ADM-201 dump PMP dumps pdf SSCP exam materials CBAP exam sample questions

网络犯罪从何而来 – 译学馆
未登录,请登录后再发表信息
最新评论 (0)
播放视频

网络犯罪从何而来

Where is cybercrime really coming from? | Caleb Barlow

Cybercrime is out of control.
网络犯罪已经难以遏制
It’s everywhere.
它无处不在
We hear about it every single day.
我们每天都能听到它
This year, over two billion records
今年 有超过20亿的数据记录
lost or stolen.
丢失或被盗
And last year, 100 million of us, mostly Americans,
在去年 1亿人的医保信息落入盗贼手中
lost our health insurance data to thieves — myself included.
绝大多数是美国人 包括我在内
Now what’s particularly concerning about this
尤其令人感到担忧的是
is that in most cases,
在大多数情况下
it was months
人们要在几个月后
before anyone even reported that these records were stolen.
才会报告这些记录已经被盗
So if you watch the evening news,
如果你收看晚间新闻
you would think that most of this
你可能觉得这中间大多是
is espionage or nation-state activity.
间谍活动或是国家级别的行动
And well, some of it is.
没错 某些事件确实是这样
Espionage, you see, is an accepted international practice.
间谍活动是一项已被接受的国际惯例
But in this case,
但是对网络犯罪来说
it is only a small portion
间谍行为只占
of the problem that we’re dealing with.
我们接手的网络犯罪中很小一部分
How often do we hear about a breach
我们多久听到一次报道说 某次信息泄露
followed by,”… it was the result of a sophisticated nation-state attack”?
“是由于精心谋划的国际间谍行为”?
Well, often that is companies not being willing to own up
实际上 常常是由于那些公司不愿意承认
to their own lackluster security practices.
自己的安保措施不堪一击
There is also a widely held belief
还有很多人相信
that by blaming an attack on a nation-state,
把网络攻击归咎于国家行动
you are putting regulators at bay —
起码在一段时间内
at least for a period of time.
监管机构就束手无策了
So where is all of this coming from?
这些网络攻击到底是从何而来呢?
The United Nations estimates that 80 percent of it
联合国估计 80%的网络犯罪
is from highly organized
是由高度组织化
and ultra-sophisticated criminal gangs.
且超级老练的犯罪团伙实施的
To date,
迄今为止
this represents one of the largest illegal economies in the world,
网络犯罪是全球最庞大的非法产业之一
topping out at, now get this,
目前已经高达
445 billion dollars.
4450亿美元
Let me put that in perspective for all of you:
我来做个对比让大家感受下
445 billion dollars
4450亿美元
is larger than the GDP of 160 nations,
比160个国家的GDP 还要高
including Ireland, Finland, Denmark and Portugal, to name a few.
其中包括爱尔兰 芬兰 丹麦 葡萄牙等等
So how does this work?
网络犯罪是如何运作的?
How do these criminals operate?
这些犯罪行为是如何实施的?
Well, let me tell you a little story.
让我来讲一个小故事
About a year ago, our security researchers were tracking
大约一年前 我们的安全研究员在追踪
a somewhat ordinary but sophisticated banking Trojan
一种看似普通但复杂的木马病毒
called the Dyre Wolf.
叫做 “Dyre Wolf”
The Dyre Wolf would get on your computer
在你点击了一封不该收到的
via you clicking on a link in a phishing email
钓鱼邮件里的一条链接之后
that you probably shouldn’t have.
这种病毒会感染你的电脑
It would then sit and wait.
它会在你的电脑里安静地等待
It would wait until you logged into your bank account.
直到你登录自己的银行账户
And when you did, the bad guys would reach in,
然后坏人就会侵入你的账户
steal your credentials,
盗取你的安全证书
and then use that to steal your money.
利用你的证书盗走你的存款
This sounds terrible, but the reality is,
这听上去很糟糕 但事实上
in the security industry, this form of attack
在信息安全领域 这种形式的攻击
is somewhat commonplace.
是比较常见的
However, the Dyre Wolf had two
然而 Dyre Wolf病毒具有两种
distinctly different personalities —
截然不同的攻击方式
one for these small transactions,
一种用来针对小额交易
but it took on an entirely different persona
但当你进行大额电子转账时
if you were in the business of moving large-scale wire transfers.
它会有完全不同的表现
Here’s what would happen.
下面来讲一下具体表现
You start the process of issuing a wire transfer,
当你开始处理这笔转账时
and up in your browser would pop a screen from your bank,
你的浏览器会弹出一个银行窗口
indicating that there’s a problem with your account,
