TEDGlobal>London
Rodrigo Bijou: Governments don't understand cyber warfare. We need hackers
Filmed:
Readability: 5.6
1,396,708 views
The Internet has transformed the front lines of war, and it's leaving governments behind. As security analyst Rodrigo Bijou shows, modern conflict is being waged online between non-state groups, activists and private corporations, and the digital landscape is proving to be fertile ground for the recruitment and radicalization of terrorists. Meanwhile, draconian surveillance programs are ripe for exploitation. Bijou urges governments to end mass surveillance programs and shut "backdoors" -- and he makes a bold call for individuals to step up.
Rodrigo Bijou - Security researcher
Rodrigo Bijou's work focuses on the cross section of intelligence, data science and information security. Full bio
Rodrigo Bijou's work focuses on the cross section of intelligence, data science and information security. Full bio
Double-click the English transcript below to play the video.
00:12
In 2008, Burhan Hassan, age 17,
0
840
4096
00:16
boarded a flight from Minneapolis
1
4960
1936
00:18
to the Horn of Africa.
2
6920
2296
00:21
And while Burhan was the youngest recruit,
3
9240
2416
00:23
he was not alone.
4
11680
1656
00:25
Al-Shabaab managed to recruit
over two dozen young men
over two dozen young men
5
13360
3376
00:28
in their late teens and early 20s
6
16760
2576
00:31
with a heavy presence
on social media platforms like Facebook.
on social media platforms like Facebook.
7
19360
4016
00:35
With the Internet and other technologies,
8
23400
2256
00:37
they've changed our everyday lives,
9
25680
1696
00:39
but they've also changed
recruitment, radicalization
recruitment, radicalization
10
27400
3816
00:43
and the front lines of conflict today.
11
31240
2720
00:47
What about the links connecting Twitter,
12
35680
2456
00:50
Google and protesters
fighting for democracy?
fighting for democracy?
13
38160
3936
00:54
These numbers represent
Google's public DNS servers,
Google's public DNS servers,
14
42120
4016
00:58
effectively the only
digital border crossing
digital border crossing
15
46160
2536
01:00
protesters had and could use
16
48720
2056
01:02
to communicate with each other,
to reach the outside world
to reach the outside world
17
50800
2816
01:05
and to spread viral awareness
18
53640
1616
01:07
of what was happening
in their own country.
in their own country.
19
55280
2280
01:10
Today, conflict is essentially borderless.
20
58960
2416
01:13
If there are bounds to conflict today,
21
61400
2656
01:16
they're bound by digital,
not physical geography.
not physical geography.
22
64080
3896
01:20
And under all this is a vacuum of power
23
68000
3056
01:23
where non-state actors, individuals
and private organizations
and private organizations
24
71080
4056
01:27
have the advantage over slow, outdated
military and intelligence agencies.
military and intelligence agencies.
25
75160
5240
01:33
And this is because,
in the digital age of conflict,
in the digital age of conflict,
26
81240
2776
01:36
there exists a feedback loop
27
84040
2256
01:38
where new technologies,
platforms like the ones I mentioned,
platforms like the ones I mentioned,
28
86320
2856
01:41
and more disruptive ones,
29
89200
1456
01:42
can be adapted, learned, and deployed
by individuals and organizations
by individuals and organizations
30
90680
4776
01:47
faster than governments can react.
31
95480
2520
01:51
To understand the pace
of our own government thinking on this,
of our own government thinking on this,
32
99840
4096
01:55
I like to turn to something aptly named
33
103960
1976
01:57
the Worldwide Threat Assessment,
34
105960
3136
02:01
where every year the Director
of National Intelligence in the US
of National Intelligence in the US
35
109120
3696
02:04
looks at the global threat landscape,
36
112840
2816
02:07
and he says, "These are the threats,
these are the details,
these are the details,
37
115680
3256
02:10
and this is how we rank them."
38
118960
2056
02:13
In 2007, there was absolutely
no mention of cyber security.
no mention of cyber security.
