Placeholder Image

字幕列表 影片播放

  • Four years ago, a security researcher,

    四年前,一位安全研究員,

  • or, as most people would call it, a hacker,

    或者,大部分人會稱之為駭客,

  • found a way to literally

    找到一個讓自動提款機

  • make ATMs throw money at him.

    向他吐鈔的方法,

  • His name was Barnaby Jack,

    他的名字叫巴拿比傑克(Barnaby Jack),

  • and this technique was later called "jackpotting"

    而這個技巧後來被稱為「傑克的大奬」,

  • in his honor.

    以表揚他的貢獻。

  • I'm here today because I think

    今天,我到這裡來,是因為我認為

  • we actually need hackers.

    我們其實很需要駭客,

  • Barnaby Jack could have easily turned

    巴拿比傑克所擁有的能力

  • into a career criminal or James Bond villain

    很容易會讓他成為一個職業罪犯,

  • with his knowledge,

    或是占士邦電影中的反派角色,

  • but he chose to show the world

    但他反而選擇向世界

  • his research instead.

    展現他的研究。

  • He believed that sometimes

    他相信有時候,

  • you have to demo a threat

    你必須展現一種威脅,

  • to spark a solution,

    才能激發出一個解決的方案。

  • and I feel the same way.

    我也抱持同樣的看法,

  • That's why I'm here today.

    這是我今天在這裡的原因。

  • We are often terrified and fascinated

    我們常常害怕駭客的能力

  • by the power hackers now have.

    或對之感到著迷,

  • They scare us,

    他們讓我們感到害怕。

  • but the choices they make

    然而,他們所作的選擇

  • have dramatic outcomes

    卻會帶來戲劇結果,

  • that influence us all.

    影響著我們大家的。

  • So I am here today because I think we need hackers,

    今天我來到這裡就是因為我認為我們需要駭客,

  • and in fact, they just might be

    而事實上,他們很可能就是

  • the immune system for the information age.

    這個資訊時代中的免疫系統,

  • Sometimes they make us sick,

    有時候他們讓我們頭痛,

  • but they also find those hidden threats in our world,

    但他們同時會在我們的世界中

  • and they make us fix it.

    迫使我們處理好。

  • I knew that I might get hacked for giving this talk,

    我知道我可能因為這場演講而成為駭客的目標,

  • so let me save you the effort.

    因此讓我為你們省點力氣。

  • In true TED fashion,

    以TED的獨特模式,

  • here is my most embarrassing picture.

    這是我最丟臉的照片,

  • But it would be difficult for you to find me in it,

    但是你應該無法輕易在照片中找到我,

  • because I'm the one who looks like a boy

    因為我就是那個站在旁邊,

  • standing to the side.

    看起來像個男孩子的,

  • I was such a nerd back then

    那時候我是個書呆子,

  • that even the boys on the Dungeons and Dragons team

    連「龍與地下城」團隊中的男孩子

  • wouldn't let me join.

    都不會讓我加入,

  • This is who I was,

    這就是以前的我。

  • but this is who I wanted to be:

    但這才是我想成為的人:

  • Angelina Jolie.

    安潔莉娜‧裘莉

  • She portrayed Acid Burn

    她在1995年的電影《黑客》中

  • in the '95 film "Hackers."

    飾演駭客阿斯波恩(Acid Burn),

  • She was pretty and she could rollerblade,

    她既漂亮又會溜直排輪,

  • but being a hacker, that made her powerful.

    可是駭客的身分令她更有力量,

  • And I wanted to be just like her,

    我想成為她那樣,

  • so I started spending a lot of time

    所以我開始花很多時間

  • on hacker chat rooms and online forums.

    流連於線上的駭客聊天室和網路論壇,

  • I remember one late night

    我記得有一晚深夜中,

  • I found a bit of PHP code.

    找到一段PHP程式碼,

  • I didn't really know what it did,

    我並不知道它具體的作用,

  • but I copy-pasted it

    但我還是把它

  • and used it anyway

    複製—轉貼

  • to get into a password-protected site

    到一個密碼保護的網站,

  • Like that,

    就像這樣,

  • Open Sesame.

    芝麻開門!

  • It was a simple trick,

    這是一個簡單的招數,

  • and I was just a script kiddie back then,

    當時我只是一個駭客初學者,

  • but to me, that trick,

    可是那招對我來說,

  • it felt like this,

    感覺就像這樣,

  • like I had discovered limitless potential

    就像在我的指尖下發現

  • at my fingertips.

    無限的潛能,

  • This is the rush of power that hackers feel.

