Translator: Cihan Ekmekçi
Reviewer: Riaki Poništ We see it everyday, in the news,
for the past decade, the battles that are being waged
across the Middle East. On YouTube and Facebook,
we get instant updates through satellites to give us a front row seat
into the action like never before. But what the cameras don't capture is that there is another war,
going on beneath the surface, a digital cyber world, where the battles are not being fought
with bombs and bullets, but with bits and bytes. My name is not Doug Shmidt. (Laughter) But it could be if I wanted it to. (Laughter) My real name is Eric Winsborrow. And for past two decades
I've been involved in creating the next generation
disruptive technologies at companies such as Symantec and MacAfee. I currently run a cybersecurity company made up of PhDs from MIT
and scientists from the National Labs who are tasked by the US government to create the next generation
of cyber technology. Our customers include
the Office of the Secretary of Defense and the Department of Homeland Security. If there's one thing
I'm certain of, it's this: What's going on today in cyber espionage
will profoundly impact our lives, and we may never even realize it. If you think about it, a lot of technologies
that impact our lives have been coming from
government sponsored research into next generation defense technologies. Last generation, the Cold War
created technology such as the computer, satellite communications
and navigation and even the internet. It has so permeated our everyday lives it has gotten to the point where we can't imagine
ever having lived without it, to be able to see halfway
around the world instantly or just navigate around the block. So if yesterday's
next generation technology has such a profound impact on us today, then what's today's
next generation technology? I'm going to show you
the future of cyber espionage with technology that's actually
being created today to protect nations. There are cyber battles
taking place throughout the world, and we don't even realize it. It's gotten to the point of a confluence, a merging between men and machine
in a digital cyber world where we can never tell them apart. This is the age of a cyber spy. Now, when we think of spies, we might share Hollywood's image
of a dashing and daring secret agent, who sneaks into some
underground nuclear facility somewhere halfway around the world
to protect us from a nuclear threat. Sometimes Hollywood goes a bit too far. In this case, however,
they don't go far enough. You see, governments today
would never send a human operative into such a secret location. He'd never get in. Today's spies are cyber spies. You see, it used to be that
James Bond used technology. Today, James Bond is technology. I want to walk you
on a journey into the future. But before I can take you there,
I have to take you to the past, to where the first virus actually started, and the beginning
of this journey of convergence. The first virus was actually written into a floppy disc video game
and inserted into a Macintosh. Yes, ironically, the world's
first virus was aimed at a Mac. (Laughter) My! Have the world has changed! (Laughter) And we call these types
of viruses "sneakerware," because you literally had
to walk around to install it. This is the first level of convergence where man is completely
separate from machines joined only by a pair of red sneakers. If James Bond wanted to insert a virus
into a computer in a nuclear facility, he'd have to sneak it in
his scuba gear and install it himself. (Laughter) I love you. Well, not you - we've only just met -
I'm talking about Melissa. Melissa is not my wife.
She is a stripper from Miami. (Laughter) You see, around the year 2000 or Y2K, the Melissa virus, named after the virus writer's
favorite stripper from ... Audience: Miami. was the world's first email-borne virus. It was inserted into an email attachment
and sent with the subject line: "I love you.'' Once the attachment was opened,
the process repeated itself, and within three months,
the world's email systems were clogged up, inadvertently becoming
the world's first spam. But this also marks the second leg
of our convergence story, because this is now the first time where man is leveraging
technology to do work. This would be the time
when James Bond used technology. But then, in the September
of 2001, the world changed. And I'm not talking about 9/11. I'm talking about one week later,
when the internet world changed. This was the introduction of Code Red. Code Red wasn't an e-mail virus;
it wasn't a zombie, a Trojan. It was all of the above. It was the world's first
complex blended threat, and it went around the world
in three days. By September 21, it’d infected
2.2 million systems worldwide. Governments took notice, because they realized
they could take this technology and bring it up to a whole other level, to do the work its human spies could not. This enters the third phase, the phase where technology
replaces people. This is the beginning
of the era of the cyber spy. I'm going tell you a little bit
about how this cyber spy technology works. I'm going to take you
on a real-life mission that happened just
before the end of last decade, way off in the Middle East. You might already
have guessed its mission: to sneak in to an underground
nuclear facility halfway around the world to protect us from a nuclear threat. This is the Natanz nuclear
fuel enrichment facility in Iran and so is this, from space. The Allied nations were worried that this man, President Ahmadinejad,
was using those very centrifuges to create more nuclear fuel than he needed
for electrical energy production. And they were right. He was also using those centrifuges
to create nuclear fuel for atomic weapons. They needed to destroy those centrifuges. But how were they going to do it? They couldn't send any
human agent in a scuba gear; they're in the middle of a desert. (Laughter) And they actually debated
sending in fighter jets to drop bombs and blow the place apart. A little messy and not good PR.
