Now this is a very un-TED-like thing to do, but let's kick off the afternoon with a message from a mystery sponsor.
這實在很不TED 但是讓我們用這個 神秘贊助者的簡訊 來開始下午的節目。
Anonymous: Dear Fox News, it has come to our unfortunate attention that both the name and nature of Anonymous has been ravaged. We are everyone. We are no one. We are anonymous. We are legion. We do not forgive. We do not forget. We are but the base of chaos.
匿名者:親愛的福斯新聞 很不幸地我們注意到了 “匿名者”名聲和本體 已遭到破壞 我們既不存在也無所不在 我們是傳奇但也默默無名 我們不原諒 我們也不會忘記 我們是一切混亂的根源
Misha Glenny: Anonymous, ladies and gentlemen -- a sophisticated group of politically motivated hackers who have emerged in 2011. And they're pretty scary. You never know when they're going to attack next, who or what the consequences will be. But interestingly, they have a sense of humor. These guys hacked into Fox News' Twitter account to announce President Obama's assassination. Now you can imagine the panic that would have generated in the newsroom at Fox. "What do we do now? Put on a black armband, or crack open the champagne?" (Laughter) And of course, who could escape the irony of a member of Rupert Murdoch's News Corp. being a victim of hacking for a change.
Misha Glenny:在座的各位,匿名者 是一個因政治理念而成立的 很複雜的團體 于2011年浮現抬面 他們很可怕 你永遠不知道他們下一個攻擊目標是什麽 誰或什麽又會遭殃 但是很有趣的是 他們很有幽默感 他們侵入了福斯新聞的推特帳號 借此發表了歐巴馬遇刺的消息 你現在可以想像當時在福斯新聞室裏 造成的一片驚慌 “我們現在該怎麽辦? 該帶黑臂帶致哀還是開香檳慶祝?” (笑聲) 當然了 誰會放過 輪到媒體大亨梅鐸新聞集團旗下的公司被駭 這個天大的諷刺呢
(Laughter)
(笑聲)
(Applause)
(掌聲)
Sometimes you turn on the news and you say, "Is there anyone left to hack?" Sony Playstation Network -- done, the government of Turkey -- tick, Britain's Serious Organized Crime Agency -- a breeze, the CIA -- falling off a log. In fact, a friend of mine from the security industry told me the other day that there are two types of companies in the world: those that know they've been hacked, and those that don't. I mean three companies providing cybersecurity services to the FBI have been hacked. Is nothing sacred anymore, for heaven's sake?
有時你打開新聞 你會問“還有沒被駭的嗎?” 索尼PS的網路- 被駭 土耳其政府網站 - 被駭 英國重犯罪局 - 輕而易舉 中央情報局 - 輕而易舉 事實上一個在資訊安全業界的朋友 幾天前告訴我說 這世上只有兩種公司 已被駭和還沒被駭 連三家提供美國中情局 網路安全服務的公司 都全部被駭過了 那還有什麽是無可侵犯的?
Anyway, this mysterious group Anonymous -- and they would say this themselves -- they are providing a service by demonstrating how useless companies are at protecting our data. But there is also a very serious aspect to Anonymous -- they are ideologically driven. They claim that they are battling a dastardly conspiracy. They say that governments are trying to take over the Internet and control it, and that they, Anonymous, are the authentic voice of resistance -- be it against Middle Eastern dictatorships, against global media corporations, or against intelligence agencies, or whoever it is. And their politics are not entirely unattractive. Okay, they're a little inchoate. There's a strong whiff of half-baked anarchism about them. But one thing is true: we are at the beginning of a mighty struggle for control of the Internet. The Web links everything, and very soon it will mediate most human activity. Because the Internet has fashioned a new and complicated environment for an old-age dilemma that pits the demands of security with the desire for freedom.
