|
|
CalebBarlow_2016S-_网_犯罪究竟从何而来?_
|
| Cybercrime is out of control. |
网路犯罪已经失控了。 |
|
Cybercrime:n.网路犯罪;
|
| It's everywhere. |
它无所不在。 |
| We hear about it every single day. |
我们每天都会耳闻这样的事件。 |
| This year, over two billion records lost or stolen. |
在今年,超过 20 亿笔纪录 遗失或遭窃。 而在去年,有一亿人, 其中大部分是美国人, |
| And last year, 100 million of us, mostly Americans, lost our health insurance data to thieves -- myself included. |
健保资料落入窃贼手中, 我也身受其害。 更令人担忧的是: |
|
insurance:n.保险;保险业;保险费;保费;adj.胜券在握的;
|
| What's particularly concerning about this is that in most cases, it was months before anyone even reported that these records were stolen. |
在大多数事件中, 就算有人回报资料被偷, 往往也是几个月之后的事了。 |
|
particularly:adv.特别地,独特地;详细地,具体地;明确地,细致地; concerning:prep.关于;涉及;v.影响,牵涉(某人);与…有关;涉及;(concern的现在分词)
|
| So if you watch the evening news, you would think that most of this is espionage or nation-state activity. |
所以你看到晚间新闻报导时, 你可能会认为这些大部分是 谍报或国家层级的行动。 |
|
espionage:n.间谍;间谍活动;刺探; nation-state:n.单一民族国家;
|
| And, well, some of it is. |
嗯,有些的确是。 |
| Espionage, you see, is an accepted international practice. |
如你所见,谍报活动 已经是一种「国际惯例」, |
| But in this case, it is only a small portion of the problem that we're dealing with. |
但在这个案例当中, 它只是我们所面对难题 其中的一小部分。 |
|
portion:n.部分;(食物的)一份;分担的责任;v.把…分成若干份(或部分);
|
| How often do we hear about a breach followed by, "... it was the result of a sophisticated nation-state attack?" |
我们是否经常听到这些入侵事件, 被描述成: 「这是件精心策划的国家攻击行动」 |
|
breach:n.违背;破坏;辜负;中断;v.违反;违背;在…上打开缺口; sophisticated:adj.复杂的;老练的;见多识广的;水平高的;
|
| Well, often that is companies not being willing to own up to their own lackluster security practices. |
通常,这是公司不愿意承认 自身安全措施失灵的推托之词。 |
|
lackluster:n.无光泽;暗淡;adj.无光泽的;平凡的;
|
| There is also a widely held belief that by blaming an attack on a nation-state, you are putting regulators at bay -- at least for a period of time. |
而且这些公司普遍相信, 只要将攻击归咎于某个国家, 就可以逃避主管机关的监督── 或是至少拖延一段时间。 |
|
regulators:n.调整者;调节阀(regulator的复数形式);
|
| So where is all of this coming from? |
那么实际上网路犯罪从何而来? |
| The United Nations estimates that 80 percent of it is from highly organized and ultrasophisticated criminal gangs . |
联合国估计 80% 的网路犯罪, 来自具有高度组织 且分工精细的犯罪集团。 |
|
United Nations:n.联合国; estimates:n.估计;估价;估计的成本;v.估价;估算(estimate的第三人称单数和复数) highly:adv.高度地;非常;非常赞许地; organized:adj.有组织的; v.组织; (organize的过去分词和过去式) gangs:n.帮派(gang的复数);v.成帮结伙;合伙行动(gang的三单形式);
|
| To date, this represents one of the largest illegal economies in the world, topping out at, now get this, 445 billion dollars. |
时至今日, 网路犯罪已是世界上 最大的非法经济体之一。 而在这之上 ──大家听好了── 是 4,450 亿美金的获利。 |
|
represents:v.代表;维护…的利益;相当于;(represent的第三人称单数) illegal:adj.不合法的;非法的;n.非法移民;非法劳工; economies:n.经济;经济结构;节约;(economy的复数)
|
| Let me put that in perspective for all of you: 445 billion dollars is larger than the GDP of 160 nations, including Ireland, Finland, Denmark and Portugal, to name a few. |
我来给大家更具体的概念: 4,450 亿美金已经超过了 160 个国家的国内生产总值, 其中包括爱尔兰、芬兰、 丹麦和葡萄牙...... 等等国家。 |
|
perspective:n.观点;远景;透视图;adj.透视的;
|
| So how does this work? |
这个体系是如何运作的? |
| How do these criminals operate? |
这些罪犯又如何进行作業? |
| Well, let me tell you a little story. |
让我说个小故事给你们听。 |