提示你的账户遇到了问题
and that you need to call the bank immediately,
需要你立即打电话联系银行
along with the fraud the number to the bank’s fraud department.
同时给你提供一个假银行部门的假号码
So you pick up the phone and you call.
此时你会拿起手机拨打电话
And after going through the normal voice prompts,
在经过常规的语音提示后
you’re met with an English-speaking operator.
你会接听到一个英语接线员
“Hello, Altoro Mutual Bank.
“您好 这里是Altoro互助银行
How can I help you?”
有什么可以帮到您的?”
And you go through the processes like you do
然后你会按照每次
every time you call your bank,
致电银行都要走的流程
of giving them your name and your account number,
向他们提供你的姓名 账户号码
going through the security checks to verify you are who you said you are.
通过安全检查来验证你的真实身份
Now most of us may not know this,
我们许多人可能不知道这些
but in many large-scale wire transfers,
但在很多大额电子转账中
it requires two people to sign off on the wire transfer,
要求有两个人一起确认交易
so the operator then asks you
所以那个接线员会要求你
to get the second person on the line,
让另外一个人加入通话
and goes through the same set of verifications and checks.
并且通过相同流程的安全信息查验
Sounds normal, right?
听起来还挺正常的吧?
Only one problem: you’re not talking to the bank.
只有一个问题:你并不是在和银行通话
You’re talking to the criminals.
而是犯罪分子
They had built an English-speaking help desk,
他们安排了一名英语接线员
fake overlays to the banking website.
用假界面冒充银行网站
And this was so flawlessly executed
这些流程执行地完美无瑕
that they were moving between a half a million
以至于犯罪分子每次出击
and a million and a half dollars per attempt
可以转走50万至150万美元
into their criminal coffers.
到他们自己的金库
Now these criminal organizations operate
这些犯罪集团像高度组织化的
like highly regimented, legitimate businesses.
合法商业集团一样运作
Their employees work Monday through Friday.
他们的雇员在周一至周五工作
They take the weekends off.
他们享有双休
How do we know this?
我们怎么知道的呢?
We know this because our security researchers see
这是因为 我们的安全研究员发现
repeated spikes of malware on a Friday afternoon.
恶意软件的攻击在周五下午反复达到峰值
The bad guys,
这些犯罪分子
after a long weekend with the wife and kids,
度过有妻儿陪伴的悠长周末后
come back in to see how well things went.
回到工作岗位检查工作进展
The Dark Web is where they spend their time.
他们把时间都花在了暗网中
That is a term used to
暗网用来表示
describe the anonymous underbelly of the internet,
互联网中隐匿起来的阴暗面
where thieves can operate with anonymity
罪犯可以在其中匿名活动
and without detection.
并且不会被检测到
Here they peddle their attack software
在这里他们兜售攻击软件
and share information on new attack techniques.
分享关于最新攻击技术的信息
You can buy everything there,
你在这里能买到所有东西
from a base-level attack to a much more advanced version.
从最基础的网络攻击到更高级的版本
In fact, in many cases, you even see gold,
事实上在许多情况下 你甚至可以看到
silver and bronze levels of service.
这些服务有金 银 铜等级
You can check references.
你可以查看卖家资料
You can even buy attacks
你甚至也可以购买
that come with a money-back guarantee —
带有退款承诺的攻击服务——
[Laughter]
[笑声]
if you’re not successful.
如果入侵没有成功的话
Now, these environments, these marketplaces —
这些环境 这些市场
they look like an Amazon or an eBay.
看起来就像是亚马逊或易贝
You see products, prices, ratings and reviews.
你可以看见产品 价格 评分和评论
Now of course, if you’re going to buy an attack,
当然 如果你要购买网络攻击服务
you’re going to buy from a reputable criminal with good ratings, right?
你会选一个评分高 信誉好的犯罪分子吧?
[Laughter]
[笑声]
This isn’t any different than checking
这就和去一家新餐厅之前
on Yelp or TripAdvisor before going to a new restaurant.
先上Yelp或TripAdvisor查一下完全一样
So here is an example.
这里有一个例子
This is an actual screenshot
这是一张卖家销售
of a vendor selling malware.
恶意软件的真实截图
Notice they’re a vendor level four, they have a trust level of six.
请注意 他们的卖家等级为4 信用等级为6
They’ve had 400 positive reviews in the last year,
他们在去年收到了400个好评
and only two negative reviews in the last month.
