Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

Annotated captions of Mikko Hypponen: Three types of online attack in English

Last Modified By Time Content
tedtalks 00:05
00:08

In the 1980s

tedtalks 00:08
00:11

in the communist Eastern Germany,

tedtalks 00:11
00:15

if you owned a typewriter,

tedtalks 00:15
00:17

you had to register it with the government.

tedtalks 00:17
00:19

You had to register

tedtalks 00:19
00:21

a sample sheet of text

tedtalks 00:21
00:23

out of the typewriter.

tedtalks 00:23
00:25

And this was done

tedtalks 00:25
00:28

so the government could track where text was coming from.

tedtalks 00:28
00:31

If they found a paper

tedtalks 00:31
00:34

which had the wrong kind of thought,

tedtalks 00:34
00:36

they could track down

tedtalks 00:36
00:38

who created that thought.

tedtalks 00:38
00:41

And we in the West

tedtalks 00:41
00:44

couldn't understand how anybody could do this,

tedtalks 00:44
00:47

how much this would restrict freedom of speech.

tedtalks 00:47
00:49

We would never do that

tedtalks 00:49
00:52

in our own countries.

tedtalks 00:52
00:55

But today in 2011,

tedtalks 00:55
00:59

if you go and buy a color laser printer

tedtalks 00:59
01:02

from any major laser printer manufacturer

tedtalks 01:02
01:04

and print a page,

tedtalks 01:04
01:06

that page will end up

tedtalks 01:06
01:09

having slight yellow dots

tedtalks 01:09
01:11

printed on every single page

tedtalks 01:11
01:14

in a pattern which makes the page unique

tedtalks 01:14
01:18

to you and to your printer.

tedtalks 01:18
01:20

This is happening

tedtalks 01:20
01:23

to us today.

tedtalks 01:23
01:27

And nobody seems to be making a fuss about it.

tedtalks 01:27
01:30

And this is an example

tedtalks 01:30
01:32

of the ways

tedtalks 01:32
01:35

that our own governments

tedtalks 01:35
01:37

are using technology

tedtalks 01:37
01:41

against us, the citizens.

tedtalks 01:41
01:44

And this is one of the main three sources

tedtalks 01:44
01:46

of online problems today.

tedtalks 01:46
01:49

If we take a look at what's really happening in the online world,

tedtalks 01:49
01:52

we can group the attacks based on the attackers.

tedtalks 01:52
01:54

We have three main groups.

tedtalks 01:54
01:56

We have online criminals.

tedtalks 01:56
01:58

Like here, we have Mr. Dimitry Golubov

tedtalks 01:58
02:00

from the city of Kiev in Ukraine.

tedtalks 02:00
02:03

And the motives of online criminals

tedtalks 02:03
02:05

are very easy to understand.

tedtalks 02:05
02:07

These guys make money.

tedtalks 02:07
02:09

They use online attacks

tedtalks 02:09
02:11

to make lots of money,

tedtalks 02:11
02:13

and lots and lots of it.

tedtalks 02:13
02:15

We actually have several cases

tedtalks 02:15
02:18

of millionaires online, multimillionaires,

tedtalks 02:18
02:20

who made money with their attacks.

tedtalks 02:20
02:23

Here's Vladimir Tsastsin form Tartu in Estonia.

tedtalks 02:23
02:25

This is Alfred Gonzalez.

tedtalks 02:25
02:27

This is Stephen Watt.

tedtalks 02:27
02:29

This is Bjorn Sundin.

tedtalks 02:29
02:32

This is Matthew Anderson, Tariq Al-Daour

tedtalks 02:32
02:34

and so on and so on.

tedtalks 02:34
02:36

These guys

tedtalks 02:36
02:38

make their fortunes online,

tedtalks 02:38
02:41

but they make it through the illegal means

tedtalks 02:41
02:43

of using things like banking trojans

tedtalks 02:43
02:45

to steal money from our bank accounts

tedtalks 02:45
02:47

while we do online banking,

tedtalks 02:47
02:49

or with keyloggers

tedtalks 02:49
02:52

to collect our credit card information

tedtalks 02:52
02:55

while we are doing online shopping from an infected computer.

