-
1980年代,在共產主義的東德,如果你有一台打字機,你就得去跟政府登記。你必須登記出自那台打字機的一份文件樣本,這麼做之後,政府就能追蹤文件出自何方;如果他們發現一張紙上寫著錯誤的觀點,他們就能追蹤是誰產生這樣的觀點。在西方的我們無法理解,怎麼有人能做這種事,這將會多麼限制言論自由,我們永遠不會在自己的國家裡這麼做。
但是,2011年的今天,如果你向任何一家大型雷射印表機廠商購買一台彩色雷射印表機,列印出一頁,這頁紙最後會有一些小黃點,印在每一頁上,這種圖案使這頁紙對你和你的印表機來說都是獨一無二的,這就是今天發生在我們身上的事;似乎沒有人為此大驚小怪。這是一個例子,說明我們政府使用科技來對付我們這些公民的方式。這是今天網路問題的三大來源之一。
如果我們看一下網路世界到底發生了什麼事,我們可以根據攻擊者來將網路攻擊分類,其中有三個主要類別。我們有網路罪犯,像這裡,有位來自烏克蘭基輔市的Dimitry Golubov先生。網路罪犯的動機非常容易理解,這些傢伙是為了賺錢,他們藉由線上攻擊賺很多錢,很多很多錢。事實上,我們有好幾個案例都是網路上的百萬富翁、千萬富翁,透過線上攻擊致富。這是來自愛沙尼亞塔爾圖的Vladimir Tsastsin,這是Alfred Gonzalez,這是Stephen Watt,這是Bjorn Sundin,這是Matthew Anderson、Tariq Al-Daour等等等等。
這些人靠網路賺了很多錢,但他們是藉由非法手段賺取,透過使用類似銀行木馬程式,從我們的銀行帳戶偷錢-當我們在網路上進行銀行業務時;或使用鍵盤記錄收集我們的信用卡資訊-當我們透過被感染的電腦進行線上購物時。美國特勤局兩個月前凍結了Sam Jain先生的瑞士銀行帳戶,那個帳戶被凍結時,裡面有一千四百九十萬美金,Jain先生本人仍逍遙法外,沒人知道他在哪。今天我可以斷言,我們當中任何一位都可能成為網路犯罪的受害者,甚至比現實世界更嚴重。很顯然,這種情況越來越糟,將來大多數犯罪都會發生在網路上。
展開英文
收合英文
-
以下為系統擷取之英文原文
In the 1980s in the communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where text was coming from. If they found a paper which had the wrong kind of thought, they could track down who created that thought. And we in the West couldn't understand how anybody could do this, how much this would restrict freedom of speech. We would never do that in our own countries.
But today in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it. And this is an example of the ways that our own governments are using technology against us, the citizens. And this is one of the main three sources of online problems today.
If we take a look at what's really happening in the online world, we can group the attacks based on the attackers. We have three main groups. We have online criminals. Like here, we have Mr. Dimitry Golubov from the city of Kiev in Ukraine. And the motives of online criminals are very easy to understand. These guys make money. They use online attacks to make lots of money, and lots and lots of it. We actually have several cases of millionaires online, multimillionaires, who made money with their attacks. Here's Vladimir Tsastsin form Tartu in Estonia. This is Alfred Gonzalez. This is Stephen Watt. This is Bjorn Sundin. This is Matthew Anderson, Tariq Al-Daour and so on and so on.
These guys make their fortunes online, but they make it through the illegal means of using things like banking trojans to steal money from our bank accounts while we do online banking, or with keyloggers to collect our credit card information while we are doing online shopping from an infected computer. The U.S. Secret Service, two months ago, froze the Swiss bank account of Mr. Sam Jain right here, and that bank account had 14.9 million U.S. dollars on it when it was frozen. Mr. Jain himself is on the loose; nobody knows where he is. And I claim it's already today that it's more likely for any of us to become the victim of a crime online than here in the real world. And it's very obvious that this is only going to get worse. In the future, the majority of crime will be happening online.
-
我們今天觀察的第二類主要攻擊者,動機不是金錢,他們的動機源於別處-抗議、發表意見、嘲笑。Anonymous(匿名者)這個駭客組織在過去12個月中崛起,成為線上攻擊領域的主要參與者。
這些就是三種主要類型的攻擊者:為了賺錢而攻擊的網路罪犯;像Anonymous這樣的駭客組織,為了抗議而進行攻擊;但最後一類是民族國家,進行攻擊的是政府。我們看一下發生在DigiNotar公司的案例,這是政府進行攻擊的典型例子,藉此對付自己的民眾。DigiNotar是荷蘭一間憑證發行機構,或者說它曾經是;去年秋天它宣布破產,因為他們遭到入侵,有人闖進它的系統,徹底毀了它。我上周與荷蘭政府代表開會時問過,我問其中一位團隊領導者,他是否認為有人可能會因為Diginotar的攻擊事件而死亡,他的回答是肯定的。
那麼,人們為何會因為這樣的攻擊事件而死亡?DigiNotar是一間憑證發行機構,他們販賣憑證。憑證可以用來做什麼?你需要憑證的情況是,如果你有一個https網站,擁有SSL加密連線-類似Gmail伺服器。當今我們所有人,或大部分人都使用Gmail或它競爭者提供的伺服器,但這些伺服器在極權國家裡特別受歡迎,像是伊朗當地異議人士,使用諸如Gmail的國外伺服器,因為他們知道它比當地的伺服器更可靠,且透過SSL連線加密,所以當地政府窺探不到他們的討論-除非他們攻擊一間國外的憑證發行機構,發行偽造的憑證,這就是發生在DigiNotar案例中的情形。
展開英文
收合英文
-
The second major group of attackers that we are watching today are not motivated by money. They're motivated by something else -- motivated by protests, motivated by an opinion, motivated by the laughs. Groups like Anonymous have risen up over the last 12 months and have become a major player in the field of online attacks.