    這是駭客會感到擁有能力的快感,

  • It's geeks just like me

    像我這種書呆子

  • discovering they have access to superpower,

    發現自己擁有超人般的能力,

  • one that requires the skill and tenacity

    一種需要個人智慧

  • of their intellect,

    之才能與堅持的能力,

  • but thankfully no radioactive spiders.

    幸好不需受輻射感染的蜘蛛。

  • But with great power comes great responsibility,

    但是能力越大,責任也越大,

  • and you all like to think that if we had such powers,

    而你們都會希望即使我們擁有這樣的能力,

  • we would only use them for good.

    也只會用在好的方面。

  • But what if you could read your ex's emails,

    但如果你可以閱讀前男友的信件,

  • or add a couple zeros to your bank account.

    或是把你的銀行餘額中多加上幾個零,

  • What would you do then?

    那你會怎麼做呢?

  • Indeed, many hackers do not resist

    的確,有不少駭客無法抗拒

  • those temptations,

    這些誘惑,

  • and so they are responsible in one way or another

    因此他們或多或少

  • to billions of dollars lost each year

    需要為每年因詐騙、惡意程式或是普通的身份盜竊,

  • to fraud, malware or plain old identity theft,

    而損失的數十億美元負起責任,

  • which is a serious issue.

    這的確是個嚴重的問題。

  • But there are other hackers,

    然而,另外有一些駭客

  • hackers who just like to break things,

    他們只想搞一點破壞,

  • and it is precisely those hackers

    也正是這樣的駭客

  • that can find the weaker elements in our world

    能夠找出世上較脆弱的環節,

  • and make us fix it.

    迫使我們把問題處理好。

  • This is what happened last year

    這是一件發生在去年的事,

  • when another security researcher

    另一位資訊安全研究人員,

  • called Kyle Lovett

    名叫凱爾洛維特,

  • discovered a gaping hole

    他在你們家裡或公司或會有裝設的

  • in the design of certain wireless routers

    無線路由器的設計上

  • like you might have in your home or office.

    找到了很大的漏洞,

  • He learned that anyone could remotely connect

    他發現任何人都能夠

  • to these devices over the Internet

    透過網路遠端連線,

  • and download documents from hard drives

    下載連在這些路由器上的硬碟資料,

  • attached to those routers, no password needed.

    下載連在這些路由器上的硬碟資料,完全不需要密碼。

  • He reported it to the company, of course,

    他當然把這個發現報告給公司,

  • but they ignored his report.

    但他們沒有理會他的報告,

  • Perhaps they thought universal access was a feature, not a bug.

    或許他們認為普遍網路存取是一種特色,不是漏洞,

  • Until two months ago,

    一直到兩個月後,

  • when a group of hackers used it

    有一群駭客利用這個漏洞

  • to get into people's files.

    去存取人家的檔案,

  • But they didn't steal anything.

    但他們並沒有偷走任何資料,

  • They left a note:

    他們只是留下一則訊息:

  • Your router and your documents

    「你的路由器和你的檔案

  • can be accessed by anyone in the world.

    可以被世界上任何人存取,

  • Here's what you should do to fix it.

    這是你應當處理的問題。

  • We hope we helped.

    希望這對你有幫助!」

  • By getting into people's files like that,

    如此存取別人的檔案,

  • yeah, they broke the law,

    嗯,他們的確犯了法,

  • but they also forced that company

    但他們也迫使這家公司

  • to fix their product.

    修正他們的產品,

  • Making vulnerabilities known to the public

    使這些漏洞公開曝光,

  • is a practice called full disclosure

    在駭客社群中,這是一種

  • in the hacker community,

    稱為「全面披露」的做法,

  • and it is controversial,

    是頗具爭議性的,

  • but it does make me think of how hackers

    但它讓我思考

  • have an evolving effect on technologies we use

    駭客是如何逐漸影響著我們每天所使用的科技,

  • every day.

    駭客是如何逐漸影響著我們每天所使用的科技,

  • This is what Khalil did.

    這是哈利勒做的一件事。

  • Khalil is a Palestinian hacker from the West Bank,

    哈利勒是一位來自巴勒斯坦西岸的駭客,

  • and he found a serious privacy flaw on Facebook

    他發現了臉書一個嚴重的私隠漏洞,

  • which he attempted to report

    於是嘗試透過公司的程式漏洞賞金計劃報告這事,

  • through the company's bug bounty program.

    於是嘗試透過公司的程式漏洞賞金計劃報告這事,

  • These are usually great arrangements for companies

    一般來說,對於能幫忙找到程式漏洞的駭客,

  • to reward hackers disclosing vulnerabilities

    一般來說,對於能幫忙找到程式漏洞的駭客,

  • they find in their code.