tedtalks 02:55
02:57

The U.S. Secret Service,

tedtalks 02:57
02:59

two months ago,

tedtalks 02:59
03:01

froze the Swiss bank account

tedtalks 03:01
03:03

of Mr. Sam Jain right here,

tedtalks 03:03
03:06

and that bank account had 14.9 million U.S. dollars on it

tedtalks 03:06
03:08

when it was frozen.

tedtalks 03:08
03:10

Mr. Jain himself is on the loose;

tedtalks 03:10
03:13

nobody knows where he is.

tedtalks 03:13
03:16

And I claim it's already today

tedtalks 03:16
03:19

that it's more likely for any of us

tedtalks 03:19
03:22

to become the victim of a crime online

tedtalks 03:22
03:25

than here in the real world.

tedtalks 03:25
03:27

And it's very obvious

tedtalks 03:27
03:29

that this is only going to get worse.

tedtalks 03:29
03:31

In the future, the majority of crime

tedtalks 03:31
03:34

will be happening online.

tedtalks 03:35
03:37

The second major group of attackers

tedtalks 03:37
03:39

that we are watching today

tedtalks 03:39
03:41

are not motivated by money.

tedtalks 03:41
03:43

They're motivated by something else --

tedtalks 03:43
03:45

motivated by protests,

tedtalks 03:45
03:47

motivated by an opinion,

tedtalks 03:47
03:50

motivated by the laughs.

tedtalks 03:50
03:52

Groups like Anonymous

tedtalks 03:52
03:55

have risen up over the last 12 months

tedtalks 03:55
03:57

and have become a major player

tedtalks 03:57
04:00

in the field of online attacks.

tedtalks 04:00
04:02

So those are the three main attackers:

tedtalks 04:02
04:04

criminals who do it for the money,

tedtalks 04:04
04:07

hacktivists like Anonymous

tedtalks 04:07
04:09

doing it for the protest,

tedtalks 04:09
04:12

but then the last group are nation states,

tedtalks 04:12
04:15

governments doing the attacks.

tedtalks 04:16
04:18

And then we look at cases

tedtalks 04:18
04:20

like what happened in DigiNotar.

tedtalks 04:20
04:22

This is a prime example of what happens

tedtalks 04:22
04:24

when governments attack

tedtalks 04:24
04:26

against their own citizens.

tedtalks 04:26
04:29

DigiNotar is a Certificate Authority

tedtalks 04:29
04:31

from The Netherlands --

tedtalks 04:31
04:33

or actually, it was.

tedtalks 04:33
04:35

It was running into bankruptcy

tedtalks 04:35
04:38

last fall

tedtalks 04:38
04:40

because they were hacked into.

tedtalks 04:40
04:42

Somebody broke in

tedtalks 04:42
04:45

and they hacked it thoroughly.

tedtalks 04:45
04:47

And I asked last week

tedtalks 04:47
04:51

in a meeting with Dutch government representatives,

tedtalks 04:51
04:56

I asked one of the leaders of the team

tedtalks 04:56
04:59

whether he found plausible

tedtalks 04:59
05:02

that people died

tedtalks 05:02
05:05

because of the DigiNotar hack.

tedtalks 05:05
05:10

And his answer was yes.

tedtalks 05:10
05:12

So how do people die

tedtalks 05:12
05:15

as the result of a hack like this?

tedtalks 05:15
05:17

Well DigiNotar is a C.A.

tedtalks 05:17
05:19

They sell certificates.

tedtalks 05:19
05:21

What do you do with certificates?

tedtalks 05:21
05:23

Well you need a certificate

tedtalks 05:23
05:25

if you have a website that has https,

tedtalks 05:25
05:28

SSL encrypted services,

tedtalks 05:28
05:31

services like Gmail.

tedtalks 05:31
05:33

Now we all, or a big part of us,

tedtalks 05:33
05:35

use Gmail or one of their competitors,

tedtalks 05:35
05:37

but these services are especially popular

tedtalks 05:37
05:39

in totalitarian states

tedtalks 05:39
05:41

like Iran,

tedtalks 05:41
05:43

where dissidents

tedtalks 05:43
05:46

use foreign services like Gmail

tedtalks 05:46
05:49

because they know they are more trustworthy than the local services

tedtalks 05:49
05:52

and they are encrypted over SSL connections,

tedtalks 05:52
05:54

so the local government can't snoop

tedtalks 05:54
05:56

on their discussions.

