Now this is a very un-TED-like thing to do, but let's kick off the afternoon with a message from a mystery sponsor.
这是一件非常不像TED风格的事情 但是让我们用一条来自 神秘赞助商 的信息开始这个下午
Anonymous: Dear Fox News, it has come to our unfortunate attention that both the name and nature of Anonymous has been ravaged. We are everyone. We are no one. We are anonymous. We are legion. We do not forgive. We do not forget. We are but the base of chaos.
匿名:亲爱的福克斯新闻 很不幸得引起了我们的注意 所有匿名者的名称和性质 已经被破坏 我们无所不在 我们没有姓名,我们代表着大众 我们不会原谅 我们不会遗忘 我们只是混乱的根源
Misha Glenny: Anonymous, ladies and gentlemen -- a sophisticated group of politically motivated hackers who have emerged in 2011. And they're pretty scary. You never know when they're going to attack next, who or what the consequences will be. But interestingly, they have a sense of humor. These guys hacked into Fox News' Twitter account to announce President Obama's assassination. Now you can imagine the panic that would have generated in the newsroom at Fox. "What do we do now? Put on a black armband, or crack open the champagne?" (Laughter) And of course, who could escape the irony of a member of Rupert Murdoch's News Corp. being a victim of hacking for a change.
美莎·格伦尼:匿名者,女士们先生们-- 一个老练的 有政治动机的黑客团体 出现于2011年 他们非常可怕 你不会知道他们下次什么时候发动攻击 谁是受害者或后果是什么 可有趣的是 他们很有幽默感 他们盗取福克斯新闻的推特帐号 并宣布奥巴马总统被暗杀 你可以想象当时在福克斯新闻编辑室内 有多么的恐慌 “我们现在该怎么办? 是该臂缠黑纱,还是开香槟庆祝?” (笑声) 当然,谁又能逃避默多克新闻集团的一员 竟成为了黑客的受害者 这么具有讽刺意味的转变
(Laughter)
(笑声)
(Applause)
(掌声)
Sometimes you turn on the news and you say, "Is there anyone left to hack?" Sony Playstation Network -- done, the government of Turkey -- tick, Britain's Serious Organized Crime Agency -- a breeze, the CIA -- falling off a log. In fact, a friend of mine from the security industry told me the other day that there are two types of companies in the world: those that know they've been hacked, and those that don't. I mean three companies providing cybersecurity services to the FBI have been hacked. Is nothing sacred anymore, for heaven's sake?
有时你打开新闻节目 你会说“还有谁没被黑吗?” 索尼游戏平台网络--被侵入 土耳其政府--被侵入 英国严重有组织犯罪署--易如反掌 美国中央情报局--轻而易举被侵入 事实上,我的一位安保行业的朋友 不久前告诉我 世界上有两种公司: 已知被侵入的和还不知道已被侵入的 我知道有三家 为美国联邦调查局提供网络安全服务的公司 已经被侵入了 天啊,难道已经没有什么是不可侵入的了吗?
Anyway, this mysterious group Anonymous -- and they would say this themselves -- they are providing a service by demonstrating how useless companies are at protecting our data. But there is also a very serious aspect to Anonymous -- they are ideologically driven. They claim that they are battling a dastardly conspiracy. They say that governments are trying to take over the Internet and control it, and that they, Anonymous, are the authentic voice of resistance -- be it against Middle Eastern dictatorships, against global media corporations, or against intelligence agencies, or whoever it is. And their politics are not entirely unattractive. Okay, they're a little inchoate. There's a strong whiff of half-baked anarchism about them. But one thing is true: we are at the beginning of a mighty struggle for control of the Internet. The Web links everything, and very soon it will mediate most human activity. Because the Internet has fashioned a new and complicated environment for an old-age dilemma that pits the demands of security with the desire for freedom.
