1 00:00:00,713 --> 00:00:02,669 I'm going to be showing some of the cybercriminals' 2 00:00:02,669 --> 00:00:04,807 latest and nastiest creations. 3 00:00:04,807 --> 00:00:07,316 So basically, please don't go and download 4 00:00:07,316 --> 00:00:09,982 any of the viruses that I show you. 5 00:00:09,982 --> 00:00:13,245 Some of you might be wondering what a cyber-security specialist looks like, 6 00:00:13,245 --> 00:00:15,383 and I thought I'd give you a quick insight 7 00:00:15,383 --> 00:00:17,431 into my career so far. 8 00:00:17,431 --> 00:00:19,310 (Laughter) 9 00:00:19,310 --> 00:00:21,301 It's a pretty accurate description. 10 00:00:21,301 --> 00:00:23,157 This is what someone that specializes 11 00:00:23,157 --> 00:00:25,161 in malware and hacking looks like. 12 00:00:25,161 --> 00:00:27,392 So today, computer viruses and trojans, 13 00:00:27,392 --> 00:00:30,487 designed to do everything from stealing data 14 00:00:30,487 --> 00:00:32,804 to watching you in your webcam 15 00:00:32,804 --> 00:00:35,966 to the theft of billions of dollars. 16 00:00:35,966 --> 00:00:38,161 Some malicious code today goes as far 17 00:00:38,161 --> 00:00:42,304 as targeting power utilities and infrastructure. 18 00:00:42,304 --> 00:00:44,112 Let me give you a quick snapshot 19 00:00:44,112 --> 00:00:46,710 of what malicious code is capable of today. 20 00:00:46,710 --> 00:00:49,535 Right now, every second, eight new users 21 00:00:49,535 --> 00:00:51,843 are joining the internet. 22 00:00:51,843 --> 00:00:59,212 Today, we will see 250,000 individual new computer viruses. 23 00:00:59,212 --> 00:01:05,074 We will see 30,000 new infected websites. 24 00:01:05,074 --> 00:01:07,271 And, just to kind of tear down a myth here, 25 00:01:07,271 --> 00:01:09,498 lots of people think that when you get infected 26 00:01:09,498 --> 00:01:13,534 with a computer virus, it's because you went to a porn site. 27 00:01:13,534 --> 00:01:15,838 Right? Well, actually, statistically speaking, 28 00:01:15,838 --> 00:01:18,778 if you only visit porn sites, you're safer. 29 00:01:18,778 --> 00:01:20,827 People normally right that down, by the way. 30 00:01:20,827 --> 00:01:22,468 (Laughter) 31 00:01:22,468 --> 00:01:24,327 Actually, about 80 percent of these 32 00:01:24,327 --> 00:01:26,440 are small business websites getting infected. 33 00:01:26,440 --> 00:01:29,140 Today's cybercriminal, what do they look like? 34 00:01:29,140 --> 00:01:30,828 Well, many of you have the image, don't you, 35 00:01:30,828 --> 00:01:33,496 of the spotty teenager sitting in a basement, 36 00:01:33,496 --> 00:01:35,992 hacking away for notoriety. 37 00:01:35,992 --> 00:01:37,984 But actually today, cybercriminals 38 00:01:37,984 --> 00:01:40,864 are wonderfully professional and organized. 39 00:01:40,864 --> 00:01:43,935 In fact, they have product adverts. 40 00:01:43,935 --> 00:01:45,882 You can go online and buy a hacking service 41 00:01:45,882 --> 00:01:48,215 to knock your business competitor offline. 42 00:01:48,215 --> 00:01:50,236 Check out this one I found. 43 00:01:50,236 --> 00:01:52,286 Salesman (Video): So you're hear for one reason, 44 00:01:52,286 --> 00:01:54,152 and that reason is 45 00:01:54,152 --> 00:01:56,077 is because you need your business competitors, 46 00:01:56,077 --> 00:01:58,630 rivals, haters, or whatever the reason is, or who, 47 00:01:58,630 --> 00:02:01,079 they are to go down. 48 00:02:01,079 --> 00:02:03,311 Well you, my friend, you've came to the right place. 