In the 1980s, in communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where the text was coming from. If they found a paper which had the wrong kind of thought, they could track down who created that thought. And we in the West couldn't understand how anybody would do this, how much this would restrict freedom of speech. We would never do that in our own countries.
1980年代 在共產主義的東德 如果你擁有一部打字機 你得去跟政府登記 你必須登記 出自這台打字機的 範例文件 這麼做以後 政府就能追蹤文件的來源 如果他們發現了 寫著錯誤觀點的文件 他們就可以追蹤到 是誰創造了這觀點 在西方世界中 我們不能理解怎麼有人能這麼做 這將會多麼限制言論自由啊 在我們國家 我們絕不這麼做
But today, in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page, in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it. And this is an example of the ways our own governments are using technology against us, the citizens. And this is one of the main three sources of online problems today.
但來到現今2011年 如果你從任何一家大型雷射印表機製造商 買一部彩色雷射印表機 然後印出一張紙 這張紙最後 會有一些小黃點 印在每一頁上 圖案使這張紙是獨特的 對你和你的印表機都是 這就是現在 發生在我們身上的 似乎沒有人為此大驚小怪 這裡 展示了 我們的政府 使用科技 來對付我們這些公民們的例子 這是今天網路問題的 三大來源之一
If we look at what's really happening in the online world, we can group the attacks based on the attackers. We have three main groups. We have online criminals. Like here, we have Mr. Dmitry Golubov, from the city of Kiev in Ukraine. And the motives of online criminals are very easy to understand. These guys make money. They use online attacks to make lots of money -- and lots and lots of it. We actually have several cases of millionaires online, multimillionaires, who made money with their attacks. Here's Vladimir Tsastsin, from Tartu in Estonia. This is [Albert] Gonzalez. This is Stephen Watt. This is Bjorn Sundin. This is Matthew Anderson, Tariq Al-Daour and so on and so on.
如果我們看一下網路世界到底發生了什麼 我們根據攻擊者來分組 我們有三個主要的組 我們有網路罪犯 就像這位,Dimitry Golubov先生 來自烏克蘭的基輔市 網路罪犯的犯罪動機 很容易了解 這些傢伙為了賺錢 他們利用線上攻擊 來拿取很多的錢 很多很多錢 實際上我們有好幾個案子 都是線上百萬富翁 千萬富翁 都是利用線上攻擊來賺錢的 這是來自愛沙尼亞 塔爾圖市的Vladimir Tsastsin 還有這是Alfred Gonzalez Stephen Watt Bjorn Sundin. Matthew Anderson 及 Tariq Al-Daour 等等等等
These guys make their fortunes online, but they make it through the illegal means of using things like banking Trojans to steal money from our bank accounts while we do online banking, or with keyloggers to collect our credit card information while we are doing online shopping from an infected computer. The US Secret Service, two months ago, froze the Swiss bank account of Mr. Sam Jain right here, and that bank account had 14.9 million US dollars in it when it was frozen. Mr. Jain himself is on the loose; nobody knows where he is. And I claim it's already today that it's more likely for any of us to become the victim of a crime online than here in the real world. And it's very obvious that this is only going to get worse. In the future, the majority of crime will be happening online.
這些人 在線上賺取他們的財富 卻是透過違法的手段 像是使用銀行木馬 在我們使用線上銀行服務時 竊取我們銀行中的錢 或者 我們使用一台中毒的電腦在線上購物時 他們使用鍵盤記錄器 來收集我們信用卡的資訊 美國特勤局 在2個月前 凍結了Sam Jain先生 在瑞士銀行的帳戶 這個帳戶裡有著 一千四百九十萬 美元 當它被凍結後 Sam Jain也消失無蹤 沒人知道他在哪裡 今日我斷言 任何一個在場的人 都很可能成為線上犯罪的受害者 甚至超越了現實生活 而且很明顯的 這將會變的更糟 在未來 主要的犯罪行為 都會發生在網路上
The second major group of attackers that we are watching today are not motivated by money. They're motivated by something else -- motivated by protests, motivated by an opinion, motivated by the laughs. Groups like Anonymous have risen up over the last 12 months and have become a major player in the field of online attacks.
第二組我們關切的 主要犯罪集團 它們的動機不在於錢 他們的動機源自別處 出於抗議 出於表達意見 出於被嘲笑 過去12個月中 這類集團活躍了起來 像是匿名客組識(Anonymous) 並且變成線上攻擊領域的 主要參與者
So those are the three main attackers: criminals who do it for the money, hacktivists like Anonymous doing it for the protest, but then the last group are nation states -- governments doing the attacks. And then we look at cases like what happened in DigiNotar. This is a prime example of what happens when governments attack against their own citizens. DigiNotar is a certificate authority from the Netherlands -- or actually, it was. It was running into bankruptcy last fall, because they were hacked into. Somebody broke in and they hacked it thoroughly. And I asked last week, in a meeting with Dutch government representatives, I asked one of the leaders of the team whether he found plausible that people died because of the DigiNotar hack. And his answer was: yes.
