ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com
TEDxBrussels

Mikko Hypponen: Three types of online attack

Mikko Hypponen: Três tipos de ataque online

Filmed:
1,057,532 views

Especialista em cibercrimes Mikko Hypponen nos fala sobre os três tipos de ataque online à nossa privacidade e informações -- e somente dois deles são considerados crimes. "Confiaremos cegamente em qualquer governo futuro? Porque qualquer direito que abrimos mão, abrimos mão para sempre."
- Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance? Full bio

Double-click the English transcript below to play the video.

00:20
In the 1980s
0
5000
3000
Nos anos 80
00:23
in the communist Eastern Germany,
1
8000
3000
na Alemanha Oriental comunista,
00:26
if you owned a typewriter,
2
11000
4000
se você possuía uma máquina de escrever,
00:30
you had to register it with the government.
3
15000
2000
tinha que registrá-la junto ao governo.
00:32
You had to register
4
17000
2000
Você tinha que registrar
00:34
a sample sheet of text
5
19000
2000
uma amostra de texto
00:36
out of the typewriter.
6
21000
2000
feito na máquina de escrever.
00:38
And this was done
7
23000
2000
Isso era feito
00:40
so the government could track where text was coming from.
8
25000
3000
para que o governo pudesse rastrear a origem de um texto.
00:43
If they found a paper
9
28000
3000
Se encontrassem um papel
00:46
which had the wrong kind of thought,
10
31000
3000
que tivesse o tipo errado de pensamento,
00:49
they could track down
11
34000
2000
eles poderiam rastrear
00:51
who created that thought.
12
36000
2000
quem criou esse pensamento.
00:53
And we in the West
13
38000
3000
Nós no Ocidente
00:56
couldn't understand how anybody could do this,
14
41000
3000
não podíamos entender como alguém faria isto,
00:59
how much this would restrict freedom of speech.
15
44000
3000
o quanto isto restringiria a liberdade de expressão.
01:02
We would never do that
16
47000
2000
Nunca faríamos isso
01:04
in our own countries.
17
49000
3000
em nossos países.
01:07
But today in 2011,
18
52000
3000
Mas hoje em 2011,
01:10
if you go and buy a color laser printer
19
55000
4000
se você comprar uma impressora laser colorida
01:14
from any major laser printer manufacturer
20
59000
3000
de qualquer grande fabricante
01:17
and print a page,
21
62000
2000
e imprimir uma página,
01:19
that page will end up
22
64000
2000
esta página acabará
01:21
having slight yellow dots
23
66000
3000
tendo pontos ligeiramente amarelados
01:24
printed on every single page
24
69000
2000
impressos em todas páginas
01:26
in a pattern which makes the page unique
25
71000
3000
em um padrão que torna a página única
01:29
to you and to your printer.
26
74000
4000
para você e sua impressora.
01:33
This is happening
27
78000
2000
Isto está acontecendo
01:35
to us today.
28
80000
3000
conosco hoje.
01:38
And nobody seems to be making a fuss about it.
29
83000
4000
E parece que ninguém está reclamando.
01:42
And this is an example
30
87000
3000
Isto é um exemplo
01:45
of the ways
31
90000
2000
das maneiras
01:47
that our own governments
32
92000
3000
que nossos próprios governos
01:50
are using technology
33
95000
2000
estão usando tecnologia
01:52
against us, the citizens.
34
97000
4000
contra nós, cidadãos.
01:56
And this is one of the main three sources
35
101000
3000
Esta é uma das três fontes principais
01:59
of online problems today.
36
104000
2000
de problemas online hoje.
02:01
If we take a look at what's really happening in the online world,
37
106000
3000
Se dermos uma olhada no que realmente acontece no mundo online,
02:04
we can group the attacks based on the attackers.
38
109000
3000
podemos agrupar os ataques baseados nos agressores.
02:07
We have three main groups.
39
112000
2000
Temos 3 grupos principais.
02:09
We have online criminals.
40
114000
2000
Temos criminosos online.
02:11
Like here, we have Mr. Dimitry Golubov
41
116000
2000
Como aqui, temos o Sr. Dimitry Golubov
02:13
from the city of Kiev in Ukraine.
42
118000
2000
da cidade de Kiev na Ucrânia.
02:15
And the motives of online criminals
43
120000
3000
Os motivos dos criminosos online
02:18
are very easy to understand.
44
123000
2000
são fáceis de entender.
02:20
These guys make money.
45
125000
2000
Estes caras ganham dinheiro.
02:22
They use online attacks
46
127000
2000
Eles usam ataques online
02:24
to make lots of money,
47
129000
2000
para ganhar rios de dinheiro,
02:26
and lots and lots of it.
48
131000
2000
mas muito, muito mesmo.
02:28
