Confessions of a cyber spy hunter | Eric Winsborrow | TEDxVancouver

Video Statistics and Information

Captions Word Cloud
Reddit Comments

I don't think the "I love you" virus was the first one to spread via email, was it?

👍︎︎ 1 👤︎︎ u/YOUREABOT 📅︎︎ Apr 10 2019 🗫︎ replies
Translator: Cihan Ekmekçi Reviewer: Riaki Poništ We see it everyday, in the news, for the past decade, the battles that are being waged across the Middle East. On YouTube and Facebook, we get instant updates through satellites to give us a front row seat into the action like never before. But what the cameras don't capture is that there is another war, going on beneath the surface, a digital cyber world, where the battles are not being fought with bombs and bullets, but with bits and bytes. My name is not Doug Shmidt. (Laughter) But it could be if I wanted it to. (Laughter) My real name is Eric Winsborrow. And for past two decades I've been involved in creating the next generation disruptive technologies at companies such as Symantec and MacAfee. I currently run a cybersecurity company made up of PhDs from MIT and scientists from the National Labs who are tasked by the US government to create the next generation of cyber technology. Our customers include the Office of the Secretary of Defense and the Department of Homeland Security. If there's one thing I'm certain of, it's this: What's going on today in cyber espionage will profoundly impact our lives, and we may never even realize it. If you think about it, a lot of technologies that impact our lives have been coming from government sponsored research into next generation defense technologies. Last generation, the Cold War created technology such as the computer, satellite communications and navigation and even the internet. It has so permeated our everyday lives it has gotten to the point where we can't imagine ever having lived without it, to be able to see halfway around the world instantly or just navigate around the block. So if yesterday's next generation technology has such a profound impact on us today, then what's today's next generation technology? I'm going to show you the future of cyber espionage with technology that's actually being created today to protect nations. There are cyber battles taking place throughout the world, and we don't even realize it. It's gotten to the point of a confluence, a merging between men and machine in a digital cyber world where we can never tell them apart. This is the age of a cyber spy. Now, when we think of spies, we might share Hollywood's image of a dashing and daring secret agent, who sneaks into some underground nuclear facility somewhere halfway around the world to protect us from a nuclear threat. Sometimes Hollywood goes a bit too far. In this case, however, they don't go far enough. You see, governments today would never send a human operative into such a secret location. He'd never get in. Today's spies are cyber spies. You see, it used to be that James Bond used technology. Today, James Bond is technology. I want to walk you on a journey into the future. But before I can take you there, I have to take you to the past, to where the first virus actually started, and the beginning of this journey of convergence. The first virus was actually written into a floppy disc video game and inserted into a Macintosh. Yes, ironically, the world's first virus was aimed at a Mac. (Laughter) My! Have the world has changed! (Laughter) And we call these types of viruses "sneakerware," because you literally had to walk around to install it. This is the first level of convergence where man is completely separate from machines joined only by a pair of red sneakers. If James Bond wanted to insert a virus into a computer in a nuclear facility, he'd have to sneak it in his scuba gear and install it himself. (Laughter) I love you. Well, not you - we've only just met - I'm talking about Melissa. Melissa is not my wife. She is a stripper from Miami. (Laughter) You see, around the year 2000 or Y2K, the Melissa virus, named after the virus writer's favorite stripper from ... Audience: Miami. was the world's first email-borne virus. It was inserted into an email attachment and sent with the subject line: "I love you.'' Once the attachment was opened, the process repeated itself, and within three months, the world's email systems were clogged up, inadvertently becoming the world's first spam. But this also marks the second leg of our convergence story, because this is now the first time where man is leveraging technology to do work. This would be the time when James Bond used technology. But then, in the September of 2001, the world changed. And I'm not talking about 9/11. I'm talking about one week later, when the internet world changed. This was the introduction of Code Red. Code Red wasn't an e-mail virus; it wasn't a zombie, a Trojan. It was all of the above. It was the world's first complex blended threat, and it went around the world in three days. By September 21, it’d infected 2.2 million systems worldwide. Governments took notice, because they realized they could take this technology and bring it up to a whole other level, to do the work its human spies could not. This enters the third phase, the phase where technology replaces people. This is the beginning of the era of the cyber spy. I'm going tell you a little bit about how this cyber spy technology works. I'm going to take you on a real-life mission that happened just before the end of last decade, way off in the Middle East. You might already have guessed its mission: to sneak in to an underground nuclear facility halfway around the world to protect us from a nuclear threat. This is the Natanz nuclear fuel enrichment facility in Iran and so is this, from space. The Allied nations were worried that this man, President Ahmadinejad, was using those very centrifuges to create more nuclear fuel than he needed for electrical energy production. And