- hace 9 meses
- #ciberseguridad
- #hackers
- #peligrosenlared
En esta apasionante entrega de nuestra noche temática, exploraremos los peligros en la red y el fascinante mundo de los hackers. Vivimos en una era digital donde la información fluye a gran velocidad, pero también donde las amenazas cibernéticas son cada vez más sofisticadas. A lo largo de este programa, desglosaremos los diferentes tipos de ataques cibernéticos que existen, desde el phishing hasta el ransomware, y cómo estos pueden afectar tanto a individuos como a empresas.
Además, contaremos con la participación de expertos en ciberseguridad que nos ofrecerán consejos prácticos sobre cómo proteger nuestra información personal y profesional en un entorno cada vez más hostil. Aprenderemos a identificar señales de alerta y a implementar medidas de seguridad que nos ayuden a prevenir ser víctimas de un ataque. También abordaremos la ética de los hackers: ¿son todos ellos villanos o hay quienes utilizan sus habilidades para el bien?
El conocimiento es poder, y en este programa queremos empoderarte con la información necesaria para navegar la red de manera segura. No te pierdas esta oportunidad de informarte sobre los peligros en la red y cómo puedes protegerte de los hackers. ¡Acompáñanos en esta noche temática y conviértete en un experto en ciberseguridad!
#Ciberseguridad, #Hackers, #PeligrosEnLaRed
ciberseguridad, hackers, peligros en la red, ataques cibernéticos, protección de datos, phishing, ransomware, ética hacker, seguridad informática, información personal
Además, contaremos con la participación de expertos en ciberseguridad que nos ofrecerán consejos prácticos sobre cómo proteger nuestra información personal y profesional en un entorno cada vez más hostil. Aprenderemos a identificar señales de alerta y a implementar medidas de seguridad que nos ayuden a prevenir ser víctimas de un ataque. También abordaremos la ética de los hackers: ¿son todos ellos villanos o hay quienes utilizan sus habilidades para el bien?
El conocimiento es poder, y en este programa queremos empoderarte con la información necesaria para navegar la red de manera segura. No te pierdas esta oportunidad de informarte sobre los peligros en la red y cómo puedes protegerte de los hackers. ¡Acompáñanos en esta noche temática y conviértete en un experto en ciberseguridad!
#Ciberseguridad, #Hackers, #PeligrosEnLaRed
ciberseguridad, hackers, peligros en la red, ataques cibernéticos, protección de datos, phishing, ransomware, ética hacker, seguridad informática, información personal
Categoría
📺
TVTranscripción
00:00The last time the thieves visited me, they threw a door down.
00:15This time, all they have done has been to send an email.
00:18One of the hundreds of thousands of millions that come to houses and offices like mine every day.
00:22This one installed a virus in my computer.
00:24Something that could have caused a disaster.
00:31Several kilometers away, a former police officer had agreed to make a demonstration of an elementary and quite illegal computer hacking technique.
00:41At the other end, there is now a small dialogue box that says, we have done with your system.
00:46And is it true?
00:47Yes.
00:48In my computer? My own computer?
00:50That's right.
00:51So if you were a bad boy, what would you do?
00:53I would go in and take a look at what you have in your files.
00:56Really?
00:57Of course.
00:58Rani Hamel works for the financial company KPMG and enters the computer servers of its customers to demonstrate their vulnerability.
01:07A sadly easy task.
01:09Look at this.
01:11There it is. This document is yours.
01:15And I can modify it.
01:19What I have installed is, in essence, something that allows me to control your mouse and your keyboard.
01:28Do you see that red dot there?
01:30Yes.
01:31Okay.
01:32Well, it's the one that moves the cursor on your screen right now.
01:36An invisible intruder in an empty room that can explore something as delicate as the file of a ministry or as private as a diary,
01:44using technology that is within the reach of anyone.
01:50Now, how sophisticated is the software or whatever you've done?
01:56I mean, yes.
01:57These are free access programs that are on the Internet.
02:01Free software.
02:02Computer pirates are at least generous.
02:05In fact, anyone can become a hacker just by visiting their websites and downloading versions of programs like Trojan horses,
02:12like Backorifice, which they can then add to a congratulatory card or a popular computer game, like the one you've sent me by email.
02:21It's a fun program.
02:23Yes, it's a kind of game.
02:25And while you're doing it, the virus is installed in the background and you're infected.
02:31The computer hacking may seem and may sound like a simple mischief, but for Daniel Sieberg, the intrusion of a computer hacker can have the psychological impact of a physical attack.
02:46I was doing a job for the university, a kind of ethics on women on the Internet.
02:52So I served myself a glass of wine and I sat in front of the computer and I was just doing a little research,
02:58browsing through a number of websites to get information.
03:02In that navigation were included some porn sites, the most controversial as well as popular Internet destinations.
03:09While he was looking at the pages, he did not realize that he was being watched by a cybernetic space watchman who decided to express his disapproval.
03:17The words started to write on the screen by themselves.
03:21They said, I can see what you're doing.
03:23I just thought it was just a smart ad or that I had accidentally downloaded a program or even something that had been downloaded.
03:32The truth is that I did not realize what was happening until I saw that my Windows password appeared in the dialog box.
03:39At that moment I started to panic and all I wanted was to get out of there.
03:43I was being a victim of that illegal program called Backorifice.
03:47A few lines of program code created by a group formed, among others, by two highly prestigious computer pirates.
03:54And in fact, you have more control over the machine than the person who is located in front of the keyboard,
03:59because you have more maneuverability, more power with the tools that Backorifice provides you than with the Windows 98 desktop.
04:06Such power that Daniel Sieberg's computer speaks to him.
04:11This is an authentic message that has remained in his system.
