【TED】Keren Elazari：黑客：互聯網的免疫系統(Hackers: the internet's immune system | Keren Elazari) (【TED】Keren Elazari: Hackers: the Internet's immune system (Hackers: the internet's immune system

字幕列表影片播放

Four years ago, a security researcher,

四年前，一位安全研究員，
or, as most people would call it, a hacker,

或者，大部分人會稱之為駭客，
found a way to literally

找到一個讓自動提款機
make ATMs throw money at him.

向他吐鈔的方法，
His name was Barnaby Jack,

他的名字叫巴拿比傑克（Barnaby Jack），
and this technique was later called "jackpotting"

而這個技巧後來被稱為「傑克的大奬」，
in his honor.

以表揚他的貢獻。
I'm here today because I think

今天，我到這裡來，是因為我認為
we actually need hackers.

我們其實很需要駭客，
Barnaby Jack could have easily turned

巴拿比傑克所擁有的能力
into a career criminal or James Bond villain

很容易會讓他成為一個職業罪犯，
with his knowledge,

或是占士邦電影中的反派角色，
but he chose to show the world

但他反而選擇向世界
his research instead.

展現他的研究。
He believed that sometimes

他相信有時候，
you have to demo a threat

你必須展現一種威脅，
to spark a solution,

才能激發出一個解決的方案。
and I feel the same way.

我也抱持同樣的看法，
That's why I'm here today.

這是我今天在這裡的原因。
We are often terrified and fascinated

我們常常害怕駭客的能力
by the power hackers now have.

或對之感到著迷，
They scare us,

他們讓我們感到害怕。
but the choices they make

然而，他們所作的選擇
have dramatic outcomes

卻會帶來戲劇結果，
that influence us all.

影響著我們大家的。
So I am here today because I think we need hackers,

今天我來到這裡就是因為我認為我們需要駭客，
and in fact, they just might be

而事實上，他們很可能就是
the immune system for the information age.

這個資訊時代中的免疫系統，
Sometimes they make us sick,

有時候他們讓我們頭痛，
but they also find those hidden threats in our world,

但他們同時會在我們的世界中
and they make us fix it.

迫使我們處理好。
I knew that I might get hacked for giving this talk,

我知道我可能因為這場演講而成為駭客的目標，
so let me save you the effort.

因此讓我為你們省點力氣。
In true TED fashion,

以TED的獨特模式，
here is my most embarrassing picture.

這是我最丟臉的照片，
But it would be difficult for you to find me in it,

但是你應該無法輕易在照片中找到我，
because I'm the one who looks like a boy

因為我就是那個站在旁邊，
standing to the side.

看起來像個男孩子的，
I was such a nerd back then

那時候我是個書呆子，
that even the boys on the Dungeons and Dragons team

連「龍與地下城」團隊中的男孩子
wouldn't let me join.

都不會讓我加入，
This is who I was,

這就是以前的我。
but this is who I wanted to be:

但這才是我想成為的人:
Angelina Jolie.

安潔莉娜‧裘莉
She portrayed Acid Burn

她在1995年的電影《黑客》中
in the '95 film "Hackers."

飾演駭客阿斯波恩（Acid Burn），
She was pretty and she could rollerblade,

她既漂亮又會溜直排輪，
but being a hacker, that made her powerful.

可是駭客的身分令她更有力量，
And I wanted to be just like her,

我想成為她那樣，
so I started spending a lot of time

所以我開始花很多時間
on hacker chat rooms and online forums.

流連於線上的駭客聊天室和網路論壇，
I remember one late night

我記得有一晚深夜中，
I found a bit of PHP code.

找到一段PHP程式碼，
I didn't really know what it did,

我並不知道它具體的作用，
but I copy-pasted it

但我還是把它
and used it anyway

複製—轉貼
to get into a password-protected site

到一個密碼保護的網站，
Like that,

就像這樣，
Open Sesame.

芝麻開門！
It was a simple trick,

這是一個簡單的招數，
and I was just a script kiddie back then,

當時我只是一個駭客初學者，
but to me, that trick,

可是那招對我來說，
it felt like this,

感覺就像這樣，
like I had discovered limitless potential

就像在我的指尖下發現
at my fingertips.