49 00:02:03,311 --> 00:02:05,942 If you want your business competitors to go down, 50 00:02:05,942 --> 00:02:07,878 well, they can. 51 00:02:07,878 --> 00:02:10,702 If you want your rivals to go offline, well, they will. 52 00:02:10,702 --> 00:02:13,729 Not only that, we are providing a short-term to long-term 53 00:02:13,729 --> 00:02:16,007 DDOS service or scheduled attack, 54 00:02:16,007 --> 00:02:19,895 starting five dollars per hour for small personal websites 55 00:02:19,895 --> 00:02:22,461 to 10 to 50 dollars per hour. 56 00:02:22,461 --> 00:02:24,384 James Lyne: Now, I did actually pay 57 00:02:24,384 --> 00:02:26,915 one of these cybercriminals to attack my own website. 58 00:02:26,915 --> 00:02:30,133 Things got a bit tricky when I tried to expense it at the company. 59 00:02:30,133 --> 00:02:32,354 Turns out that's not cool. 60 00:02:32,354 --> 00:02:34,949 But regardless, it's amazing how many products 61 00:02:34,949 --> 00:02:38,245 and services are available now to cybercriminals. 62 00:02:38,245 --> 00:02:40,721 For example, this testing platform, 63 00:02:40,721 --> 00:02:42,790 which enables the cybercriminals 64 00:02:42,790 --> 00:02:44,918 to test the quality of their viruses 65 00:02:44,918 --> 00:02:47,370 before they release them on the world. 66 00:02:47,370 --> 00:02:49,327 For a small fee, they can upload it 67 00:02:49,327 --> 00:02:51,286 and make sure everything is good. 68 00:02:51,286 --> 00:02:53,085 But it goes further. 69 00:02:53,085 --> 00:02:54,987 Cybercriminals now have crime pacts 70 00:02:54,987 --> 00:02:57,429 with business intelligence reporting dashboards 71 00:02:57,429 --> 00:03:01,366 to manage the distribution of their malicious code. 72 00:03:01,366 --> 00:03:04,787 This is the market leader in malware distribution, 73 00:03:04,787 --> 00:03:06,610 the Black Hole Exploit Pact, 74 00:03:06,610 --> 00:03:09,669 responsible for nearly one third of malware distribution 75 00:03:09,669 --> 00:03:12,055 in the last couple of quarters. 76 00:03:12,055 --> 00:03:14,974 It comes with technical installation guides, 77 00:03:14,974 --> 00:03:16,882 video setup routines, 78 00:03:16,882 --> 00:03:19,683 and get this, technical support. 79 00:03:19,683 --> 00:03:22,362 You can email the cybercriminals and they'll tell you 80 00:03:22,362 --> 00:03:25,754 how to set up your illegal hacking server. 81 00:03:25,754 --> 00:03:30,361 So let me show you what malicious code looks like today. 82 00:03:30,361 --> 00:03:32,611 What I've got here is two systems, 83 00:03:32,611 --> 00:03:36,301 an attacker, which I've made look all Matrix-y and scary, 84 00:03:36,301 --> 00:03:40,048 and a victim, which you might recognize from home or work. 85 00:03:40,048 --> 00:03:42,163 Now normally, these would be on different sides 86 00:03:42,163 --> 00:03:45,021 of the planet or of the internet, 87 00:03:45,021 --> 00:03:47,036 but I've put them side by side 88 00:03:47,036 --> 00:03:49,116 because it makes things much more interesting. 89 00:03:49,116 --> 00:03:51,479 Now, there are many ways you can get infected. 90 00:03:51,479 --> 00:03:53,763 You will have come in contact with some of them. 91 00:03:53,763 --> 00:03:55,983 Maybe some of you have received an email 92 00:03:55,983 --> 00:03:59,591 that says something like, "Hi, I'm a Nigerian banker, 93 00:03:59,591 --> 00:04:02,370 and I'd like to give you 53 billion dollars 94 00:04:02,370 --> 00:04:04,474 because I like your face." 95 00:04:04,474 --> 00:04:06,328 Right? 