总之,这个神秘的匿名组织-- 他们自己这么称呼自己-- 他们提供一种服务 来证明企业在保护我们的数据上 是多么的没用 但对于匿名者还是有一个非常严重方面-- 他们是基于意识形态的 他们声称他们正在和卑鄙的 阴谋集团斗争 他们说政府正试图 接管网络并加以控制 同时他们,匿名者们 才是反抗的可信的声音-- 他们反对中东独裁者 反对全球媒体 或是反对情报机构 或是其他等等 他们的政治理念并不是完全没有吸引力 好,他们只是刚刚开始 他们大力鼓吹 还不成熟的无政府主义 但有一个事实 我们正处在控制网络 这场强势斗争的 初始阶段 网络连接着一切 且不久的将来 大多数人类活动都离不开网络 因为网络已经为旧时代的进退两难 塑造了一个全新的复杂环境 使得对安全的需求 添加了 对于自由的渴望
Now this is a very complicated struggle. And unfortunately, for mortals like you and me, we probably can't understand it very well. Nonetheless, in an unexpected attack of hubris a couple of years ago, I decided I would try and do that. And I sort of get it. These were the various things that I was looking at as I was trying to understand it. But in order to try and explain the whole thing, I would need another 18 minutes or so to do it, so you're just going to have to take it on trust from me on this occasion, and let me assure you that all of these issues are involved in cybersecurity and control of the Internet one way or the other, but in a configuration that even Stephen Hawking would probably have difficulty trying to get his head around. So there you are. And as you see, in the middle, there is our old friend, the hacker. The hacker is absolutely central to many of the political, social and economic issues affecting the Net. And so I thought to myself, "Well, these are the guys who I want to talk to." And what do you know, nobody else does talk to the hackers. They're completely anonymous, as it were.
如今这是个非常复杂的斗争 遗憾的是,对于像你我一样的凡人 也许不会对此了解很多 尽管如此 在数年前一次意外的 狂妄的攻击下 我决定试着去做些事情 我获得了些成果 这些是我之前试着去弄懂的 不同的事情 但为了解释清整件事情 我需要再一个18分钟 所以在这种情况下你要对我信任 我向大家保证所有的这些事情 都与网络安全和对网络的控制多多少少 有关系 但是 即使是史蒂夫·霍金都有困难 去转动他的头部 所有就在那 就像大家看到的,在中间 有一位我们的老朋友, 黑客 黑客在许多政治、 社会以及经济事件中 都处于绝对重要的位置 所以我心想 “好,他们就是我要聊聊的家伙” 你知道吗 没有其他人真正跟黑客交流过 他们完全是匿名的
So despite the fact that we are beginning to pour billions, hundreds of billions of dollars, into cybersecurity -- for the most extraordinary technical solutions -- no one wants to talk to these guys, the hackers, who are doing everything. Instead, we prefer these really dazzling technological solutions, which cost a huge amount of money. And so nothing is going into the hackers. Well, I say nothing, but actually there is one teeny weeny little research unit in Turin, Italy called the Hackers Profiling Project. And they are doing some fantastic research into the characteristics, into the abilities and the socialization of hackers. But because they're a U.N. operation, maybe that's why governments and corporations are not that interested in them. Because it's a U.N. operation, of course, it lacks funding. But I think they're doing very important work. Because where we have a surplus of technology in the cybersecurity industry, we have a definite lack of -- call me old-fashioned -- human intelligence.
尽管现实中 我们开始花费了数十亿 数千亿美元 在网络安全上-- 花费在那些最出色的技术解决方案上-- 却没有人希望和 那些从事各行各业 的黑客们聊聊 反之,他们更青睐于这些着实让人眼花缭乱 且成本巨大的解决方案上 从没人试着走近黑客的生活 我说的是没有人 但事实上,还是有一个非常小的研究机构 在意大利都灵 叫做黑客分析项目 他们从事着非常棒的研究 关于黑客特征 才能 和社会化方面 但因为他们是联合国运作的 所以政府和企业 对他们兴趣不大 因为联合国的项目 当然,就缺乏资金 但是我认为他们正做着非常重要的工作 因为在网络安全行业 其实是科技过剩的 我们实际缺乏的是-- 你可以说我是保守派-- 人类的智慧
Now, so far I've mentioned the hackers Anonymous who are a politically motivated hacking group. Of course, the criminal justice system treats them as common old garden criminals. But interestingly, Anonymous does not make use of its hacked information for financial gain. But what about the real cybercriminals? Well real organized crime on the Internet goes back about 10 years when a group of gifted Ukrainian hackers developed a website, which led to the industrialization of cybercrime. Welcome to the now forgotten realm of CarderPlanet. This is how they were advertising themselves a decade ago on the Net. Now CarderPlanet was very interesting. Cybercriminals would go there to buy and sell stolen credit card details, to exchange information about new malware that was out there. And remember, this is a time when we're seeing for the first time so-called off-the-shelf malware. This is ready for use, out-of-the-box stuff, which you can deploy even if you're not a terribly sophisticated hacker.