39
121040
3416
02:16
It took until 2011,
when it came at the end,
when it came at the end,
40
124480
3695
02:20
where other things, like West
African drug trafficking, took precedence.
African drug trafficking, took precedence.
41
128199
3897
02:24
In 2012, it crept up, still behind things
like terrorism and proliferation.
like terrorism and proliferation.
42
132120
5496
02:29
In 2013, it became the top threat,
43
137640
2096
02:31
in 2014 and for the foreseeable future.
44
139760
3480
02:36
What things like that show us
45
144240
1656
02:37
is that there is
a fundamental inability today
a fundamental inability today
46
145920
2976
02:40
on the part of governments
to adapt and learn in digital conflict,
to adapt and learn in digital conflict,
47
148920
4640
02:46
where conflict can be immaterial,
borderless, often wholly untraceable.
borderless, often wholly untraceable.
48
154120
4560
02:51
And conflict isn't just online to offline,
as we see with terrorist radicalization,
as we see with terrorist radicalization,
49
159560
4616
02:56
but it goes the other way as well.
50
164200
2080
02:59
We all know the horrible events
that unfolded in Paris this year
that unfolded in Paris this year
51
167520
3536
03:03
with the Charlie Hebdo terrorist attacks.
52
171080
1953
03:05
What an individual hacker or a small group
of anonymous individuals did
of anonymous individuals did
53
173057
4479
03:09
was enter those social media conversations
that so many of us took part in.
that so many of us took part in.
54
177560
4616
03:14
#JeSuisCharlie.
55
182200
2136
03:16
On Facebook, on Twitter, on Google,
56
184360
2216
03:18
all sorts of places where millions
of people, myself included,
of people, myself included,
57
186600
3456
03:22
were talking about the events
58
190080
1616
03:23
and saw images like this,
59
191720
1456
03:25
the emotional, poignant image of a baby
with "Je suis Charlie" on its wrist.
with "Je suis Charlie" on its wrist.
60
193200
5136
03:30
And this turned into a weapon.
61
198360
2096
03:32
What the hackers did
was weaponize this image,
was weaponize this image,
62
200480
2336
03:34
where unsuspecting victims,
63
202840
1656
03:36
like all of us in those conversations,
64
204520
1896
03:38
saw this image, downloaded it
65
206440
2616
03:41
but it was embedded with malware.
66
209080
2136
03:43
And so when you downloaded this image,
67
211240
1976
03:45
it hacked your system.
68
213240
2056
03:47
It took six days to deploy
a global malware campaign.
a global malware campaign.
69
215320
4040
03:52
The divide between physical
and digital domains today
and digital domains today
70
220400
2736
03:55
ceases to exist,
71
223160
1416
03:56
where we have offline attacks
like those in Paris
like those in Paris
72
224600
2936
03:59
appropriated for online hacks.
73
227560
2240
04:03
And it goes the other way as well,
with recruitment.
with recruitment.
74
231320
2456
04:05
We see online radicalization of teens,
75
233800
2456
04:08
who can then be deployed globally
for offline terrorist attacks.
for offline terrorist attacks.
76
236280
4280
04:13
With all of this, we see that there's
a new 21st century battle brewing,
a new 21st century battle brewing,
77
241480
4856
04:18
and governments
don't necessarily take a part.
don't necessarily take a part.
78
246360
2160
04:21
So in another case,
Anonymous vs. Los Zetas.
Anonymous vs. Los Zetas.
79
249560
5336
04:26
In early September 2011 in Mexico,
80
254920
2536
04:29
Los Zetas, one of the most
powerful drug cartels,
powerful drug cartels,
81
257480
3056
04:32
hung two bloggers with a sign that said,
82
260560
2336
04:34
"This is what will happen
to all Internet busybodies."
to all Internet busybodies."
83
262920
3680
04:39
A week later, they beheaded a young girl.