    這些公司都會施以重賞。

  • Unfortunately, due to some miscommunications,

    不幸地,由於一些溝通問題,

  • his report was not acknowledged.

    他的報告沒有獲確認,

  • Frustrated with the exchange,

    為此過程感到沮喪,

  • he took to use his own discovery

    他把自己的發現,

  • to post on Mark Zuckerberg's wall.

    貼在馬克扎克伯格的臉書牆上,

  • This got their attention, all right,

    這樣終於獲得他們的關注,

  • and they fixed the bug,

    他們也修正了這個漏洞,

  • but because he hadn't reported it properly,

    但由於哈利勒沒能依規定報告漏洞,

  • he was denied the bounty usually paid out

    臉書拒絕照以往發現此類漏洞的獎金獎賞他,

  • for such discoveries.

    臉書拒絕照以往發現此類漏洞的獎金獎賞他,

  • Thankfully for Khalil,

    還好有一群駭客正觀照著哈利勒,

  • a group of hackers were watching out for him.

    還好有一群駭客正觀照著哈利勒,

  • In fact, they raised more than 13,000 dollars

    他們為哈利勒籌了超過一萬三千美元

  • to reward him for this discovery,

    以酬報他的發現,

  • raising a vital discussion in the technology industry

    而在科技產業中引發重要的討論,

  • about how we come up with incentives

    關於我們應該如何激勵駭客去做正當的事,

  • for hackers to do the right thing.

    關於我們應該如何激勵駭客去做正當的事,

  • But I think there's a greater story here still.

    但我認為這涉及一個更大的問題,

  • Even companies founded by hackers,

    即使由駭客所創辦的公司,

  • like Facebook was,

    就如同臉書,

  • still have a complicated relationship

    他們仍與駭客抱持著複雜的關係,

  • when it comes to hackers.

    他們仍與駭客抱持著複雜的關係,

  • And so for more conservative organizations,

    因此對於較傳統組織而言,

  • it is going to take time and adapting

    這會需要時間和調整

  • in order to embrace hacker culture

    才能擁抱這樣的駭客文化,

  • and the creative chaos that it brings with it.

    和伴隨而來的那種具備創造性的混亂狀態。

  • But I think it's worth the effort,

    但我相信這種努力是值得的,

  • because the alternative,

    因為另一個選擇,

  • to blindly fight all hackers,

    也就是盲目地打擊所有的駭客,

  • is to go against the power you cannot control

    對抗著你無法掌控的力量,

  • at the cost of stifling innovation

    並因此扼殺創新和規範知識為代價,

  • and regulating knowledge.

    並因此扼殺創新和規範知識為代價,

  • These are things that will come back and bite you.

    這些東西只會回頭來咬你一口,

  • It is even more true

    這樣會變得更為嚴重,

  • if we go after hackers

    如果我們針對那些

  • that are willing to risk their own freedom

    為了網路自由之理念,

  • for ideals like the freedom of the web,

    而願意犧牲自由的駭客份子,

  • especially in times like this, like today even,

    尤其是在這種時候,甚至包括此時此刻,

  • as governments and corporates

    當政府和企業

  • fight to control the Internet.

    都在掙著要控制網路的時候。

  • I find it astounding

    我認為這是很不可思議的:

  • that someone from the shadowy corners of cyberspace

    來自網路世界裡陰暗角落的人,

  • can become its voice of opposition,

    竟然能夠成為反抗的聲音,

  • its last line of defense even,

    甚至是反抗的最後的一道防線,

  • perhaps someone like Anonymous,

    就如同「匿名者」—

  • the leading brand of global hacktivism.

    全球駭客行動主義的代表象徵。

  • This universal hacker movement

    這股全球的駭客運動

  • needs no introduction today,

    現在已不需再多的介紹了,

  • but six years ago

    但六年前,他們只不過是

  • they were not much more than an Internet subculture

    網路上的一種次文化,

  • dedicated to sharing silly pictures of funny cats

    投入於分享好笑的貓咪照片,

  • and Internet trolling campaigns.

    以及進行集體網路洗板活動。

  • Their moment of transformation was in early 2008

    他們在2008年初轉型,

  • when the Church of Scientology

    當時「山達基教會」試圖要從某些網站

  • attempted to remove certain leaked videos

    當時「山達基教會」試圖要從某些網站

  • from appearing on certain websites.

    移除外洩的影片。

  • This is when Anonymous was forged

    這是從幾個看似隨機湊成的向民中,

  • out of the seemingly random collection

    「匿名者」被打造出來的時候。

  • of Internet dwellers.