無限的潛能，
This is the rush of power that hackers feel.

這是駭客會感到擁有能力的快感，
It's geeks just like me

像我這種書呆子
discovering they have access to superpower,

發現自己擁有超人般的能力，
one that requires the skill and tenacity

一種需要個人智慧
of their intellect,

之才能與堅持的能力，
but thankfully no radioactive spiders.

幸好不需受輻射感染的蜘蛛。
But with great power comes great responsibility,

但是能力越大，責任也越大，
and you all like to think that if we had such powers,

而你們都會希望即使我們擁有這樣的能力，
we would only use them for good.

也只會用在好的方面。
But what if you could read your ex's emails,

但如果你可以閱讀前男友的信件，
or add a couple zeros to your bank account.

或是把你的銀行餘額中多加上幾個零，
What would you do then?

那你會怎麼做呢？
Indeed, many hackers do not resist

的確，有不少駭客無法抗拒
those temptations,

這些誘惑，
and so they are responsible in one way or another

因此他們或多或少
to billions of dollars lost each year

需要為每年因詐騙、惡意程式或是普通的身份盜竊，
to fraud, malware or plain old identity theft,

而損失的數十億美元負起責任，
which is a serious issue.

這的確是個嚴重的問題。
But there are other hackers,

然而，另外有一些駭客
hackers who just like to break things,

他們只想搞一點破壞，
and it is precisely those hackers

也正是這樣的駭客
that can find the weaker elements in our world

能夠找出世上較脆弱的環節，
and make us fix it.

迫使我們把問題處理好。
This is what happened last year

這是一件發生在去年的事，
when another security researcher

另一位資訊安全研究人員，
called Kyle Lovett

名叫凱爾洛維特，
discovered a gaping hole

他在你們家裡或公司或會有裝設的
in the design of certain wireless routers

無線路由器的設計上
like you might have in your home or office.

找到了很大的漏洞，
He learned that anyone could remotely connect

他發現任何人都能夠
to these devices over the Internet

透過網路遠端連線，
and download documents from hard drives

下載連在這些路由器上的硬碟資料，
attached to those routers, no password needed.

下載連在這些路由器上的硬碟資料，完全不需要密碼。
He reported it to the company, of course,

他當然把這個發現報告給公司，
but they ignored his report.

但他們沒有理會他的報告，
Perhaps they thought universal access was a feature, not a bug.

或許他們認為普遍網路存取是一種特色，不是漏洞，
Until two months ago,

一直到兩個月後，
when a group of hackers used it

有一群駭客利用這個漏洞
to get into people's files.

去存取人家的檔案，
But they didn't steal anything.

但他們並沒有偷走任何資料，
They left a note:

他們只是留下一則訊息：
Your router and your documents

「你的路由器和你的檔案
can be accessed by anyone in the world.

可以被世界上任何人存取，
Here's what you should do to fix it.

這是你應當處理的問題。
We hope we helped.

希望這對你有幫助!」
By getting into people's files like that,

如此存取別人的檔案，
yeah, they broke the law,

嗯，他們的確犯了法，
but they also forced that company

但他們也迫使這家公司
to fix their product.

修正他們的產品，
Making vulnerabilities known to the public

使這些漏洞公開曝光，
is a practice called full disclosure

在駭客社群中，這是一種
in the hacker community,

稱為「全面披露」的做法，
and it is controversial,

是頗具爭議性的，
but it does make me think of how hackers

但它讓我思考
have an evolving effect on technologies we use

駭客是如何逐漸影響著我們每天所使用的科技，
every day.

駭客是如何逐漸影響著我們每天所使用的科技，
This is what Khalil did.

這是哈利勒做的一件事。
Khalil is a Palestinian hacker from the West Bank,

哈利勒是一位來自巴勒斯坦西岸的駭客，
and he found a serious privacy flaw on Facebook

他發現了臉書一個嚴重的私隠漏洞，
which he attempted to report

於是嘗試透過公司的程式漏洞賞金計劃報告這事，
through the company's bug bounty program.