96 00:04:06,328 --> 00:04:08,423 Or funnycats.exe, which rumor has it 97 00:04:08,423 --> 00:04:12,114 was quite successful in China's recent campaign against America. 98 00:04:12,114 --> 00:04:14,482 Now there are many ways you can get infected. 99 00:04:14,482 --> 00:04:16,715 I want to show you a couple of my favorites. 100 00:04:16,715 --> 00:04:18,853 This is a little USB key. 101 00:04:18,853 --> 00:04:21,702 Now how do you get a USB key to run in a business? 102 00:04:21,702 --> 00:04:25,334 Well, you could try looking really cute. 103 00:04:25,334 --> 00:04:27,595 Awww. 104 00:04:27,595 --> 00:04:29,958 Or, in my case, awkward and pathetic. 105 00:04:29,958 --> 00:04:33,840 So imagine this scenario: I walk into one of your businesses, 106 00:04:33,840 --> 00:04:36,697 looking very awkward and pathetic, with a copy of my C.V. 107 00:04:36,697 --> 00:04:39,150 which I've covered in coffee, 108 00:04:39,150 --> 00:04:41,861 and I ask the receptionist to plug in this USB key 109 00:04:41,861 --> 00:04:44,224 and print me a new one. 110 00:04:44,224 --> 00:04:47,454 So let's have a look here on my victim computer. 111 00:04:47,454 --> 00:04:50,007 What I'm going to do is plug in the USB key. 112 00:04:50,007 --> 00:04:52,190 After a couple of seconds, 113 00:04:52,190 --> 00:04:55,048 things start to happen on the computer on their own, 114 00:04:55,048 --> 00:04:57,107 usually a bad sign. 115 00:04:57,107 --> 00:04:59,077 This would of course normally happen 116 00:04:59,077 --> 00:05:01,328 in a couple of seconds, really, really quickly, 117 00:05:01,328 --> 00:05:03,419 but I've kind of slowed it down 118 00:05:03,419 --> 00:05:05,818 so you can actually see the attack occurring. 119 00:05:05,818 --> 00:05:08,674 Malware is very boring otherwise. 120 00:05:08,674 --> 00:05:11,317 So this is writing out the malicious code, 121 00:05:11,317 --> 00:05:14,591 and a few seconds later, on the left-hand side, 122 00:05:14,591 --> 00:05:18,889 you'll see the attacker's screen get some interesting new text. 123 00:05:18,889 --> 00:05:21,112 Now if I place the mouse cursor over it, 124 00:05:21,112 --> 00:05:23,265 this is what we call a command prompt, 125 00:05:23,265 --> 00:05:26,832 and using this we can navigate around the computer. 126 00:05:26,832 --> 00:05:29,545 We can access your documents, your data. 127 00:05:29,545 --> 00:05:32,008 You could turn on the webcam. 128 00:05:32,008 --> 00:05:33,890 That can be very embarrassing. 129 00:05:33,890 --> 00:05:35,813 Or just to really prove a point, 130 00:05:35,813 --> 00:05:37,949 we can launch programs like my personal favorite, 131 00:05:37,949 --> 00:05:40,401 the Windows Calculator. 132 00:05:40,401 --> 00:05:42,719 So isn't it amazing how much control 133 00:05:42,719 --> 00:05:45,183 the attackers can get with such a simple operation. 134 00:05:45,183 --> 00:05:47,114 Let me show you how most malware 135 00:05:47,114 --> 00:05:49,297 is now distributed today. 136 00:05:49,297 --> 00:05:51,817 What I'm going to do is open up a website 137 00:05:51,817 --> 00:05:53,933 that I wrote. 138 00:05:53,933 --> 00:05:57,448 It's a terrible website. It's got really awful graphics. 139 00:05:57,448 --> 00:05:59,642 And it's got a comments section here 140 00:05:59,642 --> 00:06:02,770 where we can submit comments to the website. 141 00:06:02,770 --> 00:06:06,033 Many of you will have used something a bit like this before. 