我到现在为止所提到的 匿名的黑客 都是政治导向型的黑客组织 当然,刑事司法系统 把它们视为犯罪分子 但有趣的是 匿名者从来不用他们所盗取的信息 进行营利 但是真正的网络罪犯又是怎样的呢? 真正的有组织网络犯罪要 追溯到10年前 当乌克兰一个天才黑客组织 开发了一个网站 形成了网络犯罪的 产业化 欢迎来到已经被遗忘的了CarderPlanet王国 10年前在网络上他们就是这样 宣传自己的 现在CarderPlanet变得非常有趣 网络罪犯们登录网站 去买卖盗来的信用卡信息 来换取新的 恶意软件的信息 记住,这是第一次 我们看到 所谓现成的恶意软件 这已经是成品了,即装即用 即使你不是一个 资深的黑客 你照样可以应用
And so CarderPlanet became a sort of supermarket for cybercriminals. And its creators were incredibly smart and entrepreneurial, because they were faced with one enormous challenge as cybercriminals. And that challenge is: How do you do business, how do you trust somebody on the Web who you want to do business with when you know that they're a criminal? (Laughter) It's axiomatic that they're dodgy, and they're going to want to try and rip you off. So the family, as the inner core of CarderPlanet was known, came up with this brilliant idea called the escrow system. They appointed an officer who would mediate between the vendor and the purchaser. The vendor, say, had stolen credit card details; the purchaser wanted to get a hold of them. The purchaser would send the administrative officer some dollars digitally, and the vendor would sell the stolen credit card details. And the officer would then verify if the stolen credit card worked. And if they did, he then passed on the money to the vendor and the stolen credit card details to the purchaser. And it was this which completely revolutionized cybercrime on the Web. And after that, it just went wild. We had a champagne decade for people who we know as Carders.
于是CarderPlanet成为了一个有点像网络罪犯超市 的地方 它的创造者 非常聪明且有企业家头脑 因为他们作为网络罪犯 面临着一个巨大的挑战 这个挑战是: 如何去经营 你怎么去信任 在网络上你想与之交易的人 当你明知他们就是罪犯的时候? (笑声) 不说也知道他们都很狡猾 而且试图诈骗你 CarderPlanet 的内部核心人员对此很清楚 于是想出了个很棒的点子 叫做托管系统 他们任命一位职员 负责在买卖双方进行协调 卖方说,有一个盗来的信用卡信息 买方如果希望买 需要把出价发给 管理员 同时卖方把盗来的信用卡信息发给管理员 管理员然后进行核实 看看信用卡信息是否有效 如果真实有效 他就会把钱转给卖方 同时把信用卡信息转给买方 这是 网络犯罪彻底的变革 从那之后,网络犯罪变的肆无忌惮 对于那些我们称之为Carders的人 拥有那黄金十年
Now I spoke to one of these Carders who we'll call RedBrigade -- although that wasn't even his proper nickname -- but I promised I wouldn't reveal who he was. And he explained to me how in 2003 and 2004 he would go on sprees in New York, taking out $10,000 from an ATM here, $30,000 from an ATM there, using cloned credit cards. He was making, on average a week, $150,000 -- tax free of course. And he said that he had so much money stashed in his upper-East side apartment at one point that he just didn't know what to do with it and actually fell into a depression. But that's a slightly different story, which I won't go into now. Now the interesting thing about RedBrigade is that he wasn't an advanced hacker. He sort of understood the technology, and he realized that security was very important if you were going to be a Carder, but he didn't spend his days and nights bent over a computer, eating pizza, drinking coke and that sort of thing. He was out there on the town having a fab time enjoying the high life.
