WEBVTT 00:00:00.713 --> 00:00:02.345 I'm going to be showing some of the cybercriminals' 00:00:02.345 --> 00:00:04.807 latest and nastiest creations. 00:00:04.807 --> 00:00:07.715 So basically, please don't go and download 00:00:07.715 --> 00:00:10.411 any of the viruses that I show you. NOTE Paragraph 00:00:10.411 --> 00:00:13.429 Some of you might be wondering what a cybersecurity specialist looks like, 00:00:13.429 --> 00:00:15.598 and I thought I'd give you a quick insight 00:00:15.598 --> 00:00:18.276 into my career so far. 00:00:18.276 --> 00:00:20.777 It's a pretty accurate description. 00:00:20.777 --> 00:00:22.433 This is what someone that specializes 00:00:22.433 --> 00:00:24.853 in malware and hacking looks like. NOTE Paragraph 00:00:24.853 --> 00:00:28.267 So today, computer viruses and trojans, 00:00:28.267 --> 00:00:31.147 designed to do everything from stealing data 00:00:31.147 --> 00:00:33.188 to watching you in your webcam 00:00:33.188 --> 00:00:35.966 to the theft of billions of dollars. 00:00:35.966 --> 00:00:38.161 Some malicious code today goes as far 00:00:38.161 --> 00:00:42.304 as targeting power, utilities and infrastructure. NOTE Paragraph 00:00:42.304 --> 00:00:44.265 Let me give you a quick snapshot 00:00:44.265 --> 00:00:46.879 of what malicious code is capable of today. 00:00:46.879 --> 00:00:49.949 Right now, every second, eight new users 00:00:49.949 --> 00:00:52.104 are joining the Internet. 00:00:52.104 --> 00:00:59.412 Today, we will see 250,000 individual new computer viruses. 00:00:59.412 --> 00:01:05.185 We will see 30,000 new infected websites. 00:01:05.185 --> 00:01:07.271 And, just to kind of tear down a myth here, 00:01:07.271 --> 00:01:09.759 lots of people think that when you get infected 00:01:09.759 --> 00:01:13.210 with a computer virus, it's because you went to a porn site. 00:01:13.210 --> 00:01:15.653 Right? Well, actually, statistically speaking, 00:01:15.653 --> 00:01:18.778 if you only visit porn sites, you're safer. 00:01:18.778 --> 00:01:21.780 People normally write that down, by the way. (Laughter) 00:01:21.780 --> 00:01:23.342 Actually, about 80 percent of these 00:01:23.342 --> 00:01:26.855 are small business websites getting infected. NOTE Paragraph 00:01:26.855 --> 00:01:29.140 Today's cybercriminal, what do they look like? 00:01:29.140 --> 00:01:31.566 Well, many of you have the image, don't you, 00:01:31.566 --> 00:01:33.742 of the spotty teenager sitting in a basement, 00:01:33.742 --> 00:01:36.130 hacking away for notoriety. 00:01:36.130 --> 00:01:37.753 But actually today, cybercriminals 00:01:37.753 --> 00:01:41.064 are wonderfully professional and organized. 00:01:41.064 --> 00:01:43.935 In fact, they have product adverts. 00:01:43.935 --> 00:01:46.066 You can go online and buy a hacking service 00:01:46.066 --> 00:01:48.215 to knock your business competitor offline. 00:01:48.215 --> 00:01:49.774 Check out this one I found. NOTE Paragraph 00:01:49.774 --> 00:01:51.593 (Video) Man: So you're here for one reason, 00:01:51.593 --> 00:01:53.058 and that reason is 00:01:53.058 --> 00:01:54.970 because you need your business competitors, 00:01:54.970 --> 00:01:58.922 rivals, haters, or whatever the reason is, or who, 00:01:58.922 --> 00:02:00.666 they are to go down. 00:02:00.666 --> 00:02:03.526 Well you, my friend, you've came to the right place. 