142 00:06:06,033 --> 00:06:08,385 Unfortunately, when this was implemented, 143 00:06:08,385 --> 00:06:10,702 the developer was slightly inebriated 144 00:06:10,702 --> 00:06:12,806 and managed to forget 145 00:06:12,806 --> 00:06:14,933 all of the secure coding practices he had learned. 146 00:06:14,933 --> 00:06:17,014 So let's imagine that our attacker, 147 00:06:17,014 --> 00:06:21,447 called Evil Hacker just for comedy value, 148 00:06:21,447 --> 00:06:24,024 inserts something a little nasty. 149 00:06:24,024 --> 00:06:25,970 This is a script. 150 00:06:25,970 --> 00:06:28,108 It's code which will be interpreted on the webpage. 151 00:06:28,108 --> 00:06:31,011 So I'm going to submit this post, 152 00:06:31,011 --> 00:06:33,553 and then, on my victim computer, 153 00:06:33,553 --> 00:06:35,980 I'm going to open up the web browser 154 00:06:35,980 --> 00:06:38,449 and browse to my website, 155 00:06:38,449 --> 00:06:41,761 www.incrediblyhacked.com. 156 00:06:41,761 --> 00:06:43,916 Notice that after a couple of seconds, 157 00:06:43,916 --> 00:06:46,219 I get redirected. 158 00:06:46,219 --> 00:06:48,442 That website address at the top there, 159 00:06:48,442 --> 00:06:50,911 which you can just about see, microshaft.com, 160 00:06:50,911 --> 00:06:54,213 the browser crashes as it hits one of these exploit pacts, 161 00:06:54,213 --> 00:06:58,128 and up pops fake anti-virus. 162 00:06:58,128 --> 00:07:02,815 This is a virus pretending to look like anti-virus software, 163 00:07:02,815 --> 00:07:05,549 and it will go through and it will scan the system, 164 00:07:05,549 --> 00:07:07,565 have a look at what is popping up here. 165 00:07:07,565 --> 00:07:09,375 It creates some very serious alerts. 166 00:07:09,375 --> 00:07:11,748 Oh look, a child porn proxy server. 167 00:07:11,748 --> 00:07:14,055 You really should clean that up. 168 00:07:14,055 --> 00:07:15,934 What's really insulting about this is 169 00:07:15,934 --> 00:07:18,972 not only does it provide the attackers with access to your data, 170 00:07:18,972 --> 00:07:21,964 but when the scan finishes, they tell you 171 00:07:21,964 --> 00:07:25,081 in order to clean up the fake viruses, 172 00:07:25,081 --> 00:07:27,748 you have to register the product. 173 00:07:27,748 --> 00:07:31,360 Now I liked it better when viruses were free. 174 00:07:31,360 --> 00:07:34,139 (Laughter) 175 00:07:34,139 --> 00:07:36,419 People now pay cybercriminals money 176 00:07:36,419 --> 00:07:39,089 to run viruses, 177 00:07:39,089 --> 00:07:41,235 which I find utterly bizarre. 178 00:07:41,235 --> 00:07:44,756 So anyway, let me change pace a little bit. 179 00:07:44,756 --> 00:07:48,401 Chasing 250,000 pieces of malware a day 180 00:07:48,401 --> 00:07:50,224 is a massive challenge, 181 00:07:50,224 --> 00:07:52,294 and those numbers are only growing 182 00:07:52,294 --> 00:07:55,681 directly in proportion to the length of my stress line, you'll note here. 183 00:07:55,681 --> 00:07:58,280 So I want to talk to you briefly 184 00:07:58,280 --> 00:08:00,699 about a group of hackers we tracked for a year 185 00:08:00,699 --> 00:08:03,106 and actually found, 186 00:08:03,106 --> 00:08:05,683 and this is a rare treat in our job. 187 00:08:05,683 --> 00:08:08,069 Now this was a cross-industry collaboration, 188 00:08:08,069 --> 00:08:10,555 people from Facebook, independent researchers, 189 00:08:10,555 --> 00:08:12,636 guys from Sophos. 