於是嘗試透過公司的程式漏洞賞金計劃報告這事，
These are usually great arrangements for companies

一般來說，對於能幫忙找到程式漏洞的駭客，
to reward hackers disclosing vulnerabilities

一般來說，對於能幫忙找到程式漏洞的駭客，
they find in their code.

這些公司都會施以重賞。
Unfortunately, due to some miscommunications,

不幸地，由於一些溝通問題，
his report was not acknowledged.

他的報告沒有獲確認，
Frustrated with the exchange,

為此過程感到沮喪，
he took to use his own discovery

他把自己的發現，
to post on Mark Zuckerberg's wall.

貼在馬克扎克伯格的臉書牆上，
This got their attention, all right,

這樣終於獲得他們的關注，
and they fixed the bug,

他們也修正了這個漏洞，
but because he hadn't reported it properly,

但由於哈利勒沒能依規定報告漏洞，
he was denied the bounty usually paid out

臉書拒絕照以往發現此類漏洞的獎金獎賞他，
for such discoveries.

臉書拒絕照以往發現此類漏洞的獎金獎賞他，
Thankfully for Khalil,

還好有一群駭客正觀照著哈利勒，
a group of hackers were watching out for him.

還好有一群駭客正觀照著哈利勒，
In fact, they raised more than 13,000 dollars

他們為哈利勒籌了超過一萬三千美元
to reward him for this discovery,

以酬報他的發現，
raising a vital discussion in the technology industry

而在科技產業中引發重要的討論，
about how we come up with incentives

關於我們應該如何激勵駭客去做正當的事，
for hackers to do the right thing.

關於我們應該如何激勵駭客去做正當的事，
But I think there's a greater story here still.

但我認為這涉及一個更大的問題，
Even companies founded by hackers,

即使由駭客所創辦的公司，
like Facebook was,

就如同臉書，
still have a complicated relationship

他們仍與駭客抱持著複雜的關係，
when it comes to hackers.

他們仍與駭客抱持著複雜的關係，
And so for more conservative organizations,

因此對於較傳統組織而言，
it is going to take time and adapting

這會需要時間和調整
in order to embrace hacker culture

才能擁抱這樣的駭客文化，
and the creative chaos that it brings with it.

和伴隨而來的那種具備創造性的混亂狀態。
But I think it's worth the effort,

但我相信這種努力是值得的，
because the alternative,

因為另一個選擇，
to blindly fight all hackers,

也就是盲目地打擊所有的駭客，
is to go against the power you cannot control

對抗著你無法掌控的力量，
at the cost of stifling innovation

並因此扼殺創新和規範知識為代價，
and regulating knowledge.

並因此扼殺創新和規範知識為代價，
These are things that will come back and bite you.

這些東西只會回頭來咬你一口，
It is even more true

這樣會變得更為嚴重，
if we go after hackers

如果我們針對那些
that are willing to risk their own freedom

為了網路自由之理念，
for ideals like the freedom of the web,

而願意犧牲自由的駭客份子，
especially in times like this, like today even,

尤其是在這種時候，甚至包括此時此刻，
as governments and corporates

當政府和企業
fight to control the Internet.

都在掙著要控制網路的時候。
I find it astounding

我認為這是很不可思議的：
that someone from the shadowy corners of cyberspace

來自網路世界裡陰暗角落的人，
can become its voice of opposition,

竟然能夠成為反抗的聲音，
its last line of defense even,

甚至是反抗的最後的一道防線，
perhaps someone like Anonymous,

就如同「匿名者」—
the leading brand of global hacktivism.

全球駭客行動主義的代表象徵。
This universal hacker movement

這股全球的駭客運動
needs no introduction today,

現在已不需再多的介紹了，
but six years ago

但六年前，他們只不過是
they were not much more than an Internet subculture

網路上的一種次文化，
dedicated to sharing silly pictures of funny cats

投入於分享好笑的貓咪照片，
and Internet trolling campaigns.

以及進行集體網路洗板活動。
Their moment of transformation was in early 2008

他們在2008年初轉型，
when the Church of Scientology

當時「山達基教會」試圖要從某些網站
attempted to remove certain leaked videos

當時「山達基教會」試圖要從某些網站
from appearing on certain websites.