00:02:03.526 --> 00:02:05.942 If you want your business competitors to go down, 00:02:05.942 --> 00:02:07.278 well, they can. 00:02:07.278 --> 00:02:10.702 If you want your rivals to go offline, well, they will. 00:02:10.702 --> 00:02:13.729 Not only that, we are providing a short-term-to-long-term 00:02:13.729 --> 00:02:16.084 DDOS service or scheduled attack, 00:02:16.084 --> 00:02:19.895 starting five dollars per hour for small personal websites 00:02:19.895 --> 00:02:22.799 to 10 to 50 dollars per hour. NOTE Paragraph 00:02:22.799 --> 00:02:24.122 James Lyne: Now, I did actually pay 00:02:24.122 --> 00:02:26.915 one of these cybercriminals to attack my own website. 00:02:26.915 --> 00:02:30.409 Things got a bit tricky when I tried to expense it at the company. 00:02:30.409 --> 00:02:32.123 Turns out that's not cool. 00:02:32.123 --> 00:02:35.133 But regardless, it's amazing how many products 00:02:35.133 --> 00:02:38.245 and services are available now to cybercriminals. 00:02:38.245 --> 00:02:40.721 For example, this testing platform, 00:02:40.721 --> 00:02:42.436 which enables the cybercriminals 00:02:42.436 --> 00:02:44.918 to test the quality of their viruses 00:02:44.918 --> 00:02:47.370 before they release them on the world. 00:02:47.370 --> 00:02:49.327 For a small fee, they can upload it 00:02:49.327 --> 00:02:50.993 and make sure everything is good. NOTE Paragraph 00:02:50.993 --> 00:02:52.526 But it goes further. 00:02:52.526 --> 00:02:54.771 Cybercriminals now have crime packs 00:02:54.771 --> 00:02:57.890 with business intelligence reporting dashboards 00:02:57.890 --> 00:03:01.366 to manage the distribution of their malicious code. 00:03:01.366 --> 00:03:04.894 This is the market leader in malware distribution, 00:03:04.894 --> 00:03:06.532 the Black Hole Exploit Pack, 00:03:06.532 --> 00:03:10.191 responsible for nearly one third of malware distribution 00:03:10.191 --> 00:03:12.165 in the last couple of quarters. 00:03:12.165 --> 00:03:15.174 It comes with technical installation guides, 00:03:15.174 --> 00:03:16.219 video setup routines, 00:03:16.219 --> 00:03:20.174 and get this, technical support. 00:03:20.174 --> 00:03:22.562 You can email the cybercriminals and they'll tell you 00:03:22.562 --> 00:03:26.184 how to set up your illegal hacking server. NOTE Paragraph 00:03:26.184 --> 00:03:30.468 So let me show you what malicious code looks like today. 00:03:30.468 --> 00:03:32.780 What I've got here is two systems, 00:03:32.780 --> 00:03:36.470 an attacker, which I've made look all Matrix-y and scary, 00:03:36.470 --> 00:03:39.772 and a victim, which you might recognize from home or work. 00:03:39.772 --> 00:03:42.501 Now normally, these would be on different sides 00:03:42.501 --> 00:03:45.056 of the planet or of the Internet, 00:03:45.056 --> 00:03:46.452 but I've put them side by side 00:03:46.452 --> 00:03:49.116 because it makes things much more interesting. NOTE Paragraph 00:03:49.116 --> 00:03:51.171 Now, there are many ways you can get infected. 00:03:51.171 --> 00:03:53.763 You will have come in contact with some of them. 00:03:53.763 --> 00:03:55.859 Maybe some of you have received an email 00:03:55.859 --> 00:03:59.944 that says something like, "Hi, I'm a Nigerian banker, 00:03:59.944 --> 00:04:02.708 and I'd like to give you 53 billion dollars 00:04:02.708 --> 00:04:05.135 because I like your face." 00:04:05.135 --> 00:04:08.529 Or funnycats.exe, which rumor has it 00:04:08.529 --> 00:04:12.298 was quite successful in China's recent campaign against America. NOTE Paragraph 00:04:12.298 --> 00:04:14.728 Now there are many ways you can get infected. 