they were right. He was also using those centrifuges to create nuclear fuel for atomic weapons. They needed to destroy those centrifuges. But how were they going to do it? They couldn't send any human agent in a scuba gear; they're in the middle of a desert. (Laughter) And they actually debated sending in fighter jets to drop bombs and blow the place apart. A little messy and not good PR. I mean, imagine the fallout. (Laughter) Yeah, yeah, yeah, I know. I know, I know. (Applause) You just wait. (Laughter) So, instead of dropping a bomb, they dropped a bug. Very clean. It was a - they called it Operation Olympic Games. What a great name for such a clean operation. I was here for the Olympics in Vancouver. It was clean. It was fun. It's a great name. It's a great name. If they wanted to stick with their old plan and set fire to everything and have fallout for years, they would've called it Operation Stanley Cup. (Laughter) (Applause) I was actually expecting some boos there a little bit, sorry. But they had to get the agent in. And there are several ways they do it. I can't describe them all, but one that was at least publicly shared was this one, so that's what we'll go with. And it's true. They did insert the agent program into USB sticks, and then they scattered those USB sticks around the compound. Some workers did manage to pick them up and insert them in their computers. I know, look - you know the story. Before you get too judgmental, think about this: what would you do if you found a USB stick? (Laughter) Think about that the next time you go to a trade show and some stranger from marketing hands you a USB and says, "Read my collateral." (Laughter) I don't know how many security trade shows I've been to where that's happened. Now, that is a different story. (Laughter) But the agents did get in. And they did what all good agents do: they started doing reconnaissance. They started working their way around the network, walking the hallways so to speak, looking for its target. And its target was that Siemens box. That Siemens box was a controller for the centrifuges. And once they found it, they inserted a rootkit and a weapons payload that, forgive me, altered the programmable logical controller of the Step 7 software in the application. And then it phoned home in several ways. Phoned home and gave the Americans and the Israelis full command and control over that Siemens controller which, then of course, went and spun up the centrifuges to such a state of supersonic speed that they literally fell to pieces. They destroyed the centrifuges for months, quite frankly, without ever stepping foot into the facility. The program was a smashing success. (Laughter) Ahmadinejad was beside himself. He was firing his best scientists because he thought they were incompetent. One small problem, though: the Allied spent so much time trying to get this agent in, they didn't think about what if he actually got out. And bits of the program actually did, and it did its job; it started searching its way for other Siemens controllers. First in Iran, then the Middle East, then Europe, and all the way to the doorstep of the nuclear facilities in America. Now, before you get a little nervous, this spy knew it's programming; it was told to look for a specific signature of that controller in Natanz so it didn't do anything. However, its cover had been blown. The security industry, chiefly a researcher from Kaspersky labs found it. And what was once a covert operation to protect us from a nuclear threat became known as the advanced persistent threat Stuxnet. In case you've ever heard of it. Now, there are battles like this going on all around the world, and even in our backyards and we don't even realize it. The Chinese are particularly good at this. That video you saw earlier, that's just marketing. You don't see what else goes on. So let me explain a bit. Last year, the Chinese successfully hacked into the RCA security company, through the HR department. And like Stuxnet, they weaved their way around to find what they are after. They found the confidential customer passwords for secure ID tokens. What do these tokens do? They get you into networks. Like military contractors: Lockheed Martin, Northrop Grumman, L3. Now, given Lockheed Martin makes stealth fighter planes, you can imagine why that's a good target. But they also focused on business. Operation Aurora, you might have heard about, because it was famous for successfully breaching Google's network. But what people don't realize is that operation Aurora was about successfully targeting more than 20 companies from Intel to Morgan Stanley. And here at home, companies like Nortel were not immune. The Chinese had CEO level access to confidential information and documentation for nearly 10 years. And if you're involved in natural resources, for example, bidding in the oil sands, especially against the Chinese, a little bit of a wake up call, you might want to look up something called Operation Night Dragon. It brings whole new meaning to the term "bidding wars." Now, these researchers of Kaspersky who discovered Stuxnet also recently released a report that said that the number of network intrusions around the world in a single year had skyrocketed from 220 million - now, that's already a big number - to 1.3 billion. What is going on? What's the implications for all of us, nationally or even personally? Well, nationally, you can see why governments are so concerned. It's not just about the international espionage. It's about the own infrastructure that we have. After all, if you can take out a nuclear facility in Iran, what's to stop them from returning the favor? And if you're going to attack a nation, you want to take out the communications network and the infrastructure, like banking. And while we're talking about technology replacing people in this current level of convergence, then who flies commercial airplanes