    「匿名者」被打造出來的時候。

  • It turns out,

    原來,網路並不喜歡你

  • the Internet doesn't like it

    原來,網路並不喜歡你

  • when you try to remove things from it,

    移除它的東西,

  • and it will react with cyberattacks

    它會以各種方式反抗,

  • and elaborate pranks

    如網絡攻擊和高明的惡作劇,

  • and with a series of organized protests

    以及全球發起的一系列組織性抗爭,

  • all around the world,

    以及全球發起的一系列組織性抗爭,

  • from my hometown of Tel Aviv

    來自我的故鄉特拉維夫

  • to Adelaide, Australia.

    到澳洲阿得萊德,

  • This proved that Anonymous and this idea

    這證明了「匿名者」及這樣的概念

  • can rally the masses from the keyboards

    能夠將眾人從鍵盤前

  • to the streets,

    集結到街上,

  • and it laid the foundations

    它也為了後續幾個線上和真實生活中

  • for dozens of future operations

    它也為了後續幾個線上和真實生活中

  • against perceived injustices

    因不公平爭議而發起的反抗行動鋪路,

  • to their online and offline world.

    因不公平爭議而發起的反抗行動鋪路,

  • Since then, they've gone after many targets.

    自從那個時候,他們鎖定過很多的目標,

  • They've uncovered corruption, abuse.

    他們將貪污和濫用掀露,

  • They've hacked popes and politicians,

    教皇和政治人物都被他們駭客侵入,

  • and I think their effect is larger

    我覺得他們所帶來的效應

  • than simple denial of service attacks

    大過於因單純反對而癱瘓網站

  • that take down websites

    大過於因單純反對而癱瘓網站

  • or even leak sensitive documents.

    甚至洩漏機密文件的攻擊行動。

  • I think that, like Robin Hood,

    我認為,就像羅賓漢一樣,

  • they are in the business of redistribution,

    他們從事的是「重新分配」的工作,

  • but what they are after isn't your money.

    但是他們要的不是你的錢,

  • It's not your documents. It's your attention.

    不是你的資料,而是你的關注。

  • They grab the spotlight for causes they support,

    他們要的是他們所支持的議題能夠受到矚目,

  • forcing us to take note,

    迫使我們去注意,

  • acting as a global magnifying glass

    他們像一個全球放大鏡,

  • for issues that we are not as aware of

    放大那些應被關注,

  • but perhaps we should be.

    卻往往被我們忽略的的議題,

  • They have been called many names

    他們被叫過很多名字

  • from criminals to terrorists,

    如犯人和恐怖分子

  • and I cannot justify their illegal means,

    我無法替他們所採取的非法手段辯護,

  • but the ideas they fight for

    但是他們在爭取的思想

  • are ones that matter to us all.

    都與我們息息相關。

  • The reality is,

    事實上,駭客的能力不僅是搞破壞,

  • hackers can do a lot more than break things.

    事實上,駭客的能力不僅是搞破壞,

  • They can bring people together.

    他們能夠將人們團結,

  • And if the Internet doesn't like it

    既然網路不喜歡你移除它的東西,

  • when you try to remove things from it,

    那請看看當你要將它關閉時,

  • just watch what happens

    那請看看當你要將它關閉時,

  • when you try to shut the Internet down.

    這會發生什麼事。

  • This took place in Egypt in January 2011,

    這發生於埃及,於2011年1月,

  • and as President Hosni Mubarak

    當胡斯尼•穆巴拉克總統

  • attempted a desperate move

    在窮途末路之際,

  • to quash the rising revolution on the streets of Cairo,

    為了鎮壓開鑼街上逐漸掀起的革命運動,

  • he sent his personal troops

    他派了自己的兵到埃及的網路服務供應商,

  • down to Egypt's Internet service providers

    他派了自己的兵到埃及的網路服務供應商,

  • and had them physically kill the switch

    要求他們一夜間確實切斷國家與世界的聯繫,

  • on the country's connection to the world overnight.

    要求他們一夜間確實切斷國家與世界的聯繫,

  • For a government to do a thing like that

    一個政府如此的作為是前所未有的,

  • was unprecedented,

    一個政府如此的作為是前所未有的,

  • and for hackers, it made it personal.

    而對於駭客來說,這就結下了私人恩怨。

  • Hackers like the Telecomix group

    駭客們如 Telecomix 集團

  • were already active on the ground,

    早就在實際行動,

  • helping Egyptians bypass censorship

    他們協助埃及人偷渡越過網路封鎖線,