English-Video.net comment policy

The comment field is common to all languages

Let's write in your language and use "Google Translate" together

Please refer to informative community guidelines on TED.com

TED2014

Keren Elazari: Hackers: the Internet's immune system

Filmed
Views 2,146,471

The beauty of hackers, says cybersecurity expert Keren Elazari, is that they force us to evolve and improve. Yes, some hackers are bad guys, but many are working to fight government corruption and advocate for our rights. By exposing vulnerabilities, they push the Internet to become stronger and healthier, wielding their power to create a better world.

- Cybersecurity expert
Keren Elazari charts the transformation of hackers from cyberpunk protagonists to powerful hacktivists, lone rangers and digital robin hoods who are the unsung heroes of the digital frontier. Full bio

Four years ago,
00:12
a security researcher,
00:14
or, as most people would call it, a hacker,
00:16
found a way to literally
00:20
make ATMs throw money at him.
00:22
His name was Barnaby Jack,
00:26
and this technique was later called "jackpotting"
00:29
in his honor.
00:33
I'm here today because I think
00:34
we actually need hackers.
00:36
Barnaby Jack
00:39
could have easily turned
00:41
into a career criminal or James Bond villain
00:43
with his knowledge,
00:47
but he chose to show the world
00:48
his research instead.
00:51
He believed that sometimes
00:54
you have to demo a threat
00:55
to spark a solution.
00:57
And I feel the same way.
01:00
That's why I'm here today.
01:02
We are often terrified and fascinated
01:04
by the power hackers now have.
01:07
They scare us.
01:11
But the choices they make
01:13
have dramatic outcomes
01:15
that influence us all.
01:17
So I am here today because I think we need hackers,
01:20
and in fact, they just might be
01:23
the immune system for the information age.
01:27
Sometimes they make us sick,
01:31
but they also find those hidden threats
01:33
in our world,
01:36
and they make us fix it.
01:38
I knew that I might get hacked
01:41
for giving this talk,
01:43
so let me save you the effort.
01:45
In true TED fashion,
01:48
here is my most embarrassing picture.
01:50
But it would be difficult for you to find me in it,
01:54
because I'm the one who looks like a boy
01:57
standing to the side.
02:00
I was such a nerd back then
02:02
that even the boys on the
Dungeons and Dragons team
02:04
wouldn't let me join.
02:07
This is who I was,
02:09
but this is who I wanted to be:
02:11
Angelina Jolie.
02:15
She portrayed Acid Burn
02:17
in the '95 film "Hackers."
02:19
She was pretty and she could rollerblade,
02:21
but being a hacker, that made her powerful.
02:24
And I wanted to be just like her,
02:29
so I started spending a lot of time
02:31
on hacker chat rooms and online forums.
02:33
I remember one late night
02:36
I found a bit of PHP code.
02:39
I didn't really know what it did,
02:41
but I copy-pasted it
02:42
and used it anyway
02:44
to get into a password-protected site
02:46
like that.
02:48
Open Sesame.
02:50
It was a simple trick,
02:52
and I was just a script kiddie back then,
02:53
but to me, that trick,
02:56
it felt like this,
02:57
like I had discovered limitless potential
03:00
at my fingertips.
03:02
This is the rush of power that hackers feel.
03:04
It's geeks just like me
03:07
discovering they have access to superpower,
03:10
one that requires the skill and tenacity
03:13
of their intellect,
03:16
but thankfully no radioactive spiders.
03:18
But with great power
03:21
comes great responsibility,
03:23
and you all like to think that if we had such powers,
03:25
we would only use them for good.
03:29
But what if you could read your ex's emails,
03:31
or add a couple zeros to your bank account.
03:35
What would you do then?
03:38
Indeed, many hackers do not resist
03:40
those temptations,
03:42
and so they are responsible in one way or another
03:44
to billions of dollars lost each year
03:47
to fraud, malware or plain old identity theft,
03:49
which is a serious issue.
03:53
But there are other hackers,
03:55
hackers who just like to break things,
03:57
