-
我愛網路,這是事實,想想它帶給我們的一切,想想我們使用的所有服務、所有連結、所有娛樂、所有業務、所有交易。這是發生在我們有生之年的事,我敢肯定,幾百年後,有一天人類會將其寫入歷史;這一次,我們這一代將被記錄為前進網路的一代,建立某種真正全球性產物的一代。但不可否認的事實是,網路本身存在著一些問題,非常嚴重的問題,即安全與隱私問題。我將職業生涯貢獻於與這些問題抗爭。
讓我給你們看一些東西。這是Brain,這是一片軟碟。一片被Brain A病毒感染的五又四分之一吋軟碟。這是我們發現的第一種感染PC的病毒,而我們確實知道Brain來自哪裡。我們會知道,是因為它的代碼中有寫,我們來看看。好的,這是被感染軟碟的開機磁區,如果我們仔細看看裡面,我們看到,就在這裡,它寫著,「歡迎來到地牢」,然後寫著1986,Basit和Amjad。Basit和Amjad是人名,巴基斯坦人名,事實上,這裡還有一個巴基斯坦的電話號碼和地址。
(笑聲)
當時是1986年,現在是2011年,這是25年前的事,PC病毒的問題至今已有25年歷史了。因此,半年前,我決定親自去巴基斯坦。我們來看看,這是幾張我在巴基斯坦拍攝的照片,這是拉合爾市,大約在賓拉登被捕的Abbottabad以南300公里的地方,這是這城市典型的街景,這是通往這棟建築物的街道,地址是Allama Iqbal鎮730 Nizam街區,然後我敲了門。(笑聲)你們想猜猜看開門的是誰嗎?Basit和Amjad,他們仍住在那裡。(笑聲)(掌聲)站著的是Basit,坐著的是他兄弟Amjad,這就是寫出第一個PC病毒的傢伙們。當然,我們進行了一場非常有趣的討論,我問他們為什麼這麼做,我問他們對自己起頭的這件事有什麼感覺,而我得到某種滿足感,因為得知這些年來,Basit和Amjad的電腦被完全不同的其他病毒感染了幾十次;所以,畢竟世界上還是有某種形式的正義。
展開英文
收合英文
-
以下為系統擷取之英文原文
I love the Internet. It's true. Think about everything it has brought us. Think about all the services we use, all the connectivity, all the entertainment, all the business, all the commerce. And it's happening during our lifetimes. I'm pretty sure that one day we'll be writing history books hundreds of years from now. This time our generation will be remembered as the generation that got online, the generation that built something really and truly global. But yes, it's also true that the Internet has problems, very serious problems, problems with security and problems with privacy. I've spent my career fighting these problems.
So let me show you something. This here is Brain. This is a floppy disk -- five and a quarter-inch floppy disk infected by Brain.A. It's the first virus we ever found for PC computers. And we actually know where Brain came from. We know because it says so inside the code. Let's take a look. All right. That's the boot sector of an infected floppy. And if we take a closer look inside, we'll see that right there, it says, "Welcome to the dungeon." And then it continues, saying, 1986, Basit and Amjad. And Basit and Amjad are first names, Pakistani first names. In fact, there's a phone number and an address in Pakistan.
(Laughter)
Now, 1986. Now it's 2011. That's 25 years ago. The PC virus problem is 25 years old now. So half a year ago, I decided to go to Pakistan myself. So let's see, here's a couple of photos I took while I was in Pakistan. This is from the city of Lahore, which is around 300 km south from Abbottabad where Bin Laden was caught. Here's a typical street view. And here's the street or road leading to this building, which is 730 Nizam block at Allama Iqbal Town. And I knocked on the door. (Laughter) You want to guess who opened the door? Basit and Amjad; they are still there. (Laughter) (Applause) So here standing up is Basit. Sitting down is his brother Amjad. These are the guys who wrote the first PC virus. Now of course, we had a very interesting discussion. I asked them why. I asked them how they feel about what they started. And I got some sort of satisfaction from learning that both Basit and Amjad had had their computers infected dozens of times by completely unrelated other viruses over these years. So there is some sort of justice in the world after all.