04:14Good morning, I am a friendly computer pirate and I live in Australia.
04:18Don't shit your pants about what I can put on your computer or hear sound files like this.
04:24You don't have to worry, I'm not going to do anything bad.
04:27But better be a good boy or a good girl and don't look at obscene photos.
04:32Because if you do, I'll know you're doing it and I'll also be able to see it.
04:35And I'll do it with your computer again. Have a nice day, bye.
04:39At the time, I had an antivirus. I had Norton Antivirus installed, but he disabled that.
04:48And he was nice enough to tell me, I've disabled Norton Antivirus.
04:52You're going to have to get another version and update it.
04:55In a sense, he was throwing me a fit for not having the programs updated.
05:02I was not very diligent in updating my firewalls and security.
05:08And people feel very calm and safe when the network is connected.
05:12That left me absolutely stunned.
05:15Look, the Internet was created with the idea that we were all going to be good guys.
05:21And all the parameters, the protocols.
05:24So much so that in principle no one is going to lie, or cheat, or steal.
05:33A lawyer named Mary Frank created this website after someone stole her identity.
05:39A crime that now affects more than half a million Americans every year.
05:45I got a call from a bank that I had never heard of.
05:48They said, are you Mary Frank? I said yes.
05:51And the woman who was on the other side of the phone said,
05:54I'm calling from the New York bank in Delaware and we want to know why you haven't paid the 7,000 euros you owe.
05:59And I said, I'm sorry, if I've got the wrong phone number, I don't know who you are.
06:04And the woman said, wait a minute, is this your social security number and your date of birth?
06:09And then I started to get worried and I said, what are you trying to figure out?
06:13And she said, well, I'm looking at your credit history, your financial statement.
06:18The thief was arrested and sent to prison.
06:20But this was not the end of Mary's problems.
06:23I found there was over 35,000 euros usurping my name.
06:27They also bought a red Mustang convertible.
06:30And they had also gotten credit cards with which they bought everything.
06:34And I was sued by the car company.
06:41It's hard to imagine that someone could predict how easy it would be to access a computer,
06:45or how once inside it would be possible to reach,
06:48virtually touch anything in the world.
06:52Of course, the other side of the coin is that anyone anywhere in the world
06:56can get into your life through a computer that has tens of thousands of open access points,
07:02which is a machine connected to hundreds of millions of other machines.
07:05Or like when we leave the computer running,
07:08as we are increasingly inclined to do.
07:11We are increasing our exposure to a global snooping.
07:17In the global village, personal intimacy has become the intimacy of a medieval village,
07:22where everyone has the chance to know everything about everyone.
07:28It is not surprising that computer security experts are having a great demand today.
07:34Keith Bailey works for Frank Russell,
07:36a company that manages assets of its clients for $ 63 billion.
07:41In his personal life, he flees the Internet as a plague.
07:45I do not connect or have internet connection at home.
07:48I have chosen not to have internet.
07:52If he ever needed proof of his personal vulnerability,
07:55he had when he challenged some security experts to create a dossier about him.
08:00Starting from the sources of information available on the Internet,
08:03they were able to gather the elements of his identity.
08:08What kind of stuff did they find about you?
08:11There was a lot of important information stored in the network.
08:15And to put it quickly, the most delicate document was a certified copy of my birth certificate.
08:21It is a document that can be used to replace my identity.
08:25A complete copy of the computer data of my university registration with the seal of the university itself.
08:31They got from the network a complete list of documents on legal matters in which I appear,
08:36both on the dissolution of my marriage and on a business that ended in failure
08:41and on which there was all kinds of information.
08:43I think the average citizen would be amazed
08:46if he realized that his privacy is barely protected by a layer of varnish.
08:51With the light of global paths,
08:53this is what happens when the world's most robust network finds the richest content
08:57to get its business to expand all over the planet.
09:02The machines of mass media and all marketing sellers
09:07have created in the general public the impression that it is necessary to be in this to be successful.
09:12That's the way to get rich.
09:14All your future is based on this.
09:16There is an almost distressing concern derived from not being there,
09:20but on the contrary, a song to the pleasures of being there.
09:23There is no guarantee that technology is safe.
09:26And that's how it is.
09:30Establishing links between security and cybercrime
09:33has been the work to which specialists like Richard Power
09:37from the Institute of Computer Security of San Francisco have devoted full time.
09:42He has written a book on the latest crimes committed against computers,
09:46including an assault on the giant Citibank.
09:48Nobody wants to talk about the Citibank
09:50because bankers don't want people to think
09:52that there may be problems with the online bank.
09:55And on the Internet, companies.com
09:58don't want people to worry about the consequences of cybercrime.
10:03But they are things that are there.
10:06Whether they like it or not,
10:08the Citibank case has placed itself in an excellent position
10:11in the list of successes of computer pirates.
10:14And Vladimir Levin has entered the history of computer piracy
10:17as the first bank thief of the digital age.
10:20Levin made 10 million dollars
10:22without leaving his apartment in St. Petersburg, Russia.
10:27He used his computer and the international network of telecommunications
10:30to access Citibank accounts from all over the world.
10:34It was a fact that occurred at a time of the evolution of these things
10:37that you can't even say it was an Internet crime.
10:40It was simply a way to take advantage of the phone.
10:43It was about making phone calls
10:45to make transactions with the bank account.
10:47And these systems were seen in a compromised situation before,
10:50before the Internet existed.
10:52It gives me the impression that on the Internet
10:55that kind of activity is even simpler, not more complicated.
11:02These are credit card numbers.
11:04Last year, thousands of them were found on the website
11:07of a computer pirate known as the Healer.