上个月也只有两个差评
We even see things like licensing terms.
我们甚至能在这类交易中看到许可条款
Here’s an example of a site you can go to
举个例子 如果你想伪造身份
if you want to change your identity.
可以访问像这样的网站
They will sell you a fake ID, fake passports.
他们会卖给你假身份证 假护照
But note the legally binding terms
但请注意 购买假身份证时
for purchasing your fake ID.
要遵守这些具有法律约束力的条款
Give me a break.
饶了我吧
What are they going to do — sue you if you violate them?
就算你违反了 他们能怎么做?告你吗?
[Laughter]
[笑声]
This occurred a couple of months ago.
这事儿发生在几个月前
One of our security researchers
我们的一位安全研究员
was looking at a new Android malware application that we had discovered.
正在调查一款在安卓中新发现的恶意应用
It was called Bilal Bot.
叫做Bilal Bot
Now in a blog post,
在一篇博文中
she positioned Bilal Bot as a new, inexpensive
她认为 相对于更为先进的GM Bot病毒
and beta alternative to the much more advanced GM Bot
Bilal Bot是一款新近便宜的测试版替代品
that was commonplace in the criminal underground.
GM Bot是黑市中很常见的软件
Now, this review did not sit well with the authors of Bilal Bot.
这条评价令Bilal Bot的作者感到不满
So they wrote her this very email,
于是他们给她写了这封邮件
pleading their case and making the argument that they felt
解释了情况 并辩称他们认为
that she had evaluated an older version.
她评估的是旧版本
They asked her to please update her blog
他们请求她在博客中更新
with more accurate information
更准确的信息
and even offered to do an interview
甚至提出进行一场面谈
to describe to her in detail
来向她清楚地展示
how their attack software was now far better than the competition.
他们的攻击软件远比市场竞品要强
So look, you don’t have to like what they do,
看吧 你可以不喜欢他们做的事情
but you do have to respect the entrepreneurial nature
但你应该尊重他们的努力以及表现出来的
of their endeavors.
企业家气质
[Laughter]
[笑声]
So how are we going to stop this?
那么我们该如何阻止这些事情?
It’s not like we’re going to be able to
我们并不需要去
identify who’s responsible —
确定这是谁的责任
remember, they operate with anonymity
记住 他们是匿名操作的
and outside the reach of the law.
而且在法律管辖范围之外
We’re certainly not going to be able to prosecute the offenders.
我们肯定没办法起诉他们
I would propose that we need a completely new approach.
我认为我们需要一种全新的方式
And that approach needs to be centered on the idea
这种方式的中心思想是
that we need to change the economics for the bad guys.
我们要改变网络犯罪者的经济运作机制
And to give you a perspective on how this can work,
下面解释一下这将如何生效
let’s think of the response we see
想想我们见到的
to a healthcare pandemic:
对流行病的应对方式
SARS, Ebola, bird flu, Zika.
非典 埃博拉 禽流感 寨卡
What is the top priority?
最优先的事情是什么?
It’s knowing who is infected
那就是弄清楚谁感染了
and how the disease is spreading.
以及这种疾病是如何传播的
Now, governments, private institutions, hospitals, physicians —
政府 私人机构 医院 医生
everyone responds openly and quickly.
每个人都公开且迅速地回应
This is a collective and altruistic effort
这是一种集体的 无私的努力
to stop the spread in its tracks
去阻止疾病的传播
and to inform anyone not infected
并且让每一个未被感染的人
how to protect or inoculate themselves.
了解如何自我保护和预防
Unfortunately, this is not at all what we see
不幸的是 这并不是我们见到的
in response to a cyber attack.
对网络攻击的应对方式
Organizations are far more likely to keep information on that attack
机构在被攻击之后
to themselves.
更有可能将信息保密
Why?
为什么会这样?
Because they’re worried about competitive advantage,
因为他们担心有损竞争优势
litigation or regulation.
引发诉讼或是监管部门介入
We need to effectively democratize threat intelligence data.
我们要有效地开放威胁情报数据
We need to get all of these organizations
我们要让所有这些组织
to open up and share what is in their private arsenal of information.
开放并共享他们私有信息库里的数据
The bad guys are moving fast;
犯罪分子动作很快
we’ve got to move faster.
我们就要比他们更快
And the best way to do that is to open up
最好的方式就是开放
and share data on what’s happening.
并共享实时发生的攻击数据