-
現在,我們在80和90年代常見的病毒顯然不再是個問題,所以我展示幾個例子,讓你們看看以往的病毒看起來是什麼模樣。我在這裡執行的是一個系統,讓我能在當今電腦裡執行年代久遠的程式。讓我安裝一些驅動程式,看那邊,這是一個舊時病毒的列表,讓我在我的電腦裡執行一些病毒。
例如,我們先執行蜈蚣病毒(Centipede),你們可以在螢幕上方看到,當你的電腦被這個病毒感染時,會有一條蜈蚣滑過。你知道電腦被感染了,因為它事實上已經顯示在螢幕上。這是另一個叫做Crash的病毒,1992年在俄羅斯發明的。讓我展示一個事實上會發出聲音的病毒,(鳴笛聲)最後一個例子,猜猜看Walker病毒會做什麼。是的,當電腦被感染時,有個傢伙會走過你的螢幕。因此,以往很容易就知道電腦被病毒感染,當時病毒是由業餘愛好者和青少年所寫。
如今,病毒不再是由業餘愛好者和青少年所寫,如今,病毒是個全球性問題。圖片背景是我們在實驗室所執行的一個系統的例子,我們在那裡追蹤全球的病毒感染,因此,我們事實上可以即時看到才剛被阻擋住的,來自瑞典、台灣、俄羅斯和其他地方的病毒。事實上,如果我透過網路連回我們的實驗室系統,就可以即時瞭解到每天發現了多少病毒、多少新的惡意軟體。這是我們在一個叫做Server.exe的檔案中所發現的最新病毒,是我們是三秒前發現的,在這裡-前一個病毒是六秒前發現的。如果我們捲動頁面,可知病毒數量相當龐大,我們發現幾萬、甚至幾十萬個病毒,這是最近20分鐘內發現的惡意軟體,每天都是如此。
展開英文
收合英文
-
Now, the viruses that we used to see in the 1980s and 1990s obviously are not a problem any more. So let me just show you a couple of examples of what they used to look like. What I'm running here is a system that enables me to run age-old programs on a modern computer. So let me just mount some drives. Go over there. What we have here is a list of old viruses. So let me just run some viruses on my computer.
For example, let's go with the Centipede virus first. And you can see at the top of the screen, there's a centipede scrolling across your computer when you get infected by this one. You know that you're infected, because it actually shows up. Here's another one. This is the virus called Crash invented in Russia in 1992. Let me show you one which actually makes some sound. (Siren noise) And the last example, guess what the Walker virus does. Yes, there's a guy walking across your screen once you get infected. So it used to be fairly easy to know that you're infected by a virus, when the viruses were written by hobbyists and teenagers.
Today, they are no longer being written by hobbyists and teenagers. Today, viruses are a global problem. What we have here in the background is an example of our systems that we run in our labs, where we track virus infections worldwide. So we can actually see in real time that we've just blocked viruses in Sweden and Taiwan and Russia and elsewhere. In fact, if I just connect back to our lab systems through the Web, we can see in real time just some kind of idea of how many viruses, how many new examples of malware we find every single day. Here's the latest virus we've found in a file called Server.exe. And we found it right over here three seconds ago -- the previous one, six seconds ago. And if we just scroll around, it's just massive. We find tens of thousands, even hundreds of thousands. And that's the last 20 minutes of malware every single day.