11:10It was clear that they had been stolen,
11:12and it was clear that the thief had not used them.
11:14He only exhibited them as a kind of pirate joke.
11:17But here, at the National Infrastructure Protection Center
11:20of the FBI in Washington, they did not laugh.
11:23All they wanted was to know as soon as possible
11:25what evils the Healer was capable of.
11:27The Healer was someone who was able to illegally enter the systems
11:31and seize, I think,
11:33approximately 26,000 credit card numbers.
11:37That's certainly an important crime,
11:39and he committed it in many different countries.
11:45The Healer cast a shadow over the security of e-commerce
11:48and threatened the survival of a lot of companies,
11:51such as one in the state of New York,
11:53called SalesGate.
11:55Its owner is Chris Keller.
11:57My first reaction was to think,
11:59it's ridiculous, this is impossible.
12:01We had taken certain measures
12:03to prevent this kind of thing from happening.
12:05But they happen.
12:07We did a check of the records of our servers
12:10and we realized that there had been an incident
12:12that had gone unnoticed.
12:14We immediately looked through the network
12:16for a specific individual,
12:18and with the help of a security group in Canada,
12:20we discovered one of their websites.
12:22Chris Davis was the computer security advisor
12:24with a hacker background,
12:26who from Ottawa, Canada, began to follow the lead
12:28to the Healer's Chulito independently.
12:31He was very proud of what he was doing.
12:33Among computer pirates,
12:35the Healer is considered
12:37as one of those things
12:39for which you do not need to have many skills.
12:41We consider it something almost thought by a child.
12:43It is only about downloading
12:45an Internet application and running it.
12:47The application is in charge of everything.
12:49The Healer was blabbing
12:51about what he had achieved
12:53to anyone who wanted to hear it.
12:55Radio news on the Internet.
12:57My name is Brian.
12:59One of the people who was listening
13:01was Chris Davis, thanks to the Internet.
13:03It is possible that he likes to compare himself
13:05with the main character of the movie, The Saint.
13:07Let's say they are my delusions of greatness
13:09full screen.
13:11It is possible that several security forces
13:13from several countries are following the lead.
13:15I do not worry about anything.
13:17The police would not be able to escape
13:19from a paper bag.
13:21But Davis found him following the lead
13:23of the electronic fingerprints
13:25that he had been leaving all over the world
13:27without leaving his computer terminal.
13:29He caught him and communicated it to the FBI.
13:31It was what hooked me.
13:33I just wanted to tell him,
13:35look, you're not as good as you think you are.
13:37I know, I suppose.
13:39I think I have a pretty complete idea
13:41of how you do it.
13:43Observing the records,
13:45I was able to track
13:47through the Internet service provider
13:49that the intruder was using
13:51in the United Kingdom.
13:53The headquarters of the villain Healer
13:55turned out to be a dormitory
13:57in a rural area of Wales,
13:59full of soda and ashtrays.
14:01And a television set in which
14:03twice a day a boring teenager
14:05would satisfy his addiction
14:07reviewing over and over again
14:09the series about spies of the 60s
14:11called The Saint.
14:13Healer is Raphael Gray,
14:15a 18-year-old boy.
14:19He received a lot of more visits,
14:21even after Chris Davis
14:23left his cover uncovered.
14:25Is this your first time here?
14:27Yeah, it's fascinating
14:29to drive on the other side
14:31of the road.
14:33Yes, I'm fascinated.
14:35Here we are in Clanderwen.
14:37Clanderwen, yes.
14:39Clanderwen.
14:41Yeah, it's interesting.
14:43Davis, the former hacker,
14:45was looking forward to meeting him.
14:47Is this your room?
14:49Yes.
14:51He's very kind.
14:53If you take into account
14:55that there are two police officers
14:57and an FBI officer.
14:59Let's say there were about
15:01ten people in this room.
15:03It was less floor free
15:05than it is now.
15:07So they're all covered.
15:09Four of them were wearing
15:11country clothes,
15:13and one of them was wearing
15:15a kind of gray coat.
15:17He had a disheveled look.
15:19He didn't shave.
15:21He looked like he was
15:23going to kill himself.
15:25He looked like he was going to kill himself.
15:27He looked like he was going to kill himself.
15:29He looked like he was going to kill himself.
15:31He looked like he was going to kill himself.
15:33He looked like he was going to kill himself.
15:35He looked like he was going to kill himself.
15:37He looked like he was going to kill himself.
15:39He looked like he was going to kill himself.
15:41He looked like he was going to kill himself.
15:43He looked like he was going to kill himself.
15:45He looked like he was going to kill himself.
15:47He looked like he was going to kill himself.
15:49He looked like he was going to kill himself.
15:51They are explorers who travel
15:53tirelessly with the energy
15:55that caffeine provides them,
15:57who are dedicated to observing
15:59through cybernetic windows
16:01and trying to skip computer locks
16:03because they are bored
16:05or simply because they can do it.
16:07You produce a lot of adrenaline
16:09while you try to get something.
16:11Sometimes I spend two days without sleeping,
16:13just trying to do something over and over again.
16:15When you finally get it,
16:17the relief you get not only comes
16:19but you can sleep.
16:21Your body is almost screaming
16:23to get rid of the fatigue.
16:25Before, the guys, when they got bored,
16:27threw stones against the windows
16:29of the empty spaceships
16:31or painted the public monuments with spray.
16:33Now they are in cyberspace
16:35doing public mischief
16:37that they assure have a purpose
16:39of public utility.
16:41You didn't break in there just to show
16:43the world how stupid and careless
16:45those people were.
16:47And what was the message?
16:49There are a lot of people out there
16:51who don't even care about
16:53keeping their own security safe,
16:55so how are they going to take
16:57care of the security of their clients?