總之,這個叫匿名者的組織 他們自己說 他們是幫大家驗證 這些保護資料的公司 是多麽的沒用 但這組織背後有更嚴肅的一面 他們是有意識形態的 他們說他們是在對抗 欺善怕惡的陰謀 他們說各國政府 要試著取下網際網路的控制權 而他們,匿名者 是與其對抗的正宗力量 無論是中東的獨裁政權 或是對抗媒體巨人 或是對抗情報組織 等等之類的 他們的政治理論倒也不乏吸引力 好吧 他們是有一些不成熟 感覺起來像有些 類似無政府主義的味道在裏面 但是有件事是確定的 我們正站在 爭奪網際網路控制權的 巨大戰爭的起點 網路連接一切 並且速度很快 網路將會居間斡旋人類大部分的活動 因爲網路給一存在已久的兩難困境 帶來更新更複雜的背景條件 這個進退兩難的困境就是 我們對安全的需求 和同時對自由的渴望
Now this is a very complicated struggle. And unfortunately, for mortals like you and me, we probably can't understand it very well. Nonetheless, in an unexpected attack of hubris a couple of years ago, I decided I would try and do that. And I sort of get it. These were the various things that I was looking at as I was trying to understand it. But in order to try and explain the whole thing, I would need another 18 minutes or so to do it, so you're just going to have to take it on trust from me on this occasion, and let me assure you that all of these issues are involved in cybersecurity and control of the Internet one way or the other, but in a configuration that even Stephen Hawking would probably have difficulty trying to get his head around. So there you are. And as you see, in the middle, there is our old friend, the hacker. The hacker is absolutely central to many of the political, social and economic issues affecting the Net. And so I thought to myself, "Well, these are the guys who I want to talk to." And what do you know, nobody else does talk to the hackers. They're completely anonymous, as it were.
現在這變成了一個很複雜的抗爭 很不幸地像你我這樣的凡人 我們大概很難去了解 然而 在幾年前 一陣自傲的驅使下 我決定要來試著了解這個問題 我後來大概也懂了 在試著了解這個問題的過程 我研究的是這些事 但是爲了將整個問題全盤解釋 我將會需要再多18分鐘 所以今天你只好相信我在這裡所講的 我可以跟你保證 所有提到的問題 都和網路犯罪和網路安全 有相當的關係 其範圍之大 連史蒂芬霍金教授 都恐怕有困難來全盤了解 那麽我們就開始吧 在這張圖的中間 這是我們的老朋友,駭客 在網路上的很多問題 舉凡 政治社會經濟議題 駭客都是問題的中心 所以我就想 那麽這些就是我想跟他們談談的人 大家都知道 沒有其他的人跟駭客交談 他們完全是無名的 跟過去一樣
So despite the fact that we are beginning to pour billions, hundreds of billions of dollars, into cybersecurity -- for the most extraordinary technical solutions -- no one wants to talk to these guys, the hackers, who are doing everything. Instead, we prefer these really dazzling technological solutions, which cost a huge amount of money. And so nothing is going into the hackers. Well, I say nothing, but actually there is one teeny weeny little research unit in Turin, Italy called the Hackers Profiling Project. And they are doing some fantastic research into the characteristics, into the abilities and the socialization of hackers. But because they're a U.N. operation, maybe that's why governments and corporations are not that interested in them. Because it's a U.N. operation, of course, it lacks funding. But I think they're doing very important work. Because where we have a surplus of technology in the cybersecurity industry, we have a definite lack of -- call me old-fashioned -- human intelligence.
所以 雖然 我們開始將十億 幾千億美元的金額 投入到網路安全上 使用最先進的科技 但是仍然沒有人 想跟這些始作俑者 跟這些駭客談一談 我們寧願將大筆大筆的錢 花在眩目的科技上 也不花半毛錢在駭客身上 嗯 雖然我說沒半毛錢 事實上倒還是有一個很小的研究機構 在意大利的杜林 叫做駭客檔案計劃 他們在做一些很棒的研究 在研究駭客的特性 能力 和社會性 或許因爲他們是聯合國的機構 所以政府和企業 對他們都不感興趣 也正因爲他們是聯合國的機構 也就理所當然地欠缺經費 但是我覺得他們的研究是很重要的 因爲在網路安全的領域裏我們在科技的發展上 有著很多的領先 那麽我們一定 - 你可以說我是老古板 - 在人類智慧的發展上尚有不足
Now, so far I've mentioned the hackers Anonymous who are a politically motivated hacking group. Of course, the criminal justice system treats them as common old garden criminals. But interestingly, Anonymous does not make use of its hacked information for financial gain. But what about the real cybercriminals? Well real organized crime on the Internet goes back about 10 years when a group of gifted Ukrainian hackers developed a website, which led to the industrialization of cybercrime. Welcome to the now forgotten realm of CarderPlanet. This is how they were advertising themselves a decade ago on the Net. Now CarderPlanet was very interesting. Cybercriminals would go there to buy and sell stolen credit card details, to exchange information about new malware that was out there. And remember, this is a time when we're seeing for the first time so-called off-the-shelf malware. This is ready for use, out-of-the-box stuff, which you can deploy even if you're not a terribly sophisticated hacker.
