Three types of online attack | Mikko H. Hypponen | TEDxBrussels
-
0:11 - 0:13In the 1980s
-
0:14 - 0:17in the communist Eastern Germany,
-
0:18 - 0:20if you owned a typewriter,
-
0:21 - 0:24you had to register it
with the government. -
0:24 - 0:25You had to register
-
0:25 - 0:27a sample sheet of text
-
0:27 - 0:29out of the typewriter.
-
0:29 - 0:30And this was done
-
0:30 - 0:35so the government could track
where text was coming from. -
0:35 - 0:36If they found a paper
-
0:36 - 0:40which had the wrong kind of thought,
-
0:40 - 0:42they could track down
-
0:42 - 0:44who created that thought.
-
0:44 - 0:46And we in the West
-
0:47 - 0:50couldn't understand
how anybody could do this, -
0:50 - 0:54how much this would restrict
freedom of speech. -
0:54 - 0:55We would never do that
-
0:55 - 0:57in our own countries.
-
0:59 - 1:01But today in 2011,
-
1:01 - 1:04if you go and buy a color laser printer
-
1:05 - 1:09from any major laser printer manufacturer
-
1:09 - 1:10and print a page,
-
1:10 - 1:12that page will end up
-
1:12 - 1:15having slight yellow dots
-
1:15 - 1:18printed on every single page
-
1:18 - 1:20in a pattern which makes the page unique
-
1:20 - 1:23to you and to your printer.
-
1:25 - 1:26This is happening
-
1:26 - 1:28to us today.
-
1:30 - 1:33And nobody seems to be
making a fuss about it. -
1:33 - 1:36And this is an example
-
1:36 - 1:38of the ways
-
1:38 - 1:40that our own governments
-
1:41 - 1:43are using technology
-
1:43 - 1:46against us, the citizens.
-
1:47 - 1:50And this is one of the main three sources
-
1:50 - 1:52of online problems today.
-
1:52 - 1:55If we take a look at what's
really happening in the online world, -
1:55 - 1:58we can group the attacks
based on the attackers. -
1:58 - 2:00We have three main groups.
-
2:00 - 2:02We have online criminals.
-
2:02 - 2:04Like here, we have Mr. Dimitry Golubov
-
2:04 - 2:07from the city of Kiev in Ukraine.
-
2:07 - 2:09And the motives of online criminals
-
2:09 - 2:11are very easy to understand.
-
2:11 - 2:13These guys make money.
-
2:13 - 2:15They use online attacks
-
2:15 - 2:17to make lots of money,
-
2:17 - 2:19and lots and lots of it.
-
2:19 - 2:22We actually have several cases
-
2:22 - 2:25of millionaires online, multimillionaires,
-
2:25 - 2:27who made money with their attacks.
-
2:27 - 2:30Here's Vladimir Tsastsin
form Tartu in Estonia. -
2:30 - 2:32This is Alfred Gonzalez.
-
2:32 - 2:34This is Stephen Watt.
-
2:34 - 2:35This is Bjorn Sundin.
-
2:35 - 2:38This is Matthew Anderson, Tariq Al-Daour
-
2:38 - 2:40and so on and so on.
-
2:40 - 2:42These guys
-
2:42 - 2:45make their fortunes online,
-
2:45 - 2:47but they make it through the illegal means
-
2:47 - 2:50of using things like banking trojans
-
2:50 - 2:52to steal money from our bank accounts
-
2:52 - 2:54while we do online banking,
-
2:54 - 2:56or with keyloggers
-
2:56 - 2:58to collect our credit card information
-
2:58 - 3:01while we are doing online shopping
from an infected computer. -
3:01 - 3:03The U.S. Secret Service,
-
3:03 - 3:05two months ago,
-
3:05 - 3:07froze the Swiss bank account
-
3:07 - 3:09of Mr. Sam Jain right here,
-
3:09 - 3:13and that bank account had
14.9 million U.S. dollars on it -
3:13 - 3:15when it was frozen.