We actually have several cases
49
133000
2000
Na verdade temos muitos casos
02:30
of millionaires online, multimillionaires,
50
135000
3000
de milionários online, multimilionários,
02:33
who made money with their attacks.
51
138000
2000
que ganharam dinheiro com seus ataques.
02:35
Here's Vladimir Tsastsin form Tartu in Estonia.
52
140000
3000
Aqui é o Vladimir Tsastsin de Tartu na Estônia.
02:38
This is Alfred Gonzalez.
53
143000
2000
Este é Alfred Gonzalez.
02:40
This is Stephen Watt.
54
145000
2000
Este é Stephen Watt.
02:42
This is Bjorn Sundin.
55
147000
2000
Este é Bjorn Sundin.
02:44
This is Matthew Anderson, Tariq Al-Daour
56
149000
3000
Este é Matthew Anderson, Tariq Al-Daour
02:47
and so on and so on.
57
152000
2000
e por aí vai.
02:49
These guys
58
154000
2000
Estes caras
02:51
make their fortunes online,
59
156000
2000
fazem suas fortunas online,
02:53
but they make it through the illegal means
60
158000
3000
mas através de meios ilegais
02:56
of using things like banking trojans
61
161000
2000
usando coisas como cavalos de tróia em bancos
02:58
to steal money from our bank accounts
62
163000
2000
para roubar dinheiro das nossas contas
03:00
while we do online banking,
63
165000
2000
enquanto acessamos nossos bancos,
03:02
or with keyloggers
64
167000
2000
ou com 'keyloggers'
03:04
to collect our credit card information
65
169000
3000
para coletar informações dos nossos cartões de crédito
03:07
while we are doing online shopping from an infected computer.
66
172000
3000
enquanto fazemos compras online em um computador infectado.
03:10
The U.S. Secret Service,
67
175000
2000
O Serviço Secreto americano,
03:12
two months ago,
68
177000
2000
dois meses atrás,
03:14
froze the Swiss bank account
69
179000
2000
bloqueou a conta na Suíça
03:16
of Mr. Sam Jain right here,
70
181000
2000
deste Sr. Sam Jain,
03:18
and that bank account had 14.9 million U.S. dollars on it
71
183000
3000
e a conta bancária tinha 14,9 milhões de dólares americanos
03:21
when it was frozen.
72
186000
2000
quando foi bloqueada.
03:23
Mr. Jain himself is on the loose;
73
188000
2000
o Sr. Jain está a solta;
03:25
nobody knows where he is.
74
190000
3000
ninguém sabe onde ele está.
03:28
And I claim it's already today
75
193000
3000
Eu afirmo que hoje já é
03:31
that it's more likely for any of us
76
196000
3000
mais provável para qualquer um de nós
03:34
to become the victim of a crime online
77
199000
3000
ser vítima de um crime online
03:37
than here in the real world.
78
202000
3000
do que no mundo real.
03:40
And it's very obvious
79
205000
2000
É bem óbvio
03:42
that this is only going to get worse.
80
207000
2000
que só vai piorar.
03:44
In the future, the majority of crime
81
209000
2000
No futuro, a maioria dos crimes
03:46
will be happening online.
82
211000
3000
acontecerá online.
03:50
The second major group of attackers
83
215000
2000
O segundo maior grupo de criminosos
03:52
that we are watching today
84
217000
2000
que estamos observando hoje
03:54
are not motivated by money.
85
219000
2000
não são motivados pelo dinheiro.
03:56
They're motivated by something else --
86
221000
2000
Eles são motivados por outra coisa --
03:58
motivated by protests,
87
223000
2000
motivados por protestos,
04:00
motivated by an opinion,
88
225000
2000
motivados por uma opinião,
04:02
motivated by the laughs.
89
227000
3000
motivados pelas risadas.
04:05
Groups like Anonymous
90
230000
2000
Grupos como o Anonymous
04:07
have risen up over the last 12 months
91
232000
3000
têm se destacado nos últimos 12 meses
04:10
and have become a major player
92
235000
2000
e se tornaram uma figura de peso
04:12
in the field of online attacks.
93
237000
3000
no campo dos ataques online.
04:15
So those are the three main attackers:
94
240000
2000
Esses são os três principais criminosos:
04:17
criminals who do it for the money,
95
242000
2000
aqueles que fazem por dinheiro,
04:19
hacktivists like Anonymous
96
244000
3000
hacktivistas como o Anonymous
04:22
doing it for the protest,
97
247000
2000
fazendo pelo protesto,
04:24
but then the last group are nation states,
98
249000
3000
mas então o último grupo são estados-nações,
04:27
governments doing the attacks.
99
252000
3000
governos fazendo ataques.
04:31
And then we look at cases
100
256000
2000
E então olhamos os casos
04:33
like what happened in DigiNotar.
101
258000
2000
como o que aconteceu na DigiNotar.
04:35
This is a prime example of what happens
102
260000
2000
É um bom exemplo do que acontece
04:37
when governments attack