I mean, imagine the fallout. (Laughter) Yeah, yeah, yeah, I know. I know, I know. (Applause) You just wait. (Laughter) So, instead of dropping a bomb,
they dropped a bug. Very clean. It was a - they called it
Operation Olympic Games. What a great name
for such a clean operation. I was here for the Olympics in Vancouver. It was clean. It was fun.
It's a great name. It's a great name. If they wanted to stick
with their old plan and set fire to everything
and have fallout for years, they would've called it
Operation Stanley Cup. (Laughter) (Applause) I was actually expecting
some boos there a little bit, sorry. But they had to get the agent in. And there are several ways they do it. I can't describe them all, but one that was at least
publicly shared was this one, so that's what we'll go with. And it's true. They did insert the agent
program into USB sticks, and then they scattered
those USB sticks around the compound. Some workers did manage to pick them up
and insert them in their computers. I know, look - you know the story. Before you get too judgmental,
think about this: what would you do
if you found a USB stick? (Laughter) Think about that the next time
you go to a trade show and some stranger from marketing hands you a USB and says,
"Read my collateral." (Laughter) I don't know how many security trade shows
I've been to where that's happened. Now, that is a different story. (Laughter) But the agents did get in. And they did what all good agents do:
they started doing reconnaissance. They started working their way
around the network, walking the hallways so to speak,
looking for its target. And its target was that Siemens box. That Siemens box was a controller
for the centrifuges. And once they found it, they inserted
a rootkit and a weapons payload that, forgive me, altered the programmable logical controller
of the Step 7 software in the application. And then it phoned home in several ways. Phoned home and gave
the Americans and the Israelis full command and control
over that Siemens controller which, then of course, went
and spun up the centrifuges to such a state of supersonic speed
that they literally fell to pieces. They destroyed the centrifuges
for months, quite frankly, without ever stepping
foot into the facility. The program was a smashing success. (Laughter) Ahmadinejad was beside himself. He was firing his best scientists
because he thought they were incompetent. One small problem, though: the Allied spent so much time
trying to get this agent in, they didn't think about
what if he actually got out. And bits of the program
actually did, and it did its job; it started searching its way
for other Siemens controllers. First in Iran, then
the Middle East, then Europe, and all the way to the doorstep
of the nuclear facilities in America. Now, before you get a little nervous, this spy knew it's programming; it was told to look
for a specific signature of that controller in Natanz
so it didn't do anything. However, its cover had been blown. The security industry, chiefly
a researcher from Kaspersky labs found it. And what was once a covert operation
to protect us from a nuclear threat became known as the advanced
persistent threat Stuxnet. In case you've ever heard of it. Now, there are battles like this
going on all around the world, and even in our backyards
and we don't even realize it. The Chinese are particularly good at this. That video you saw earlier,
that's just marketing. You don't see what else goes on.
So let me explain a bit. Last year, the Chinese successfully hacked
into the RCA security company, through the HR department. And like Stuxnet, they weaved their way around
to find what they are after. They found the confidential
customer passwords for secure ID tokens. What do these tokens do? They get you into networks. Like military contractors:
Lockheed Martin, Northrop Grumman, L3. Now, given Lockheed Martin
makes stealth fighter planes, you can imagine
why that's a good target. But they also focused on business. Operation Aurora,
you might have heard about, because it was famous for successfully
breaching Google's network. But what people don't realize
is that operation Aurora was about successfully targeting
more than 20 companies from Intel to Morgan Stanley. And here at home, companies
like Nortel were not immune. The Chinese had CEO level access
to confidential information and documentation for nearly 10 years. And if you're involved
in natural resources, for example, bidding in the oil sands,
especially against the Chinese, a little bit of a wake up call, you might want to look up something
called Operation Night Dragon. It brings whole new meaning
to the term "bidding wars." Now, these researchers of Kaspersky
who discovered Stuxnet also recently released a report that said that the number of network intrusions
around the world in a single year had skyrocketed from 220 million -
now, that's already a big number - to 1.3 billion. What is going on? What's the implications for all of us,
nationally or even personally? Well, nationally, you can see
why governments are so concerned. It's not just about
the international espionage. It's about the own
infrastructure that we have. After all, if you can take out
a nuclear facility in Iran, what's to stop them
from returning the favor? And if you're going to attack a nation, you want to take out
the communications network and the infrastructure, like banking. And while we're talking about
technology replacing people in this current level of convergence, then who flies commercial