So those are the three main attackers: criminals who do it for the money, hacktivists like Anonymous doing it for the protest, but then the last group are nation states, governments doing the attacks. And then we look at cases like what happened in DigiNotar. This is a prime example of what happens when governments attack against their own citizens. DigiNotar is a Certificate Authority from The Netherlands -- or actually, it was. It was running into bankruptcy last fall because they were hacked into. Somebody broke in and they hacked it thoroughly. And I asked last week in a meeting with Dutch government representatives, I asked one of the leaders of the team whether he found plausible that people died because of the DigiNotar hack. And his answer was yes.
So how do people die as the result of a hack like this? Well DigiNotar is a C.A. They sell certificates. What do you do with certificates? Well you need a certificate if you have a website that has https, SSL encrypted services, services like Gmail. Now we all, or a big part of us, use Gmail or one of their competitors, but these services are especially popular in totalitarian states like Iran, where dissidents use foreign services like Gmail because they know they are more trustworthy than the local services and they are encrypted over SSL connections, so the local government can't snoop on their discussions. Except they can if they hack into a foreign C.A. and issue rogue certificates. And this is exactly what happened with the case of DigiNotar.
-
阿拉伯之春(即茉莉花革命)是怎麼回事?例如發生在埃及的情況?好,在埃及,暴民們洗劫了埃及秘密警察總部,在2011年4月,他們洗劫那棟大樓時,找到很多文件,在這些文件中有一個名叫「FINFISHER」的檔案夾,檔案夾中有些來自一家德國公司的便條,它賣給埃及政府一套工具,用來截取-很大比例是國民所有的通信,他們把這套工具以28萬歐元賣給埃及政府,那間公司的總部就在這裡。
所以西方政府提供工具給極權政府來對付他們自己的民眾,但西方政府本身也同樣這麼做。例如在德國,就在幾周前,發現一個叫State Trojan的病毒,這是一個被德國政府官方用來調查他們自己民眾的木馬病毒。如果你是一宗刑事案件的嫌疑犯,好,顯然你的電話會被監聽,但目前情況已不僅如此。他們會監視你的網路連結,甚至會用類似State Trojan的工具,用木馬程式感染你的電腦,以便監視你所有的通信、監聽你的線上討論、收集你的密碼。
當我們更深入地思考這些事情,人們的反應顯然應該是,「沒錯,聽起來很糟,但這不會對我真正造成影響,因為我是守法公民,為什麼我要擔憂呢?因為我沒什麼可隱藏的。」這是毫無意義的論點。隱私是不言而喻的,隱私是不需要放上檯面討論的;這不是隱私相對於安全的問題,而是自由相對於掌控的問題。我們在2011年當下,或許能信任我們的政府。我們放棄的任何權力將會永遠失去。我們是否信任,盲目地信任任何未來的政府-一個50年後我們可能擁有的政府?這些就是我們要為下一個50年擔憂的問題。
展開英文
收合英文
-
What about Arab Spring and things that have been happening, for example, in Egypt? Well in Egypt, the rioters looted the headquarters of the Egyptian secret police in April 2011, and when they were looting the building they found lots of papers. Among those papers, was this binder entitled "FINFISHER." And within that binder were notes from a company based in Germany which had sold the Egyptian government a set of tools for intercepting -- and in very large scale -- all the communication of the citizens of the country. They had sold this tool for 280,000 Euros to the Egyptian government. The company headquarters are right here.
So Western governments are providing totalitarian governments with tools to do this against their own citizens. But Western governments are doing it to themselves as well. For example, in Germany, just a couple of weeks ago the so-called State Trojan was found, which was a trojan used by German government officials to investigate their own citizens. If you are a suspect in a criminal case, well it's pretty obvious, your phone will be tapped. But today, it goes beyond that. They will tap your Internet connection. They will even use tools like State Trojan to infect your computer with a trojan, which enables them to watch all your communication, to listen to your online discussions, to collect your passwords.
Now when we think deeper about things like these, the obvious response from people should be that, "Okay, that sounds bad, but that doesn't really affect me because I'm a legal citizen. Why should I worry? Because I have nothing to hide." And this is an argument, which doesn't make sense. Privacy is implied. Privacy is not up for discussion. This is not a question between privacy against security. It's a question of freedom against control. And while we might trust our governments right now, right here in 2011, any right we give away will be given away for good. And do we trust, do we blindly trust, any future government, a government we might have 50 years from now? And these are the questions that we have to worry about for the next 50 years.