现在我和他们之中一员交谈 我们叫他红军 -- 虽然那绰号不完全适合他-- 但是我许诺了不会说出他的身份 他还向我解释了他是如何在2003和2004年 在纽约狂欢的时候 用复制的假信用卡 从一台ATM机上取出1万美元 另一台上取出3万美元 他平均每周盗取 15万美元-- 当然是免税的 他还说 他有很多钱 藏匿在上东侧的公寓内 他都不知道用这些钱干什么 事实上还很沮丧 现在形势不同了 我不会去做了 现在关于红军有趣的是 他并不是一个高级的黑客 他略懂技术 同时意识到安全非常重要 如果你想成为Carder的一员 但是他不会日以继夜干着 在电脑前工作,吃着批萨 喝着可乐之类的事情 他在一个镇上 享受着高质量生活
And this is because hackers are only one element in a cybercriminal enterprise. And often they're the most vulnerable element of all. And I want to explain this to you by introducing you to six characters who I met while I was doing this research. Dimitry Golubov, aka SCRIPT -- born in Odessa, Ukraine in 1982. Now he developed his social and moral compass on the Black Sea port during the 1990s. This was a sink-or-swim environment where involvement in criminal or corrupt activities was entirely necessary if you wanted to survive. As an accomplished computer user, what Dimitry did was to transfer the gangster capitalism of his hometown onto the Worldwide Web. And he did a great job in it. You have to understand though that from his ninth birthday, the only environment he knew was gangsterism. He knew no other way of making a living and making money.
这是因为 黑客只是网络犯罪业 的一个环节 而且他们通常是所有环节中最脆弱的 这点我想通过向大家介绍6位 我做调查时遇到的人 来进行 解释 迪米特里·戈卢博夫,亦称“脚本”-- 1982年生于乌克兰奥德萨市 上世纪90年代,他在黑海港口的生活 塑造了他的人生观 那是一个生死完全靠自己的环境 那种环境中,犯罪、腐败行为 是生存的 必要条件 最为一名熟练的电脑使用者 迪米特里所做的是 把他家乡的强盗资本主义那一套 移植到了互联网上 他干的非常棒 你要知道 从他9岁生日开始 他所处的环境就只有 强盗 除此之外他根本不懂如何用其他方法 维持生计
Then we have Renukanth Subramaniam, aka JiLsi -- founder of DarkMarket, born in Colombo, Sri Lanka. As an eight year-old, he and his parents fled the Sri Lankan capital because Singhalese mobs were roaming the city, looking for Tamils like Renu to murder. At 11, he was interrogated by the Sri Lankan military, accused of being a terrorist, and his parents sent him on his own to Britain as a refugee seeking political asylum. At 13, with only little English and being bullied at school, he escaped into a world of computers where he showed great technical ability, but he was soon being seduced by people on the Internet. He was convicted of mortgage and credit card fraud, and he will be released from Wormwood Scrubs jail in London in 2012.
下一位是 瑞努坎斯·撒布莱姆尼安 亦称JiLsi -- 黑市创始人 生于斯里兰卡的科伦坡 在他八岁时 他随父母逃离了斯里兰卡首都 因为僧伽罗人在他们的城市里搜寻并杀害 像他全家这样的泰米尔族人 11岁的时候,他被斯里兰卡军方审讯 并控告其为恐怖分子 他的父母把他一个人送到了英国 作为难民寻求政治庇护 13岁时 仅会一点点英文的他在学校被欺负 于是他逃进了电脑的世界 这是个能展示他伟大才能的地方 但是他不久就被网上的人 怂恿 他因抵押贷狂和信用卡欺诈被定罪 他将于2012年从伦敦Wormwood Scrubs监狱 被释放
Matrix001, who was an administrator at DarkMarket. Born in Southern Germany to a stable and well-respected middle class family, his obsession with gaming as a teenager led him to hacking. And he was soon controlling huge servers around the world where he stored his games that he had cracked and pirated. His slide into criminality was incremental. And when he finally woke up to his situation and understood the implications, he was already in too deep.
