-
四年前,一名資安研究員,或依照大多數人的說法-一名駭客,找到一個使自動提款機向他吐錢的方法,他的名字叫Barnaby Jack,這個技巧後來被稱為「jackpotting」(中大獎)以向他致敬。
我今天來到這裡的原因是,我認為我們確實需要駭客。Barnaby Jack可輕易成為職業罪犯或詹姆斯.龐德型惡棍,藉由他的知識,但他選擇向世人展示他的研究成果。他認為有時必須模擬威脅,藉此激發解決方案,我抱持同樣的想法,這就是我今天來這裡的原因。
駭客擁有的力量經常令我們恐懼或著迷。他們令我們感到恐懼,但他們所作的選擇可產生影響所有人的驚人結果,因此我今天來到這裡原因在於,我認為我們需要駭客。事實上,他們也許是這個資訊時代的免疫系統。有時他們令我們不安,但他們也找出隱藏在這個世界裡的威脅,迫使我們修正這些問題。
我知道我可能會因為這場演講而遭受駭客攻擊,因此我替大家省點工夫,用真正的TED方式。這是最令我尷尬的照片,但你或許很難在照片中找到我,因為我是那個看起來像男生、站在旁邊的人。當時的我是個超級書呆子,甚至連《龍與地下城》遊戲裡的男孩也不願讓我加入隊伍。這就是昔日的我,但我想成為像這樣的人:安潔莉娜.裘莉。她在1995年的電影《網路駭客》中飾演Acid Burn,她既美麗又會溜冰,但駭客的身分使她擁有力量,我想像她那樣,因此我開始將很多時間花在駭客聊天室與網路論壇上。我記得某天深夜,我找到一段PHP程式碼。我不是很清楚它的作用,但我將它複製轉貼,就這樣進入了一個密碼保護的網站。就這麼簡單,芝麻開門。這是個簡單的把戲,我當時只是個「腳本小子」(不具真正駭客技巧的新手),但對我來說,那個把戲讓我感覺就像發現了存在於指尖的無限潛力,這就是駭客感受到的力量衝擊。像我這樣的宅女,發現他們有機會獲得某種超能力,僅藉由本身智慧蘊含的技巧和毅力,所幸不需要放射性蜘蛛。
展開英文
收合英文
-
以下為系統擷取之英文原文
Four years ago, a security researcher, or, as most people would call it, a hacker, found a way to literally make ATMs throw money at him. His name was Barnaby Jack, and this technique was later called "jackpotting" in his honor.
I'm here today because I think we actually need hackers. Barnaby Jack could have easily turned into a career criminal or James Bond villain with his knowledge, but he chose to show the world his research instead. He believed that sometimes you have to demo a threat to spark a solution. And I feel the same way. That's why I'm here today.
We are often terrified and fascinated by the power hackers now have. They scare us. But the choices they make have dramatic outcomes that influence us all. So I am here today because I think we need hackers, and in fact, they just might be the immune system for the information age. Sometimes they make us sick, but they also find those hidden threats in our world, and they make us fix it.
I knew that I might get hacked for giving this talk, so let me save you the effort. In true TED fashion, here is my most embarrassing picture. But it would be difficult for you to find me in it, because I'm the one who looks like a boy standing to the side. I was such a nerd back then that even the boys on the Dungeons and Dragons team wouldn't let me join. This is who I was, but this is who I wanted to be: Angelina Jolie. She portrayed Acid Burn in the '95 film "Hackers." She was pretty and she could rollerblade, but being a hacker, that made her powerful. And I wanted to be just like her, so I started spending a lot of time on hacker chat rooms and online forums. I remember one late night I found a bit of PHP code. I didn't really know what it did, but I copy-pasted it and used it anyway to get into a password-protected site like that. Open Sesame. It was a simple trick, and I was just a script kiddie back then, but to me, that trick, it felt like this, like I had discovered limitless potential at my fingertips. This is the rush of power that hackers feel. It's geeks just like me discovering they have access to superpower, one that requires the skill and tenacity of their intellect, but thankfully no radioactive spiders.