00:04:14.728 --> 00:04:16.715 I want to show you a couple of my favorites. 00:04:16.715 --> 00:04:19.375 This is a little USB key. 00:04:19.375 --> 00:04:21.532 Now how do you get a USB key to run in a business? 00:04:21.532 --> 00:04:25.657 Well, you could try looking really cute. 00:04:25.657 --> 00:04:27.595 Awww. 00:04:27.595 --> 00:04:29.958 Or, in my case, awkward and pathetic. 00:04:29.958 --> 00:04:34.147 So imagine this scenario: I walk into one of your businesses, 00:04:34.147 --> 00:04:36.989 looking very awkward and pathetic, with a copy of my C.V. 00:04:36.989 --> 00:04:38.888 which I've covered in coffee, 00:04:38.888 --> 00:04:42.275 and I ask the receptionist to plug in this USB key 00:04:42.275 --> 00:04:44.224 and print me a new one. 00:04:44.224 --> 00:04:47.454 So let's have a look here on my victim computer. 00:04:47.454 --> 00:04:50.700 What I'm going to do is plug in the USB key. 00:04:50.700 --> 00:04:52.190 After a couple of seconds, 00:04:52.190 --> 00:04:54.941 things start to happen on the computer on their own, 00:04:54.941 --> 00:04:56.876 usually a bad sign. 00:04:56.876 --> 00:04:58.570 This would, of course, normally happen 00:04:58.570 --> 00:05:01.328 in a couple of seconds, really, really quickly, 00:05:01.328 --> 00:05:02.988 but I've kind of slowed it down 00:05:02.988 --> 00:05:05.818 so you can actually see the attack occurring. 00:05:05.818 --> 00:05:08.335 Malware is very boring otherwise. 00:05:08.335 --> 00:05:10.932 So this is writing out the malicious code, 00:05:10.932 --> 00:05:14.729 and a few seconds later, on the left-hand side, 00:05:14.729 --> 00:05:19.027 you'll see the attacker's screen get some interesting new text. 00:05:19.027 --> 00:05:20.958 Now if I place the mouse cursor over it, 00:05:20.958 --> 00:05:23.265 this is what we call a command prompt, 00:05:23.265 --> 00:05:27.062 and using this we can navigate around the computer. 00:05:27.062 --> 00:05:29.221 We can access your documents, your data. 00:05:29.221 --> 00:05:30.722 You can turn on the webcam. 00:05:30.722 --> 00:05:32.351 That can be very embarrassing. 00:05:32.351 --> 00:05:34.074 Or just to really prove a point, 00:05:34.074 --> 00:05:37.195 we can launch programs like my personal favorite, 00:05:37.195 --> 00:05:40.000 the Windows Calculator. NOTE Paragraph 00:05:40.000 --> 00:05:42.288 So isn't it amazing how much control 00:05:42.288 --> 00:05:45.183 the attackers can get with such a simple operation? 00:05:45.183 --> 00:05:47.114 Let me show you how most malware 00:05:47.114 --> 00:05:49.297 is now distributed today. 00:05:49.297 --> 00:05:51.817 What I'm going to do is open up a website 00:05:51.817 --> 00:05:53.133 that I wrote. 00:05:53.133 --> 00:05:57.448 It's a terrible website. It's got really awful graphics. 00:05:57.448 --> 00:05:59.642 And it's got a comments section here 00:05:59.642 --> 00:06:03.323 where we can submit comments to the website. 00:06:03.323 --> 00:06:06.330 Many of you will have used something a bit like this before. 