到此我已經提到了 匿名者 這個有政治訴求的駭客團體 當然犯罪司法系統 把他們當一般的犯人來看 有趣的是 匿名者並沒有利用他們駭來的資訊 在商業上牟利 那麽真正的網路犯罪也是這樣嗎? 真正的有組織的網路犯罪 起源于10年前 由一群烏克蘭的駭客 設計了一個網站 而繼而導致了網路犯罪的 普遍化 歡迎來到現已被遺忘的CarderPlanet(卡友星球) 這是十年前在網路上 他們為自己打廣告的方式 卡友星球在當時很有趣 網路罪犯會去那個網站 買賣偷來的信用卡資料 還有在那裏交換 有關malware(惡意程式)的資訊 我們要記得 這是我們第一次看到 所謂現成的惡意程式 這是馬上可以使用的現成產品 即使你不是厲害的駭客 你也可以輕易使用這些程式
And so CarderPlanet became a sort of supermarket for cybercriminals. And its creators were incredibly smart and entrepreneurial, because they were faced with one enormous challenge as cybercriminals. And that challenge is: How do you do business, how do you trust somebody on the Web who you want to do business with when you know that they're a criminal? (Laughter) It's axiomatic that they're dodgy, and they're going to want to try and rip you off. So the family, as the inner core of CarderPlanet was known, came up with this brilliant idea called the escrow system. They appointed an officer who would mediate between the vendor and the purchaser. The vendor, say, had stolen credit card details; the purchaser wanted to get a hold of them. The purchaser would send the administrative officer some dollars digitally, and the vendor would sell the stolen credit card details. And the officer would then verify if the stolen credit card worked. And if they did, he then passed on the money to the vendor and the stolen credit card details to the purchaser. And it was this which completely revolutionized cybercrime on the Web. And after that, it just went wild. We had a champagne decade for people who we know as Carders.
所以卡友星球變成了 網路罪犯的超級市場 而網站的設計者 是一群很聰明的創業家 因爲他們面對的是 網路犯罪的一個巨大的挑戰 這個挑戰就是 你如何在網路上做生意 你如何能信賴客戶 當你知道你的客戶 全部都是罪犯? (笑聲) 欺騙對他們來説是正常的 他們會想盡辦法來把你騙得精光 所以卡友星球的核心成員 想出了這麽一個天才的主意 叫做抵押系統 他們指定一個中介管理者 來協調買方和賣方 譬如說賣方有一筆偷來的信用卡的資料 而買方想來買 買方會先用電子錢包 送一些美元給這個中介管理者 賣方也將信用卡資料賣給這個管理者 中介管理者則去確認 信用卡資料是不是真的有效 如果是真的 他就把錢送給賣方 並把信用卡資料轉送給買方 就這樣 徹底地給網路犯罪帶來全面的革新 在這以後更是一發不可收拾 對卡友星球的成員來説 接下來的十年是天天開香檳
Now I spoke to one of these Carders who we'll call RedBrigade -- although that wasn't even his proper nickname -- but I promised I wouldn't reveal who he was. And he explained to me how in 2003 and 2004 he would go on sprees in New York, taking out $10,000 from an ATM here, $30,000 from an ATM there, using cloned credit cards. He was making, on average a week, $150,000 -- tax free of course. And he said that he had so much money stashed in his upper-East side apartment at one point that he just didn't know what to do with it and actually fell into a depression. But that's a slightly different story, which I won't go into now. Now the interesting thing about RedBrigade is that he wasn't an advanced hacker. He sort of understood the technology, and he realized that security was very important if you were going to be a Carder, but he didn't spend his days and nights bent over a computer, eating pizza, drinking coke and that sort of thing. He was out there on the town having a fab time enjoying the high life.