| About a year ago, our security researchers were tracking a somewhat ordinary but sophisticated banking Trojan called the Dyre Wolf. |
大约一年前, 我们的资安研究员正在追踪一个 看似寻常却很精密的 银行木马程式── Dyre Wolf。 |
|
tracking:n.追踪,跟踪;v.跟踪;(track的现在分词) somewhat:n.几分;某物;adv.有点;多少;几分;稍微; Trojan:n.勇士;特洛伊人;勤勉的人;adj.特洛伊的;特洛伊人的;
|
| The Dyre Wolf would get on your computer via you clicking on a link in a phishing email that you probably shouldn't have. |
这只程式会进入你的电脑, 是因为你点击了 钓鱼信件中的网址── 你不应该点击的。 |
|
via:prep.通过;经由;n.道路;[医]管道; phishing:n.网络钓鱼;网络欺诈(以虚假的身份和形象随机骗取个人帐号和密码等);
|
| It would then sit and wait. |
接着它会守株待兔, |
| It would wait until you logged into your bank account . |
等待你登入银行帐户。 |
|
logged:v.把…载入正式记录;记录;行驶;采伐;(log的过去分词和过去式) bank account:n.银行账户;
|
| And when you did, the bad guys would reach in, steal your credentials , and then use that to steal your money. |
到时候,歹徒就大手一伸, 盗用你的身份, 然后偷走你的钱。 |
|
credentials:n.[管理]证书; v.得到信用;
|
| This sounds terrible, but the reality is, in the security industry, this form of attack is somewhat commonplace . |
这听起来很吓人, 但事实上,在资讯安全领域, 这种形式的攻击还算常见。 |
|
commonplace:n.老生常谈;司空见惯的事;普通的东西;adj.平凡的;陈腐的;
|
| However, the Dyre Wolf had two distinctly different personalities -- one for these small transactions , but it took on an entirely different persona if you were in the business of moving large-scale wire transfers . |
然而,Dyre Wolf 程式 具有双重人格── 其中一个是针对刚提到的小额交易, 但如果你的工作 会接触到大笔金钱往来, 它就会展现出截然不同的另一面。 |
|
distinctly:adv.明显地;无疑地,确实地; personalities:n.性格;个性;人格;气质;名人;(personality的复数) transactions:n.处理,[图情]会报;汇报(transaction复数); large-scale:adj.大规模的,大范围的;大比例尺的; transfers:n.[电子][计]传输(tansfer的复数); v.[计]转移;
|
| Here's what would happen. |
过程会是这样的。 |
| You start the process of issuing a wire transfer, and up in your browser would pop a screen from your bank, indicating that there's a problem with your account, and that you need to call the bank immediately, along with the number to the bank's fraud department. |
当你启动汇款流程, 在浏览器上, 你的网路银行会跳出一个画面, 显示你的帐户出现问题, 你必须马上打电话给银行, 并附上银行防诈骗部门的专线号码。 |
|
process:v.处理;加工;列队行进;n.过程,进行;方法,adj.经过特殊加工(或处理)的; issuing:n.发行物;争论点;期刊号;v.发行(issue的ing形式);分配;流出; browser:n.[计]浏览器;吃嫩叶的动物;浏览书本的人; indicating:v.表明;显示;象征;暗示;(indicate的现在分词) fraud:n.欺骗;骗子;诡计;
|
| So you pick up the phone and you call. |
于是你拿起电话拨过去。 |
| And after going through the normal voice prompts , you're met with an English-speaking operator . |
经过一连串看似正常的语音指示后, 你被转接给一位英语客服。 |
|
prompts:n.[计]提示;提示性语言(prompt的复数形式); operator:n.算子;接线员;操作人员;骗子;
|
| '"Hello, Altoro Mutual Bank. How can I help you?" |
「哈啰!奥多罗互助银行。 很高兴为您服务。」 |
|
Mutual:adj.共同的;相互的,彼此的;
|
| And you go through the process like you do every time you call your bank, of giving them your name and your account number, going through the security checks to verify you are who you said you are. |
接着你一如往常进行整个流程: 给出你的名字、帐户、 回答安全问题以确认你的身份。 |
|
verify:vt.核实;查证;
|
| Most of us may not know this, but in many large-scale wire transfers, it requires two people to sign off on the wire transfer, so the operator then asks you to get the second person on the line , and goes through the same set of verifications and checks. |
大部分的人可能不知道, 在许多的巨额转帐中, 规定要经过两个人的确认, 接着客服请第二个人听电话, 然后进行同样的确认流程。 |
|
second person:n.第二人称; on the line:处于危险中;模棱两可;在电话线上;