-
那麼,這所有的病毒來自哪裡?現今是有組織的犯罪集團編寫這些病毒,因為他們靠病毒賺錢,其集結的方式就像-讓我們到GangstaBucks.com網站看看。這是在莫斯科經營的網站,這些傢伙購買感染病毒的電腦,因此,如果你是一個寫病毒的人,而你有能力感染視窗作業系統的電腦,但不知道該怎麼處理它們,你可以出售這些感染病毒的電腦-別人的電腦-給這些傢伙,他們事實上會付錢向你買這些電腦。那麼,這些傢伙如何靠這些感染病毒的電腦賺錢?有許多種不同方法,例如銀行木馬程式,當你使用網路銀行時,它會從你的網路銀行賬戶竊取你的錢;或鍵盤記錄程式,鍵盤記錄程式默默地潛伏在你的電腦中,隱藏在看不到的地方,記錄所有你鍵入的東西,所以,當你坐在電腦前用Google搜尋時,你鍵入的每一筆Google搜尋資料都被存起來並發送到這些罪犯手中;你寫的每一封電子郵件都被存起來並發送到這些罪犯手中;你所鍵入的每一個密碼也是一樣,以此類推。
但事實上,他們大部分尋找的是當你上網時所建立的連線,以及在任何網路商店所做的網路購物。因為當你在網路商店購物時,你會輸入姓名、送貨地址、信用卡號碼和信用卡安全碼。下面這個例子是我們幾星期前在一個伺服器上所發現的檔案,這是信用卡號碼,這是到期日,這是安全碼,這是信用卡持有者名字。一旦你獲得其他人的信用卡資訊,就可以利用這個資訊上網購買任何你想要的東西,這顯然是個問題。我們現在有整個圍繞網路犯罪建立的地下市場和商業生態系統。
這是這些傢伙如何能靠他們經營的集團賺錢的例子。我們來看看國際刑警組織的網頁,並搜尋一下通緝犯。我們找到像Bjorn Sundin這個傢伙,他最初來自瑞典,他的犯罪夥伴也列在國際刑警組織的通緝網頁上;Shaileshkumar Jain先生是一位美國公民,這些人運作並經營一間叫I.M.U的公司,他們藉由這個網路犯罪集團淨賺了數百萬美元。他們兩人現在都在跑路,沒人知道他們在哪裡。美國官員就在幾星期前凍結了一個屬於Mr. Jain的瑞士銀行帳戶,那個銀行帳戶裡有1490萬美元。
因此,網路犯罪獲取的金錢總數相當龐大,這意味著網路罪犯確實有能力投資於他們的攻擊行動。我們知道,網路罪犯正在招募程式設計師,雇用測試人員,測試他們寫的代碼,並擁有SQL資料庫的後端系統。他們負擔得起監視我們如何工作-像是資訊安全人員如何工作,試圖在我們所能建立的任何安全防範措施中找出破解方法。他們還利用網際網路的全球化性質作為他們的優勢,我的意思是,網際網路是國際性的,這就是為什麼我們叫它網際網路。
展開英文
收合英文
-
So where are all these coming from then? Well today, it's the organized criminal gangs writing these viruses because they make money with their viruses. It's gangs like -- let's go to GangstaBucks.com. This is a website operating in Moscow where these guys are buying infected computers. So if you are a virus writer and you're capable of infecting Windows computers, but you don't know what to do with them, you can sell those infected computers -- somebody else's computers -- to these guys. And they'll actually pay you money for those computers. So how do these guys then monetize those infected computers? Well there's multiple different ways, such as banking trojans, which will steal money from your online banking accounts when you do online banking, or keyloggers. Keyloggers silently sit on your computer, hidden from view, and they record everything you type. So you're sitting on your computer and you're doing Google searches. Every single Google search you type is saved and sent to the criminals. Every single email you write is saved and sent to the criminals. Same thing with every single password and so on.
But the thing that they're actually looking for most are sessions where you go online and do online purchases in any online store. Because when you do purchases in online stores, you will be typing in your name, the delivery address, your credit card number and the credit card security codes. And here's an example of a file we found from a server a couple of weeks ago. That's the credit card number, that's the expiration date, that's the security code, and that's the name of the owner of the card. Once you gain access to other people's credit card information, you can just go online and buy whatever you want with this information. And that, obviously, is a problem. We now have a whole underground marketplace and business ecosystem built around online crime.
One example of how these guys actually are capable of monetizing their operations. We go and have a look at the pages of INTERPOL and search for wanted persons. We find guys like Bjorn Sundin, originally from Sweden, and his partner in crime, also listed on the INTERPOL wanted pages, Mr. Shaileshkumar Jain, a U.S. citizen. These guys were running an operation called I.M.U., a cybercrime operation through which they netted millions. They are both right now on the run. Nobody knows where they are. U.S. officials, just a couple of weeks ago, froze a Swiss bank account belonging to Mr. Jain, and that bank account had 14.9 million U.S. dollars on it.