103
262000
2000
quando governos atacam
04:39
against their own citizens.
104
264000
2000
os seus próprios cidadãos.
04:41
DigiNotar is a Certificate Authority
105
266000
3000
DigiNotar faz certificação eletrônica
04:44
from The Netherlands --
106
269000
2000
para os Países-Baixos --
04:46
or actually, it was.
107
271000
2000
ou melhor, fazia.
04:48
It was running into bankruptcy
108
273000
2000
Entrou em falência
04:50
last fall
109
275000
3000
no outono passado
04:53
because they were hacked into.
110
278000
2000
porque eles foram hackeados.
04:55
Somebody broke in
111
280000
2000
Alguém invadiu
04:57
and they hacked it thoroughly.
112
282000
3000
e os hackeou de cima a baixo.
05:00
And I asked last week
113
285000
2000
Eu perguntei semana passada
05:02
in a meeting with Dutch government representatives,
114
287000
4000
em um encontro com representantes do governo holândes,
05:06
I asked one of the leaders of the team
115
291000
5000
pedi a um dos líderes da equipe
05:11
whether he found plausible
116
296000
3000
se ele achava plausível
05:14
that people died
117
299000
3000
que pessoas morreram
05:17
because of the DigiNotar hack.
118
302000
3000
por conta da invasão na DigiNotar.
05:20
And his answer was yes.
119
305000
5000
E ele respondeu que sim.
05:25
So how do people die
120
310000
2000
Como pessoas morrem
05:27
as the result of a hack like this?
121
312000
3000
em resultado de uma invasão assim?
05:30
Well DigiNotar is a C.A.
122
315000
2000
Bom, a DigiNotar é uma certificadora.
05:32
They sell certificates.
123
317000
2000
Ela vende certificados.
05:34
What do you do with certificates?
124
319000
2000
O que se faz com certificados?
05:36
Well you need a certificate
125
321000
2000
Você precisa de um certificado
05:38
if you have a website that has https,
126
323000
2000
se tiver um site na web com https,
05:40
SSL encrypted services,
127
325000
3000
serviços encriptados de SSL,
05:43
services like Gmail.
128
328000
3000
serviços como o Gmail.
05:46
Now we all, or a big part of us,
129
331000
2000
Todos nós, ou grande parte de nós,
05:48
use Gmail or one of their competitors,
130
333000
2000
usa Gmail ou um de seus competidores,
05:50
but these services are especially popular
131
335000
2000
mas estes serviços são especialmente populares
05:52
in totalitarian states
132
337000
2000
em estados totalitários
05:54
like Iran,
133
339000
2000
como o Irã,
05:56
where dissidents
134
341000
2000
onde dissidentes
05:58
use foreign services like Gmail
135
343000
3000
usam serviços estrangeiros como o Gmail
06:01
because they know they are more trustworthy than the local services
136
346000
3000
porque sabem que são mais confiáveis do que os serviços locais
06:04
and they are encrypted over SSL connections,
137
349000
3000
e usam criptografia em conexões SSL,
06:07
so the local government can't snoop
138
352000
2000
assim o governo local não pode bisbilhotar
06:09
on their discussions.
139
354000
2000
em suas discussões.
06:11
Except they can if they hack into a foreign C.A.
140
356000
3000
Exceto se invadirem um certificador estrangeiro
06:14
and issue rogue certificates.
141
359000
2000
e emitirem certificados falsos.
06:16
And this is exactly what happened
142
361000
2000
E foi exatamente o que aconteceu
06:18
with the case of DigiNotar.
143
363000
3000
no caso da DigiNotar.
06:24
What about Arab Spring
144
369000
2000
Que tal a Primavera Árabe
06:26
and things that have been happening, for example, in Egypt?
145
371000
3000
e as coisas que vêm acontecendo, por exemplo, no Egito?
06:29
Well in Egypt,
146
374000
2000
Bom, no Egito
06:31
the rioters looted the headquarters
147
376000
2000
os revoltosos saquearam os quartéis
06:33
of the Egyptian secret police
148
378000
2000
da polícia secreta egípcia
06:35
in April 2011,
149
380000
2000
em abril de 2011,
06:37
and when they were looting the building they found lots of papers.
150
382000
3000
e quando estavam saqueando o prédio encontraram muitos papéis.
06:40
Among those papers,
151
385000
2000
Entre estes papéis,
06:42
was this binder entitled "FINFISHER."
152
387000
2000
estava esta pasta chamada "FINFISHER".
06:44
And within that binder were notes
153
389000
3000
E dentro da pasta estavam notas
06:47
from a company based in Germany
154
392000
2000
de uma companhia com base na Alemanha
06:49
which had sold the Egyptian government
155
394000
3000
que tinha vendido ao governo egípcio
06:52
a set of tools
156
397000
2000
um conjunto de ferramentas
06:54