马提克斯001 一位黑市管理员 生于德国南部 一个稳定而且受人尊重的中产家庭中 他青年时期沉迷于游戏 并因此 开始了黑客行为 不久就控制了世界上大量的服务器 并在这些服务器上储存 盗版来的破解版游戏 他逐步滑向了 犯罪的深渊 当他终于意识到自己所处的境地 清楚了自己的所作所为时 他早已深陷其中
Max Vision, aka ICEMAN -- mastermind of CardersMarket. Born in Meridian, Idaho. Max Vision was one of the best penetration testers working out of Santa Clara, California in the late 90s for private companies and voluntarily for the FBI. Now in the late 1990s, he discovered a vulnerability on all U.S. government networks, and he went in and patched it up -- because this included nuclear research facilities -- sparing the American government a huge security embarrassment. But also, because he was an inveterate hacker, he left a tiny digital wormhole through which he alone could crawl. But this was spotted by an eagle-eye investigator, and he was convicted. At his open prison, he came under the influence of financial fraudsters, and those financial fraudsters persuaded him to work for them on his release. And this man with a planetary-sized brain is now serving a 13-year sentence in California.
Max Vision,亦称 冰人-- cardersMarket的幕后操纵者 生于密烈地安,爱达荷州 他是最好的侵入测试人员之一 在90年代后期加利福尼亚州圣克拉拉 供职于私营企业,并以自由形式 服务于美国联邦调查局 在90年代后期 他开始为美国政府的 所有网络服务 他参与并为其进行补丁工作-- 因为这其中包括了原子研究设施-- 节约了美国政府 大笔安全维护费用 但同时,因为他毕竟是个黑客出身 他留了个微小数字漏洞 只有他自己了解 但是这些都被叫鹰眼的调查员发现 他因此被定罪 在开放式监狱中 他被金融犯所影响 同时那些金融犯 教唆他出狱后为其 工作 这位拥有天才头脑的家伙 正在在加利福尼亚服13年的 刑期
Adewale Taiwo, aka FreddyBB -- master bank account cracker from Abuja in Nigeria. He set up his prosaically entitled newsgroup, bankfrauds@yahoo.co.uk before arriving in Britain in 2005 to take a Masters in chemical engineering at Manchester University. He impressed in the private sector, developing chemical applications for the oil industry while simultaneously running a worldwide bank and credit card fraud operation that was worth millions until his arrest in 2008.
阿德瓦勒·泰沃, 亦称FeddyBB-- 著名银行账户黑客 生于尼日利亚阿布贾 他成立了自己的银行诈骗组织 bankfrauds@yahoo.co.uk 在2005年 进入 英国曼彻斯特大学学习 化学工程硕士之前 在私营企业中 他不仅在石油化学方面表现出色 同时运作着 一家全球性的银行账户和信用卡欺诈网络,资产高达百万 直至2008年被捕
And then finally, Cagatay Evyapan, aka Cha0 -- one of the most remarkable hackers ever, from Ankara in Turkey. He combined the tremendous skills of a geek with the suave social engineering skills of the master criminal. One of the smartest people I've ever met. He also had the most effective virtual private network security arrangement the police have ever encountered amongst global cybercriminals.
最后一位,卡格特·艾维亚潘 外号 Cha0-- 曾经最牛的黑客之一 生于土耳其安卡拉 他是有着天才头脑的科学怪人 同时又兼有高级罪犯所具有的 优雅的社会工程技巧 我所见过的最聪明的人之一 他拥有 警方所遇到过的全球网络罪犯中 最有效的 虚拟私人网络安全管理方案
Now the important thing about all of these people is they share certain characteristics despite the fact that they come from very different environments. They are all people who learned their hacking skills in their early to mid-teens. They are all people who demonstrate advanced ability in maths and the sciences. Remember that, when they developed those hacking skills, their moral compass had not yet developed. And most of them, with the exception of SCRIPT and Cha0, they did not demonstrate any real social skills in the outside world -- only on the Web.