16:59There are those who say
17:01they are putting their noses
17:03in technology just to get attention
17:05and they are getting the attention
17:07of some of the most influential people
17:09in Washington who are not willing
17:11to get into the game
17:13of the social value of jokes.
17:15How do you describe the problem
17:17that we are talking about?
17:19I mean the vulnerability
17:21through internet.
17:23It's big, it's deep,
17:25it's broad,
17:27it has a lot of different facets.
17:29It's a big problem
17:31and it's a big problem
17:33and it's a big problem
17:35and it's a big problem
17:37and it's a big problem
17:39and it's a big problem
17:41and it's a big problem
17:43and it's a big problem
18:05And one more thing
18:07that is just a novelty
18:09is that when Windows starts
18:11So when Windows starts, it sends a message that says,
18:14Hey, does anyone want to use this game?
18:16Do you all agree?
18:17Well, one of the other things my program does is say no.
18:26But are they really criminals?
18:28Their interests seem to be evolving from hardware
18:31and the sophisticated codes of the programs
18:33to perhaps another type of code.
18:37We have to create an ethical code for the network.
18:40That sustains the laws.
18:43Robert Steele was working for the CIA.
18:46He is currently a security specialist
18:48and the hackers asked him to give them a talk about an ethical code.
18:55Why is it important to have an ethical code?
18:58Ethics is about contributing to the common good.
19:01Ethics is about establishing the levels of life management.
19:05Which means that if you buy a car,
19:08the wheels will have their pins well screwed.
19:11Bill Gates is selling computers without wheels.
19:14They are stamped continuously.
19:16Food is regulated.
19:18The safety of cars too.
19:21Hairdressers need to have a license to cut your hair.
19:25But to write software, no requirement is required.
19:28There are no established levels of quality.
19:31No experimentation is required
19:33or a certificate that supports that software.
19:35So we can say that all our sophisticated digital society
19:38is supported by a software
19:40built by people we do not know.
19:42Who are not legally liable
19:44and their programs destroy some of our affairs.
19:48The head of Microsoft security does not agree.
19:51Howard Smith says that, in general,
19:53the software needs less regulation than other subjects.
19:56If I buy a lighter,
19:58it has to have a small mark on the base
20:00indicating that it has the good reputation
20:02of a certain institution
20:04that regulates quality standards.
20:06But I can buy software,
20:07something that will control my life,
20:09and there I will not find any quality certificate.
20:11That's right.
20:12Computer programs are used for different things.
20:15If I'm at home and the software I have installed
20:17is limited to games,
20:19the level of security must be very different
20:21from what we will need to manage a company
20:23or deal with economic matters.
20:25Those are the standards we are looking for.
20:27We try to develop ideas
20:29that help us identify the main processes
20:32so that we can establish
20:34what quality levels are required.
20:37There is a certain probability
20:39that the government decides to regulate these things.
20:41So far they have been limited to saying
20:43that we will keep to the margins,
20:45let the market take care of this,
20:47as long as it does not compromise
20:49national security or the country's economic structure.
20:54But for people who spend a large part of their lives
20:56connected to the Internet,
20:58regulation is something essential for their security,
21:00and they have committed to subject
21:02to public scrutiny
21:04the products of companies like Microsoft.
21:06These guys have a special ability
21:08to detect holes in computer systems
21:11and communications.
21:13They are able to tell us that the emperor
21:15is naked and does not wear any clothes.
21:21They issue important warnings
21:23with the fabrics of their generation.
21:25But what they say is obvious.
21:27The development industry of computer programs
21:29stimulates a culture that is putting in danger
21:31privacy and public security.
21:34This group of computer pirates
21:36calls itself the cult of the dead cow.
21:38They created the Backorifice
21:40to illustrate this issue.
21:47What led us to develop Backorifice
21:49was that Microsoft
21:51had the most popular operating system in the world.
21:56It is installed in 90% of computers
21:59around the world,
22:01or at least personal computers.
22:03And their users were being encouraged
22:06to take their computers
22:08and plug them into the Internet.
22:10Unfortunately, by doing so,
22:12these people are completely exposed
22:14to various types of attacks.
22:17We thought that the best way
22:20to be useful to the community
22:22would be to show
22:24how easy it was to develop
22:26a tool that would take advantage of that
22:28and show tangible evidence of that ability.
22:30If you have more time lost to what happens
22:32when your computer is damaged,
22:34wait to see what happens in the future.
22:36If we can not do it right
22:38and your whole house is blocked for a week
22:40and you can not talk, you can not communicate,
22:42you can not do anything.
22:44In the long run, everything will be computerized.
22:46For example, your fridge will tell your watch
22:48that you need milk,
22:50and when you are in the car
22:52the watch will tell you,
22:54hey, why don't you get some milk?
22:56They sell it there and there is little left at home.
22:58And all of this will be part of a global conversation
23:00that takes place in that digital world.
23:02And this is another of the reasons
23:04why I am very, very concerned
23:06that we are doing things right
23:08when it comes to security.
23:11Even Microsoft agrees,
23:13at least on one thing.
23:15The problem lies in the public obsession
23:17for convenience,
23:19which makes security more difficult.
23:21I have experimented
23:23on the company's security list.
23:25In a job I had previously
23:27in another company,
23:29I developed what the US government
23:31calls a system A-1.
23:33A system that was so secure
23:35that only the US Department of Defense
23:37knew how to handle it, okay?
23:39And we invested years
23:41and millions of dollars in it.
23:43And then,
23:45at the end of the development process,
23:47I made the decision to cancel it
23:49because nobody wanted to buy it, okay?
23:51What is the moral of the story?