these days? Is it pilots or programs? If a decade ago, a number of operatives, human operatives, could storm into the cockpit of an airline, what's to stop a program from invading an autopilot or the air traffic control? Just last week, Leon Panetta, The Secretary of Defence for the United States publicly went on record and said there's a high probability, and I quote, ''Of a cyber Pearl Harbor with physical destruction and loss of life.'' Now, what about us individually? There are a lot of hackers who are so intelligent they know how reverse-engineer these types of attacks and use some of those techniques for their own gain. You might have heard, last year, over 100 million user accounts were stolen from Sony Playstation network. I see some nodding heads, but what you might not have known is that those attacks actually happened over a series of several months. Many different individual attacks, and Sony never realized it. And as we get more and more dependant on internet appliances, you know, I wonder what's next, taking over our food supply? Maybe creating killer cookie robots? (Laughter) The government always warned me cookies were bad for our children but I just never knew. (Laughter) But a little bit more seriously, if we think about those centrifuges off in Iran, or if we could spin them up and out of control until they fell to pieces, what other devices are we reliant on under the assumption of perfectly secure wireless internet connectivity? If this scares you just a bit, remember this: that our parents' generation were so terrified of the technologies that were being invented during the Cold War that they built bomb shelters and yet they survived. And those very same technologies that terrified them are changing our lives today in a way we can never imagine living without them. Now, also remember this: Those technologies I am talking about were invented last decade. I promised you that I would take you on a vision to espionage of the future with technologies that are being invented today. So let me share that with you now. I'm going to take you down a digital wormhole - a wormhole, by the way, that we planned to send those attackers. You see, if you're going to defend yourself against technology that replaces people, then the next step of convergence is to create technology that behaves like people, that in the digital world you cannot tell one from the other. We're capable of creating mass of network so real that you cannot tell them apart. So when those attackers come in to a nuclear facility or to an HR department, instead of finding the real network, they find ours. And they walk around just like Stuxnet was trying to do what the Chinese did, looking for systems to infect, but instead of finding real ones, they find ours. These shadow systems that look and behave just like real employees, checking their emails or spending too much time on Facebook. (Laughter) Yeah, we know. (Laughter) But here's the thing, if one of those attack programs sends us an email attachment and asks us to open it, we gladly do. If they ask for confidential data, we happily hand it to them hoping they call home, because these shadow networks are for watching and recording. I'm actually going to show you such a recording. Now, I have to be honest here, we couldn't show you everything. We had to actually change a lot of names, scribble out some IP addresses, and we're not allowed to bring you as deep into the network as we want. It's a good thing because if we showed you everything, we'd have to shoot you. (Laughter) Or even worse, even worse, make you a government employee. (Laughter) So this is, like I said, a real video, those aren't the real locations of course, but what is real is it did attack, did start in the HR department. It actually did, maybe a coincidence. Those are real, real systems doing emails, real people sending out, backing up their systems, but they are actually impacted with this spy program and we don't know it. So then we turn on our shadow network. These are systems that behave like real. They interlace with the actual systems and start communicating. In fact, it's the bad guys that communicate to us, into our systems, and we let them. "Come on in!" "Send me an attachment!" Because when they do that, we have every bit of information. Because we can't look into the real computers but we can look into ours. And we can see the processes they use and then decide to quarantine the actual system, using the software-defind networking. And then, they can't talk out to the real world and instead, we tunnel them down to a shadow HR department that isn't real but just behaves like real, and they can take whatever they want. And we know exactly where they're going. Now, what would we do with this kind of information, and more importantly, what would James Bond do? (Laughter) James Bond had a licence to kill. Or at least kick them really hard where it hurts. Now, today 007 has an ally: Agent 001. So we've come to the end of our journey of convergence of man and machine, of confluence between two separate streams that come together to make things more powerful. We've seen technology go from completely separate from man to leveraged, to replacing man, to behaving like man. What comes after behaving, I wonder. Well, if history is any guide, the question shouldn't be, if this technology will one day profoundly impact our lives. The question should be, will we ever even realize it? Thank you very much. (Applause)
Channel: TEDx Talks
Views: 1,589,959
Rating: 4.7964973 out of 5
Keywords: ted, ted talk, ted x, TEDxVancouver, Canada, tedx talk, ted talks, tedx, Technology, English, tedx talks, Computers, cyber security, virus, internet security, cyber spying, cyberwar, cyber attacks, phishing
Id: YiUN35Ikdfw
Channel Id: undefined
Length: 20min 48sec (1248 seconds)
Published: Thu Jan 31 2013
Related Videos
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.