移除外洩的影片。
This is when Anonymous was forged

這是從幾個看似隨機湊成的向民中，
out of the seemingly random collection

「匿名者」被打造出來的時候。
of Internet dwellers.

「匿名者」被打造出來的時候。
It turns out,

原來，網路並不喜歡你
the Internet doesn't like it

原來，網路並不喜歡你
when you try to remove things from it,

移除它的東西，
and it will react with cyberattacks

它會以各種方式反抗，
and elaborate pranks

如網絡攻擊和高明的惡作劇，
and with a series of organized protests

以及全球發起的一系列組織性抗爭，
all around the world,

以及全球發起的一系列組織性抗爭，
from my hometown of Tel Aviv

來自我的故鄉特拉維夫
to Adelaide, Australia.

到澳洲阿得萊德，
This proved that Anonymous and this idea

這證明了「匿名者」及這樣的概念
can rally the masses from the keyboards

能夠將眾人從鍵盤前
to the streets,

集結到街上，
and it laid the foundations

它也為了後續幾個線上和真實生活中
for dozens of future operations

它也為了後續幾個線上和真實生活中
against perceived injustices

因不公平爭議而發起的反抗行動鋪路，
to their online and offline world.

因不公平爭議而發起的反抗行動鋪路，
Since then, they've gone after many targets.

自從那個時候，他們鎖定過很多的目標，
They've uncovered corruption, abuse.

他們將貪污和濫用掀露，
They've hacked popes and politicians,

教皇和政治人物都被他們駭客侵入，
and I think their effect is larger

我覺得他們所帶來的效應
than simple denial of service attacks

大過於因單純反對而癱瘓網站
that take down websites

大過於因單純反對而癱瘓網站
or even leak sensitive documents.

甚至洩漏機密文件的攻擊行動。
I think that, like Robin Hood,

我認為，就像羅賓漢一樣，
they are in the business of redistribution,

他們從事的是「重新分配」的工作，
but what they are after isn't your money.

但是他們要的不是你的錢，
It's not your documents. It's your attention.

不是你的資料，而是你的關注。
They grab the spotlight for causes they support,

他們要的是他們所支持的議題能夠受到矚目，
forcing us to take note,

迫使我們去注意，
acting as a global magnifying glass

他們像一個全球放大鏡，
for issues that we are not as aware of

放大那些應被關注，
but perhaps we should be.

卻往往被我們忽略的的議題，
They have been called many names

他們被叫過很多名字
from criminals to terrorists,

如犯人和恐怖分子
and I cannot justify their illegal means,

我無法替他們所採取的非法手段辯護，
but the ideas they fight for

但是他們在爭取的思想
are ones that matter to us all.

都與我們息息相關。
The reality is,

事實上，駭客的能力不僅是搞破壞，
hackers can do a lot more than break things.

事實上，駭客的能力不僅是搞破壞，
They can bring people together.

他們能夠將人們團結，
And if the Internet doesn't like it

既然網路不喜歡你移除它的東西，
when you try to remove things from it,

那請看看當你要將它關閉時，
just watch what happens

那請看看當你要將它關閉時，
when you try to shut the Internet down.

這會發生什麼事。
This took place in Egypt in January 2011,

這發生於埃及，於2011年1月，
and as President Hosni Mubarak

當胡斯尼•穆巴拉克總統
attempted a desperate move

在窮途末路之際，
to quash the rising revolution on the streets of Cairo,

為了鎮壓開鑼街上逐漸掀起的革命運動，
he sent his personal troops

他派了自己的兵到埃及的網路服務供應商，
down to Egypt's Internet service providers

他派了自己的兵到埃及的網路服務供應商，
and had them physically kill the switch

要求他們一夜間確實切斷國家與世界的聯繫，
on the country's connection to the world overnight.

要求他們一夜間確實切斷國家與世界的聯繫，
For a government to do a thing like that

一個政府如此的作為是前所未有的，
was unprecedented,

一個政府如此的作為是前所未有的，
and for hackers, it made it personal.

而對於駭客來說，這就結下了私人恩怨。
Hackers like the Telecomix group

駭客們如 Telecomix 集團
were already active on the ground,

早就在實際行動，
helping Egyptians bypass censorship

他們協助埃及人偷渡越過網路封鎖線，
using clever workarounds like Morse code

利用摩斯碼和無線電之類的聰明手法，
and ham radio.