現在是我跟一個卡友星球的成員談話 我們叫他RedBrigade(紅兵團) 這並不是他真正的綽號 但是我答應為他保密 他跟我解釋了在2003和2004年之間 他如何在紐約狂歡 從這個提款機提一萬美元 再到下個提款機提三萬美元 靠的只是一張僞造的信用卡 他每個禮拜平均 賺15萬美元 當然還不用繳稅 他還說有一次 實在是有太多錢 堆在他在上東區的公寓裏 他實在不知道該怎麽辦 還因此引發了他的憂鬱症 這算是題外話 我就不詳談這一部分了 有趣的是 紅兵團並不是高階的駭客 技術方面他大概了解 他也知道如果想成爲卡友星球的一分子 網路安全的技術是很重要的 但他並沒有日日夜夜 坐在電腦前 吃比薩喝可樂和掛網 他倒是常跑趴 找樂子享受人生
And this is because hackers are only one element in a cybercriminal enterprise. And often they're the most vulnerable element of all. And I want to explain this to you by introducing you to six characters who I met while I was doing this research. Dimitry Golubov, aka SCRIPT -- born in Odessa, Ukraine in 1982. Now he developed his social and moral compass on the Black Sea port during the 1990s. This was a sink-or-swim environment where involvement in criminal or corrupt activities was entirely necessary if you wanted to survive. As an accomplished computer user, what Dimitry did was to transfer the gangster capitalism of his hometown onto the Worldwide Web. And he did a great job in it. You have to understand though that from his ninth birthday, the only environment he knew was gangsterism. He knew no other way of making a living and making money.
這是因爲 駭客只是整個網路犯罪 裏面的一環罷了 而且通常他們是最脆弱的一環 我想藉由介紹以下六個人 來跟大家説明這點 這六個人 是我在做這研究時所認識的 Dimitry Golubov 又叫SCRIPT 1982年在烏克蘭的奧蒂塞出生 在1990年代他在這黑海港都的生活 養成了他人生的社會和道德觀 那是一個人吃人狗咬狗的社會 參與犯罪和貪腐活動 是完全必要的 那是你生存的必要條件 作爲一個嫺熟的電腦使用者 Dimitry做的 不過是將他家鄉黑道資本主義的那一套 搬到網路上 他還做得很成功 我們必須了解一件事 從他九歲生日起 他唯一認識的環境 就是黑道社會 他並不知道其他維生 或賺錢的方法
Then we have Renukanth Subramaniam, aka JiLsi -- founder of DarkMarket, born in Colombo, Sri Lanka. As an eight year-old, he and his parents fled the Sri Lankan capital because Singhalese mobs were roaming the city, looking for Tamils like Renu to murder. At 11, he was interrogated by the Sri Lankan military, accused of being a terrorist, and his parents sent him on his own to Britain as a refugee seeking political asylum. At 13, with only little English and being bullied at school, he escaped into a world of computers where he showed great technical ability, but he was soon being seduced by people on the Internet. He was convicted of mortgage and credit card fraud, and he will be released from Wormwood Scrubs jail in London in 2012.
接下來是Renukanth Subramaniam 又叫JiLsi DarkMarket(黑暗市場)的創始人 在斯里蘭卡的科倫坡出生 在他八歲的時候 他和他的爸媽逃離了斯里蘭卡的首都 因爲斯里蘭卡的黑幫在首都肆虐 他們在追殺長得像塔米爾人的Renu 11歲的時候,他被斯里蘭卡軍方偵訊 被控為恐怖分子 他的父母把他一個人送到英國 尋求政治庇護 13歲的時候 他只會說一點英語 在學校又被欺負 他躲入了電腦的世界 在那兒他展露了他的技巧和能力 但很快地他被網路上 其他人所誘拐 他因貸款和信用詐欺被判刑 他要在倫敦的Wormwood Scrubs監獄 待到2012年
Matrix001, who was an administrator at DarkMarket. Born in Southern Germany to a stable and well-respected middle class family, his obsession with gaming as a teenager led him to hacking. And he was soon controlling huge servers around the world where he stored his games that he had cracked and pirated. His slide into criminality was incremental. And when he finally woke up to his situation and understood the implications, he was already in too deep.
