Placeholder Image

字幕列表 影片播放

  • In the 1980s

    1980年代

  • in the communist Eastern Germany,

    在共產主義的東德

  • if you owned a typewriter,

    如果你擁有一部打字機

  • you had to register it with the government.

    你得去跟政府登記

  • You had to register

    你必須登記

  • a sample sheet of text

    出自這台打字機的

  • out of the typewriter.

    範例文件

  • And this was done

    這麼做以後

  • so the government could track where text was coming from.

    政府就能追蹤文件的來源

  • If they found a paper

    如果他們發現了

  • which had the wrong kind of thought,

    寫著錯誤觀點的文件

  • they could track down

    他們就可以追蹤到

  • who created that thought.

    是誰創造了這觀點

  • And we in the West

    在西方世界中

  • couldn't understand how anybody could do this,

    我們不能理解怎麼有人能這麼做

  • how much this would restrict freedom of speech.

    這將會多麼限制言論自由啊

  • We would never do that

    在我們國家

  • in our own countries.

    我們絕不這麼做

  • But today in 2011,

    但來到現今2011年

  • if you go and buy a color laser printer

    如果你從任何一家大型雷射印表機製造商

  • from any major laser printer manufacturer

    買一部彩色雷射印表機

  • and print a page,

    然後印出一張紙

  • that page will end up

    這張紙最後

  • having slight yellow dots

    會有一些小黃點

  • printed on every single page

    印在每一頁上

  • in a pattern which makes the page unique

    圖案使這張紙是獨特的

  • to you and to your printer.

    對你和你的印表機都是

  • This is happening

    這就是現在

  • to us today.

    發生在我們身上的

  • And nobody seems to be making a fuss about it.

    似乎沒有人為此大驚小怪

  • And this is an example

    這裡

  • of the ways

    展示了

  • that our own governments

    我們的政府

  • are using technology

    使用科技

  • against us, the citizens.

    來對付我們這些公民們的例子

  • And this is one of the main three sources

    這是今天網路問題的

  • of online problems today.

    三大來源之一

  • If we take a look at what's really happening in the online world,

    如果我們看一下網路世界到底發生了什麼

  • we can group the attacks based on the attackers.

    我們根據攻擊者來分組

  • We have three main groups.

    我們有三個主要的組

  • We have online criminals.

    我們有網路罪犯

  • Like here, we have Mr. Dimitry Golubov

    就像這位,Dimitry Golubov先生

  • from the city of Kiev in Ukraine.

    來自烏克蘭的基輔市

  • And the motives of online criminals

    網路罪犯的犯罪動機

  • are very easy to understand.

    很容易了解

  • These guys make money.

    這些傢伙為了賺錢

  • They use online attacks

    他們利用線上攻擊

  • to make lots of money,

    來拿取很多的錢

  • and lots and lots of it.

    很多很多錢

  • We actually have several cases

    實際上我們有好幾個案子

  • of millionaires online, multimillionaires,

    都是線上百萬富翁 千萬富翁

  • who made money with their attacks.

    都是利用線上攻擊來賺錢的

  • Here's Vladimir Tsastsin form Tartu in Estonia.

    這是來自愛沙尼亞 塔爾圖市的Vladimir Tsastsin

  • This is Alfred Gonzalez.

    還有這是Alfred Gonzalez

  • This is Stephen Watt.

    Stephen Watt

  • This is Bjorn Sundin.

    Bjorn Sundin.

  • This is Matthew Anderson, Tariq Al-Daour

    Matthew Anderson 及 Tariq Al-Daour

  • and so on and so on.

    等等等等

  • These guys

    這些人

  • make their fortunes online,

    在線上賺取他們的財富

  • but they make it through the illegal means

    卻是透過違法的手段

  • of using things like banking trojans

    像是使用銀行木馬

  • to steal money from our bank accounts

    在我們使用線上銀行服務時

  • while we do online banking,

    竊取我們銀行中的錢

  • or with keyloggers

    或者 我們使用一台中毒的電腦在線上購物時

  • to collect our credit card information

    他們使用鍵盤記錄器

  • while we are doing online shopping from an infected computer.

    來收集我們信用卡的資訊

  • The U.S. Secret Service,

    美國特勤局

  • two months ago,

    在2個月前

  • froze the Swiss bank account

    凍結了Sam Jain先生

  • of Mr. Sam Jain right here,

    在瑞士銀行的帳戶

  • and that bank account had 14.9 million U.S. dollars on it

    這個帳戶裡有著 一千四百九十萬 美元

  • when it was frozen.