Let’s think about this in the construct of security professionals.
让我们看看安全专家们的构想
Remember, they’re programmed right into their DNA to keep secrets.
要知道 保守秘密是编入他们DNA中的
We’ve got to turn that thinking on its head.
而我们已经颠覆了他们的想法
We’ve got to get governments, private institutions
我们让政府 私人机构
and security companies willing to share information at speed.
和安全企业都愿意快速分享信息
And here’s why: because if you share the information,
原因是 分享信息
it’s equivalent to inoculation.
就等同于预防接种
And if you’re not sharing, you’re actually part of the problem,
选择保密 实际上就成了问题的一部分
because you’re increasing the odds that other people could be impacted
因为你增加了其他人被同样的黑客技术
by the same attack techniques.
攻击的可能性
But there’s an even bigger benefit.
但是还有一个更大的好处
By destroying criminals’ devices closer to real time,
通过实时摧毁犯罪分子的阴谋
we break their plans.
我们破坏了他们的计划
We inform the people they aim to hurt
我们远在他们预计实施攻击之前
far sooner than they had ever anticipated.
就通知目标受害者
We ruin their reputations,
我们破坏他们的名声
we crush their ratings and reviews.
降低他们的评分并刷差评
We make cybercrime not pay.
我们让网络犯罪赚不到钱
We change the economics for the bad guys.
我们改变了坏家伙们的经济模式
But to do this, a first mover was required —
但要实现这些 需要有第一个行动者
someone to change the thinking in the security industry overall.
能够改变整个信息安全产业观念的人
About a year ago, my colleagues and I had a radical idea.
大概一年前 我和同事有了一个大胆的想法
What if IBM were to take our data —
如果IBM将我们的数据——
we had one of the largest threat intelligence databases in the world —
我们有世界上最大的威胁情报库——
and open it up?
开放会怎么样?
It had information not just
数据库中不仅有
on what had happened in the past,
过去发生的攻击信息
but what was happening in near-real time.
同时也包括正在发生的攻击信息
What if we were to publish it all openly on the internet?
如果我们放在互联网上免费公开会怎样?
As you can imagine, this got quite a reaction.
你能想象到 反响会很强烈
First came the lawyers:
律师先坐不住了
What are the legal implications of doing that?
这样做有什么法律问题?
Then came the business:
然后是商业
What are the business implications of doing that?
这样做对于商业有什么影响?
And you know this was also met with a good dose
我们还遇到了很多人
of a lot of people just asking if we were completely crazy.
他们直接问我们是不是疯了
But there was one conversation that kept floating to the surface
然而在我们与他人的每场谈话中
in every dialogue that we would have:
有句话始终会出现:
the realization that if we didn’t do this,
我们意识到如果我们不这么做
then we were part of the problem.
我们就成了问题的一部分
So we did something unheard of in the security industry.
所以我们做了一件安全领域闻所未闻的事
We started publishing.
我们开始公开情报
Over 700 terabytes of actionable threat intelligence data,
超过700TB可用的威胁情报数据
including information on real-time attacks
包括实时攻击信息
that can be used to stop cybercrime in its tracks.
都可用于制止网络犯罪
And to date,
至今为止
over 4,000 organizations are leveraging this data,
超过4000家组织在利用这些数据
including half of the Fortune 100.
包括半数以上的财富100强企业
And our hope as a next step
下一步 我们希望
is to get all of those organizations to join us in the fight,
能够让所有这些组织都加入战斗
and do the same thing and share their information
跟我们一样共享威胁信息
on when and how they’re being attacked as well.
报告他们何时以何种方式遭到入侵
We all have the opportunity to stop it,
我们都有机会来阻止网络犯罪
and we already all know how.
我们也已经知道方法
All we have to do
我们要做的就是
is look to the response that we see in the world of health care,
学习在医疗行业中所见到的应对之策
and how they respond to a pandemic.
学习他们是如何应对大流行病的
Simply put, we need to be open and collaborative.
简而言之 我们需要开放和合作
Thank you.
谢谢大家
[Applause]
[掌声]

发表评论

译制信息
视频概述

网络犯罪危害有多大?它是如何发生的?我们怎样做才能制止黑客攻击?向医疗行业学习,开放与合作才是正确的应对之策。

听录译者

收集自网络

翻译译者

晚糖

审核员

审核员MS

视频来源

https://www.youtube.com/watch?v=FqrLUtIFVjs&t=6s

相关推荐