Matrix001 以前是黑暗市場的管理員 生於德國南部 一個備受尊敬的中產階級家庭 在青少年時期沉迷于缐上游戯 後來導致他開始當駭客 很快地他就控制了世界上很多大型的伺服器 這些他破解或駭來的伺服器 被他用來儲存他的遊戲軟體 他是慢慢地 一步一步地踏入犯罪 最後當他覺醒 明白了他的處境和可能的下場 他已經陷入太深
Max Vision, aka ICEMAN -- mastermind of CardersMarket. Born in Meridian, Idaho. Max Vision was one of the best penetration testers working out of Santa Clara, California in the late 90s for private companies and voluntarily for the FBI. Now in the late 1990s, he discovered a vulnerability on all U.S. government networks, and he went in and patched it up -- because this included nuclear research facilities -- sparing the American government a huge security embarrassment. But also, because he was an inveterate hacker, he left a tiny digital wormhole through which he alone could crawl. But this was spotted by an eagle-eye investigator, and he was convicted. At his open prison, he came under the influence of financial fraudsters, and those financial fraudsters persuaded him to work for them on his release. And this man with a planetary-sized brain is now serving a 13-year sentence in California.
Max Vision 又叫 ICEMAN 是卡友市場的靈魂人物 在美國愛達荷州的Meridian出生 Max Vision是最佳的滲透測試者之一 他1990年代末期在加州的聖塔巴巴拉 替私人公司工作 也志願幫FBI(聯邦調查局)工作 在1990年代末期 他發現了所有美國政府 網路安全上的一個漏洞 他把這個漏洞補了起來 因爲這也牽連到核能研究單位 這替美國政府 避免了一次難堪的局面 但也因爲他的駭客習性根深蒂固 他給補丁留下了一道 只有自己才能進入的後門 這最後被眼尖的調查員發現了 他也被判刑 在他的開放監禁期間 他認識了其他財務詐欺犯 這些人說服了他 要他在服刑期滿後 為他們工作 結果這個十分聰明的人 又被判了13年 現在在加州服刑
Adewale Taiwo, aka FreddyBB -- master bank account cracker from Abuja in Nigeria. He set up his prosaically entitled newsgroup, bankfrauds@yahoo.co.uk before arriving in Britain in 2005 to take a Masters in chemical engineering at Manchester University. He impressed in the private sector, developing chemical applications for the oil industry while simultaneously running a worldwide bank and credit card fraud operation that was worth millions until his arrest in 2008.
Adewale Taiwo 又叫 FeddyBB 銀行賬戶破解專家 住在奈及利亞的阿佈賈 他成立了這個名字平凡無奇的新聞組 bankfrauds@yahoo.co.uk 在他來到英國之前 在2005年 他當時要來曼徹斯特大學 研讀化學工程的碩士課程 他給私人企業留下了深刻的印象 藉著他一面為石油業寫程式 一面私底下進行全球規模 價值數百萬的銀行和信用卡詐欺活動 一直到2008年被捕
And then finally, Cagatay Evyapan, aka Cha0 -- one of the most remarkable hackers ever, from Ankara in Turkey. He combined the tremendous skills of a geek with the suave social engineering skills of the master criminal. One of the smartest people I've ever met. He also had the most effective virtual private network security arrangement the police have ever encountered amongst global cybercriminals.
最後還有一個,Cagatay Evyapan 又叫 Cha0 是有史以來最傑出的駭客之一 他是土耳其安卡拉人 他將高超的電腦技術 和職業罪犯成熟的社交技巧 結合在一起 他是我見過最聰明的人之一 他同時也擁有 在全球的網路犯罪中 警察從未見過 最有效率的私人虛擬網路
Now the important thing about all of these people is they share certain characteristics despite the fact that they come from very different environments. They are all people who learned their hacking skills in their early to mid-teens. They are all people who demonstrate advanced ability in maths and the sciences. Remember that, when they developed those hacking skills, their moral compass had not yet developed. And most of them, with the exception of SCRIPT and Cha0, they did not demonstrate any real social skills in the outside world -- only on the Web.