tedtalks 05:56
05:59

Except they can if they hack into a foreign C.A.

tedtalks 05:59
06:01

and issue rogue certificates.

tedtalks 06:01
06:03

And this is exactly what happened

tedtalks 06:03
06:06

with the case of DigiNotar.

tedtalks 06:09
06:11

What about Arab Spring

tedtalks 06:11
06:14

and things that have been happening, for example, in Egypt?

tedtalks 06:14
06:16

Well in Egypt,

tedtalks 06:16
06:18

the rioters looted the headquarters

tedtalks 06:18
06:20

of the Egyptian secret police

tedtalks 06:20
06:22

in April 2011,

tedtalks 06:22
06:25

and when they were looting the building they found lots of papers.

tedtalks 06:25
06:27

Among those papers,

tedtalks 06:27
06:29

was this binder entitled "FINFISHER."

tedtalks 06:29
06:32

And within that binder were notes

tedtalks 06:32
06:34

from a company based in Germany

tedtalks 06:34
06:37

which had sold the Egyptian government

tedtalks 06:37
06:39

a set of tools

tedtalks 06:39
06:41

for intercepting --

tedtalks 06:41
06:43

and in very large scale --

tedtalks 06:43
06:45

all the communication of the citizens of the country.

tedtalks 06:45
06:47

They had sold this tool

tedtalks 06:47
06:50

for 280,000 Euros to the Egyptian government.

tedtalks 06:50
06:53

The company headquarters are right here.

tedtalks 06:53
06:55

So Western governments

tedtalks 06:55
06:58

are providing totalitarian governments with tools

tedtalks 06:58
07:01

to do this against their own citizens.

tedtalks 07:01
07:04

But Western governments are doing it to themselves as well.

tedtalks 07:04
07:06

For example, in Germany,

tedtalks 07:06
07:08

just a couple of weeks ago

tedtalks 07:08
07:11

the so-called State Trojan was found,

tedtalks 07:11
07:13

which was a trojan

tedtalks 07:13
07:15

used by German government officials

tedtalks 07:15
07:17

to investigate their own citizens.

tedtalks 07:17
07:21

If you are a suspect in a criminal case,

tedtalks 07:21
07:23

well it's pretty obvious, your phone will be tapped.

tedtalks 07:23
07:25

But today, it goes beyond that.

tedtalks 07:25
07:27

They will tap your Internet connection.

tedtalks 07:27
07:30

They will even use tools like State Trojan

tedtalks 07:30
07:33

to infect your computer with a trojan,

tedtalks 07:33
07:35

which enables them

tedtalks 07:35
07:37

to watch all your communication,

tedtalks 07:37
07:40

to listen to your online discussions,

tedtalks 07:40
07:43

to collect your passwords.

tedtalks 07:46
07:48

Now when we think deeper

tedtalks 07:48
07:51

about things like these,

tedtalks 07:51
07:56

the obvious response from people should be

tedtalks 07:56
07:59

that, "Okay, that sounds bad,

tedtalks 07:59
08:02

but that doesn't really affect me because I'm a legal citizen.

tedtalks 08:02
08:04

Why should I worry?

tedtalks 08:04
08:07

Because I have nothing to hide."

tedtalks 08:07
08:09

And this is an argument,

tedtalks 08:09
08:11

which doesn't make sense.

tedtalks 08:11
08:14

Privacy is implied.

tedtalks 08:14
08:19

Privacy is not up for discussion.

tedtalks 08:19
08:21

This is not a question

tedtalks 08:21
08:25

between privacy

tedtalks 08:25
08:28

against security.

tedtalks 08:28
08:31

It's a question of freedom

tedtalks 08:31
08:34

against control.

tedtalks 08:34
08:38

And while we might trust our governments

tedtalks 08:38
08:41

right now, right here in 2011,

tedtalks 08:41
08:44

any right we give away will be given away for good.

tedtalks 08:44
08:47

And do we trust, do we blindly trust,

tedtalks 08:47
08:49

any future government,

tedtalks 08:49
08:51

a government we might have

tedtalks 08:51
08:53

50 years from now?

tedtalks 08:55
08:58

And these are the questions

tedtalks 08:58
09:01

that we have to worry about for the next 50 years.