and it is precisely those hackers
03:59
that can find the weaker elements in our world
04:02
and make us fix it.
04:05
This is what happened last year
04:07
when another security researcher
04:09
called Kyle Lovett
04:11
discovered a gaping hole
04:12
in the design of certain wireless routers
04:14
like you might have in your home or office.
04:17
He learned that anyone could remotely connect
04:20
to these devices over the Internet
04:22
and download documents from hard drives
04:24
attached to those routers,
04:27
no password needed.
04:29
He reported it to the company, of course,
04:31
but they ignored his report.
04:34
Perhaps they thought universal access
04:36
was a feature, not a bug,
04:38
until two months ago
04:41
when a group of hackers used it
04:43
to get into people's files.
04:44
But they didn't steal anything.
04:46
They left a note:
04:49
Your router and your documents
04:51
can be accessed by anyone in the world.
04:53
Here's what you should do to fix it.
04:55
We hope we helped.
04:57
By getting into people's files like that,
05:00
yeah, they broke the law,
05:02
but they also forced that company
05:04
to fix their product.
05:06
Making vulnerabilities known to the public
05:08
is a practice called full disclosure
05:10
in the hacker community,
05:13
and it is controversial,
05:15
but it does make me think of how hackers
05:17
have an evolving effect on technologies we use
05:19
every day.
05:22
This is what Khalil did.
05:24
Khalil is a Palestinian hacker from the West Bank,
05:26
and he found a serious privacy flaw on Facebook
05:28
which he attempted to report
05:32
through the company's bug bounty program.
05:34
These are usually great arrangements for companies
05:37
to reward hackers disclosing vulnerabilities
05:40
they find in their code.
05:43
Unfortunately, due to some miscommunications,
05:45
his report was not acknowledged.
05:48
Frustrated with the exchange,
05:51
he took to use his own discovery
05:53
to post on Mark Zuckerberg's wall.
05:57
This got their attention, all right,
06:00
and they fixed the bug,
06:02
but because he hadn't reported it properly,
06:06
he was denied the bounty usually paid out
06:09
for such discoveries.
06:11
Thankfully for Khalil,
06:13
a group of hackers were watching out for him.
06:15
In fact, they raised more than 13,000 dollars
06:18
to reward him for this discovery,
06:22
raising a vital discussion in the technology industry
06:24
about how we come up with incentives
06:27
for hackers to do the right thing.
06:30
But I think there's a greater story here still.
06:32
Even companies founded by hackers,
06:35
like Facebook was,
06:38
still have a complicated relationship
06:41
when it comes to hackers.
06:43
And so for more conservative organizations,
06:45
it is going to take time and adapting
06:48
in order to embrace hacker culture
06:52
and the creative chaos that it brings with it.
06:54
But I think it's worth the effort,
06:57
because the alternative,
07:00
to blindly fight all hackers,
07:02
is to go against the power you cannot control
07:05
at the cost of stifling innovation
07:08
and regulating knowledge.
07:11
These are things that will come back and bite you.
07:14
It is even more true
07:18
if we go after hackers
07:19
that are willing to risk their own freedom
07:21
for ideals like the freedom of the web,
07:24
especially in times like this, like today even,
07:27
as governments and corporates
07:31
fight to control the Internet.
07:34
I find it astounding
07:37
that someone from the shadowy
corners of cyberspace
07:40
can become its voice of opposition,
07:43
its last line of defense even,
07:45
perhaps someone like Anonymous,
07:48
the leading brand of global hacktivism.
07:51
This universal hacker movement
07:55
needs no introduction today,
07:58
but six years ago
07:59
they were not much more than an Internet subculture
08:01
dedicated to sharing silly pictures of funny cats
08:05
and Internet trolling campaigns.
08:08
Their moment of transformation was in early 2008
08:11
when the Church of Scientology
08:16
attempted to remove certain leaked videos
08:18
from appearing on certain websites.