現在重要的是 這些駭客 雖然來自不同國家不同背景 他們卻有一些共同性 他們都是在十幾歲的時候 學會了駭客的技巧 他們也都 在數理科上 顯示了超人一等的能力 我們要知道,在他們發展駭客的技巧時 他們的道德感尚未健全 除了SCRIPT和Cha0以外 以上大部分的人無法顯示有 任何在真實世界的社會技巧 他們的只活在網路上
And the other thing is the high incidence of hackers like these who have characteristics which are consistent with Asperger's syndrome. Now I discussed this with Professor Simon Baron-Cohen who's the professor of developmental psychopathology at Cambridge. And he has done path-breaking work on autism and confirmed, also for the authorities here, that Gary McKinnon -- who is wanted by the United States for hacking into the Pentagon -- suffers from Asperger's and a secondary condition of depression. And Baron-Cohen explained that certain disabilities can manifest themselves in the hacking and computing world as tremendous skills, and that we should not be throwing in jail people who have such disabilities and skills because they have lost their way socially or been duped.
另外還有一件事值得一談 有很高的比例顯示 這樣的駭客表現了 亞斯伯格症候群的症狀 我曾就此一問題 請教過 Simon Baron-Cohen 教授 他是劍橋大學心理發展學的教授 他在研究自閉症上有突破性的發展 Cohen 教授向官方證實了 Gary McKinnon 他因爲駭入美國國防部的電腦 而遭到美國通緝 他也患有亞斯伯格症候群 還有第二級的 憂鬱症 根據Baron教授的解釋 有一些人格缺陷 表現在電腦網路和駭客的世界裏 就變成驚人的特殊技巧 所以我們不應該 將這些人格缺陷和特殊技巧丟入監獄裏 因爲他們只是在社會上一時迷失 或是被欺騙利用
Now I think we're missing a trick here, because I don't think people like Max Vision should be in jail. And let me be blunt about this. In China, in Russia and in loads of other countries that are developing cyber-offensive capabilities, this is exactly what they are doing. They are recruiting hackers both before and after they become involved in criminal and industrial espionage activities -- are mobilizing them on behalf of the state. We need to engage and find ways of offering guidance to these young people, because they are a remarkable breed. And if we rely, as we do at the moment, solely on the criminal justice system and the threat of punitive sentences, we will be nurturing a monster we cannot tame.
我想我們忽略了一個重點 因爲我認爲Max Vision這些人不應該被關 讓我開門見山地說 在中國、俄國和許多國家 他們都在發展網路攻擊的能力 他們正在做的是 他們在招募駭客 不管在駭客從事犯罪 或是工業間諜的之前或之後 他們在用政府的名義 在動員他們 我們必須全力投入 並找出方法 來引導這些年輕人 因爲他們是難得的英才 如果我們還像現在一樣 只是靠司法犯罪系統 和形責罪罰等的威嚇 我們最終將培養出我們無法馴服的怪獸
Thank you very much for listening.
謝謝你們的聆聽
(Applause)
(掌聲)
Chris Anderson: So your idea worth spreading is hire hackers. How would someone get over that kind of fear that the hacker they hire might preserve that little teensy wormhole?
Chris Anderson :所以你值得傳播的主意 是去雇用駭客 但是我們該如何消除心中的疑慮恐懼 去相信所僱用的駭客 不會駭到我們自己的系統呢?
MG: I think to an extent, you have to understand that it's axiomatic among hackers that they do that. They're just relentless and obsessive about what they do. But all of the people who I've spoken to who have fallen foul of the law, they have all said, "Please, please give us a chance to work in the legitimate industry. We just never knew how to get there, what we were doing. We want to work with you."
MG:我想 某種程度上 你必須了解 一旦變成了駭客 他們就會一直駭下去 他們對當駭客這件事 是充滿執著又不會放棄的 但所有跟我談過 觸犯法律的人 他們都說 “請再給我們一次機會 讓我們能再合法地工作 我們以前不知道我們在做什麽 或是如何合法地工作 我們想跟你工作"
Chris Anderson: Okay, well that makes sense. Thanks a lot Misha.
Chris Anderson :好吧 這麽說也是有道理 謝謝你 米夏
(Applause)
(掌聲)