-
但隨著巨大力量而來的是重大責任。大家或許期待,如果我們擁有這種力量,我們只用在好的方面。但如果你能閱讀前任戀人的郵件,或替銀行存款添幾個零呢?你會怎麼做?事實上,許多駭客無法抗拒這些誘惑,因此以某種程度來說,他們得擔負一些責任,對於每年因詐騙、惡意軟體或身份盜用造成的數十億美元損失。這確實是嚴重的問題。但還有另一種駭客,他們只想入侵某些東西,正是這種駭客能找到我們世界中的脆弱環節,迫使我們進行修正。
這是去年發生的事。另一位名叫Kyle Lovett的資安研究員發現一個大漏洞,存在於某些無線路由器的設計中,就像你家或辦公室可能擁有的那種。他發現任何人都能藉由網路遠距連接這些設備,從連接這些路由器的硬碟中下載資料,不需要密碼。當然,他將這個發現舉報給有關公司,但他們漠視他的舉報,也許他們認為通用存取是一項特色,而非漏洞。直到兩個月前,一群駭客藉此入侵他人檔案,但他們並未竊取任何資料,他們留下一則訊息:你的路由器和文件可被世上任何人存取,這是你應該採用的修正方法,我們希望這有所幫助。藉由這種方式入侵他人檔案,是的,他們觸犯了法律,但他們也迫使那家公司修正他們的產品。
將漏洞公諸於眾在駭客社群中是一種稱為全面披露的做法,它具有爭議性,但它確實讓我思考駭客如何對我們每天使用的科技產生演化性影響,這就是Khalil產生的影響。Khalil是來自約旦河西岸的巴勒斯坦駭客,他在facebook上發現一個嚴重的隱私漏洞,他試著透過該公司的漏洞懸賞計劃進行舉報。通常公司都擁有完善的制度,對發現程式碼漏洞的駭客提供獎賞。不幸的是,因為一些溝通問題,他的舉報並未獲得認同。因為對溝通過程感到沮喪,他決定將自己的發現張貼在Mark Zuckerberg的訊息牆上,這引起了他們的注意。他們修正了那個漏洞,但因為他並未依照適當程序進行舉報,他並未獲得通常提供給這類發現的獎金。幸運的是,一群駭客十分關注Khalil的遭遇。事實上,他們募集了超過13,000美元獎勵他的發現。這在科技界引起重要討論,關於如何藉由獎勵使駭客做正確的事。但我認為其中蘊含更深刻的意義。即使駭客創辦的公司,例如facebook,當涉及駭客問題時,仍存在複雜的考量。因此對於更保守的公司將需要時間和適應力,以接受駭客文化及隨之而來的創造性混亂狀態。但我認為這些努力是值得的。因為相反地,盲目打擊所有駭客相當於抵抗你無法控制的力量,並付出扼殺創新及管制知識的代價,這將導致嚴重後果。
展開英文
收合英文
-
But with great power comes great responsibility, and you all like to think that if we had such powers, we would only use them for good. But what if you could read your ex's emails, or add a couple zeros to your bank account. What would you do then? Indeed, many hackers do not resist those temptations, and so they are responsible in one way or another to billions of dollars lost each year to fraud, malware or plain old identity theft, which is a serious issue. But there are other hackers, hackers who just like to break things, and it is precisely those hackers that can find the weaker elements in our world and make us fix it.
This is what happened last year when another security researcher called Kyle Lovett discovered a gaping hole in the design of certain wireless routers like you might have in your home or office. He learned that anyone could remotely connect to these devices over the Internet and download documents from hard drives attached to those routers, no password needed. He reported it to the company, of course, but they ignored his report. Perhaps they thought universal access was a feature, not a bug, until two months ago when a group of hackers used it to get into people's files. But they didn't steal anything. They left a note: Your router and your documents can be accessed by anyone in the world. Here's what you should do to fix it. We hope we helped. By getting into people's files like that, yeah, they broke the law, but they also forced that company to fix their product.