08:21
This is when Anonymous was forged
08:25
out of the seemingly random collection
08:27
of Internet dwellers.
08:30
It turns out,
08:32
the Internet doesn't like it
08:34
when you try to remove things from it,
08:36
and it will react with cyberattacks
08:38
and elaborate pranks
08:41
and with a series of organized protests
08:43
all around the world,
08:46
from my hometown of Tel Aviv
08:47
to Adelaide, Australia.
08:49
This proved that Anonymous and this idea
08:52
can rally the masses from the keyboards
08:55
to the streets,
08:58
and it laid the foundations
08:59
for dozens of future operations
09:01
against perceived injustices
09:04
to their online and offline world.
09:05
Since then, they've gone after many targets.
09:09
They've uncovered corruption, abuse.
09:11
They've hacked popes and politicians,
09:14
and I think their effect is larger
09:16
than simple denial of service attacks
09:18
that take down websites
09:21
or even leak sensitive documents.
09:22
I think that, like Robin Hood,
09:26
they are in the business of redistribution,
09:29
but what they are after isn't your money.
09:33
It's not your documents. It's your attention.
09:36
They grab the spotlight for causes they support,
09:40
forcing us to take note,
09:45
acting as a global magnifying glass
09:48
for issues that we are not as aware of
09:50
but perhaps we should be.
09:52
They have been called many names
09:54
from criminals to terrorists,
09:56
and I cannot justify their illegal means,
09:58
but the ideas they fight for
10:01
are ones that matter to us all.
10:03
The reality is,
10:07
hackers can do a lot more than break things.
10:09
They can bring people together.
10:12
And if the Internet doesn't like it
10:15
when you try to remove things from it,
10:17
just watch what happens
10:20
when you try to shut the Internet down.
10:21
This took place in Egypt in January 2011,
10:23
and as President Hosni Mubarak
10:28
attempted a desperate move
10:31
to quash the rising revolution on the streets of Cairo,
10:33
he sent his personal troops
10:37
down to Egypt's Internet service providers
10:39
and had them physically kill the switch
10:43
on the country's connection to the world overnight.
10:45
For a government to do a thing like that
10:49
was unprecedented,
10:51
and for hackers, it made it personal.
10:53
Hackers like the Telecomix group
10:56
were already active on the ground,
10:58
helping Egyptians bypass censorship
11:00
using clever workarounds like Morse code
11:03
and ham radio.
11:05
It was high season for low tech,
11:07
which the government couldn't block,
11:10
but when the Net went completely down,
11:12
Telecomix brought in the big guns.
11:15
They found European service providers
11:18
that still had 20-year-old
11:21
analog dial-up access infrastructure.
11:23
They opened up 300 of those lines
11:25
for Egyptians to use,
11:29
serving slow but sweet Internet connection
11:31
for Egyptians.
11:34
This worked.
11:36
It worked so well, in fact,
11:37
one guy even used it to download an episode
11:39
of "How I Met Your Mother."
11:41
But while Egypt's future is still uncertain,
11:45
when the same thing happened in Syria
11:49
just one year later,
11:52
Telecomix were prepared with those Internet lines,
11:53
and Anonymous,
11:57
they were perhaps the first international group
11:58
to officially denounce the actions
12:00
of the Syrian military
12:02
by defacing their website.
12:04
But with this sort of power,
12:07
it really depends on where you stand,
12:10
because one man's hero
12:13
can be another's villain,
12:16
and so the Syrian Electronic Army
12:18
is a pro-Assad group of hackers
12:21
who support his contentious regime.
12:23
They've taken down multiple high-profile targets
12:26
in the past few years,
12:29
including the Associated Press's Twitter account,
12:30
in which they posted a message
12:34
about an attack on the White House
12:37
injuring President Obama.
12:39
This tweet was fake, of course,
12:42
but the resulting drop in the Dow Jones index
12:44
that day was most certainly not,
12:47
and a lot of people lost a lot of money.
12:51
This sort of thing is happening