00:06:06.330 --> 00:06:08.277 Unfortunately, when this was implemented, 00:06:08.277 --> 00:06:10.702 the developer was slightly inebriated 00:06:10.702 --> 00:06:11.944 and managed to forget 00:06:11.944 --> 00:06:14.933 all of the secure coding practices he had learned. 00:06:14.933 --> 00:06:17.999 So let's imagine that our attacker, 00:06:17.999 --> 00:06:21.447 called Evil Hacker just for comedy value, 00:06:21.447 --> 00:06:23.470 inserts something a little nasty. 00:06:23.470 --> 00:06:25.169 This is a script. 00:06:25.169 --> 00:06:29.246 It's code which will be interpreted on the webpage. 00:06:29.246 --> 00:06:31.571 So I'm going to submit this post, 00:06:31.571 --> 00:06:33.953 and then, on my victim computer, 00:06:33.953 --> 00:06:35.980 I'm going to open up the web browser 00:06:35.980 --> 00:06:38.233 and browse to my website, 00:06:38.233 --> 00:06:42.022 www.incrediblyhacked.com. 00:06:42.022 --> 00:06:44.146 Notice that after a couple of seconds, 00:06:44.146 --> 00:06:45.603 I get redirected. 00:06:45.603 --> 00:06:47.580 That website address at the top there, 00:06:47.580 --> 00:06:50.911 which you can just about see, microshaft.com, 00:06:50.911 --> 00:06:54.104 the browser crashes as it hits one of these exploit packs, 00:06:54.104 --> 00:06:58.128 and up pops fake antivirus. 00:06:58.128 --> 00:07:03.184 This is a virus pretending to look like antivirus software, 00:07:03.184 --> 00:07:05.549 and it will go through and it will scan the system, 00:07:05.549 --> 00:07:07.057 have a look at what its popping up here. 00:07:07.057 --> 00:07:08.805 It creates some very serious alerts. 00:07:08.805 --> 00:07:11.148 Oh look, a child porn proxy server. 00:07:11.148 --> 00:07:13.580 We really should clean that up. 00:07:13.580 --> 00:07:15.164 What's really insulting about this is 00:07:15.164 --> 00:07:19.402 not only does it provide the attackers with access to your data, 00:07:19.402 --> 00:07:22.225 but when the scan finishes, they tell you 00:07:22.225 --> 00:07:25.348 in order to clean up the fake viruses, 00:07:25.348 --> 00:07:28.024 you have to register the product. 00:07:28.024 --> 00:07:31.360 Now I liked it better when viruses were free. 00:07:31.360 --> 00:07:34.139 (Laughter) 00:07:34.139 --> 00:07:36.665 People now pay cybercriminals money 00:07:36.665 --> 00:07:38.766 to run viruses, 00:07:38.766 --> 00:07:41.527 which I find utterly bizarre. NOTE Paragraph 00:07:41.527 --> 00:07:45.063 So anyway, let me change pace a little bit. 00:07:45.063 --> 00:07:48.569 Chasing 250,000 pieces of malware a day 00:07:48.569 --> 00:07:50.224 is a massive challenge, 00:07:50.224 --> 00:07:52.294 and those numbers are only growing 00:07:52.294 --> 00:07:56.173 directly in proportion to the length of my stress line, you'll note here. 00:07:56.173 --> 00:07:58.049 So I want to talk to you briefly 00:07:58.049 --> 00:08:01.099 about a group of hackers we tracked for a year 00:08:01.099 --> 00:08:03.106 and actually found -- 00:08:03.106 --> 00:08:05.683 and this is a rare treat in our job. 00:08:05.683 --> 00:08:08.166 Now this was a cross-industry collaboration, 00:08:08.166 --> 00:08:10.555 people from Facebook, independent researchers, 00:08:10.555 --> 00:08:12.636 guys from Sophos. 