So the amount of money online crime generates is significant. And that means that the online criminals can actually afford to invest into their attacks. We know that online criminals are hiring programmers, hiring testing people, testing their code, having back-end systems with SQL databases. And they can afford to watch how we work -- like how security people work -- and try to work their way around any security precautions we can build. They also use the global nature of Internet to their advantage. I mean, the Internet is international. That's why we call it the Internet.
-
如果你們想看看在網路世界發生了什麼事,這是一部由Clarified Networks製作的影片,說明了一個惡意軟體家族如何能在全世界四處遷移,這種操作方式被認為源於愛沙尼亞。一旦網站被關閉,就從一個國家遷移到另一個國家,所以你根本無法制止這些傢伙。他們從一個國家遷移到另一個,從一個司法管轄區遷移到另一個,在全世界四處遷移,利用我們沒有能力讓警方像這樣在全球範圍內行動這個事實。因此,網際網路就像是有人給了全世界所有網路犯罪者一張免費機票,之前無法將犯罪觸手伸到我們身上的罪犯,現在能做到了。
那麼,要如何著手尋找網路罪犯?要如何追蹤他們?我給你們舉個例子。這是一個探測檔案,在這裡,我現在看的是一個映像檔的十六進位轉儲,其中包含一個漏洞,這基本上意味著,如果你試圖在你的視窗作業系統電腦上觀看這個映像檔,它事實上會接管你的電腦,並執行一些代碼。
現在,如果你仔細看看這個映像檔-這是映像檔標頭,這是攻擊開始的真正代碼,這個代碼已經被加密,所以我們將它解密。這是用XOR function 97加密的,你們一定要相信我,它是的,別懷疑。我們可以到這裡,真正開始將它解密。黃色部分的代碼現在解密了,我知道,它跟原來的代碼看起來並沒有很大的不同,但請繼續仔細看,你可以在這裡看到一個網址:unionseek.com/d/ioo.exe,當你在電腦上觀看這個映像檔時,它事實上會開始下載並執行這個程式,這是一個將接管你電腦的後門。
但更有趣的是,如果我們繼續解密,我們會發現這個神秘的字串:O600KO78RUS,這段被加密的代碼像是某種簽名,它沒有任何作用,我盯著它看,試圖找出它代表什麼意思。所以很顯然,我用Google搜尋,我得到0筆資料;什麼也找不到。所以我跟實驗室夥伴們談論這件事,我們實驗室裡有幾個俄羅斯人,其中一人提到,嗯,它結尾的代碼rus像是指俄羅斯,而78是聖彼得堡的城市代碼,例如,你可以在一些電話號碼和汽車牌照之類的東西上找到它。於是,我尋找它與聖彼得堡的關聯,經歷了漫長的過程,我們終於找到這個特定的網站。
這個俄羅斯人在網路上經營自己的網站好幾年了,他在Live Journal這個受歡迎的網站上經營一個部落格。在這個部落格中,他發表關於他的生活,關於他在聖彼得堡的生活-他現在20出頭,關於他的貓、他的女朋友,他開的是一輛非常不錯的車,事實上,這個傢伙開的是一輛賓士S600,V12,擁有6公升引擎及超過400匹馬力,對一位生活在聖彼得堡20出頭的孩子來說是一輛很不錯的車。
我怎麼知道關於他車子的事?因為他在部落格上描述了這輛車,他事實上還出了車禍。在聖彼得堡市中心,他的車撞了另一輛車。他在部落格上放了關於那場車禍的照片,那是他的賓士車,這是他撞上的Lada Samara車。事實上,你可以看到Samara的車牌號碼結尾是78RUS,如果你仔細看車禍現場照片,你可以看到,那輛賓士車的車牌號碼是O600KO78RUS。我不是律師,但如果我是,我會這麼說,「我的案子結了。」
展開英文
收合英文
-
And if you just go and take a look at what's happening in the online world, here's a video built by Clarified Networks, which illustrates how one single malware family is able to move around the world. This operation, believed to be originally from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can't shut these guys down. They will switch from one country to another, from one jurisdiction to another -- moving around the world, using the fact that we don't have the capability to globally police operations like this. So the Internet is as if someone would have given free plane tickets to all the online criminals of the world. Now, criminals who weren't capable of reaching us before can reach us.