-
3:15 - 3:17Mr. Jain himself is on the loose;
-
3:17 - 3:19nobody knows where he is.
-
3:19 - 3:21And I claim it's already today
-
3:22 - 3:25that it's more likely for any of us
-
3:25 - 3:28to become the victim of a crime online
-
3:28 - 3:31than here in the real world.
-
3:32 - 3:33And it's very obvious
-
3:33 - 3:35that this is only going to get worse.
-
3:35 - 3:37In the future, the majority of crime
-
3:37 - 3:40will be happening online.
-
3:42 - 3:44The second major group of attackers
-
3:44 - 3:45that we are watching today
-
3:45 - 3:48are not motivated by money.
-
3:48 - 3:50They're motivated by something else -
-
3:50 - 3:52motivated by protests,
-
3:52 - 3:54motivated by an opinion,
-
3:54 - 3:56motivated by the laughs.
-
3:56 - 3:58Groups like Anonymous
-
3:58 - 4:01have risen up over the last 12 months
-
4:01 - 4:03and have become a major player
-
4:03 - 4:06in the field of online attacks.
-
4:07 - 4:09So those are the three main attackers:
-
4:09 - 4:11criminals who do it for the money,
-
4:11 - 4:13hacktivists like Anonymous
-
4:13 - 4:15doing it for the protest,
-
4:15 - 4:18but then the last group are nation states,
-
4:18 - 4:21governments doing the attacks.
-
4:23 - 4:25And then we look at cases
-
4:25 - 4:27like what happened in DigiNotar.
-
4:27 - 4:29This is a prime example of what happens
-
4:29 - 4:30when governments attack
-
4:30 - 4:33against their own citizens.
-
4:33 - 4:36DigiNotar is a Certificate Authority
-
4:36 - 4:38from The Netherlands -
-
4:38 - 4:40or actually, it was.
-
4:40 - 4:41It was run into bankruptcy
-
4:41 - 4:44last fall
-
4:44 - 4:46because they were hacked into.
-
4:46 - 4:48Somebody broke in
-
4:48 - 4:50and they hacked it thoroughly.
-
4:51 - 4:54And I asked last week
-
4:54 - 4:57in a meeting with Dutch
government representatives, -
4:57 - 5:01I asked one of the leaders of the team
-
5:03 - 5:05whether he found plausible
-
5:05 - 5:07that people died
-
5:07 - 5:10because of the DigiNotar hack.
-
5:12 - 5:14And his answer was yes.
-
5:16 - 5:18So how do people die
-
5:18 - 5:21as the result of a hack like this?
-
5:21 - 5:23Well DigiNotar is a C.A.
-
5:23 - 5:25They sell certificates.
-
5:25 - 5:27What do you do with certificates?
-
5:27 - 5:28Well you need a certificate
-
5:28 - 5:31if you have a website that has https,
-
5:31 - 5:33SSL encrypted services,
-
5:33 - 5:36services like Gmail.
-
5:38 - 5:39Now we all, or a big part of us,
-
5:39 - 5:42use Gmail or one of their competitors,
-
5:42 - 5:44but these services are especially popular
-
5:44 - 5:46in totalitarian states
-
5:46 - 5:47like Iran,
-
5:47 - 5:49where dissidents
-
5:49 - 5:52use foreign services like Gmail
-
5:52 - 5:55because they know they are
more trustworthy than the local services -
5:55 - 5:58and they are encrypted
over SSL connections, -
5:58 - 6:00so the local government can't snoop
-
6:00 - 6:02on their discussions.
-
6:02 - 6:06Except they can if they hack
into a foreign C.A. -
6:06 - 6:08and issue rogue certificates.
-
6:08 - 6:10And this is exactly what happened
-
6:10 - 6:12with the case of DigiNotar.
-
6:16 - 6:18What about Arab Spring
-
6:18 - 6:21and things that have been happening,
for example, in Egypt? -
6:21 - 6:22Well in Egypt,
-
6:22 - 6:24the rioters looted the headquarters
-
6:24 - 6:26of the Egyptian secret police
-
6:26 - 6:28in April 2011,
-
6:28 - 6:31and when they were looting the building
they found lots of papers. -
6:31 - 6:33Among those papers,
-
6:33 - 6:36was this binder entitled "FINFISHER."