最重要的是 关于所有这些人 他们都共有同一种特性 尽管他们来自完全不同的生活环境 但都是在十几岁的时候 学习的黑客技术 并且都 在数学和科学领域展现了 高超的才能 记住一点,当他们开始开发自己的黑客技术之时 都还没有成熟的价值观 他们中的大多数,除了SCRIPT 和 Cha0 都没有展示出 真正的社会技能-- 仅在网络中展现了
And the other thing is the high incidence of hackers like these who have characteristics which are consistent with Asperger's syndrome. Now I discussed this with Professor Simon Baron-Cohen who's the professor of developmental psychopathology at Cambridge. And he has done path-breaking work on autism and confirmed, also for the authorities here, that Gary McKinnon -- who is wanted by the United States for hacking into the Pentagon -- suffers from Asperger's and a secondary condition of depression. And Baron-Cohen explained that certain disabilities can manifest themselves in the hacking and computing world as tremendous skills, and that we should not be throwing in jail people who have such disabilities and skills because they have lost their way socially or been duped.
另一个问题是 黑客高发于 具有唐氏综合症 的人群中 我和西蒙·拜龙·库何教授 讨论过这个问题 他是剑桥大学发展心理学的教授 在自闭症方面作了开创性的研究 并且确认 加里·麦金农-- 被美国因侵入五角大楼 通缉的罪犯-- 患有唐氏综合症 和中度的 抑郁症 拜龙·库何解释到 某些缺陷 可以让他们在黑客和电脑世界中展现 惊人的技能 同时我们不应该把 拥有这些缺陷和技能的人关进监狱 因为他们已经失去了社交能力 且容易被骗
Now I think we're missing a trick here, because I don't think people like Max Vision should be in jail. And let me be blunt about this. In China, in Russia and in loads of other countries that are developing cyber-offensive capabilities, this is exactly what they are doing. They are recruiting hackers both before and after they become involved in criminal and industrial espionage activities -- are mobilizing them on behalf of the state. We need to engage and find ways of offering guidance to these young people, because they are a remarkable breed. And if we rely, as we do at the moment, solely on the criminal justice system and the threat of punitive sentences, we will be nurturing a monster we cannot tame.
我觉得这个问题上我们得不偿失 因为我不认为像Max Vision这样的人应该被抓进监狱 我说的直接一点 在中国,俄罗斯和许多国家 都在发展网络攻击能力 这就是他们在做的 他们雇用黑客 不论从事网络犯罪还是间谍活动的黑客 或是还未参与的-- 把他们组织起来 为国家工作 我们要雇用他们 同时找到一种方法 为这些年轻人提供指导 因为他们都是了不起的人 如果我们像现在这样仅仅依靠 刑事司法系统 和惩罚性的刑罚 将会培养出我们无法驯服的怪兽
Thank you very much for listening.
谢谢大家的倾听
(Applause)
(掌声)
Chris Anderson: So your idea worth spreading is hire hackers. How would someone get over that kind of fear that the hacker they hire might preserve that little teensy wormhole?
克里斯·安德森:你的想法很值得推广 即雇用黑客 可是如何让人消除这样的顾虑呢 所雇用的黑客 也许会带来微小的隐患
MG: I think to an extent, you have to understand that it's axiomatic among hackers that they do that. They're just relentless and obsessive about what they do. But all of the people who I've spoken to who have fallen foul of the law, they have all said, "Please, please give us a chance to work in the legitimate industry. We just never knew how to get there, what we were doing. We want to work with you."
MG:我认为在一定程度上 你应该了解 他们明白自己在做什么 只是对于所作的事情已经 无法自拔 但我所交流过触犯了法律底线 的所有黑客 他们都说“求求你,请给我们一次机会 为合法的领域工作 因为我们以前根本不知道如何用于正道,才做了那些 我们希望为你效力”
Chris Anderson: Okay, well that makes sense. Thanks a lot Misha.
克里斯·安德森:好,这就说的通了,非常感谢美莎
(Applause)
(掌声)