23:53The moral of the story
23:55is that ease of use
23:57and flexibility
23:59are a set of detriments
24:01to security.
24:03And customers don't want systems
24:05that are so secure
24:07that they can't use them.
24:13Thanks to all of this,
24:15a computer has become
24:17absolutely easy to use.
24:19A Microsoft ad celebrates
24:21the virtue of simplicity.
24:23Unfortunately,
24:25not all users are as virtuous
24:27as Microsoft would like.
24:29And last year,
24:31when the police had already
24:33approached the Filipino students
24:35suspicious of having created
24:37the I Love You virus,
24:39they realized that there was no law
24:41that would allow them to be arrested.
24:43Both the British parliamentarians
24:45and the Spanish government
24:47are against the I Love You virus.
24:49It is estimated that the virus
24:51affected 45 million computers
24:53and cost hundreds of millions of dollars.
24:55It became an epidemic
24:57because of one of the weaknesses
24:59that another Microsoft product has.
25:01We take it for granted
25:03that you have to be careful
25:05when you receive a joint file.
25:07Think, where does it come from?
25:09Think, I run a risk if I click on this.
25:11Is it worth opening this spreadsheet
25:13If you go in your car and every day
25:15you slip and there is no way to avoid it,
25:17I guess you would be very angry
25:19and you would be irritated
25:21with the car manufacturer
25:23who is not able to put the mechanisms
25:25to prevent that from happening.
25:27And this is how we are witnessing
25:29the emergence of a powerful activity.
25:31Computer pirates are dedicated
25:33to discovering the weaknesses
25:35of commercial systems.
25:37Weaknesses that they discover
25:39with a disconcerting ease
25:41and software manufacturers
25:43try to keep up with
25:45hackers and their discoveries
25:47and develop solutions
25:49that revealingly call patches
25:51so that their users
25:53can easily install them.
25:55We have some vulnerabilities
25:57and we are making progress
25:59in that direction
26:01through our development processes
26:03through some of the tools
26:05that we use during that development.
26:07But for a seller,
26:09one of the vulnerabilities
26:11that they discover
26:13is how to react
26:15and we do not hide them.
26:17We do not try to deny that they exist.
26:19We recognize that it is so
26:21and we solve it as fast as we can.
26:23But do you remember
26:25Curador?
26:27He did with all those credit card numbers
26:29thanks to an existing hole
26:31in one of the popular
26:33Microsoft programs.
26:35Microsoft knew that this problem existed
26:37offering a patch to fix it.
26:39One of the victims, Chris Keller,
26:41says that the patch was not good enough.
26:43It's my feeling that Microsoft
26:45did not do a good enough job
26:47to tell their users
26:49that there was a bug.
26:51They assured
26:53that they were trying to fix it
26:55but I think they did not do enough
26:57as a result of the hacker's instruction
26:59to alert all major companies
27:01of what was happening.
27:03You are issuing patches
27:05that are not normal.
27:07They do not know that they exist
27:09and of course they do not install them.
27:11That is something that worries us a lot
27:13and the truth is that I am very angry
27:15that someone is harmed
27:17by a vulnerability
27:19for which we have already
27:21found a solution.
27:23This illustrates the problem.
27:25These are websites
27:27raided by computer pirates
27:29in just two weeks
27:31last November
27:33and although he now wants
27:35to stay in the background
27:37he has allowed an intermediary
27:39to explain to us how he broke
27:41into Microsoft's servers.
27:43He did it taking advantage
27:45of a system bug
27:47for which the company
27:49had already created a patch
27:51but it is not known why
27:53he forgot to use it
27:55on his own computers.
27:57Jerry Mansour,
27:59Dimitri's friend,
28:01decided to give them a lesson.
28:03When he entered
28:05the first server
28:07he told Microsoft
28:09and a few weeks later
28:11he realized that there was
28:13another server that he could
28:15freely access.
28:17And that is strange
28:19because normally if you see
28:21that someone has accessed
28:23your computers
28:25you dedicate yourself
28:27to your security.
28:29He made this step towards
28:31servers through the most
28:33modern Microsoft software
28:35package, the Windows 2000
28:37operating system.
28:39A system designed with
28:41an emphasis on unprecedented
28:43security.
28:45Security was the argument
28:47that provided a clamorous
28:49success to this product.
28:51If a vulnerability was discovered
28:53in product security
28:55the development team
28:57would be concerned.
28:59My question is,
29:01can we be at ease
29:03after hearing the guarantees
29:05that they are giving now?
29:07Well, that's a loaded question.
29:09In one sense you know
29:11that the Windows NT operating system
29:13appeared a few years ago.
29:15It was heralded as a secure operating system
29:17and the hackers took advantage of it
29:19and immediately picked up the fruits
29:21and now we know that the Windows NT
29:23operating system has hundreds
29:25of hackers jumping on itself
29:27as a sign of good intent.
29:55It took me only five minutes
29:57to get into those sites.
29:59And how did you do it?
30:01I did it thanks to a mistake
30:03of Microsoft NT
30:05of Windows 2000.
30:07He wrote to the companies
30:09that had been his targets
30:11telling them about the damage
30:13that the hole in their systems
30:15could have done to them.
30:17I spent twenty minutes
30:19sending emails to all the companies
30:21explaining what I had done
30:24Thanks to the convenience
30:26and the great amount of energy
30:28that has been dedicated to its promotion
30:30the Internet sales system
30:32has become an e-commerce
30:34that moves billions of dollars.
30:36But companies and users
30:38are only beginning to discover
30:40how vulnerable e-commerce is
30:42and how any 15-year-old boy
30:44with a computer can find
30:46a flaw to get away with.