190 00:08:12,636 --> 00:08:14,968 So here we have a couple of documents 191 00:08:14,968 --> 00:08:17,779 which our cybercriminals had uploaded 192 00:08:17,779 --> 00:08:22,494 to a cloud service, kind of like Dropbox or Skydrive, 193 00:08:22,494 --> 00:08:24,703 like many of you might use. 194 00:08:24,703 --> 00:08:27,849 At the top, you'll notice a section of source code. 195 00:08:27,849 --> 00:08:30,740 What this would do is send the cybercriminals 196 00:08:30,740 --> 00:08:35,488 a text message every day telling them how much money 197 00:08:35,488 --> 00:08:37,446 they'd made that day, 198 00:08:37,446 --> 00:08:40,450 so a kind of cybercriminal billings report, if you will. 199 00:08:40,450 --> 00:08:43,499 If you look closely, you'll notice a series 200 00:08:43,499 --> 00:08:46,222 of what are Russian telephone numbers. 201 00:08:46,222 --> 00:08:48,546 Now that's obviously interesting, 202 00:08:48,546 --> 00:08:51,521 because that gives us a way of finding our cybercriminals. 203 00:08:51,521 --> 00:08:53,636 Down below, highlighted in red, 204 00:08:53,636 --> 00:08:55,864 in the other section of source code, 205 00:08:55,864 --> 00:08:58,013 is this bit "leded:leded." 206 00:08:58,013 --> 00:08:59,881 That's a username, 207 00:08:59,881 --> 00:09:01,940 kind of like you might have on Twitter. 208 00:09:01,940 --> 00:09:03,786 So let's take this a little further. 209 00:09:03,786 --> 00:09:06,429 There are a few other interesting pieces 210 00:09:06,429 --> 00:09:08,566 the cybercriminals had uploaded. 211 00:09:08,566 --> 00:09:10,614 Lots of you here will use smartphones 212 00:09:10,614 --> 00:09:13,261 to take photos and post them from the conference. 213 00:09:13,261 --> 00:09:15,760 An interesting feature of lots of modern smartphones 214 00:09:15,760 --> 00:09:17,950 is that when you take a photo, 215 00:09:17,950 --> 00:09:22,068 it embeds GPS data about where that photo was taken. 216 00:09:22,068 --> 00:09:24,276 In fact, I've been spending a lot of time 217 00:09:24,276 --> 00:09:26,366 on internet dating sites recently, 218 00:09:26,366 --> 00:09:28,762 obviously for research purposes, 219 00:09:28,762 --> 00:09:31,699 and I've noticed that about 60 percent 220 00:09:31,699 --> 00:09:34,998 of the profile pictures on internet dating sites 221 00:09:34,998 --> 00:09:39,028 contain the GPS coordinates of where the photo was taken, 222 00:09:39,028 --> 00:09:41,141 which is kind of scary 223 00:09:41,141 --> 00:09:43,242 because you wouldn't give out your home address 224 00:09:43,242 --> 00:09:45,245 to lots of strangers, 225 00:09:45,245 --> 00:09:47,192 but we're happy to give away our GPS coordinates 226 00:09:47,192 --> 00:09:50,652 to plus or minus 15 meters. 227 00:09:50,652 --> 00:09:54,224 And our cybercriminals had done the same thing. 228 00:09:54,224 --> 00:09:56,767 So here's a photo which resolves to St. Petersburg. 229 00:09:56,767 --> 00:10:00,073 We then deploy the incredibly advanced hacking tool. 230 00:10:00,073 --> 00:10:02,987 We used Google. 231 00:10:02,987 --> 00:10:05,519 Using the email address, the telephone number, 232 00:10:05,519 --> 00:10:08,192 and the GPS data, on the left you see an advert 233 00:10:08,192 --> 00:10:13,046 for a BMW that one of our cybercriminals is selling, 234 00:10:13,046 --> 00:10:18,030 on the other side an advert for the sale of sphinx kittens. 235 00:10:18,030 --> 00:10:21,040 One of these was more stereotypical for me. 236 00:10:21,040 --> 00:10:25,389 A little more searching, and here's our cybercriminal. 237 00:10:25,389 --> 00:10:28,674 Imagine, these are hardened cybercriminals 238 00:10:28,674 --> 00:10:30,957 sharing information scarcely. 