all over the world right now.
12:54
In conflicts from the Crimean Peninsula
12:58
to Latin America,
13:01
from Europe to the United States,
13:03
hackers are a force for social,
13:05
political and military influence.
13:08
As individuals or in groups,
13:12
volunteers or military conflicts,
13:14
there are hackers everywhere.
13:17
They come from all walks of life,
13:20
ethnicities, ideologies and genders, I might add.
13:22
They are now shaping the world's stage.
13:27
Hackers represent an exceptional force for change
13:31
in the 21st century.
13:33
This is because access to information
13:36
is a critical currency of power,
13:38
one which governments would like to control,
13:41
a thing they attempt to do by setting up
13:44
all-you-can-eat surveillance programs,
13:47
a thing they need hackers for, by the way.
13:50
And so the establishment has long had
13:53
a love-hate relationship when it comes to hackers,
13:56
because the same people who demonize hacking
14:00
also utilize it at large.
14:02
Two years ago,
14:07
I saw General Keith Alexander.
14:09
He's the NSA director and U.S. cyber commander,
14:11
but instead of his four star general uniform,
14:16
he was wearing jeans and a t-shirt.
14:19
This was at DEF CON,
14:22
the world's largest hacker conference.
14:23
Perhaps like me, General Alexander
14:27
didn't see 12,000 criminals that day in Vegas.
14:28
I think he saw untapped potential.
14:32
In fact, he was there to give a hiring pitch.
14:35
"In this room right here," he said,
14:39
"is the talent our nation needs."
14:41
Well, hackers in the back row replied,
14:44
"Then stop arresting us."
14:47
(Applause)
14:49
Indeed, for years,
14:53
hackers have been on the wrong side of the fence,
14:55
but in light of what we know now,
14:58
who is more watchful of our online world?
15:01
The rules of the game are not that clear anymore,
15:05
but hackers are perhaps the only ones
15:08
still capable of challenging
overreaching governments
15:12
and data-hoarding corporates
15:16
on their own playing field.
15:18
To me, that represents hope.
15:20
For the past three decades,
15:23
hackers have done a lot of things,
15:25
but they have also impacted civil liberties,
15:26
innovation and Internet freedom,
15:30
so I think it's time we take a good look
15:32
at how we choose to portray them,
15:35
because if we keep expecting
them to be the bad guys,
15:37
how can they be the heroes too?
15:41
My years in the hacker world
15:44
have made me realize
15:46
both the problem and the beauty about hackers:
15:48
They just can't see something broken in the world
15:53
and leave it be.
15:57
They are compelled
15:58
to either exploit it or try and change it,
16:00
and so they find the vulnerable aspects
16:03
in our rapidly changing world.
16:07
They make us, they force us to fix things
16:09
or demand something better,
16:14
and I think we need them
16:16
to do just that,
16:17
because after all, it is not information
16:20
that wants to be free, it's us.
16:23
Thank you very much.
16:26
Thank you. (Applause)
16:29
Hack the planet!
16:32

▲Back to top

About the speaker:

Keren Elazari - Cybersecurity expert
Keren Elazari charts the transformation of hackers from cyberpunk protagonists to powerful hacktivists, lone rangers and digital robin hoods who are the unsung heroes of the digital frontier.

Why you should listen

A GigaOM analyst and Israeli hacking scene insider, Keren Elazari moves through business, academic and security circles, researching new technologies and emerging security threats. Inspired by science fiction in her teenage years and fuelled by insatiable curiosity, Elazari spent years investigating the darker corners of cyberspace.

Today, she emerges with a new understanding of the hacker underworld. Information is the new currency of our digital society, and those who can control it have become powerful actors -- whether they choose to be heroes or villains. As she says, "Hacking has become a superpower that can positively impact millions worldwide – if we learn how to harness it.”

More profile about the speaker
Keren Elazari | Speaker | TED.com