30:48That's exactly what happened
30:50last winter when a 15-year-old boy
30:52with a computer launched
30:54the worst of the computer attacks.
30:56The website of the giant eBay
30:58has been out of the game.
31:00Then the same thing happened
31:02to Afai.com and Amazon.
31:04Using the simplest
31:06computer hacking tools
31:08he controlled an army of computers
31:10and made them attack others
31:12by sending millions of emails
31:14that caused the systems
31:16to come down.
31:18The boy with a computer
31:20is now in jail.
31:22But how can you prevent
31:24the real mafia
31:26from doing the same
31:28for its own benefit?
31:30It's impossible,
31:32according to FBI agent Michael Bates.
31:34We are also seeing
31:36our attention in the great number
31:38of cases in which
31:40organized crime gangs
31:42are involved
31:44who are dedicated to this
31:46in order to obtain illegal profits.
31:48There are many reasons
31:50why the affected
31:52prefer to remain silent.
31:54When there is blood in the water
31:56the sharks become even more active.
31:58And there are all kinds of sharks out there.
32:00We're not just talking about the typical hacker.
32:02There are also the lawyers
32:04experts in civil liability lawsuits,
32:06the government inspectors,
32:08the shareholders,
32:10those who want to keep the company,
32:12the people who intend
32:14to make a hostile operation.
32:16It is true that there are many
32:18computer crimes that are not subject
32:20to complaint.
32:22But I think there are many reasons
32:24to be so.
32:26First of all, I'm not sure
32:28that many of these crimes
32:30are always detected.
32:32And the technological problem
32:34is greater than it seems.
32:36And there is no doubt
32:38that some victims are concerned
32:40about competitive disadvantage.
32:42North American business
32:44is using its resources
32:46to combat a problem
32:48putting order in the power of computer
32:50and traditional systems
32:52such as spies,
32:54in order to bring the law
32:56to that new wild border
32:58which is cyberspace.
33:00James Adams,
33:02director-general of iDefense,
33:04believes that it is a task
33:06too large and too complex
33:08for the government.
33:10His company can be a prototype
33:12of a computer
33:14and acquire what is undoubtedly
33:16an immensely powerful weapon,
33:18a different weapon,
33:20which is a computer.
33:22And we can load that weapon
33:24with very powerful ammunition,
33:26which are the hacking programs
33:28that can be downloaded from the network.
33:30And we can shoot with those weapons
33:32as much as we want.
33:34But it is simply you and me
33:36who go to the store
33:38to buy the latest technology.
33:40It has been the government
33:42who has been using those innovations,
33:44who has had access and control
33:46of the use of that technology.
33:48Now it is you and me
33:50who have control.
33:52It is a huge change.
33:54And the government
33:56does not have the necessary tools
33:58to deal with that change.
34:00The federal government
34:02does not even have the tools
34:04to protect itself from hackers.
34:06In a study carried out
34:08by an American researcher,
34:1024 of the most important
34:12government agencies
34:14had significant security failures.
34:16When we say significant,
34:18we are referring to the fact
34:20that through those failures
34:22someone could enter,
34:24alter, create, destroy,
34:26you know, could modify
34:28stored information
34:30and even the same systems.
34:32Imagine that you have signed
34:34an official document.
34:36Now I can operate
34:38as if it were you.
34:40I can create a memorandum
34:42as if it were in the hands
34:44of the official,
34:46when it is not.
34:48Your job is to get into
34:50the computers,
34:52and it turns out
34:54that it is terrifyingly simple.
34:56Whenever we have tried,
34:58we have been successful.
35:00Even the US military
35:02feels insecure
35:04when it comes to
35:06the computer crimes.
35:08It is following the track
35:10of an attempt to intrude
35:12into military computers
35:14to carry out an attack
35:16known as a denigration
35:18attack of distributed service.
35:20Special Agent James Smith
35:22explains how an unidentified
35:24hacker planned to launch
35:26his massive attack
35:28through programs
35:30known as Trojan horses.
35:32He can scan to detect
35:34vulnerabilities in order to
35:36find computers in which
35:38he can install his Trojan,
35:40and by means of a key
35:42can make all those computers
35:44that he has infected
35:46launch the attack.
35:48The army is a very popular
35:50target among hackers.
35:52Some do it just to live
35:54strong emotions,
35:56but others have more sinister
35:58intentions.
36:00My greatest fear is that
36:02the level of vulnerability
36:04is still so high
36:06that we are still exposed
36:08to a large-scale
36:10destructive attack
36:12against computer networks
36:14that keep vital systems
36:16running.
36:24The International Space Station
36:26is estimated to have cost
36:28about 100 billion dollars.
36:30A laboratory with an amazing
36:32set of electronic systems,
36:34all of them controlled
36:36by 52 computers.
36:42Almost 500 kilometers
36:44below, in a quiet residential
36:46area of Miami,
36:48a 16-year-old computer pirate
36:50thought it would be great
36:52to download files from NASA,
36:54such as the software that
36:56is used in space exploration.
36:58Since he is a minor,
37:00we will keep his identity
37:02hidden. His name as a hacker
37:04is Comrade.
37:06He also entered the computers
37:08of a department that has
37:10as a mission to monitor
37:12the serious threats
37:14against security.
37:16You feel the power
37:18you have at your fingertips.
37:20You can control all those
37:22government computers,
37:24but they are all
37:26bad computers.
37:28The computer pirates
37:30did not have the ability
37:32to capture my tracks.
37:34I did not erase my tracks
37:36so that they could not
37:38catch me.
37:40I hid, but I did not
37:42think I was doing anything bad,
37:44so why should I worry about it?
37:46You mean you could have done
37:48all that?
37:50You could have done all that.
37:52Could you have caused great damage?
