivated by something else -- motivated by protests, motivated by an opinion, motivated by the laughs. Groups like Anonymous have risen up over the last 12 months and have become a major player in the field of online attacks.
Drugu glavnu skupinu napadača koju danas promatramo ne motivira novac. Motivira ih nešto drugo -- motiviraju ih prosvjedi, mišljenja, motivira ih humor. Skupine poput Anonymous ojačale su tijekom posljednjih 12 mjeseci i postale glavni igrač na području mrežnih napada.
So those are the three main attackers: criminals who do it for the money, hacktivists like Anonymous doing it for the protest, but then the last group are nation states -- governments doing the attacks. And then we look at cases like what happened in DigiNotar. This is a prime example of what happens when governments attack against their own citizens. DigiNotar is a certificate authority from the Netherlands -- or actually, it was. It was running into bankruptcy last fall, because they were hacked into. Somebody broke in and they hacked it thoroughly. And I asked last week, in a meeting with Dutch government representatives, I asked one of the leaders of the team whether he found plausible that people died because of the DigiNotar hack. And his answer was: yes.
To su, dakle, tri glavna napadača: kriminalci koji to čine radi novca, hakerski aktivisti kao Anonymous koji to čine iz bunta, ali posljednja skupina su nacionalne države, vlade koje provode napade. I tada promatramo slučajeve poput slučaja DigiNotar. Ovo je najbolji primjer onoga što se događa kad vlade napadaju svoje vlastite građane. DigiNotar je tvrtka koja izdaje certifikate, iz Nizozemske -- zapravo, bila je. Otišla je u stečaj prošle jeseni jer je bila žrtvom hakiranja. Netko je provalio i temeljito ih hakirao. Upitao sam prošli tjedan, na sastanku s predstavnicima nizozemske vlade, pitao sam jednog od vođa tima misli li on da je vjerojatno da je netko poginuo kao posljedica hakiranja DigiNotara. Odgovorio mi je pozitivno.
So how do people die as the result of a hack like this? Well, DigiNotar is a CA. They sell certificates. What do you do with certificates? Well, you need a certificate if you have a website that has https, SSL encrypted services, services like Gmail. Now we all, or a big part of us, use Gmail or one of their competitors, but these services are especially popular in totalitarian states like Iran, where dissidents use foreign services like Gmail because they know they are more trustworthy than the local services and they are encrypted over SSL connections, so the local government can't snoop on their discussions. Except they can, if they hack into a foreign CA and issue rogue certificates. And this is exactly what happened with the case of DigiNotar.
Pa kako to ljudi pogibaju kao posljedica ovakvog hakiranja? DigiNotar je ovlašteni certifikator. Prodaju certifikate. Što činimo s certifikatima? Trebate certifikat ako imate Internetske stranice koje koriste https, SSL enkripcijski servis, servise poput Gmail-a. Svi mi, ili velik broj nas, koristimo Gmail ili nekog od konkurenata, ali su te usluge naročito popularne u totalitarnim državama poput Irana, gdje disidenti koriste strane usluge poput Gmail-a jer znaju da im više mogu vjerovati nego lokalnim uslugama, a i šifrirani su pri SSL povezivanju, pa lokalne vlade ne mogu njuškati po njihovim diskusijama. Odnosno mogu, ako hakiraju stranog certifikatora i izdaju lažne certifikate. I upravo se to dogodilo u slučaju DigiNotar-a.
What about Arab Spring and things that have been happening, for example, in Egypt? Well, in Egypt, the rioters looted the headquarters of the Egyptian secret police in April 2011, and when they were looting the building, they found lots of papers. Among those papers was this binder entitled, "FinFisher." And within that binder were notes from a company based in Germany, which had sold to the Egyptian government a set of tools for intercepting, at a very large scale, all the communication of the citizens of the country. They had sold this tool for 280,000 euros to the Egyptian government. The company headquarters are right here.
A što je s arapskim proljećem i onime što se događalo, na primjer, u Egiptu? U Egiptu su pobunjenici opljačkali stožer egipatske tajne policije u travnju 2011., i pri pljački su pronašli gomilu dokumenata. Među tim dokumentima je bio i fascikl "FINFISHER." U tom su fasciklu bile bilješke kompanije sa sjedištem u Njemačkoj koja je egipatskoj vladi prodala kolekciju alata za presretanje komunikacija -- na masovnoj osnovi -- građana te zemlje. Prodali su te alate egipatskoj vladi za 280.000 eura. Upravna zgrada te kompanije je baš ovdje.
So Western governments are providing totalitarian governments with tools to do this against their own citizens. But Western governments are doing it to themselves as well. For example, in Germany, just a couple of weeks ago, the so-called "State Trojan" was found, which was a Trojan used by German government officials to investigate their own citizens. If you are a suspect in a criminal case, well, it's pretty obvious, your phone will be tapped. But today, it goes beyond that. They will tap your Internet connection. They will even use tools like State Trojan to infect your computer with a Trojan, which enables them to watch all your communication, to listen to your online discussions, to collect your passwords.
Znači, zapadne vlade totalitarnim vladama daju alate koje koriste protiv vlastitih građana. Ali zapadne vlade isto čine i sebi. Na primjer, u Njemačkoj, prije samo nekoliko tjedana otkriven je takozvani Scuinst Trojan, trojanac koji dužnosnici njemačke vlade koriste za istraživanje vlastitih građana. Ako ste osumnjičeni u kaznenom postupku, očigledno je da će vam prisluškivati telefon. Ali danas idu i dalje od toga. Prisluškivat će vašu Internet vezu. Koristit će alate poput Scuinst Trojana kako bi zarazili vaše računalo trojancem, što im omogućuje praćenje svih vaših komunikacija, slušanje vaših mrežnih diskusija, prikupljanje vaših lozinki.
Now, when we think deeper about things like these, the obvious response from people should be, "OK, well, that sounds bad, but that doesn't really affect me, because I'm a legal citizen. Why should I worry? Because I have nothing to hide." And this is an argument which doesn't make sense. Privacy is implied. Privacy is not up for discussion. This is not a question between privacy against security. It's a question of freedom against control. And while we might trust our governments right now, right here in 2011, any rights we give away will be given away for good. And do we trust, do we blindly trust, any future government, a government we might have 50 years from now? And these are the questions that we have to worry about for the next 50 years.
Kada dublje razmislimo o ovakvim stvarima, očit odgovor ljudi bi mogao biti da, "Dobro, to je loše, ali to me se ne tiče jer ne kršim zakon. Zašto da to mene brine? Ništa ne skrivam." A to je argument, koji nema smisla. Privatnost se podrazumijeva. Privatnost nije predmet diskusije. Nije riječ o dilemi između privatnosti i sigurnosti. Riječ je o pitanju slobode i pitanju kontrole. I dok možda vjerujemo našim vladama sada, baš ovdje, 2011., svako pravo kojega se odreknemo, izgubit ćemo zauvijek. I zar vjerujemo, zar slijepo vjerujemo, svakoj budućoj vladi, nekoj vladi koja će vladati i za 50 godina? To su pitanja o kojima moramo brinuti u sljedećih 50 godina.