00:08:12.636 --> 00:08:15.291 So here we have a couple of documents 00:08:15.291 --> 00:08:18.117 which our cybercriminals had uploaded 00:08:18.117 --> 00:08:22.494 to a cloud service, kind of like Dropbox or SkyDrive, 00:08:22.494 --> 00:08:24.703 like many of you might use. 00:08:24.703 --> 00:08:28.095 At the top, you'll notice a section of source code. 00:08:28.095 --> 00:08:31.063 What this would do is send the cybercriminals 00:08:31.063 --> 00:08:36.103 a text message every day telling them how much money 00:08:36.103 --> 00:08:37.769 they'd made that day, 00:08:37.769 --> 00:08:41.065 so a kind of cybercriminal billings report, if you will. 00:08:41.065 --> 00:08:43.822 If you look closely, you'll notice a series 00:08:43.822 --> 00:08:46.805 of what are Russian telephone numbers. 00:08:46.805 --> 00:08:48.284 Now that's obviously interesting, 00:08:48.284 --> 00:08:51.521 because that gives us a way of finding our cybercriminals. 00:08:51.521 --> 00:08:53.636 Down below, highlighted in red, 00:08:53.636 --> 00:08:55.387 in the other section of source code, 00:08:55.387 --> 00:08:58.130 is this bit "leded:leded." 00:08:58.130 --> 00:08:59.419 That's a username, 00:08:59.419 --> 00:09:02.278 kind of like you might have on Twitter. NOTE Paragraph 00:09:02.278 --> 00:09:03.509 So let's take this a little further. 00:09:03.509 --> 00:09:05.767 There are a few other interesting pieces 00:09:05.767 --> 00:09:08.042 the cybercriminals had uploaded. 00:09:08.042 --> 00:09:10.614 Lots of you here will use smartphones 00:09:10.614 --> 00:09:13.261 to take photos and post them from the conference. 00:09:13.261 --> 00:09:16.098 An interesting feature of lots of modern smartphones 00:09:16.098 --> 00:09:17.765 is that when you take a photo, 00:09:17.765 --> 00:09:22.002 it embeds GPS data about where that photo was taken. 00:09:22.002 --> 00:09:24.445 In fact, I've been spending a lot of time 00:09:24.445 --> 00:09:26.689 on Internet dating sites recently, 00:09:26.689 --> 00:09:29.100 obviously for research purposes, 00:09:29.100 --> 00:09:32.621 and I've noticed that about 60 percent 00:09:32.621 --> 00:09:35.444 of the profile pictures on Internet dating sites 00:09:35.444 --> 00:09:39.895 contain the GPS coordinates of where the photo was taken, 00:09:39.895 --> 00:09:40.956 which is kind of scary 00:09:40.956 --> 00:09:43.518 because you wouldn't give out your home address 00:09:43.518 --> 00:09:44.967 to lots of strangers, 00:09:44.967 --> 00:09:46.961 but we're happy to give away our GPS coordinates 00:09:46.961 --> 00:09:50.990 to plus or minus 15 meters. 00:09:50.990 --> 00:09:54.224 And our cybercriminals had done the same thing. 00:09:54.224 --> 00:09:57.428 So here's a photo which resolves to St. Petersburg. 00:09:57.428 --> 00:10:01.114 We then deploy the incredibly advanced hacking tool. 00:10:01.114 --> 00:10:03.509 We used Google. 00:10:03.509 --> 00:10:05.734 Using the email address, the telephone number 00:10:05.734 --> 00:10:09.283 and the GPS data, on the left you see an advert 00:10:09.283 --> 00:10:12.952 for a BMW that one of our cybercriminals is selling, 00:10:12.952 --> 00:10:18.300 on the other side an advert for the sale of sphynx kittens. 00:10:18.300 --> 00:10:21.400 One of these was more stereotypical for me. 00:10:21.400 --> 00:10:25.389 A little more searching, and here's our cybercriminal. 00:10:25.389 --> 00:10:28.935 Imagine, these are hardened cybercriminals 00:10:28.935 --> 00:10:30.803 sharing information scarcely. 