airplanes these days? Is it pilots or programs? If a decade ago, a number of operatives,
human operatives, could storm into
the cockpit of an airline, what's to stop a program from invading an autopilot
or the air traffic control? Just last week, Leon Panetta, The Secretary of Defence
for the United States publicly went on record and said
there's a high probability, and I quote, ''Of a cyber Pearl Harbor with physical
destruction and loss of life.'' Now, what about us individually? There are a lot of hackers
who are so intelligent they know how reverse-engineer
these types of attacks and use some of those techniques
for their own gain. You might have heard, last year, over 100 million user accounts
were stolen from Sony Playstation network. I see some nodding heads,
but what you might not have known is that those attacks actually happened
over a series of several months. Many different individual attacks,
and Sony never realized it. And as we get more and more dependant
on internet appliances, you know, I wonder what's next,
taking over our food supply? Maybe creating killer cookie robots? (Laughter) The government always warned me
cookies were bad for our children but I just never knew. (Laughter) But a little bit more seriously, if we think about those
centrifuges off in Iran, or if we could spin them up and out
of control until they fell to pieces, what other devices are we reliant on under the assumption of perfectly secure
wireless internet connectivity? If this scares you
just a bit, remember this: that our parents' generation
were so terrified of the technologies that were being invented
during the Cold War that they built bomb shelters
and yet they survived. And those very same technologies
that terrified them are changing our lives today in a way
we can never imagine living without them. Now, also remember this: Those technologies I am talking about
were invented last decade. I promised you that I would take you
on a vision to espionage of the future with technologies
that are being invented today. So let me share that with you now. I'm going to take you
down a digital wormhole - a wormhole, by the way,
that we planned to send those attackers. You see, if you're going
to defend yourself against technology that replaces people, then the next step of convergence is to create technology
that behaves like people, that in the digital world
you cannot tell one from the other. We're capable of creating
mass of network so real that you cannot tell them apart. So when those attackers
come in to a nuclear facility or to an HR department, instead of finding
the real network, they find ours. And they walk around just like Stuxnet was trying to do
what the Chinese did, looking for systems to infect, but instead of finding
real ones, they find ours. These shadow systems that look
and behave just like real employees, checking their emails or spending
too much time on Facebook. (Laughter) Yeah, we know. (Laughter) But here's the thing, if one of those attack programs
sends us an email attachment and asks us to open it, we gladly do. If they ask for confidential data, we happily hand it to them
hoping they call home, because these shadow networks
are for watching and recording. I'm actually going to show you
such a recording. Now, I have to be honest here,
we couldn't show you everything. We had to actually change a lot of names,
scribble out some IP addresses, and we're not allowed to bring you
as deep into the network as we want. It's a good thing because if we showed you
everything, we'd have to shoot you. (Laughter) Or even worse, even worse,
make you a government employee. (Laughter) So this is, like I said, a real video,
those aren't the real locations of course, but what is real is it did attack,
did start in the HR department. It actually did, maybe a coincidence. Those are real, real systems doing emails, real people sending out,
backing up their systems, but they are actually impacted
with this spy program and we don't know it. So then we turn on our shadow network. These are systems that behave like real. They interlace with the actual systems
and start communicating. In fact, it's the bad guys
that communicate to us, into our systems, and we let them. "Come on in!" "Send me an attachment!" Because when they do that,
we have every bit of information. Because we can't look
into the real computers but we can look into ours. And we can see the processes they use and then decide to quarantine
the actual system, using the software-defind networking. And then, they can't talk
out to the real world and instead, we tunnel them down
to a shadow HR department that isn't real
but just behaves like real, and they can take whatever they want. And we know exactly where they're going. Now, what would we do
with this kind of information, and more importantly,
what would James Bond do? (Laughter) James Bond had a licence to kill. Or at least kick them
really hard where it hurts. Now, today 007 has an ally: Agent 001. So we've come to the end of our journey
of convergence of man and machine, of confluence between two separate streams that come together
to make things more powerful. We've seen technology go
from completely separate from man to leveraged, to replacing man,
to behaving like man. What comes after behaving, I wonder. Well, if history is any guide,
the question shouldn't be, if this technology will one day
profoundly impact our lives. The question should be, will we ever even realize it? Thank you very much. (Applause)
I don't think the "I love you" virus was the first one to spread via email, was it?