So how do you actually go around finding online criminals? How do you actually track them down. Let me give you an example. What we have here is one exploit file. Here, I'm looking at the Hex dump of an image file, which contains an exploit. And that basically means, if you're trying to view this image file on your Windows computer, it actually takes over your computer and runs code.
Now, if you'll take a look at this image file -- well there's the image header, and there the actual code of the attack starts. And that code has been encrypted, so let's decrypt it. It has been encrypted with XOR function 97. You just have to believe me, it is, it is. And we can go here and actually start decrypting it. Well the yellow part of the code is now decrypted. And I know, it doesn't really look much different from the original. But just keep staring at it. You'll actually see that down here you can see a Web address: unionseek.com/d/ioo.exe And when you view this image on your computer it actually is going to download and run that program. And that's a backdoor which will take over your computer.
But even more interestingly, if we continue decrypting, we'll find this mysterious string which says O600KO78RUS. That code is there underneath the encryption as some sort of a signature. It's not used for anything. And I was looking at that, trying to figure out what it means. So obviously I Googled for it. I got zero hits; wasn't there. So I spoke with the guys at the lab. And we have a couple of Russian guys in our labs, and one of them mentioned, well, it ends in rus like Russia. And 78 is the city code for the city of St. Petersburg. For example, you can find it from some phone numbers and car license plates and stuff like that. So I went looking for contacts in St. Petersburg. And through a long road, we eventually found this one particular website.
Here's this Russian guy who's been operating online for a number of years who runs his own website, and he runs a blog under the popular Live Journal. And on this blog, he blogs about his life, about his life in St. Petersburg -- he's in his early 20s -- about his cat, about his girlfriend. And he drives a very nice car. In fact, this guy drives a Mercedes-Benz S600 V12 with a six-liter engine with more than 400 horsepower. Now that's a nice car for a 20-something year-old kid in St. Petersburg.
How do I know about this car? Because he blogged about the car. He actually had a car accident. In downtown St. Petersburg, he actually crashed his car into another car. And he put blogged images about the car accident -- that's his Mercedes -- right here is the Lada Samara he crashed into. And you can actually see that the license plate of the Samara ends in 78RUS. And if you actually take a look at the scene picture, you can see that the plate of the Mercedes is O600KO78RUS. Now I'm not a lawyer, but if I would be, this is where I would say, "I rest my case."