00:10:30.803 --> 00:10:31.951 Imagine what you could find 00:10:31.951 --> 00:10:33.654 about each of the people in this room. 00:10:33.654 --> 00:10:35.460 A bit more searching through the profile 00:10:35.460 --> 00:10:37.320 and there's a photo of their office. 00:10:37.320 --> 00:10:39.368 They were working on the third floor. 00:10:39.368 --> 00:10:41.567 And you can also see some photos 00:10:41.567 --> 00:10:42.742 from his business companion 00:10:42.742 --> 00:10:47.581 where he has a taste in a certain kind of image. 00:10:47.581 --> 00:10:51.576 It turns out he's a member of the Russian Adult Webmasters Federation. NOTE Paragraph 00:10:51.576 --> 00:10:54.593 But this is where our investigation starts to slow down. 00:10:54.593 --> 00:10:58.536 The cybercriminals have locked down their profiles quite well. 00:10:58.536 --> 00:11:00.571 And herein is the greatest lesson 00:11:00.571 --> 00:11:05.149 of social media and mobile devices for all of us right now. 00:11:05.149 --> 00:11:08.879 Our friends, our families and our colleagues 00:11:08.879 --> 00:11:13.568 can break our security even when we do the right things. 00:11:13.568 --> 00:11:16.348 This is MobSoft, one of the companies 00:11:16.348 --> 00:11:18.514 that this cybercriminal gang owned, 00:11:18.514 --> 00:11:20.103 and an interesting thing about MobSoft 00:11:20.103 --> 00:11:22.974 is the 50-percent owner of this 00:11:22.974 --> 00:11:24.921 posted a job advert, 00:11:24.921 --> 00:11:28.301 and this job advert matched one of the telephone numbers 00:11:28.301 --> 00:11:30.453 from the code earlier. 00:11:30.453 --> 00:11:32.578 This woman was Maria, 00:11:32.578 --> 00:11:35.458 and Maria is the wife of one of our cybercriminals. 00:11:35.458 --> 00:11:38.978 And it's kind of like she went into her social media settings 00:11:38.978 --> 00:11:41.773 and clicked on every option imaginable 00:11:41.773 --> 00:11:45.470 to make herself really, really insecure. 00:11:45.470 --> 00:11:47.037 By the end of the investigation, 00:11:47.037 --> 00:11:50.596 where you can read the full 27-page report at that link, 00:11:50.596 --> 00:11:52.630 we had photos of the cybercriminals, 00:11:52.630 --> 00:11:55.525 even the office Christmas party 00:11:55.525 --> 00:11:57.391 when they were out on an outing. 00:11:57.391 --> 00:12:00.640 That's right, cybercriminals do have Christmas parties, 00:12:00.640 --> 00:12:02.228 as it turns out. 00:12:02.228 --> 00:12:04.463 Now you're probably wondering what happened to these guys. 00:12:04.463 --> 00:12:07.400 Let me come back to that in just a minute. NOTE Paragraph 00:12:07.400 --> 00:12:10.147 I want to change pace to one last little demonstration, 00:12:10.147 --> 00:12:14.116 a technique that is wonderfully simple and basic, 00:12:14.116 --> 00:12:17.181 but is interesting in exposing how much information 00:12:17.181 --> 00:12:18.957 we're all giving away, 00:12:18.957 --> 00:12:23.235 and it's relevant because it applies to us as a TED audience. 00:12:23.235 --> 00:12:25.685 This is normally when people start kind of shuffling in their pockets 00:12:25.685 --> 00:12:29.903 trying to turn their phones onto airplane mode desperately. NOTE Paragraph 00:12:29.903 --> 00:12:31.589 Many of you all know about the concept 00:12:31.589 --> 00:12:33.932 of scanning for wireless networks. 