利用摩斯碼和無線電之類的聰明手法，
It was high season for low tech,

那時正是低科技的高峰期，
which the government couldn't block,

是政府無法阻擋的，
but when the Net went completely down,

但是當網路完全被封鎖時，
Telecomix brought in the big guns.

Telecomix 就大規模出擊了。
They found European service providers

他們找到使用了20年
that still had 20-year-old

現在仍用著的模擬撥號服務設備的
analog dial-up access infrastructure.

數家歐洲服務供應商，
They opened up 300 of those lines

他們開通了300條線路
for Egyptians to use,

供埃及人使用，
serving slow but sweet Internet connection

為他們供應緩慢但討人喜歡的網路連線，
for Egyptians.

為他們供應緩慢但討人喜歡的網路連線，
This worked.

這就成功了，
It worked so well, in fact,

甚至成功到有人還利用它
one guy even used it to download an episode

下載了一集的
of "How I Met Your Mother."

「追愛總動員」(How I Met Your Mother)。
But while Egypt's future is still uncertain,

然而，在埃及的未來仍不明的時候，
when the same thing happened in Syria

一年後，敘利亞也發生著同樣的事，
just one year later,

一年後，敘利亞也發生著同樣的事，
Telecomix were prepared with those Internet lines,

Telecomix早就準備好那些網路連線，
and Anonymous,

而「匿名者」應該是第一批
they were perhaps the first international group

而「匿名者」應該是第一批
to officially denounce the actions

為了公開指責敘利亞軍方的作為
of the Syrian military

而入侵毀壞他們網站的國際團體。
by defacing their website.

而入侵毀壞他們網站的國際團體。
But with this sort of power,

但其實這樣的能力，
it really depends on where you stand,

真的與你的立場有關，
because one man's hero

因為一人心目中的英雄
can be another's villain,

可能是另一人心目中的惡棍，
and so the Syrian Electronic Army

敘利亞電子軍
is a pro-Assad group of hackers

是支持具爭議性的阿薩德政權的一群駭客份子，
who support his contentious regime.

是支持具爭議性的阿薩德政權的一群駭客份子，
They've taken down multiple high-profile targets

在過去幾年中，
in the past few years,

他們駭客侵入好幾個知名的目標，
including the Associated Press's Twitter account,

包括美聯社的推特帳號，
in which they posted a message

並張貼了一則有關攻擊白宮
about an attack on the White House

並張貼了一則有關攻擊白宮
injuring President Obama.

且歐巴馬總統受傷的訊息。
This tweet was fake, of course,

這訊息當然是假的，
but the resulting drop in the Dow Jones index

卻造成當天道瓊斯工業平均指數下跌，
that day was most certainly not,

這樣就很真實了，
and a lot of people lost a lot of money.

讓很多人喪失了很多錢。
This sort of thing is happening all over the world right now.

現在全世界都在發生這樣的事情，
In conflicts from the Crimean Peninsula

從克里米亞半島到拉丁美洲的爭議，
to Latin America,

從克里米亞半島到拉丁美洲的爭議，
from Europe to the United States,

從歐洲到美國，
hackers are a force for social,

駭客是一股影響社會、政治和軍事的力量，
political and military influence.

駭客是一股影響社會、政治和軍事的力量，
As individuals or in groups,

以個人或團體、志工或軍事抗爭的身份存在著。
volunteers or military conflicts,

以個人或團體、志工或軍事抗爭的身份存在著。
there are hackers everywhere.

駭客無所不在，
They come from all walks of life,

他們來自各行各業
ethnicities, ideologies and genders, I might add.

各種種族、信仰甚至性別。
They are now shaping the world's stage.

他們正在塑造世界的舞台，
Hackers represent an exceptional force for change

駭客代表的是改變 21 世紀的一股獨特的力量，
in the 21st century.

駭客代表的是改變 21 世紀的一股獨特的力量，
This is because access to information

這是因為資訊存取
is a critical currency of power,

是掌權最重要的籌碼，
one which governments would like to control,

是政府想要掌控的，
a thing they attempt to do by setting up

為了這個目的，
all-you-can-eat surveillance programs,

他們還設置了一項「吃到飽」監控計畫，
a thing they need hackers for, by the way.