Making vulnerabilities known to the public is a practice called full disclosure in the hacker community, and it is controversial, but it does make me think of how hackers have an evolving effect on technologies we use every day. This is what Khalil did. Khalil is a Palestinian hacker from the West Bank, and he found a serious privacy flaw on Facebook which he attempted to report through the company's bug bounty program. These are usually great arrangements for companies to reward hackers disclosing vulnerabilities they find in their code. Unfortunately, due to some miscommunications, his report was not acknowledged. Frustrated with the exchange, he took to use his own discovery to post on Mark Zuckerberg's wall. This got their attention, all right, and they fixed the bug, but because he hadn't reported it properly, he was denied the bounty usually paid out for such discoveries. Thankfully for Khalil, a group of hackers were watching out for him. In fact, they raised more than 13,000 dollars to reward him for this discovery, raising a vital discussion in the technology industry about how we come up with incentives for hackers to do the right thing. But I think there's a greater story here still. Even companies founded by hackers, like Facebook was, still have a complicated relationship when it comes to hackers. And so for more conservative organizations, it is going to take time and adapting in order to embrace hacker culture and the creative chaos that it brings with it. But I think it's worth the effort, because the alternative, to blindly fight all hackers, is to go against the power you cannot control at the cost of stifling innovation and regulating knowledge. These are things that will come back and bite you.
-
更重要的是,如果我們打擊那些願意為了網路自由等理想、置個人自由於風險中的駭客,尤其是在當今這個時代,政府與公司為了掌控網路而戰。令我驚訝的是,某個來自網路空間陰暗角落的人能成為反對的聲音,甚至網路最後一道防線。也許某人,就像匿名者國際駭客行動領導組織。如今這個國際駭客組織已不需多做介紹,但六年前他們不過是網路上的次文化,致力於分享搞笑貓咪的無聊照片及網路惡搞活動。他們的轉型是在2008年初,當時山達基教會試圖從某些網站上移除遭洩露的影片,匿名者就此成立,由一群看似隨機聚集的網民組成。事實證明,網路不喜歡你試圖從上面刪除東西,它會以網路攻擊作為回應,以及精心設計的惡作劇和一系列有組織的抗議,在全球範圍內進行,從我的故鄉特拉維夫到澳洲阿德雷得。這證明了匿名者和這個想法能從鍵盤到街頭,將大眾團結起來,它為未來許多行動奠定了基礎,對抗網內及網外世界的不公正。從那時起,他們為了許多目標而努力。他們揭發貪污與暴力,他們對教宗及政客發動網路攻擊,我認為他們的影響遠大於使網路癱瘓的阻斷服務攻擊或洩露敏感資料。我認為,如同羅賓漢,他們所做的是重新分配,但他們的目標並非你的錢,並非你的資料,而是你的關注。他們將人們的目光聚焦於他們關注的議題,強迫我們注意,作用就像全球放大鏡,針對那些我們不曾注意、但也許應該注意的問題。他們有許多稱謂,從罪犯到恐怖分子,我無法為他們非法的方式辯護,但他們為之奮鬥的理念對所有人來說都相當重要。事實上,除了進行入侵,駭客能做的事還有很多,他們能使人們團結起來。
如果網路不喜歡你嘗試從上面刪除東西,只要試著關閉網路,看看會發生什麼事。2011年1月埃及就發生了這樣的事。總統胡斯尼.穆巴拉克採取一項不顧一切的行動,以制止開羅街頭日益茁壯的革命行動。他派出他的私人部隊前往埃及網路服務供應商,迫使他們在一夜之間切斷整個國家與世界的聯繫。對一個國家的政府來說這是史無前例的做法,對駭客來說,這是針對個人的挑釁。Telecomix group等駭客組織已著手行動,幫助埃及人越過審查,使用聰明的變通方法,例如摩斯電碼和業餘無線電。這成了低階電子技術盛行時期,政府無法阻止。但當網路全面癱瘓時,Telecomix使出殺手鐧。他們找到依然擁有20年前類比撥號接入設施的歐洲服務供應商,他們開通了300條這樣的線路供埃及人使用,提供埃及人速度緩慢但美好的網路連線。這個方法成功了。它運作情況相當良好,事實上甚至有人用它下載《追愛總動員》影集。但埃及的未來仍不確定時,僅僅一年後,敘利亞發生同樣情況。Telecomix已準備好這些網路連線,而匿名者或許是第一個正式譴責敘利亞軍隊行動的國際組織,藉由入侵他們的網站。
展開英文
收合英文
-
It is even more true if we go after hackers that are willing to risk their own freedom for ideals like the freedom of the web, especially in times like this, like today even, as governments and corporates fight to control the Internet. I find it astounding that someone from the shadowy corners of cyberspace can become its voice of opposition, its last line of defense even, perhaps someone like Anonymous, the leading brand of global hacktivism. This universal hacker movement needs no introduction today, but six years ago they were not much more than an Internet subculture dedicated to sharing silly pictures of funny cats and Internet trolling campaigns. Their moment of transformation was in early 2008 when the Church of Scientology attempted to remove certain leaked videos from appearing on certain websites. This is when Anonymous was forged out of the seemingly random collection of Internet dwellers. It turns out, the Internet doesn't like it when you try to remove things from it, and it will react with cyber attacks and