00:12:33.932 --> 00:12:37.333 You do it every time you take out your iPhone or your Blackberry 00:12:37.333 --> 00:12:41.353 and connect to something like TEDAttendees. 00:12:41.353 --> 00:12:43.100 But what you might not know 00:12:43.100 --> 00:12:47.851 is that you're also beaming out a list of networks 00:12:47.851 --> 00:12:50.273 you've previously connected to, 00:12:50.273 --> 00:12:54.420 even when you're not using wireless actively. 00:12:54.420 --> 00:12:56.147 So I ran a little scan. 00:12:56.147 --> 00:12:59.073 I was relatively inhibited compared to the cybercriminals, 00:12:59.073 --> 00:13:01.617 who wouldn't be so concerned by law, 00:13:01.617 --> 00:13:04.204 and here you can see my mobile device. 00:13:04.204 --> 00:13:06.858 Okay? So you can see a list of wireless networks. 00:13:06.858 --> 00:13:11.485 TEDAttendees, HyattLB. Where do you think I'm staying? 00:13:11.485 --> 00:13:14.978 My home network, PrettyFlyForAWifi, 00:13:14.978 --> 00:13:16.743 which I think is a great name. 00:13:16.743 --> 00:13:19.510 Sophos_Visitors, SANSEMEA, companies I work with. 00:13:19.510 --> 00:13:22.818 Loganwifi, that's in Boston. HiltonLondon. 00:13:22.818 --> 00:13:25.259 CIASurveillanceVan. 00:13:25.259 --> 00:13:26.868 We called it that at one of our conferences 00:13:26.868 --> 00:13:28.604 because we thought that would freak people out, 00:13:28.604 --> 00:13:30.598 which is quite fun. 00:13:30.598 --> 00:13:35.256 This is how geeks party. NOTE Paragraph 00:13:35.256 --> 00:13:37.463 So let's make this a little bit more interesting. 00:13:37.463 --> 00:13:40.001 Let's talk about you. 00:13:40.001 --> 00:13:42.111 Twenty-three percent of you have been to Starbucks 00:13:42.111 --> 00:13:45.226 recently and used the wireless network. 00:13:45.226 --> 00:13:46.390 Things get more interesting. 00:13:46.390 --> 00:13:48.836 Forty-six percent of you I could link to a business, 00:13:48.836 --> 00:13:51.706 XYZ Employee network. 00:13:51.706 --> 00:13:55.885 This isn't an exact science, but it gets pretty accurate. 00:13:55.885 --> 00:14:00.354 Seven hundred and sixty-one of you I could identify a hotel you'd been to recently, 00:14:00.354 --> 00:14:04.193 absolutely with pinpoint precision somewhere on the globe. 00:14:04.193 --> 00:14:08.141 Two hundred and thirty-four of you, well, I know where you live. 00:14:08.141 --> 00:14:10.460 Your wireless network name is so unique 00:14:10.460 --> 00:14:12.009 that I was able to pinpoint it 00:14:12.009 --> 00:14:14.676 using data available openly on the Internet 00:14:14.676 --> 00:14:18.924 with no hacking or clever, clever tricks. 00:14:18.924 --> 00:14:20.744 And I should mention as well that 00:14:20.744 --> 00:14:22.286 some of you do use your names, 00:14:22.286 --> 00:14:24.882 "James Lyne's iPhone," for example. 00:14:24.882 --> 00:14:29.240 And two percent of you have a tendency to extreme profanity. NOTE Paragraph 00:14:29.240 --> 00:14:31.244 So something for you to think about: 00:14:31.244 --> 00:14:35.157 As we adopt these new applications and mobile devices, 00:14:35.157 --> 00:14:37.474 as we play with these shiny new toys, 00:14:37.474 --> 00:14:41.296 how much are we trading off convenience 00:14:41.296 --> 00:14:44.186 for privacy and security? 