這些就是三組主要的攻擊者 為了錢的罪犯 還有為了抗議 像是匿名客組織(Anonymous)的駭客們 但第三組來源是民族國家們 政府正進行這樣的攻擊 我們看一下例子 像是 DigiNotar 公司所發生的 這是一個典型例子 當政府攻擊他們的公民 的一個犯罪案例 DigiNotar 是一個荷蘭的 憑證發行機構 或者說 它曾經是 它在去年秋天時 破產了 因為它們遭到入侵 有人闖進去 徹底的毀了它 我上周 在與荷蘭政府代表開會時問過 我問一位領導 他有否發現有可能 有人會 因為DigiNotar 攻擊而死亡 他的回答是肯定的
So how do people die as the result of a hack like this? Well, DigiNotar is a CA. They sell certificates. What do you do with certificates? Well, you need a certificate if you have a website that has https, SSL encrypted services, services like Gmail. Now we all, or a big part of us, use Gmail or one of their competitors, but these services are especially popular in totalitarian states like Iran, where dissidents use foreign services like Gmail because they know they are more trustworthy than the local services and they are encrypted over SSL connections, so the local government can't snoop on their discussions. Except they can, if they hack into a foreign CA and issue rogue certificates. And this is exactly what happened with the case of DigiNotar.
那麼 究竟為什麼人們的死亡 會源自於這樣的一個攻擊呢 DigiNotar是個憑證發行機構 他們販售憑證 你會用憑證來做什麼 嗯 當你經營一個有https的網站 你會需要一個憑證 會以SSL加密的服務 像是Gmail 現在 我們所有人 或是大部份 使用Gmail 或是他對手們的其中一家 但這樣的服務 在極權主義國家更為盛行 像是伊朗 異議人士 會使用像Gmail 這樣的國外服務 因為他們知道 這些服務比起國內服務更可以信任 而且這些服務是由SSL加密連線 所以當地政府沒辦法竊聽 他們的討論 除非政府可以駭入國外的憑證發行機構 然後發行出假憑證 而這就是在 DigiNotar 案子中 所發生的
What about Arab Spring and things that have been happening, for example, in Egypt? Well, in Egypt, the rioters looted the headquarters of the Egyptian secret police in April 2011, and when they were looting the building, they found lots of papers. Among those papers was this binder entitled, "FinFisher." And within that binder were notes from a company based in Germany, which had sold to the Egyptian government a set of tools for intercepting, at a very large scale, all the communication of the citizens of the country. They had sold this tool for 280,000 euros to the Egyptian government. The company headquarters are right here.
來談談阿拉伯之春 例如埃及所發生的事 在埃及 暴民洗劫了 埃及秘密警察的總部 在2011年4月 當他們洗劫時發現很多文件 在這些文件中 有一個名叫FINFISHER的夾子 這個夾子裡有些記錄 一間德國的公司 賣給了埃及政府 一套可以用來竊聽 的工具 有很大的比例 國家公眾的所有通信 他們把這套工具 以28萬歐元賣給了埃及政府 這間公司的總部就在這
So Western governments are providing totalitarian governments with tools to do this against their own citizens. But Western governments are doing it to themselves as well. For example, in Germany, just a couple of weeks ago, the so-called "State Trojan" was found, which was a Trojan used by German government officials to investigate their own citizens. If you are a suspect in a criminal case, well, it's pretty obvious, your phone will be tapped. But today, it goes beyond that. They will tap your Internet connection. They will even use tools like State Trojan to infect your computer with a Trojan, which enables them to watch all your communication, to listen to your online discussions, to collect your passwords.
所以 西方政府 提供工具給極權政府 來竊聽他們的人民 但西方政府對他們自己的人民也這麼做 例如說 在德國 幾個星期前 有個叫 State Trojan 的木馬被找到 這是個被德國政府官方 用來調查他們公民 的一支木馬 如果你是個犯罪案件的嫌疑犯 很明顯的 你的電話會被監聽 但在今日 不只是如此 他們還會監聽你的網路連線 他們甚至使用使用像是 State Trojan 的工具 使你的電腦感染木馬 這使他們能夠 監看你所有的通訊 查看你線上的發言 並收集你的密碼
Now, when we think deeper about things like these, the obvious response from people should be, "OK, well, that sounds bad, but that doesn't really affect me, because I'm a legal citizen. Why should I worry? Because I have nothing to hide." And this is an argument which doesn't make sense. Privacy is implied. Privacy is not up for discussion. This is not a question between privacy against security. It's a question of freedom against control. And while we might trust our governments right now, right here in 2011, any rights we give away will be given away for good. And do we trust, do we blindly trust, any future government, a government we might have 50 years from now? And these are the questions that we have to worry about for the next 50 years.
當我們對這樣的事情 做更深的思考 人們的反應顯然會是 "嗯,這聽起來不好" "但我是個合法的公民,這並不影響我" "我何必擔心呢" "因為我沒什麼可隱藏的" 但這是個不合理 的論點 隱私是不言而喻 隱私用不著討論 這不是個 隱私對抗安全 的問題 這是個 自由對抗控制 的問題 我們在2011年的當下 我們信任我們的政府 任何我們放棄的權利 會永久的失去 而我們能不能信任 盲目的信任 未來的政府 譬如說50年後 的政府呢? 這就是接下來的五十年中, 我們要擔憂的問題