84
267720
1976
04:41
They severed her head,
put it on top of her computer
put it on top of her computer
85
269720
2456
04:44
with a similar note.
86
272200
1216
04:45
And taking the digital counteroffensive
87
273440
2856
04:48
because governments couldn't even
understand what was going on or act,
understand what was going on or act,
88
276320
3286
04:51
Anonymous, a group we might not associate
as the most positive force in the world,
as the most positive force in the world,
89
279630
3896
04:55
took action,
90
283550
1186
04:56
not in cyber attacks, but threatening
information to be free.
information to be free.
91
284760
3600
05:01
On social media, they said,
92
289920
1696
05:03
"We will release information
93
291640
1656
05:05
that ties prosecutors and governors
to corrupt drug deals with the cartel."
to corrupt drug deals with the cartel."
94
293320
4320
05:10
And escalating that conflict,
95
298800
2376
05:13
Los Zetas said, "We will kill 10 people
for every bit of information you release."
for every bit of information you release."
96
301200
5800
05:19
And so it ended there because
it would become too gruesome to continue.
it would become too gruesome to continue.
97
307880
4640
05:25
But what was powerful about this
98
313560
2040
05:28
was that anonymous individuals,
99
316640
2576
05:31
not federal policia,
not military, not politicians,
not military, not politicians,
100
319240
3616
05:34
could strike fear deep into the heart
101
322880
4176
05:39
of one of the most powerful,
violent organizations in the world.
violent organizations in the world.
102
327080
4400
05:44
And so we live in an era
103
332320
2176
05:46
that lacks the clarity
of the past in conflict,
of the past in conflict,
104
334520
3536
05:50
in who we're fighting,
in the motivations behind attacks,
in the motivations behind attacks,
105
338080
3816
05:53
in the tools and techniques used,
106
341920
1856
05:55
and how quickly they evolve.
107
343800
1640
05:58
And the question still remains:
108
346720
1496
06:00
what can individuals,
organizations and governments do?
organizations and governments do?
109
348240
5536
06:05
For answers to these questions,
it starts with individuals,
it starts with individuals,
110
353800
2816
06:08
and I think peer-to-peer security
is the answer.
is the answer.
111
356640
2760
06:12
Those people in relationships
that bought over teens online,
that bought over teens online,
112
360800
3936
06:16
we can do that with peer-to-peer security.
113
364760
2056
06:18
Individuals have more power
than ever before
than ever before
114
366840
2536
06:21
to affect national
and international security.
and international security.
115
369400
2920
06:25
And we can create those positive
peer-to-peer relationships
peer-to-peer relationships
116
373360
3256
06:28
on and offline,
117
376640
1200
06:30
we can support and educate the next
generation of hackers, like myself,
generation of hackers, like myself,
118
378720
4336
06:35
instead of saying, "You can either be
a criminal or join the NSA."
a criminal or join the NSA."
119
383080
3560
06:39
That matters today.
120
387360
1360
06:41
And it's not just individuals --
it's organizations, corporations even.
it's organizations, corporations even.
121
389840
5296
06:47
They have an advantage
to act across more borders,
to act across more borders,
122
395160
2536
06:49
more effectively and more rapidly
than governments can,
than governments can,
123
397720
3536
06:53
and there's a set
of real incentives there.
of real incentives there.
124
401280
2880
06:57
It's profitable and valuable
125
405440
1696
06:59
to be seen as trustworthy
in the digital age,
in the digital age,
126
407160
3496
07:02
and will only be more so
in future generations to come.
in future generations to come.
127
410680
3976
07:06
But we still can't ignore government,
128
414680
1816
07:08
because that's who we turn to
for collective action
for collective action
129
416520
3336
07:11
to keep us safe and secure.
130
419880
2760
07:16
But we see where that's gotten us so far,
131
424080
3016
07:19
where there's an inability to adapt
and learn in digital conflict,
and learn in digital conflict,
132
427120
3736
07:22
where at the highest levels of leadership,
133
430880
3056
07:25
the Director of the CIA,
Secretary of Defense,
Secretary of Defense,
134
433960
2376
07:28
they say, "Cyber Pearl Harbor will happen."