-
那麼,當網路罪犯被捕時會發生什麼事呢?在大多數情況下,很難進展到這個程度。在絕大多數的網路犯罪案件中,我們甚至不知道攻擊來自哪個洲;即使我們能找到網路罪犯,結果往往是不了了之,當地警方不會採取行動;或如果他們採取行動,卻沒有足夠證據;或出於某種原因,我們無法制裁他們。我希望這會更容易些,可惜事實並非如此。
但情況也以十分迅速的步伐改變了。你們都聽過像Stuxnet這樣的病毒,因此,如果你們想看一下Stuxnet會做什麼,那就是感染這些東西。這是一個西門子S7-400 PLC,可編程式邏輯控制器,這就是使我們基礎設施運行的東西,這就是運行我們周遭一切的東西。PLC的這些小箱子沒有顯示器,沒有鍵盤,而是編入了程式;將它放在適當位置,它就會執行它的工作。例如,這棟建築物裡的電梯,很可能就是由其中一個小箱子所控制。當Stuxnet病毒感染其中一個小箱子,這各式各樣的風險所造成的巨大變革正是我們必須擔心的,因為我們周遭的一切都是由這些小箱子運行。我的意思是,我們有許多重要的基礎設施,當你去任何工廠、任何發電廠、任何化工廠、任何食品加工廠,你看看四周-每樣東西都是由電腦操作的。
每樣東西都由電腦操作,每樣東西都有賴於這些電腦的運作。我們已變得非常依賴網路,很顯然,一些基本的東西,如電力,都有賴於電腦的運行,這確實是某種會為我們創造出全新問題的情況。我們必須有某種方法能繼續運作一切,即使電腦掛了的時候。
(笑聲)
(掌聲)
所以準備意味著,即使當我們習以為常的東西不存在時,我們仍然能如常生活。這確實是相當基本的東西,想想關於連貫性、關於備份、關於真正重要的東西。
現在,我告訴你們-(笑聲)我愛網路,真的,想想所有我們從網路上得到的服務,想想如果這些東西都離你而去;如果有一天,你因為某種原因真的失去了這些。我看到未來網路的美好,但我擔心我們可能看不到這些,我擔心我們因為網路犯罪而陷入困境,網路犯罪是一項可能使這些東西離我們遠去的東西。
(笑聲)
我窮盡一生的時間來保衛網路,我確實認為,如果我們不打擊網路犯罪,就是冒著全面失去網路的危險,我們必須全球化的進行這件事,我們必須立刻著手進行。我們需要的是更加全球化、國際性的執法合作,尋找網路犯罪集團。這些有組織的集團從他們的攻擊中獲得數百萬美元的利益,這比執行防毒程式或開啟防火牆重要得多。事實上,重要的是,將這些攻擊的幕後黑手找出來;更重要的是,我們必須要找出即將成為網路犯罪世界的一份子,但尚未這麼做的人;我們必須找出擁有這個技能,但沒機會使用的人,並給他們機會,將這個技能用在好的地方。
非常感謝。
展開英文
收合英文
-
So what happens when online criminals are caught? Well in most cases it never gets this far. The vast majority of the online crime cases, we don't even know which continent the attacks are coming from. And even if we are able to find online criminals, quite often there is no outcome. The local police don't act, or if they do, there's not enough evidence, or for some reason we can't take them down. I wish it would be easier; unfortunately it isn't.
But things are also changing at a very rapid pace. You've all heard about things like Stuxnet. So if you look at what Stuxnet did is that it infected these. That's a Siemens S7-400 PLC, programmable logic [controller]. And this is what runs our infrastructure. This is what runs everything around us. PLC's, these small boxes which have no display, no keyboard, which are programmed, are put in place, and they do their job. For example, the elevators in this building most likely are controlled by one of these. And when Stuxnet infects one of these, that's a massive revolution on the kinds of risks we have to worry about. Because everything around us is being run by these. I mean, we have critical infrastructure. You go to any factory, any power plant, any chemical plant, any food processing plant, you look around -- everything is being run by computers.
Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, obviously, on computers working. And this really is something which creates completely new problems for us. We must have some way of continuing to work even if computers fail.
(Laughter)
(Applause)
So preparedness means that we can do stuff even when the things we take for granted aren't there. It's actually very basic stuff -- thinking about continuity, thinking about backups, thinking about the things that actually matter.
Now I told you -- (Laughter) I love the Internet. I do. Think about all the services we have online. Think about if they are taken away from you, if one day you don't actually have them for some reason or another. I see beauty in the future of the Internet, but I'm worried that we might not see that. I'm worried that we are running into problems because of online crime. Online crime is the one thing that might take these things away from us.
(Laughter)
I've spent my life defending the net. And I do feel that if we don't fight online crime, we are running a risk of losing it all. We have to do this globally, and we have to do it right now. What we need is more global, international law enforcement work to find online criminal gangs -- these organized gangs that are making millions out of their attacks. That's much more important than running anti-viruses or running firewalls. What actually matters is actually finding the people behind these attacks. And even more importantly, we have to find the people who are about to become part of this online world of crime, but haven't yet done it. We have to find the people with the skills, but without the opportunities and give them the opportunities to use their skills for good.
Thank you very much.