00:14:44.186 --> 00:14:46.244 Next time you install something, 00:14:46.244 --> 00:14:48.548 look at the settings and ask yourself, 00:14:48.548 --> 00:14:52.100 "Is this information that I want to share? 00:14:52.100 --> 00:14:54.990 Would someone be able to abuse it?" NOTE Paragraph 00:14:54.990 --> 00:14:57.062 We also need to think very carefully 00:14:57.062 --> 00:15:01.203 about how we develop our future talent pool. 00:15:01.203 --> 00:15:04.182 You see, technology's changing at a staggering rate, 00:15:04.182 --> 00:15:07.358 and that 250,000 pieces of malware 00:15:07.358 --> 00:15:10.230 won't stay the same for long. 00:15:10.230 --> 00:15:12.428 There's a very concerning trend 00:15:12.428 --> 00:15:15.621 that whilst many people coming out of schools now 00:15:15.621 --> 00:15:20.033 are much more technology-savvy, they know how to use technology, 00:15:20.033 --> 00:15:23.646 fewer and fewer people are following the feeder subjects 00:15:23.646 --> 00:15:27.970 to know how that technology works under the covers. 00:15:27.970 --> 00:15:32.355 In the U.K., a 60 percent reduction since 2003, 00:15:32.355 --> 00:15:36.130 and there are similar statistics all over the world. NOTE Paragraph 00:15:36.130 --> 00:15:40.206 We also need to think about the legal issues in this area. 00:15:40.206 --> 00:15:41.733 The cybercriminals I talked about, 00:15:41.733 --> 00:15:43.872 despite theft of millions of dollars, 00:15:43.872 --> 00:15:45.981 actually still haven't been arrested, 00:15:45.981 --> 00:15:49.540 and at this point possibly never will. 00:15:49.540 --> 00:15:53.040 Most laws are national in their implementation, 00:15:53.040 --> 00:15:57.039 despite cybercrime conventions, where the Internet 00:15:57.039 --> 00:16:00.145 is borderless and international by definition. 00:16:00.145 --> 00:16:02.978 Countries do not agree, which makes this area 00:16:02.978 --> 00:16:06.595 exceptionally challenging from a legal perspective. NOTE Paragraph 00:16:06.595 --> 00:16:10.955 But my biggest ask is this: 00:16:10.955 --> 00:16:12.597 You see, you're going to leave here 00:16:12.597 --> 00:16:16.314 and you're going to see some astonishing stories in the news. 00:16:16.314 --> 00:16:18.488 You're going to read about malware doing incredible 00:16:18.488 --> 00:16:21.749 and terrifying, scary things. 00:16:21.749 --> 00:16:25.678 However, 99 percent of it works 00:16:25.678 --> 00:16:29.868 because people fail to do the basics. 00:16:29.868 --> 00:16:32.890 So my ask is this: Go online, 00:16:32.890 --> 00:16:35.535 find these simple best practices, 00:16:35.535 --> 00:16:38.089 find out how to update and patch your computer. 00:16:38.089 --> 00:16:39.640 Get a secure password. 00:16:39.640 --> 00:16:41.170 Make sure you use a different password 00:16:41.170 --> 00:16:44.521 on each of your sites and services online. 00:16:44.521 --> 00:16:47.764 Find these resources. Apply them. NOTE Paragraph 00:16:47.764 --> 00:16:50.375 The Internet is a fantastic resource 00:16:50.375 --> 00:16:52.440 for business, for political expression, 00:16:52.440 --> 00:16:54.771 for art and for learning. 00:16:54.771 --> 00:16:57.953 Help me and the security community 00:16:57.953 --> 00:17:01.421 make life much, much more difficult 00:17:01.421 --> 00:17:03.373 for cybercriminals. NOTE Paragraph 00:17:03.373 --> 00:17:04.701 Thank you. NOTE Paragraph 00:17:04.701 --> 00:17:09.240 (Applause)