順便說，他們需要的就是駭客，
And so the establishment has long had

因此，這種制度一直以來
a love-hate relationship when it comes to hackers,

都對駭客抱著又愛又恨的關係，
because the same people who demonize hacking

因將駭客妖魔化的人
also utilize it at large.

是最有效利用他們的同樣一群人。
Two years ago,

兩年前，我見到基思‧亞歷山大將軍，
I saw General Keith Alexander.

兩年前，我見到基思‧亞歷山大將軍，
He's the NSA director and U.S. cyber commander,

他是美國國家安全局局長，也是美國網路司令總監，
but instead of his four star general uniform,

但與其穿著四顆星的將軍制服，
he was wearing jeans and a t-shirt.

他穿的是牛仔褲和T恤，
This was at DEF CON,

這是在 DEF CON，
the world's largest hacker conference.

世界上最大的駭客大會，
Perhaps like me, General Alexander

或許和我一樣，當天在拉斯維加斯
didn't see 12,000 criminals that day in Vegas.

亞歷山大將軍並沒有看到12,000個壞蛋，
I think he saw untapped potential.

我想他看到的是未開發的潛能，
In fact, he was there to give a hiring pitch.

事實上，他到那裡是為了要徵人，
"In this room right here," he said,

他說：「此時在這裡，
"is the talent our nation needs."

有我們國家最需要的才能。」
Well, hackers in the back row replied,

嗯，結果在後方的駭客回答他：
"Then stop arresting us."

「那就不要再逮捕我們了!」
(Applause)

(掌聲)
Indeed, for years,

的確，好幾年來，
hackers have been on the wrong side of the fence,

駭客一直站在錯誤的一邊，
but in light of what we know now,

但依目前我們所看到的，
who is more watchful of our online world?

是誰在觀守著我們的網路世界?
The rules of the game are not that clear anymore,

遊戲規則已不再明確，
but hackers are perhaps the only ones

或許只有駭客才有能力
still capable of challenging overreaching governments

去挑戰做事過頭的政府
and data-hoarding corporates

和在公平的競爭環境中
on their own playing field.

隱匿資訊的企業。
To me, that represents hope.

對我而言，那代表的是希望。
For the past three decades,

在過去的三十年中，
hackers have done a lot of things,

駭客做過很多事情，
but they have also impacted civil liberties,

但他們也影響了民權、創意和網路自由，
innovation and Internet freedom,

但他們也影響了民權、創意和網路自由，
so I think it's time we take a good look

所以我覺得這是我們好好思考
at how we choose to portray them,

如何看待他們的時候，
because if we keep expecting them to be the bad guys,

因為如果我們一直把他們當作壞蛋，
how can they be the heroes too?

他們要如何成為英雄呢?
My years in the hacker world

我在駭客世界的日子中，
have made me realize

讓我瞭解到駭客的魅力和問題，
both the problem and the beauty about hackers:

讓我瞭解到駭客的魅力和問題，
They just can't see something broken in the world

他們就是無法看著世上的問題，
and leave it be.

卻放著不管，
They are compelled

他們使不得已利用它，
to either exploit it or try and change it,

不然就是試圖改變，
and so they find the vulnerable aspects

因此他們能在這快速改變的世界中，
in our rapidly changing world.

看到世界脆弱的地方，
They make us, they force us to fix things

他們迫使我們把事情處理好，
or demand something better,

不然他們要求的就會更好。
and I think we need them

我認為這就是他們應該做的，
to do just that,

我認為這就是他們應該做的，
because after all, it is not information

畢竟，嚮往自由的並不是資訊，
that wants to be free, it's us.

而是我們。
Thank you very much.

非常感謝大家
Thank you. (Applause)

謝謝 (掌聲)
Hack the planet!

入侵地球!

【TED】Keren Elazari：黑客：互聯網的免疫系統(Hackers: the internet's immune system | Keren Elazari) (【TED】Keren Elazari: Hackers: the Internet's immune system (Hackers: the internet's immune system | Keren Elazari))