for intercepting --
157
399000
2000
para interceptar --
06:56
and in very large scale --
158
401000
2000
e em grande escala --
06:58
all the communication of the citizens of the country.
159
403000
2000
toda a comunicação dos cidadãos do país.
07:00
They had sold this tool
160
405000
2000
Eles venderam esta ferramenta
07:02
for 280,000 Euros to the Egyptian government.
161
407000
3000
por 280.000 euros ao governo egípcio.
07:05
The company headquarters are right here.
162
410000
3000
O quartel general da companhia é bem aqui.
07:08
So Western governments
163
413000
2000
Assim governos ocidentais
07:10
are providing totalitarian governments with tools
164
415000
3000
estão municiando governos totalitários com ferramentas
07:13
to do this against their own citizens.
165
418000
3000
para ir contra os seus próprios cidadãos.
07:16
But Western governments are doing it to themselves as well.
166
421000
3000
Mas governos ocidentais fazem também consigo mesmo.
07:19
For example, in Germany,
167
424000
2000
Por exemplo, na Alemanha,
07:21
just a couple of weeks ago
168
426000
2000
algumas semanas atrás
07:23
the so-called State Trojan was found,
169
428000
3000
o assim-chamado vírus Scuinst foi encontrado,
07:26
which was a trojan
170
431000
2000
o qual era um cavalo de tróia
07:28
used by German government officials
171
433000
2000
usado por membros do governo alemão
07:30
to investigate their own citizens.
172
435000
2000
para investigar seus próprios cidadãos.
07:32
If you are a suspect in a criminal case,
173
437000
4000
Se você é suspeito em um crime,
07:36
well it's pretty obvious, your phone will be tapped.
174
441000
2000
bom é bem óbvio, o seu telefone será grampeado.
07:38
But today, it goes beyond that.
175
443000
2000
Mas hoje, vai além disso.
07:40
They will tap your Internet connection.
176
445000
2000
Eles vão grampear a sua conexão com a internet.
07:42
They will even use tools like State Trojan
177
447000
3000
Vão até mesmo usar ferramentas como o Scuinst
07:45
to infect your computer with a trojan,
178
450000
3000
para infectar o seu computador,
07:48
which enables them
179
453000
2000
o que possibilita a eles
07:50
to watch all your communication,
180
455000
2000
vigiar toda a sua comunicação,
07:52
to listen to your online discussions,
181
457000
3000
escutar as suas conversas online,
07:55
to collect your passwords.
182
460000
3000
e armazenar as suas senhas.
08:01
Now when we think deeper
183
466000
2000
Quando pensamos mais a fundo
08:03
about things like these,
184
468000
3000
sobre coisas assim,
08:06
the obvious response from people should be
185
471000
5000
a resposta óbvia das pessoas deveria ser
08:11
that, "Okay, that sounds bad,
186
476000
3000
que, "Certo, parece ruim,
08:14
but that doesn't really affect me because I'm a legal citizen.
187
479000
3000
mas isso não me afeta porque eu sou um cidadão de bem.
08:17
Why should I worry?
188
482000
2000
Por que me preocupar?
08:19
Because I have nothing to hide."
189
484000
3000
Eu não tenho nada a esconder."
08:22
And this is an argument,
190
487000
2000
Esse é um argumento,
08:24
which doesn't make sense.
191
489000
2000
que não faz o menor sentido.
08:26
Privacy is implied.
192
491000
3000
Privacidade é implícita.
08:29
Privacy is not up for discussion.
193
494000
5000
Privacidade não é para ser discutida.
08:34
This is not a question
194
499000
2000
Não é uma questão
08:36
between privacy
195
501000
4000
entre privacidade
08:40
against security.
196
505000
3000
contra segurança.
08:43
It's a question of freedom
197
508000
3000
É uma questão de liberdade
08:46
against control.
198
511000
3000
contra controle.
08:49
And while we might trust our governments
199
514000
4000
Enquanto podemos confiar em nossos governos
08:53
right now, right here in 2011,
200
518000
3000
hoje, agora em 2011,
08:56
any right we give away will be given away for good.
201
521000
3000
qualquer direito de que abrirmos mão será para sempre.
08:59
And do we trust, do we blindly trust,
202
524000
3000
E confiamos, cegamente confiamos,
09:02
any future government,
203
527000
2000
em qualquer futuro governo,
09:04
a government we might have
204
529000
2000
um governo que poderemos ter
09:06
50 years from now?
205
531000
2000
daqui a 50 anos?
09:10
And these are the questions
206
535000
3000
Estas são as questões
09:13
that we have to worry about for the next 50 years.
207
538000
3000
com que teremos que nos preocupar nos próximos 50 anos.
Translated by Lisangelo Berti
Reviewed by Nadja Nathan

