In the 1980s, in communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where the text was coming from. If they found a paper which had the wrong kind of thought, they could track down who created that thought. And we in the West couldn't understand how anybody would do this, how much this would restrict freedom of speech. We would never do that in our own countries.
20世纪80年代 在共产主义的东德, 如果你有一台打字机, 你就得去跟政府登记。 你必须登记 出自那台打字机的 一份文本的样本。 这样做后, 政府就能跟踪文本出自何方。 如果他们发现一张纸上 写着错误的观点, 他们就能跟踪 是谁产生这样的观点。 而在西方 我们不能理解有人怎么能做这种事, 这将会多么限制言论自由啊。 我们永远不会在我们自己的国家 里这样做。
But today, in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page, in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it. And this is an example of the ways our own governments are using technology against us, the citizens. And this is one of the main three sources of online problems today.
可是,2011年的今天, 如果你从任何一家大型的激光打印机厂商 买一台彩色激光打印机 打印出一页, 这页纸最后 会有一些小黄点 印在每一页上 图案让这页纸是独特 对你和你的打印机都是。 这就是今天 发生在我们身上的。 似乎没有人为此大惊小怪。 这是个 展示 我们的政府 使用科技 来对付我们这些公民们的例子。 这是今天网络问题的 三大来源之一。
If we look at what's really happening in the online world, we can group the attacks based on the attackers. We have three main groups. We have online criminals. Like here, we have Mr. Dmitry Golubov, from the city of Kiev in Ukraine. And the motives of online criminals are very easy to understand. These guys make money. They use online attacks to make lots of money -- and lots and lots of it. We actually have several cases of millionaires online, multimillionaires, who made money with their attacks. Here's Vladimir Tsastsin, from Tartu in Estonia. This is [Albert] Gonzalez. This is Stephen Watt. This is Bjorn Sundin. This is Matthew Anderson, Tariq Al-Daour and so on and so on.
如果我们看一下在线世界到底发生了什么, 我们根据攻击者来分组。 我们有三个主要的组。 我们有在线罪犯。 这里,我们有位德米特里 戈卢博夫(Dimitry Golubov)先生 来自乌克兰的基辅市。 在线罪犯的动机 非常容易理解。 这些家伙为了赚钱。 他们通过在线攻击 赚很多钱, 很多很多钱。 我们实际上有好几个案子 都是在线百万富翁,千万富翁, 都是通过在线攻击赚的。 这里还有来自爱沙尼亚的塔尔图的弗拉基米尔·莎斯森。 这位是阿尔弗雷德·冈萨雷斯(Alfred Gonzalez)。 这是斯蒂芬·瓦特 (Stephen Watt) 这是比昂·松丁(Bjorn Sundin) 这是马修·安德森( Matthew Anderson),塔利克·阿尔杜(Tariq Al-Daour) 等等等等。
These guys make their fortunes online, but they make it through the illegal means of using things like banking Trojans to steal money from our bank accounts while we do online banking, or with keyloggers to collect our credit card information while we are doing online shopping from an infected computer. The US Secret Service, two months ago, froze the Swiss bank account of Mr. Sam Jain right here, and that bank account had 14.9 million US dollars in it when it was frozen. Mr. Jain himself is on the loose; nobody knows where he is. And I claim it's already today that it's more likely for any of us to become the victim of a crime online than here in the real world. And it's very obvious that this is only going to get worse. In the future, the majority of crime will be happening online.
这些人 在线挣了很多钱, 但他们挣的钱是非法的 通过使用类似银行木马 从我们账户偷钱 当我们在网上进行银行业务, 或者使用键盘记录 来收集我们的信用卡信息 当我们通过被感染的电脑来在线购物的时候。 美国情报局, 两个月前, 冻结了萨姆 杰恩先生 在瑞士的银行账户, 那个账户冻结的时候 帐上有一千四百九十万美金。 杰恩先生本人仍逍遥法外; 没人知道他在哪。 今天我断言 我们当中的任何一位都有可能 成为在线犯罪的受害者 甚至超越现实世界。 而且很显然 这种情况越来越糟。 将来,大多数的犯罪 会发生在线上。
The second major group of attackers that we are watching today are not motivated by money. They're motivated by something else -- motivated by protests, motivated by an opinion, motivated by the laughs. Groups like Anonymous have risen up over the last 12 months and have become a major player in the field of online attacks.
第二类主要的攻击集团 我们今天观察的 不是出于金钱。 他们的动机源于别处 -- 出于抗议, 出于发表意见, 出于被嘲笑过。 这些匿名集团 在过去的12个月中很活跃 并且变成了在线攻击领域的 主要的参与者
So those are the three main attackers: criminals who do it for the money, hacktivists like Anonymous doing it for the protest, but then the last group are nation states -- governments doing the attacks. And then we look at cases like what happened in DigiNotar. This is a prime example of what happens when governments attack against their own citizens. DigiNotar is a certificate authority from the Netherlands -- or actually, it was. It was running into bankruptcy last fall, because they were hacked into. Somebody broke in and they hacked it thoroughly. And I asked last week, in a meeting with Dutch government representatives, I asked one of the leaders of the team whether he found plausible that people died because of the DigiNotar hack. And his answer was: yes.