    當它被凍結後

  • Mr. Jain himself is on the loose;

    Sam Jain也消失無蹤

  • nobody knows where he is.

    沒人知道他在哪裡

  • And I claim it's already today

    今日我斷言

  • that it's more likely for any of us

    任何一個在場的人

  • to become the victim of a crime online

    都很可能成為線上犯罪的受害者

  • than here in the real world.

    甚至超越了現實生活

  • And it's very obvious

    而且很明顯的

  • that this is only going to get worse.

    這將會變的更糟

  • In the future, the majority of crime

    在未來 主要的犯罪行為

  • will be happening online.

    都會發生在網路上

  • The second major group of attackers

    第二組我們關切的

  • that we are watching today

    主要犯罪集團

  • are not motivated by money.

    它們的動機不在於錢

  • They're motivated by something else --

    他們的動機源自別處

  • motivated by protests,

    出於抗議

  • motivated by an opinion,

    出於表達意見

  • motivated by the laughs.

    出於被嘲笑

  • Groups like Anonymous

    過去12個月中 這類集團活躍了起來

  • have risen up over the last 12 months

    像是匿名客組識(Anonymous)

  • and have become a major player

    並且變成線上攻擊領域的

  • in the field of online attacks.

    主要參與者

  • So those are the three main attackers:

    這些就是三組主要的攻擊者

  • criminals who do it for the money,

    為了錢的罪犯

  • hacktivists like Anonymous

    還有為了抗議

  • doing it for the protest,

    像是匿名客組織(Anonymous)的駭客們

  • but then the last group are nation states,

    但第三組來源是民族國家們

  • governments doing the attacks.

    政府正進行這樣的攻擊

  • And then we look at cases

    我們看一下例子

  • like what happened in DigiNotar.

    像是 DigiNotar 公司所發生的

  • This is a prime example of what happens

    這是一個典型例子

  • when governments attack

    當政府攻擊他們的公民

  • against their own citizens.

    的一個犯罪案例

  • DigiNotar is a Certificate Authority

    DigiNotar 是一個荷蘭的

  • from The Netherlands --

    憑證發行機構

  • or actually, it was.

    或者說 它曾經是

  • It was running into bankruptcy

    它在去年秋天時

  • last fall

    破產了

  • because they were hacked into.

    因為它們遭到入侵

  • Somebody broke in

    有人闖進去

  • and they hacked it thoroughly.

    徹底的毀了它

  • And I asked last week

    我上周

  • in a meeting with Dutch government representatives,

    在與荷蘭政府代表開會時問過

  • I asked one of the leaders of the team

    我問一位領導

  • whether he found plausible

    他有否發現有可能

  • that people died

    有人會

  • because of the DigiNotar hack.

    因為DigiNotar 攻擊而死亡

  • And his answer was yes.

    他的回答是肯定的

  • So how do people die

    那麼 究竟為什麼人們的死亡

  • as the result of a hack like this?

    會源自於這樣的一個攻擊呢

  • Well DigiNotar is a C.A.

    DigiNotar是個憑證發行機構

  • They sell certificates.

    他們販售憑證

  • What do you do with certificates?

    你會用憑證來做什麼

  • Well you need a certificate

    嗯 當你經營一個有https的網站

  • if you have a website that has https,

    你會需要一個憑證

  • SSL encrypted services,

    會以SSL加密的服務

  • services like Gmail.

    像是Gmail

  • Now we all, or a big part of us,

    現在 我們所有人 或是大部份

  • use Gmail or one of their competitors,

    使用Gmail 或是他對手們的其中一家

  • but these services are especially popular

    但這樣的服務

  • in totalitarian states

    在極權主義國家更為盛行

  • like Iran,

    像是伊朗

  • where dissidents

    異議人士

  • use foreign services like Gmail

    會使用像Gmail 這樣的國外服務

  • because they know they are more trustworthy than the local services

    因為他們知道 這些服務比起國內服務更可以信任

  • and they are encrypted over SSL connections,

    而且這些服務是由SSL加密連線

  • so the local government can't snoop

    所以當地政府沒辦法竊聽

  • on their discussions.

    他們的討論

  • Except they can if they hack into a foreign C.A.

    除非政府可以駭入國外的憑證發行機構

  • and issue rogue certificates.

    然後發行出假憑證

  • And this is exactly what happened

    而這就是在 DigiNotar 案子中

  • with the case of DigiNotar.