▲Back to top

ABOUT THE SPEAKER
Mikko Hypponen - Cybersecurity expert
As computer access expands, Mikko Hypponen asks: What's the next killer virus, and will the world be able to cope with it? And also: How can we protect digital privacy in the age of government surveillance?

Why you should listen

The chief research officer at F-Secure Corporation in Finland, Mikko Hypponen has led his team through some of the largest computer virus outbreaks in history. His team took down the world-wide network used by the Sobig.F worm. He was the first to warn the world about the Sasser outbreak, and he has done classified briefings on the operation of the Stuxnet worm -- a hugely complex worm designed to sabotage Iranian nuclear enrichment facilities.

As a few hundred million more Internet users join the web from India and China and elsewhere, and as governments and corporations become more sophisticated at using viruses as weapons, Hypponen asks, what's next? Who will be at the front defending the world’s networks from malicious software? He says: "It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans."

Even more unsettling: revelations this year that the United States' NSA is conducting widespread digital surveillance of both US citizens and anyone whose data passes through a US entity, and that it has actively sabotaged encryption algorithms. Hypponen has become one of the most outspoken critics of the agency's programs and asks us all: Why are we so willing to hand over digital privacy?

 

 

Read his open-season Q&A on Reddit:"My TED Talk was just posted. Ask me anything.

See the full documentary on the search for the Brain virus

More profile about the speaker
Mikko Hypponen | Speaker | TED.com