In the 1980s, in communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where the text was coming from. If they found a paper which had the wrong kind of thought, they could track down who created that thought. And we in the West couldn't understand how anybody would do this, how much this would restrict freedom of speech. We would never do that in our own countries.
1980-ih u komunističkoj Istočnoj Nemačkoj, ako ste imali pisaću mašinu, to ste morali da prijavite kod vlade. Morali ste da predate list teksta kao uzorak sa vaše pisaće mašine. Ovo se radilo kako bi vlada mogla da prati odakle dolazi tekst. Ako bi našli papir sa pogrešnom vrstom misli, mogli su da uđu u trag onom ko je bio njen tvorac. Mi na Zapadu nismo mogli da razumemo kako bi neko mogao da radi ovo, koliko bi ovo ograničilo slobodu govora. Mi nikada ne bismo to uradili u svojim zemljama.
But today, in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page, in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it. And this is an example of the ways our own governments are using technology against us, the citizens. And this is one of the main three sources of online problems today.
Ali danas u 2011. ako kupite laserski štampač u boji bilo kog većeg proizvođača laserskih štampača i odštampate stranicu, ona će imati blage žute tačke na svakoj pojedinačnoj stranici u šablonu koji stranicu čini jedinstvenom za vas i vaš štampač. Ovo se dešava nama danas. I niko ne diže prašinu zbog ovoga. Ovo je primer načina na koji naše vlade koriste tehnologiju protiv nas, građana. Ovo je jedan od tri glavna izvora problema na internetu danas.
If we look at what's really happening in the online world, we can group the attacks based on the attackers. We have three main groups. We have online criminals. Like here, we have Mr. Dmitry Golubov, from the city of Kiev in Ukraine. And the motives of online criminals are very easy to understand. These guys make money. They use online attacks to make lots of money -- and lots and lots of it. We actually have several cases of millionaires online, multimillionaires, who made money with their attacks. Here's Vladimir Tsastsin, from Tartu in Estonia. This is [Albert] Gonzalez. This is Stephen Watt. This is Bjorn Sundin. This is Matthew Anderson, Tariq Al-Daour and so on and so on.
Ako pogledamo na to šta se zaista dešava u svetu interneta, napade možemo grupisati na osnovu napadača. Imamo tri glavne grupe. Imamo internet kriminalce. Kao što je gospodin Dimitri Golubov ovde iz grada Kijeva iz Ukrajine. Motivi internet kriminalaca su veoma laki za razumeti. Ovi ljudi zarađuju novac. Koriste internet napade da zarade hrpe novca, veoma mnogo novca. Zapravo imamo nekoliko slučajeva internet milionera, multimilionera, koji su novac zaradili svojim napadima. Ovde je Vladimir Cacin iz Tartua u Estoniji. Ovo je Alfred Gonzales. Ovo je Stiven Vot. Ovo je Bjorn Sundin. Ovo su Metju Anderson, Tarik Al-Daur i tako dalje.
These guys make their fortunes online, but they make it through the illegal means of using things like banking Trojans to steal money from our bank accounts while we do online banking, or with keyloggers to collect our credit card information while we are doing online shopping from an infected computer. The US Secret Service, two months ago, froze the Swiss bank account of Mr. Sam Jain right here, and that bank account had 14.9 million US dollars in it when it was frozen. Mr. Jain himself is on the loose; nobody knows where he is. And I claim it's already today that it's more likely for any of us to become the victim of a crime online than here in the real world. And it's very obvious that this is only going to get worse. In the future, the majority of crime will be happening online.
Ovi ljudi zarađuju bogatstva na internetu, ali ih zarađuju kroz ilegalne tokove korišćenjem stvari poput bankarskih trojanaca kako bi krali novac sa bankovnih računa dok se mi bavimo internet bankarstvom, ili praćenjem unosa na tastaturi kako bi skupljali podatke o našim kreditnim karticama dok kupujemo preko interneta sa zaraženog kompjutera. Američka Tajna služba, pre dva meseca, zamrzla je švajcarski bankovni račun gospodina Sema Džejna ovde i taj račun je imao 14,9 miliona dolara kada je zamrznut. Sam gospodin Džejn je u bekstvu; niko ne zna gde je on. I tvrdim da je već danas verovatnije da će bilo ko od nas biti žrtva kriminala na internetu nego u stvarnom svetu. Veoma je očigledno da će se stvari samo pogoršavati. Većina zločina će u budućnosti biti na internetu.
The second major group of attackers that we are watching today are not motivated by money. They're motivated by something else -- motivated by protests, motivated by an opinion, motivated by the laughs. Groups like Anonymous have risen up over the last 12 months and have become a major player in the field of online attacks.
Druga velika grupa napadača koje posmatramo danas nije motivisana novcem. Motiviše ih nešto drugo - protesti, mišljenja, ismevanje. Grupe poput Anonimusa su porasle u poslednjih 12 meseci i postale veliki igrač na polju internet napada.
So those are the three main attackers: criminals who do it for the money, hacktivists like Anonymous doing it for the protest, but then the last group are nation states -- governments doing the attacks. And then we look at cases like what happened in DigiNotar. This is a prime example of what happens when governments attack against their own citizens. DigiNotar is a certificate authority from the Netherlands -- or actually, it was. It was running into bankruptcy last fall, because they were hacked into. Somebody broke in and they hacked it thoroughly. And I asked last week, in a meeting with Dutch government representatives, I asked one of the leaders of the team whether he found plausible that people died because of the DigiNotar hack. And his answer was: yes.