239 00:10:30,957 --> 00:10:32,890 Imagine what you could find 240 00:10:32,890 --> 00:10:34,794 about each of the people in this room. 241 00:10:34,794 --> 00:10:36,707 A bit more searching through the profile 242 00:10:36,707 --> 00:10:38,613 and there's a photo of their office. 243 00:10:38,613 --> 00:10:40,476 They were working on the third floor. 244 00:10:40,476 --> 00:10:42,400 And you can also see some photos 245 00:10:42,400 --> 00:10:44,296 from his business companion 246 00:10:44,296 --> 00:10:47,305 where he has a taste in a certain kind of image. 247 00:10:47,305 --> 00:10:51,469 It turns out he's a member of the Russian Adult Webmasters Federation. 248 00:10:51,469 --> 00:10:54,593 But this is where our investigation starts to slow down. 249 00:10:54,593 --> 00:10:58,536 The cybercriminals have locked down their profiles quite well. 250 00:10:58,536 --> 00:11:00,725 And herein is the greatest lesson 251 00:11:00,725 --> 00:11:05,149 of social media and mobile devices for all of us right now. 252 00:11:05,149 --> 00:11:08,865 Our friends, our families, and our colleagues 253 00:11:08,865 --> 00:11:13,568 can break our security even when we do the right things. 254 00:11:13,568 --> 00:11:16,102 This is MobSoft, one of the companies 255 00:11:16,102 --> 00:11:18,514 that this cybercriminal gang owned, 256 00:11:18,514 --> 00:11:20,550 and an interesting thing about MobSoft 257 00:11:20,550 --> 00:11:22,974 is the 50 percent owner of this 258 00:11:22,974 --> 00:11:25,275 posted a job advert, 259 00:11:25,275 --> 00:11:27,917 and this job advert matched one of the telephone numbers 260 00:11:27,917 --> 00:11:30,453 from the code earlier. 261 00:11:30,453 --> 00:11:32,578 This woman was Maria, 262 00:11:32,578 --> 00:11:35,458 and Maria is the wife of one of our cybercriminals. 263 00:11:35,458 --> 00:11:38,394 And it's kind of like she went into her social media settings 264 00:11:38,394 --> 00:11:41,173 and clicked on every option imaginable 265 00:11:41,173 --> 00:11:45,470 to make herself really, really insecure. 266 00:11:45,470 --> 00:11:47,591 By the end of the investigation, 267 00:11:47,591 --> 00:11:50,289 where you can read the full 27 page report at that link, 268 00:11:50,289 --> 00:11:52,630 we had photos of the cybercriminals, 269 00:11:52,630 --> 00:11:55,091 even the office Christmas party 270 00:11:55,091 --> 00:11:57,391 when they were out on an outing. 271 00:11:57,391 --> 00:12:00,964 That's right, cybercriminals do have Christmas parties, 272 00:12:00,964 --> 00:12:02,967 as it turns out. 273 00:12:02,967 --> 00:12:04,987 Now you're probably wondering what happened to these guys. 274 00:12:04,987 --> 00:12:07,400 Let me come back to that in just a minute. 275 00:12:07,400 --> 00:12:10,147 I want to change pace to one last little demonstration, 276 00:12:10,147 --> 00:12:14,084 a technique that is wonderfully simple and basic, 277 00:12:14,084 --> 00:12:17,181 but is interesting in exposing how much information 278 00:12:17,181 --> 00:12:19,281 we're all giving away, 279 00:12:19,281 --> 00:12:23,512 and it's relevant because it applies to us a TED audience. 280 00:12:23,512 --> 00:12:25,685 This is normally when people start kind of shuffling in their pockets 281 00:12:25,685 --> 00:12:29,058 trying to turn their phones onto airplane mode desperately. 282 00:12:29,058 --> 00:12:31,389 Many of you all know about the concept 283 00:12:31,389 --> 00:12:33,548 of scanning for wireless networks. 