这些就是三组主要的攻击者: 为了钱的罪犯, 匿名的攻击活跃者 为了抗议而作的, 而最后一组是民族国家, 政府在攻击。 我们看一下例子 就像DigiNotar公司发生的。 这是政府攻击的 典型例子 来反对自己的民众。 DigiNotar是荷兰的 一个权威证书 或者说它曾经是。 它去年秋天遭遇 破产 因为他们遭到入侵。 有人闯进去 彻底毁了它。 我上周 在与荷兰政府代表开会时问过, 我问一位领导 是否他发现有可能 有人会 因为Diginotar攻击而死亡。 他的回答是肯定的。
So how do people die as the result of a hack like this? Well, DigiNotar is a CA. They sell certificates. What do you do with certificates? Well, you need a certificate if you have a website that has https, SSL encrypted services, services like Gmail. Now we all, or a big part of us, use Gmail or one of their competitors, but these services are especially popular in totalitarian states like Iran, where dissidents use foreign services like Gmail because they know they are more trustworthy than the local services and they are encrypted over SSL connections, so the local government can't snoop on their discussions. Except they can, if they hack into a foreign CA and issue rogue certificates. And this is exactly what happened with the case of DigiNotar.
那么,究竟如何人们的死亡 归咎于这样一个攻击呢? DigiNotar是一个权威证书。 他们卖证书。 你用证书做什么? 你需要证书的情况会是 你有一个有https的网站, SSL加密服务, 类似Gmail的服务。 当今我们所有人或大部分人, 使用Gmail或它对手们中的任何一家, 这些服务在极权主义国家 尤其流行 比如伊朗, 持异议者 使用诸如Gmail的国外服务 因为他们知道这些比当地的服务更可靠 他们通过SSL的连接加密, 所以当地政府窥探不到 他们的讨论。 他们也能,如果他们攻击了一个国外权威证书, 出具伪劣证书。 这恰恰就是发生在 DigiNotar的案子中。
What about Arab Spring and things that have been happening, for example, in Egypt? Well, in Egypt, the rioters looted the headquarters of the Egyptian secret police in April 2011, and when they were looting the building, they found lots of papers. Among those papers was this binder entitled, "FinFisher." And within that binder were notes from a company based in Germany, which had sold to the Egyptian government a set of tools for intercepting, at a very large scale, all the communication of the citizens of the country. They had sold this tool for 280,000 euros to the Egyptian government. The company headquarters are right here.
阿拉伯跳是怎么回事? 比如说在埃及发生的那些事? 在埃及, 暴徒们洗劫了 埃及秘密警察的总部 那是2011年4月, 他们洗劫时找到很多文件。 在这些文件中, 有一个名叫FINFISHER的夹子。 夹子中有些笔记 是来自一家德国公司 这家公司卖给埃及政府 一套工具 用来截取-- 很大比例是 国家公众的所有通信。 他们把这套工具 以28万欧元卖给埃及政府。 公司的总部就在那里。
So Western governments are providing totalitarian governments with tools to do this against their own citizens. But Western governments are doing it to themselves as well. For example, in Germany, just a couple of weeks ago, the so-called "State Trojan" was found, which was a Trojan used by German government officials to investigate their own citizens. If you are a suspect in a criminal case, well, it's pretty obvious, your phone will be tapped. But today, it goes beyond that. They will tap your Internet connection. They will even use tools like State Trojan to infect your computer with a Trojan, which enables them to watch all your communication, to listen to your online discussions, to collect your passwords.
所以,西方政府 给极权政府提供工具 来反对他们自己的民众。 但西方政府也同样对他们自己这样做。 比如,在德国, 就是几周前 发现一个叫Scuinst Trojan 的 木马病毒 被德国政府官方用来 调查他们自己的民众。 如果你是一宗刑事案件的嫌疑, 很显然,你的电话会被监听。 可是今天,事情已经超越了。 他们会监视你的网络连接。 他们会用类似Scuinst Trojan的工具 用一个木马来感染你的电脑, 这样就让他们 监视你所有的通信, 监听你的在线讨论, 收集你的密码。
Now, when we think deeper about things like these, the obvious response from people should be, "OK, well, that sounds bad, but that doesn't really affect me, because I'm a legal citizen. Why should I worry? Because I have nothing to hide." And this is an argument which doesn't make sense. Privacy is implied. Privacy is not up for discussion. This is not a question between privacy against security. It's a question of freedom against control. And while we might trust our governments right now, right here in 2011, any rights we give away will be given away for good. And do we trust, do we blindly trust, any future government, a government we might have 50 years from now? And these are the questions that we have to worry about for the next 50 years.
当我们更深的想一下 这些事情, 人们的反应显然应是 “对啊,听起来很糟糕, 但因为我是合法公民,也不会真正影响我啦。 为什么我要担忧呢? 我没有什么可隐藏的。” 这就是争论所在, 没什么道理。 隐私是不言而喻。 隐私用不着讨论。 这不是个 隐私 反对安全的问题。 而是一个 自由反对管制的问题。 我们2011年的当下 会信任我们的政府, 我们放弃的任何权力会永远失去。 我们会不会信任未来的政府, 盲目地信任, 一个50年后的 政府呢? 这些就是我们要为下一个50年 而担忧的问题。