To su tri glavna napadača: kriminalci koji to rade zbog novca, haktivisti poput Anonimusa koji to rade iz protesta i poslednja grupa su države, vlade koje vrše napade. A onda vidimo slučajeve poput onog u DigiNotaru. Ovo je vrhunski primer toga šta se desi kada vlade napadnu svoje sopstvene građane. DigiNotar je autoritet za sertifikate iz Holandije - zapravo bio je. Prošlog leta su išli ka bankrotu jer ih je neko hakovao. Neko je upao i detaljno ih hakovao. Prošle nedelje sam pitao, na sastanku sa predstavnicima holandske vlade, pitao sam jednog od vođa tima da li misli da je verovatno da su ljudi umrli zbog hakovanja DigiNotara. Njegov odgovor je bio potvrdan.
So how do people die as the result of a hack like this? Well, DigiNotar is a CA. They sell certificates. What do you do with certificates? Well, you need a certificate if you have a website that has https, SSL encrypted services, services like Gmail. Now we all, or a big part of us, use Gmail or one of their competitors, but these services are especially popular in totalitarian states like Iran, where dissidents use foreign services like Gmail because they know they are more trustworthy than the local services and they are encrypted over SSL connections, so the local government can't snoop on their discussions. Except they can, if they hack into a foreign CA and issue rogue certificates. And this is exactly what happened with the case of DigiNotar.
Kako ljudi umiru kao posledica ovakvog hakovanja? DigiNotar je autoritet za sertifikate. Oni prodaju sertifikate. Šta se radi sa sertifikatima? Sertifikat vam je potreban ako imate sajt koji ima https, SSL šifrovane servise, servise poput Gmail-a. Svi mi ili velik deo nas, koristi Gmail ili neki od njegovih suparnika, ali ovi servisi su naročito popularni u totalitarnim državama poput Irana, gde disidenti koriste strane servise poput Gmail-a jer znaju da su pouzdaniji od lokalnih i da su šifrovani preko SSL mreža, tako da lokalna vlada ne može da prisluškuje njihove razgovore. Ali može, ako hakuje strani autoritet za sertifikate i izda lažne sertifikate. I upravo ovo se desilo sa slučajem DigiNotar.
What about Arab Spring and things that have been happening, for example, in Egypt? Well, in Egypt, the rioters looted the headquarters of the Egyptian secret police in April 2011, and when they were looting the building, they found lots of papers. Among those papers was this binder entitled, "FinFisher." And within that binder were notes from a company based in Germany, which had sold to the Egyptian government a set of tools for intercepting, at a very large scale, all the communication of the citizens of the country. They had sold this tool for 280,000 euros to the Egyptian government. The company headquarters are right here.
A šta sa Arapskim prolećem i stvarima koje su se dešavale, recimo u Egiptu? Pa u Egiptu, protestanti su opljačkali štab egipatske tajne policije u aprilu 2011. i kada su pljačkali zgradu našli su puno papira. Među ovim papirima bila je fascikla s imenom "FINFISHER." Unutar te fascikle bile su beleške kompanije stacionirane u Nemačkoj koja je egipatskoj vladi prodala komplet alata za presretanje - i to na veoma velikim razmerama - svih komunikacija građana te zemlje. Ovaj alat su prodali egipatskoj vladi za 280 hiljada evra. Kompanijino sedište je upravo ovde.
So Western governments are providing totalitarian governments with tools to do this against their own citizens. But Western governments are doing it to themselves as well. For example, in Germany, just a couple of weeks ago, the so-called "State Trojan" was found, which was a Trojan used by German government officials to investigate their own citizens. If you are a suspect in a criminal case, well, it's pretty obvious, your phone will be tapped. But today, it goes beyond that. They will tap your Internet connection. They will even use tools like State Trojan to infect your computer with a Trojan, which enables them to watch all your communication, to listen to your online discussions, to collect your passwords.
Tako da vlade Zapada daju totalitarnim vladama alate da ovo rade protiv svojih građana. Ali Zapadne vlade rade isto to i same sebi. Na primer, u Nemačkoj, samo pre par nedelja, otkriven je takozvani "Državni trojanac", koji je bio trojanac koji su koristili nemački zvaničnici da istražuju sopstvene građane. Ako ste osumnjičeni u krivičnom slučaju, poprilično je očigledno da će vam prisluškivati telefon. Ali stvari danas idu dalje od toga. Prisluškivaće vašu internet vezu. Čak će koristiti alate poput "Državnog trojanca" da trojancem zaraze vaš kompjuter, što im omogućuje da prate svu vašu komunikaciju, da prate vašu diskusiju na internetu, da skupljaju vaše šifre.
Now, when we think deeper about things like these, the obvious response from people should be, "OK, well, that sounds bad, but that doesn't really affect me, because I'm a legal citizen. Why should I worry? Because I have nothing to hide." And this is an argument which doesn't make sense. Privacy is implied. Privacy is not up for discussion. This is not a question between privacy against security. It's a question of freedom against control. And while we might trust our governments right now, right here in 2011, any rights we give away will be given away for good. And do we trust, do we blindly trust, any future government, a government we might have 50 years from now? And these are the questions that we have to worry about for the next 50 years.
Kada dublje razmislimo o ovakvim stvarima, očigledan odgovor ljudi trebalo bi da bude: "U redu, to zvuči loše, ali to me baš i ne pogađa jer sam legalan građanin. Zašto bih brinuo? Nemam ništa da krijem." Ovo je argument koji nema smisla. Privatnost se podrazumeva. O privatnosti se ne može diskutovati. Ovo nije pitanje privatnosti naspram bezbednosti. To je pitanje slobode naspram kontrole. Iako možda verujemo svojim vladama sada u 2011., svako pravo kojeg se odreknemo biće zauvek oduzeto. Da li verujemo, da li slepo verujemo bilo kojoj budućoj vladi, vladi koju ćemo možda imati za 50 godina? Ovo su pitanja o kojima moramo da brinemo sledećih 50 godina.