"Cyber 9/11 is imminent."
"Cyber 9/11 is imminent."
135
436360
4440
07:35
But this only makes us
more fearful, not more secure.
more fearful, not more secure.
136
443080
3000
07:39
By banning encryption in favor
of mass surveillance and mass hacking,
of mass surveillance and mass hacking,
137
447200
3736
07:42
sure, GCHQ and the NSA can spy on you.
138
450960
2720
07:46
But that doesn't mean
that they're the only ones that can.
that they're the only ones that can.
139
454880
2715
07:49
Capabilities are cheap, even free.
140
457619
2157
07:51
Technical ability
is rising around the world,
is rising around the world,
141
459800
2616
07:54
and individuals and small groups
have the advantage.
have the advantage.
142
462440
3520
07:59
So today it might just be
the NSA and GCHQ,
the NSA and GCHQ,
143
467520
2936
08:02
but who's to say that the Chinese
can't find that backdoor?
can't find that backdoor?
144
470480
2762
08:06
Or in another generation,
some kid in his basement in Estonia?
some kid in his basement in Estonia?
145
474120
3120
08:10
And so I would say that it's
not what governments can do,
not what governments can do,
146
478880
4776
08:15
it's that they can't.
147
483680
1280
08:17
Governments today
need to give up power and control
need to give up power and control
148
485720
4496
08:22
in order to help make us more secure.
149
490240
2280
08:25
Giving up mass surveillance and hacking
and instead fixing those backdoors
and instead fixing those backdoors
150
493600
4096
08:29
means that, yeah, they can't spy on us,
151
497720
2256
08:32
but neither can the Chinese
152
500000
1336
08:33
or that hacker in Estonia
a generation from now.
a generation from now.
153
501360
2360
08:37
And government support
for technologies like Tor and Bitcoin
for technologies like Tor and Bitcoin
154
505280
3456
08:40
mean giving up control,
155
508760
1576
08:42
but it means that developers, translators,
anybody with an Internet connection,
anybody with an Internet connection,
156
510360
4295
08:46
in countries like Cuba, Iran and China,
can sell their skills, their products,
can sell their skills, their products,
157
514679
4096
08:50
in the global marketplace,
158
518799
1377
08:52
but more importantly sell their ideas,
159
520200
2216
08:54
show us what's happening
in their own countries.
in their own countries.
160
522440
2680
08:58
And so it should be not fearful,
161
526080
2296
09:00
it should be inspiring
to the same governments
to the same governments
162
528400
2416
09:02
that fought for civil rights,
free speech and democracy
free speech and democracy
163
530840
2856
09:05
in the great wars of the last century,
164
533720
2016
09:07
that today, for the first time
in human history,
in human history,
165
535760
3056
09:10
we have a technical opportunity
166
538840
2216
09:13
to make billions of people
safer around the world
safer around the world
167
541080
2616
09:15
that we've never had before
in human history.
in human history.
168
543720
2536
09:18
It should be inspiring.
169
546280
2080
09:21
(Applause)
170
549840
5400
ABOUT THE SPEAKER
Rodrigo Bijou - Security researcherRodrigo Bijou's work focuses on the cross section of intelligence, data science and information security.
Why you should listen
Rodrigo Bijou is an information security researcher with a background in threat intelligence, security analytics and privacy technology. Named a Global Privacy Scholar by the International Association of Privacy Professionals, he is also currently a Watson Fellow exploring “Trust in Technology.”
Bijou previously worked as a consultant to the finance and technology industries and at companies such as Palantir. When not hacking data directly, Rodrigo can be found writing policy analysis in outlets such as IHS Jane’s Intelligence Review and the Harvard Law Review.
Rodrigo Bijou | Speaker | TED.com