284 00:12:33,548 --> 00:12:37,021 You do it every time you take out your iPhone or your Blackberry 285 00:12:37,021 --> 00:12:40,953 and connect to something like TEDAttendees. 286 00:12:40,953 --> 00:12:43,100 But what you might not know 287 00:12:43,100 --> 00:12:47,544 is that you're also beaming out a list of networks 288 00:12:47,544 --> 00:12:49,873 you've previously connected to, 289 00:12:49,873 --> 00:12:53,928 even when you're not using wireless actively. 290 00:12:53,928 --> 00:12:56,147 So I ran a little scan. 291 00:12:56,147 --> 00:12:58,581 I was relatively inhibited compared to the cybercriminals, 292 00:12:58,581 --> 00:13:01,233 who wouldn't be so concerned by law, 293 00:13:01,233 --> 00:13:04,204 and here you can see my mobile device. 294 00:13:04,204 --> 00:13:06,474 Okay? So you can see a list of wireless networks. 295 00:13:06,474 --> 00:13:11,901 TEDAttendees, HyattLB. Where do you think I'm staying? 296 00:13:11,901 --> 00:13:14,778 My home network, PrettyFlyForAWifi, 297 00:13:14,778 --> 00:13:17,062 which I think is a great name. 298 00:13:17,062 --> 00:13:19,695 Sophos_Visitors, SANSEMEA, companies I work with. 299 00:13:19,695 --> 00:13:22,557 Loganwifi, that's in Boston. HiltonLondon. 300 00:13:22,557 --> 00:13:24,859 CIASurveillanceVan. 301 00:13:24,859 --> 00:13:27,053 We called it that at one of our conferences 302 00:13:27,053 --> 00:13:29,022 because we thought that would freak people out, 303 00:13:29,022 --> 00:13:31,002 which is quite fun. 304 00:13:31,002 --> 00:13:32,904 This is how geeks party. 305 00:13:32,904 --> 00:13:35,030 (Laughter) 306 00:13:35,030 --> 00:13:36,864 So let's make this a little bit more interesting. 307 00:13:36,864 --> 00:13:39,294 Let's talk about you. 308 00:13:39,294 --> 00:13:42,327 Twenty-three percent of you have been to Starbucks 309 00:13:42,327 --> 00:13:44,903 recently and used the wireless network. 310 00:13:44,903 --> 00:13:46,960 Things get more interesting. 311 00:13:46,960 --> 00:13:49,016 Forty-six percent of you I could link to a business, 312 00:13:49,016 --> 00:13:51,706 xyzemployee network. 313 00:13:51,706 --> 00:13:55,485 This isn't an exact science, but it gets pretty accurate. 314 00:13:55,485 --> 00:14:00,097 761 of you I could identify a hotel you'd been to recently, 315 00:14:00,097 --> 00:14:04,193 absolutely with pinpoint precision somewhere in the globe. 316 00:14:04,193 --> 00:14:07,895 234 of you, well, I know where you live. 317 00:14:07,895 --> 00:14:10,460 Your wireless network name is so unique 318 00:14:10,460 --> 00:14:12,486 that I was able to pinpoint it 319 00:14:12,486 --> 00:14:14,816 using data available openly on the internet 320 00:14:14,816 --> 00:14:18,540 with no hacking or clever, clever tricks. 321 00:14:18,540 --> 00:14:20,575 And I should mention as well that 322 00:14:20,575 --> 00:14:22,656 some of you do use your names, 323 00:14:22,656 --> 00:14:25,059 "James Lyne's iPhone," for example. 324 00:14:25,059 --> 00:14:29,024 And two percent of you have a tendency to extreme profanity. 325 00:14:29,024 --> 00:14:31,244 So something for you to think about: 326 00:14:31,244 --> 00:14:35,157 as we adopt these new applications and mobile devices, 327 00:14:35,157 --> 00:14:37,474 as we play with these shiny new toys, 328 00:14:37,474 --> 00:14:40,129 how much are we trading off convenience 329 00:14:40,129 --> 00:14:44,186 for privacy and security? 