elaborate pranks and with a series of organized protests all around the world, from my hometown of Tel Aviv to Adelaide, Australia. This proved that Anonymous and this idea can rally the masses from the keyboards to the streets, and it laid the foundations for dozens of future operations against perceived injustices to their online and offline world. Since then, they've gone after many targets. They've uncovered corruption, abuse. They've hacked popes and politicians, and I think their effect is larger than simple denial of service attacks that take down websites or even leak sensitive documents. I think that, like Robin Hood, they are in the business of redistribution, but what they are after isn't your money. It's not your documents. It's your attention. They grab the spotlight for causes they support, forcing us to take note, acting as a global magnifying glass for issues that we are not as aware of but perhaps we should be. They have been called many names from criminals to terrorists, and I cannot justify their illegal means, but the ideas they fight for are ones that matter to us all. The reality is, hackers can do a lot more than break things. They can bring people together.
And if the Internet doesn't like it when you try to remove things from it, just watch what happens when you try to shut the Internet down. This took place in Egypt in January 2011, and as President Hosni Mubarak attempted a desperate move to quash the rising revolution on the streets of Cairo, he sent his personal troops down to Egypt's Internet service providers and had them physically kill the switch on the country's connection to the world overnight. For a government to do a thing like that was unprecedented, and for hackers, it made it personal. Hackers like the Telecomix group were already active on the ground, helping Egyptians bypass censorship using clever workarounds like Morse code and ham radio. It was high season for low tech, which the government couldn't block, but when the Net went completely down, Telecomix brought in the big guns. They found European service providers that still had 20-year-old analog dial-up access infrastructure. They opened up 300 of those lines for Egyptians to use, serving slow but sweet Internet connection for Egyptians. This worked. It worked so well, in fact, one guy even used it to download an episode of "How I Met Your Mother." But while Egypt's future is still uncertain, when the same thing happened in Syria just one year later, Telecomix were prepared with those Internet lines, and Anonymous, they were perhaps the first international group to officially denounce the actions of the Syrian military by defacing their website.
-
但擁有這種力量完全取決於你的立場,因為一個人的英雄對另一個人來說或許是惡棍。敘利亞網軍是一群擁護阿薩德的駭客,他們支持他具有爭議性的政權。過去幾年中,他們拿下幾個引人注目的目標,包括美聯社的推特帳戶,在其上發佈訊息,說歐巴馬總統在針對白宮的攻擊中受傷。當然,這則訊息是捏造的,但導致當天道瓊指數下滑是無庸置疑的事實,很多人損失大量金錢。
目前這種情形正在全球範圍內發生,從克里米亞半島到拉丁美洲,從歐洲到美國。駭客是一股影響社會、政治及軍事的力量,無論是個人或組織,無論是自願者或軍事衝突的產物,駭客無所不在。他們來自各行各業,包括不同種族、意識形態和性別,他們正塑造世界舞臺。駭客代表推動21世紀改變的卓越力量,這是因為獲取資訊的能力已成為重要的權力貨幣,這是政府希望掌控的力量,試圖藉由設立無限制監控計畫達成的目標。順帶一提,這件事也需要藉由駭客完成,因此過程中存在與駭客愛恨交織的關係,因為將駭客妖魔化的同一群人也廣泛利用駭客。
兩年前我見到基斯.亞歷山大將軍,當時他是美國國家安全局局長及美國網路電戰部司令。當時他並未穿著四星上將制服,而是穿牛仔褲和T恤。那是在DEF CON會議上,全球最大的駭客會議。或許和我一樣,亞歷山大將軍那天在拉斯維加斯看到的並非12,000名罪犯,我認為他看見了尚未開發的潛力。事實上,他在那裡發佈了一則招聘啟事。「就在這個房間裡,」他說。「有我們國家需要的人才。」坐在後排的駭客回答,「那就停止逮捕我們。」(掌聲)
展開英文
收合英文
-
But with this sort of power, it really depends on where you stand, because one man's hero can be another's villain, and so the Syrian Electronic Army is a pro-Assad group of hackers who support his contentious regime. They've taken down multiple high-profile targets in the past few years, including the Associated Press's Twitter account, in which they posted a message about an attack on the White House injuring President Obama. This tweet was fake, of course, but the resulting drop in the Dow Jones index that day was most certainly not, and a lot of people lost a lot of money.