37:55If they had had that intention, they could have deleted files.
37:59Someone who wants to do it can put a virus or sell information to others.
38:05Comrade, healer, the mafioso child, simple kids,
38:08who have been thrown out of cyberspace for misbehavior,
38:11but what lesson should we learn from this?
38:13Teenage computer pirates and young hackers end up being captured
38:17and appear in headlines precisely for that, because they have been captured.
38:21And the reason they have been caught is that they are not professionals.
38:24They do it to live an adventure.
38:26They do it just to show off.
38:28They do it as a way to explore new things.
38:31Professionals, former CIA or KGB agents,
38:34you know, those who come from German espionage or Israeli espionage,
38:38they are not going to be captured.
38:41The espionage is nothing new.
38:43Even George Washington had to deal with spies and saboteurs.
38:46But the Internet has made it much more difficult to catch those who do this.
38:50Graduated students are engaged in war games.
38:53An emergency response to a virtual crisis
38:56caused by a computer pirate with bad intentions.
39:01FBI, Four Corners, Utah.
39:03Nine in the morning, Pacific Coast time.
39:06The main electric transformers of the four generating plants
39:09have suffered catastrophic failures.
39:11The Nikkei Index has experienced a sharp drop
39:14in the opening of transactions on the morning of the 26th, causing ...
39:18In this imaginary situation,
39:20computer terrorists have launched an international attack
39:23whose objectives are certain North American facilities
39:26such as the power generation plants.
39:29Many of those who participate have high positions in the administration
39:32or in the armed forces.
39:34The leader of the group is Jim Christie,
39:36a military information specialist from the Department of Defense.
39:39For now, it's just a game, but the reasons are real.
39:42We ran this situation with generals, admirals
39:45and leaders of major companies.
39:48Everyone has a vision of the world from their own perspective,
39:51so we had a lot of different points of view.
39:54The military wanted to have action, they wanted to counterattack,
39:57but they did not know how to do it.
40:00And the top government officials also wanted to do something,
40:03but they were not sure what to do or who had to do it.
40:06And in turn, the guys in the private sector said over and over again,
40:09they are our infrastructure, we do not want the government to have anything to do with it.
40:13We do not want the federal government to get involved in this.
40:16We will take care of this matter, we will handle it.
40:19It's our business.
40:22FBI Lisburg, Virginia, the main computers
40:25of air traffic control
40:28in the central Atlantic zone have been down for about two hours.
40:31The consequences of a serious attack against the web
40:34are in this case only projections,
40:37but based on real calculations made by the military
40:40and using real services that are vital for the United States.
40:43As the Pentagon demonstrated
40:46in an exercise that Montono did a long time ago,
40:49it is possible and easy, the truth,
40:52to informatically assault the electrical supply networks
40:55of the 12 largest cities in the United States,
40:58as well as the 911 emergency phone system
41:01and charge them with a simple click.
41:04The FBI Director has informed the President
41:07that the Manhattan and the compensation chamber
41:10have been unused by electric impulse bombs.
41:13I think that each and every one of these situations
41:16can occur in reality.
41:19A new generation of Americans
41:22is preparing to represent the main roles
41:25in a new type of conflict
41:28in which the enemy is just a ghost,
41:31maybe a teenage uranium, maybe a terrorist.
41:35There is organized crime,
41:38there is economic espionage,
41:41there are the 30 countries that have very aggressive
41:44programs of offensive computer warfare.
41:47India is a new player in this game
41:50and China.
41:53They themselves have recognized
41:56that they cannot compare to the United States
41:59in the conventional way.
42:02They have armored vehicles, tanks, missiles, cannons and things like that,
42:05but they can do it well when it comes to war
42:08based on computer technology
42:11because they know how vulnerable the United States is
42:14and what they can do using the most suitable mechanisms.
42:17And this would possibly make terrorism,
42:20such as the suicide attacks against the USS Cole
42:23last October in Yemen,
42:26were less risky for the terrorists themselves.
42:30But the USS Cole has not yet adopted this new technology,
42:33so they will continue to exploit things with C4.
42:36When the new generation of leaders
42:39of terrorist organizations
42:42and of certain countries
42:45are able to act on tangible things,
42:48I think we will realize
42:51that it is possible that it will happen to us.
42:54Jim Christie believes that it is inevitable.
42:57It is.
43:00I mean, anonymity is an advantage in this process.
43:03You don't have to sacrifice yourself,
43:06like they did in Yemen.
43:09You don't have to sacrifice the lives of two individuals.
43:12You can do it remotely
43:15and maybe do the same,
43:18make it have the same effects.
43:21And now it gets real.
43:24It's the type of terrorist act
43:27that feeds the nightmares of security experts.
43:30In 1995, it was still too early
43:33to link a terrorist act,
43:36such as the attacks on the Tokyo subway
43:39carried out by members of a sect
43:42to the war based on computer technology,
43:45but it was already too early
43:48to link a terrorist act
43:52to the war based on computer technology.
43:55But now this connection is obvious.
43:58They were very interested in trying to get into
44:01Japanese companies and other institutions
44:04all over the world to get technology.
44:07They wanted laser technology, for example,
44:10because they wanted to build their own laser weapons.
44:13And in fact they got it.
44:16They recruited engineers, scientists
44:20The sect was called Aum Shinrikyo.
44:23It was a sophisticated apocalyptic sect
44:26with an intelligence officer
44:29dedicated to stealing secrets of high-tech companies
44:32and American and Japanese research centers.
44:35And it turns out that an organization
44:38controlled by the Aum sect
44:41was the one who made the bid
44:44to develop software for the Japanese.
44:47Specifically for 90 Japanese government companies
44:50including institutions such as the police
44:53and certain sectors of the Ministry of Defense.