330 00:14:44,186 --> 00:14:46,244 Next time you install something, 331 00:14:46,244 --> 00:14:48,548 look at the settings and ask yourself, 332 00:14:48,548 --> 00:14:52,100 "Is this information that I want to share? 333 00:14:52,100 --> 00:14:54,990 Would someone be able to abuse it?" 334 00:14:54,990 --> 00:14:57,309 We also need to think very carefully 335 00:14:57,309 --> 00:15:00,819 about how we develop our future talent pool. 336 00:15:00,819 --> 00:15:04,026 You see, technology's changing at a staggering rate, 337 00:15:04,026 --> 00:15:07,112 and that 250,000 pieces of malware 338 00:15:07,112 --> 00:15:10,023 won't stay the same for long. 339 00:15:10,023 --> 00:15:12,275 There's a very concerning trend 340 00:15:12,275 --> 00:15:16,729 that whilst many people coming out of schools now 341 00:15:16,729 --> 00:15:20,051 are much more technology-savvy, they know how to use technology, 342 00:15:20,051 --> 00:15:23,277 fewer and fewer people are following the feeder subjects 343 00:15:23,277 --> 00:15:28,247 to know how that technology works under the covers. 344 00:15:28,247 --> 00:15:32,109 In the U.K., a 60 percent reduction since 2003, 345 00:15:32,109 --> 00:15:36,130 and there are similar statistics all over the world. 346 00:15:36,130 --> 00:15:39,453 We also need to think about the legal issues in this area. 347 00:15:39,453 --> 00:15:42,078 The cybercriminals I talked about, 348 00:15:42,078 --> 00:15:44,149 despite theft of millions of dollars, 349 00:15:44,149 --> 00:15:46,197 actually still haven't been arrested, 350 00:15:46,197 --> 00:15:49,540 and at this point possibly never will. 351 00:15:49,540 --> 00:15:53,078 Most laws are national in their implementation, 352 00:15:53,078 --> 00:15:55,579 despite cybercrime conventions, where the internet 353 00:15:55,579 --> 00:16:00,145 is borderless and international by definition. 354 00:16:00,145 --> 00:16:02,702 Countries do not agree, which makes this area 355 00:16:02,702 --> 00:16:06,796 exceptionally challenging from a legal perspective. 356 00:16:06,796 --> 00:16:10,525 But my biggest ask is this: 357 00:16:10,525 --> 00:16:12,828 you see, you're going to leave here 358 00:16:12,828 --> 00:16:15,853 and you're going to see some astonishing stories in the news. 359 00:16:15,853 --> 00:16:18,258 You're going to read about malware doing incredible 360 00:16:18,258 --> 00:16:21,411 and terrifying, scary things. 361 00:16:21,411 --> 00:16:24,787 However, 99 percent of it works 362 00:16:24,787 --> 00:16:29,392 because people fail to do the basics. 363 00:16:29,392 --> 00:16:32,784 So my ask is this: go online, 364 00:16:32,784 --> 00:16:35,259 find these simple best practices, 365 00:16:35,259 --> 00:16:37,859 find out how to update and patch your computer. 366 00:16:37,859 --> 00:16:39,933 Get a secure password. 367 00:16:39,933 --> 00:16:41,864 Make sure you use a different password 368 00:16:41,864 --> 00:16:44,521 on each of your sites and services online. 369 00:16:44,521 --> 00:16:47,334 Find these resources. Apply them. 370 00:16:47,334 --> 00:16:50,036 The internet is a fantastic resource 371 00:16:50,036 --> 00:16:52,333 for business, for political expression, 372 00:16:52,333 --> 00:16:54,771 for art, and for learning. 373 00:16:54,771 --> 00:16:57,231 Help me and the security community 374 00:16:57,231 --> 00:17:01,016 make life much, much more difficult 375 00:17:01,016 --> 00:17:03,085 for cybercriminals. 376 00:17:03,085 --> 00:17:05,240 Thank you. 377 00:17:05,240 --> 00:17:09,240 (Applause)