This sort of thing is happening all over the world right now. In conflicts from the Crimean Peninsula to Latin America, from Europe to the United States, hackers are a force for social, political and military influence. As individuals or in groups, volunteers or military conflicts, there are hackers everywhere. They come from all walks of life, ethnicities, ideologies and genders, I might add. They are now shaping the world's stage. Hackers represent an exceptional force for change in the 21st century. This is because access to information is a critical currency of power, one which governments would like to control, a thing they attempt to do by setting up all-you-can-eat surveillance programs, a thing they need hackers for, by the way. And so the establishment has long had a love-hate relationship when it comes to hackers, because the same people who demonize hacking also utilize it at large.
Two years ago, I saw General Keith Alexander. He's the NSA director and U.S. cyber commander, but instead of his four star general uniform, he was wearing jeans and a t-shirt. This was at DEF CON, the world's largest hacker conference. Perhaps like me, General Alexander didn't see 12,000 criminals that day in Vegas. I think he saw untapped potential. In fact, he was there to give a hiring pitch. "In this room right here," he said, "is the talent our nation needs." Well, hackers in the back row replied, "Then stop arresting us." (Applause)
-
確實,多年來駭客總是屬於錯誤的一方,但當我們瞭解事實後,誰較關注我們的網路世界?遊戲規則不再清晰,但駭客也許是唯一仍能挑戰濫權的政府及收集資料之公司的力量,在這些團體擅長的領域中反擊。對我來說,這代表希望。
過去30年駭客做過很多事,但他們也影響過公民自由創新和網路自由,因此我認為現在時機已到。我們應仔細考量該如何看待他們,因為如果我們一直將他們視為壞人,他們如何同時成為英雄?在駭客世界打滾的這些年,讓我意識到駭客的問題及美好之處:他們無法眼睜睜地看著世上的缺陷而置之不理。他們被迫探索或試著改變它,因此他們在這個瞬息萬變的世界中找出缺陷之處。他們使我們、強迫我們修正缺陷,或追尋更美好的事物。我認為我們需要他們這麼做,因為畢竟需要自由的並非資訊,而是我們。
十分感謝。(掌聲)
駭入地球!
展開英文
收合英文
-
Indeed, for years, hackers have been on the wrong side of the fence, but in light of what we know now, who is more watchful of our online world? The rules of the game are not that clear anymore, but hackers are perhaps the only ones still capable of challenging overreaching governments and data-hoarding corporates on their own playing field. To me, that represents hope.
For the past three decades, hackers have done a lot of things, but they have also impacted civil liberties, innovation and Internet freedom, so I think it's time we take a good look at how we choose to portray them, because if we keep expecting them to be the bad guys, how can they be the heroes too? My years in the hacker world have made me realize both the problem and the beauty about hackers: They just can't see something broken in the world and leave it be. They are compelled to either exploit it or try and change it, and so they find the vulnerable aspects in our rapidly changing world. They make us, they force us to fix things or demand something better, and I think we need them to do just that, because after all, it is not information that wants to be free, it's us.
Thank you very much.
Thank you. (Applause)
Hack the planet!