    所發生的

  • What about Arab Spring

    來談談阿拉伯之春

  • and things that have been happening, for example, in Egypt?

    例如埃及所發生的事

  • Well in Egypt,

    在埃及

  • the rioters looted the headquarters

    暴民洗劫了

  • of the Egyptian secret police

    埃及秘密警察的總部

  • in April 2011,

    在2011年4月

  • and when they were looting the building they found lots of papers.

    當他們洗劫時發現很多文件

  • Among those papers,

    在這些文件中

  • was this binder entitled "FINFISHER."

    有一個名叫FINFISHER的夾子

  • And within that binder were notes

    這個夾子裡有些記錄

  • from a company based in Germany

    一間德國的公司

  • which had sold the Egyptian government

    賣給了埃及政府

  • a set of tools

    一套可以用來竊聽

  • for intercepting --

    的工具

  • and in very large scale --

    有很大的比例

  • all the communication of the citizens of the country.

    國家公眾的所有通信

  • They had sold this tool

    他們把這套工具

  • for 280,000 Euros to the Egyptian government.

    以28萬歐元賣給了埃及政府

  • The company headquarters are right here.

    這間公司的總部就在這

  • So Western governments

    所以 西方政府

  • are providing totalitarian governments with tools

    提供工具給極權政府

  • to do this against their own citizens.

    來竊聽他們的人民

  • But Western governments are doing it to themselves as well.

    但西方政府對他們自己的人民也這麼做

  • For example, in Germany,

    例如說 在德國

  • just a couple of weeks ago

    幾個星期前

  • the so-called State Trojan was found,

    有個叫 State Trojan 的木馬被找到

  • which was a trojan

    這是個被德國政府官方

  • used by German government officials

    用來調查他們公民

  • to investigate their own citizens.

    的一支木馬

  • If you are a suspect in a criminal case,

    如果你是個犯罪案件的嫌疑犯

  • well it's pretty obvious, your phone will be tapped.

    很明顯的 你的電話會被監聽

  • But today, it goes beyond that.

    但在今日 不只是如此

  • They will tap your Internet connection.

    他們還會監聽你的網路連線

  • They will even use tools like State Trojan

    他們甚至使用使用像是 State Trojan 的工具

  • to infect your computer with a trojan,

    使你的電腦感染木馬

  • which enables them

    這使他們能夠

  • to watch all your communication,

    監看你所有的通訊

  • to listen to your online discussions,

    查看你線上的發言

  • to collect your passwords.

    並收集你的密碼

  • Now when we think deeper

    當我們對這樣的事情

  • about things like these,

    做更深的思考

  • the obvious response from people should be

    人們的反應顯然會是

  • that, "Okay, that sounds bad,

    "嗯,這聽起來不好"

  • but that doesn't really affect me because I'm a legal citizen.

    "但我是個合法的公民,這並不影響我"

  • Why should I worry?

    "我何必擔心呢"

  • Because I have nothing to hide."

    "因為我沒什麼可隱藏的"

  • And this is an argument,

    但這是個不合理

  • which doesn't make sense.

    的論點

  • Privacy is implied.

    隱私是不言而喻

  • Privacy is not up for discussion.

    隱私用不著討論

  • This is not a question

    這不是個

  • between privacy

    隱私對抗安全

  • against security.

    的問題

  • It's a question of freedom

    這是個 自由對抗控制

  • against control.

    的問題

  • And while we might trust our governments

    我們在2011年的當下

  • right now, right here in 2011,

    我們信任我們的政府

  • any right we give away will be given away for good.

    任何我們放棄的權利 會永久的失去

  • And do we trust, do we blindly trust,

    而我們能不能信任 盲目的信任

  • any future government,

    未來的政府

  • a government we might have

    譬如說50年後

  • 50 years from now?

    的政府呢?

  • And these are the questions

    這就是接下來的五十年中,

  • that we have to worry about for the next 50 years.

    我們要擔憂的問題

In the 1980s

1980年代

字幕與單字

影片操作 你可以在這邊進行「影片」的調整,以及「字幕」的顯示

B1 中級 中文 TED 政府 線上 攻擊 埃及 服務

【TED】Mikko Hypponen:三種類型的在線攻擊(Mikko Hypponen:三種類型的在線攻擊)。 (【TED】Mikko Hypponen: Three types of online attack (Mikko Hypponen: Three types of online attack))

  • 1426 138
    Chih-lin Yu 發佈於 2021 年 01 月 14 日
影片單字