44:56And one day, literally just one day
44:59before this software was used,
45:02someone added 2 and 2 and made the alarms ring.
45:05He said, wait a minute,
45:08look at who have developed this software.
45:11Such a mistake could lead to chaos.
45:14So Washington concluded,
45:17talking about chaos leads to talking about martial law.
45:20Until cyber attacks occur,
45:23martial law is very useful to keep people out of the streets.
45:26The problem is that attackers will be in their own bedrooms
45:29causing more attacks.
45:32So I do not see that martial law will be very effective.
45:35I do not understand how martial law
45:38will contribute to increasing computer security.
45:41In a couple of days, they may attack some trains.
45:44They may sabotage water supplies.
45:47So I think it's fair to declare martial law
45:50to paralyze everything and to deal with the problem thoroughly.
45:53You said you're going to dismantle the Internet.
45:56Let's dismantle it. Let's leave everyone uninformed.
45:59Do you think planes will be able to fly?
46:02We are at war. We do not know who we are at war with,
46:05but we are at war.
46:09Information technology, redefinition of the word war,
46:12prosperity and peace.
46:15Maybe even freedom.
46:18Something that brings new requirements of government control.
46:21Our duty is to protect the infrastructure that is in danger.
46:24And the solution is fundamentally made up of three parts.
46:27First, the government has to legislate the conditions of life management.
46:30Software has to meet certain safety standards,
46:33stability, reliability and transparency.
46:37Secondly, the government has to check and certify the software
46:40as a good that affects the interests of the community.
46:43The software has to have the guarantee issued by the government
46:46that it meets those standards.
46:49Thirdly, and most importantly,
46:52the owners of the computers must also have a responsible behavior.
46:55You can't have an interconnected computer
46:58globally without firewalls.
47:01You can't send documents without encryption
47:05or any other kind of protection
47:08and expect them to remain private.
47:11So we, the users, have to be responsible.
47:14But our responsibility, although the most important,
47:17is only a third step.
47:20The first two steps have to be taken by the government
47:23and by the private sector.
47:26We want this Internet, this global cyberspace,
47:29to be completely free, completely open.
47:32We also want to conduct business there
47:35and we want to be able to run our business there
47:38and we want to be able to be calm
47:41and that our children can learn and have fun on the Internet.
47:44Those kinds of activities require laws,
47:47require international agreements,
47:50require collective and individual responsibility.
47:53So we have a long way to go
47:56before cyberspace is as safe as, let's say,
47:59the highways.
48:02And as we all know very well, the highways are not safe either.
48:05These infrastructures, these services
48:08that we take for granted, are essentially unsafe.
48:11They will continue to be until security
48:14is at the level of technology.
48:17Computer security is very expensive.
48:20It costs a lot of money and requires the work
48:23of many technically prepared people.
48:26And we, both the government and the industry,
48:29we are all competing to have the same folks.
48:32For the government it is difficult to hire enough staff
48:35and to ensure the security of the networks.
48:40Finding people who work in the security of the networks
48:43may not be as difficult as bureaucrats think.
48:46Last July in Las Vegas there were 6,000 possibilities
48:49in the 8th annual convention of DEFCON,
48:52the calendar of any computer pirate.
48:57Among that crowd there were talent hunters
49:00from the industry and the government, including the CIA.
49:03It is a place where you can create relationships with other people,
49:06test new technologies and test each other.
49:10Last year, a Seattle group called
49:13Ghetto Computer Pirates won the main competition in Las Vegas.
49:16The star of this collective is himself called Cesar.
49:19You have to have a certain kind of mentality to be innovative every day.
49:22For that you need to have a countercultural mentality.
49:25That's why now you see so many press releases
49:28from the security industry that talk about the politics of companies
49:31with respect to computer pirates.
49:34They say things like, we hire computer pirates
49:37or we do not hire computer pirates. The truth is that they all do.
49:40It takes a little water.
49:43You will also have to prepare coffee.
49:46One of the highlights of each of these conventions
49:49is a kind of strange party organized by Cesar and his people.
49:52You can only attend with an invitation.
49:55About 100 or maybe 200 people come to our party.
49:58They are special people because they are government agents
50:01who are interested in finding out what we know.
50:04There are also elite computer pirates from all over the world
50:07who are interested in finding out what the government knows.
50:10We provide a forum for them to relate in private
50:13and without affecting their reputation.
50:16Without the public or anything else bothering them.
50:19And we contribute to them giving creative solutions
50:22to some really complicated problems.
50:25As only the elite can be present, they kicked us out quickly.
50:28But the truth is that we did not miss any hang.
50:31There was only advanced mathematics
50:34and computer codes to drive anyone crazy.
50:37And so it was all night.
50:41Even when Cesar let us in again
50:44and explained to us what they had done,
50:47we still did not understand anything.
50:50Although he assured us that in those hieroglyphics
50:53predictions for the future were hidden.
50:56Predictions of new problems and hopefully solutions.
50:59I guess it's more like a hurricane forecaster
51:02than the real cause of hurricanes.
51:05An idea that must be kept in mind
51:09We only try to give the public a small warning in advance.
51:12Try to show people how things should be.
51:18Computer piracy is in full maturity.
51:21It is clear that the government and the industry
51:24understand that computer pirates and their opinions
51:27are a force to be reckoned with.
51:30That is why in the next 5 or 10 years
51:33I present that computer pirates will have a beneficial influence
51:36on the stability of cyberspace.
51:41The security and stability of cyberspace
51:44will ultimately depend on the people who know the most about the dangers.
51:47And perhaps, above all,
51:50on the people who have helped define those dangers in the first place.
Comentarios