-
6:36 - 6:38And within that binder were notes
-
6:38 - 6:41from a company based in Germany
-
6:41 - 6:44which had sold the Egyptian government
-
6:44 - 6:46a set of tools
-
6:46 - 6:47for intercepting -
-
6:47 - 6:49and in very large scale -
-
6:49 - 6:52all the communication
of the citizens of the country. -
6:52 - 6:53They had sold this tool
-
6:53 - 6:57for 280,000 Euros
to the Egyptian government. -
6:57 - 6:59The company headquarters are right here.
-
6:59 - 7:01So Western governments
-
7:01 - 7:04are providing totalitarian governments
with tools -
7:04 - 7:06to do this against their own citizens.
-
7:08 - 7:11But Western governments
are doing it to themselves as well. -
7:11 - 7:12For example, in Germany,
-
7:12 - 7:14just a couple of weeks ago
-
7:14 - 7:17the so-called State Trojan was found,
-
7:17 - 7:18which was a trojan
-
7:18 - 7:21used by German government officials
-
7:21 - 7:23to investigate their own citizens.
-
7:23 - 7:27If you are a suspect in a criminal case,
-
7:27 - 7:30well it's pretty obvious,
your phone will be tapped. -
7:30 - 7:32But today, it goes beyond that.
-
7:32 - 7:34They will tap your Internet connection.
-
7:34 - 7:36They will even use tools like State Trojan
-
7:36 - 7:39to infect your computer with a trojan,
-
7:39 - 7:41which enables them
-
7:41 - 7:43to watch all your communication,
-
7:43 - 7:46to listen to your online discussions,
-
7:46 - 7:48to collect your passwords.
-
7:52 - 7:55Now when we think deeper
-
7:55 - 7:57about things like these,
-
7:57 - 8:01the obvious response from people should be
-
8:03 - 8:05that, "Okay, that sounds bad,
-
8:05 - 8:09but that doesn't really affect me
because I'm a legal citizen. -
8:09 - 8:11Why should I worry?
-
8:11 - 8:13Because I have nothing to hide."
-
8:14 - 8:15And this is an argument,
-
8:15 - 8:17which doesn't make sense.
-
8:17 - 8:20Privacy is implied.
-
8:21 - 8:24Privacy is not up for discussion.
-
8:25 - 8:26This is not a question
-
8:26 - 8:29between privacy
-
8:31 - 8:34against security.
-
8:34 - 8:37It's a question of freedom
-
8:38 - 8:40against control.
-
8:40 - 8:44And while we might trust our governments
-
8:44 - 8:47right now, right here in 2011,
-
8:47 - 8:50any right we give away
will be given away for good. -
8:50 - 8:54And do we trust, do we blindly trust,
-
8:54 - 8:55any future government,
-
8:55 - 8:57a government we might have
-
8:57 - 8:5950 years from now?
-
9:02 - 9:04And these are the questions
-
9:04 - 9:07that we have to worry about
for the next 50 years. -
9:08 - 9:10Thank you very much.
(Applause)
- Title:
- Three types of online attack | Mikko H. Hypponen | TEDxBrussels
- Description:
-
Cybercrime expert Mikko Hypponen talks us through three types of online attack on our privacy and data -- and only two are considered crimes. "Do we blindly trust any future government? Because any right we give away, we give away for good."
- Video Language:
- English
- Team:
- closed TED
- Project:
- TEDxTalks
- Duration:
- 09:17
Ivana Korom edited English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
Ivana Korom edited English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
Ivana Korom edited English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
Ivana Korom approved English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
Ivana Korom accepted English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
TED Translators admin edited English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
TED Translators admin edited English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels | ||
TED Translators admin edited English subtitles for Three types of online attack | Mikko H. Hypponen | TEDxBrussels |