|
| Sounds normal, right? |
听起来很正常吧? |
| Only one problem: you're not talking to the bank. |
只有一个问题: 在电话另一端的不是银行。 |
| You're talking to the criminals. |
和你通电话的是歹徒。 |
| They had built an English-speaking help desk , fake overlays to the banking website. |
他们还设置了英语客服中心, 并制作了假的银行网站。 |
|
help desk:n.(商业公司的)咨询服务;(尤指有关电脑问题的)技术支持服务; fake:n.假货;骗子;假动作;v.捏造;假装…的样子;adj.伪造的; overlays:v.覆盖; n.覆盖图;
|
| And this was so flawlessly executed that they were moving between a half a million and a million and a half dollars per attempt into their criminal coffers . |
在这天衣无缝的过程中, 每一次作案,就会有 50 万 至 150 万美金的不法所得 落入歹徒的口袋。 这些犯罪组织的运作 |
|
flawlessly:adv.完美无瑕地; executed:v.(尤指依法)处决,处死;实行;执行;实施;(execute的过去分词和过去式) attempt:n.企图,试图;攻击;v.企图,试图;尝试; coffers:n.金库(coffer的复数); v.用花格镶板装饰;
|
| These criminal organizations operate like highly regimented , legitimate businesses. |
就像纪律严明的合法企業。 他们的员工从周一工作到周五, |
|
organizations:n.组织,构造,有机体(organization的复数);组织机构; regimented:adj.受管制的;v.编成团;管制(regiment的过去式和过去分词); legitimate:adj.合法的;正当的;合理的;正统的;v.使合法;认为正当(等于legitimize);
|
| Their employees work Monday through Friday. |
周末则是放假休息。 |
| They take the weekends off. |
我们为什么知道? |
| How do we know this? |
这是因为我们的资安研究人员发现 |
| We know this because our security researchers see repeated spikes of malware on a Friday afternoon. |
每当周五下午, 恶意程式都会大量出现。 这些坏蛋们陪老婆小孩度过周末, |
|
spikes:n.钉鞋(spike的复数);v.把…钉牢(spike的第三人称单数); malware:n.恶意软件;
|
| The bad guys, after a long weekend with the wife and kids, come back in to see how well things went. |
之后就可以回来验收成果。 「暗网」是他们栖息的地方。 |
|
long weekend:n.(三天或四天的)周末长假;
|
| The Dark Web is where they spend their time. |
这个词是用来描述 隐藏在网际网路中的匿名空间。 |
| That is a term used to describe the anonymous underbelly of the internet, where thieves can operate with anonymity and without detection . |
窃贼们在此得以匿名行事, 而不会被人发现。 他们在此兜售攻击软体, |
|
describe:v.描述;形容;把…称为;画出…图形; anonymous:adj.匿名的,无名的;无个性特征的; underbelly:n.下腹部;薄弱部分;易受攻击的部位,区域等; anonymity:n.匿名;匿名者;无名之辈; detection:n.侦查,探测;发觉,发现;察觉;
|
| Here they peddle their attack software and share information on new attack techniques . |
并且分享各种新的攻击技术。 在那里,你能买到任何东西, |
|
peddle:v.兜售;挨户销售;宣传;传播(思想、消息); techniques:n.技巧;技艺;工艺;技术;(technique的复数)
|
| You can buy everything there, from a base-level attack to a much more advanced version. |
从基本等级的攻击服务 到更进阶的版本都有。 |
|
advanced:adj.先进的; v.前进; (advance的过去式和过去分词形式)
|
| In fact, in many cases, you even see gold, silver and bronze levels of service. |
在很多地方,你甚至会看到 被区分为金、银、铜等级 的各种攻击服务。 |
|
silver:n.银; v.给…镀(或包)银; adj.银色的; bronze:n.青铜; adj.青铜色的; vt.镀青铜于; vi.变成青铜色,被晒黑;
|
| You can check references . |
你可以查询他人的推荐心得。 |
|
references:n.提到; v.查阅; (reference的第三人称单数和复数)
|
| You can even buy attacks that come with a money-back guarantee -- |
你所购买的攻击服务 甚至还能有退款保证── |
|
money-back guarantee:n.(商店对不合格商品的)退款保证;
|
| (Laughter) |
(笑声) |
| if you're not successful. |
如果你的攻击没有成功。 |
| Now, these environments, these marketplaces -- they look like an Amazon or an eBay. |
这样的环境、这样的交易市集, 看起来跟亚马逊或 eBay 一模一样。 |
|
marketplaces:n.市场;集贸市场(marketplace的复数); Amazon:亚马逊;古希腊女战士;
|
| You see products, prices, ratings and reviews . |
你看得到产品、价格、评分跟评论。 |
|
ratings:n.评级;等级(rating的复数形式); reviews:n.综述; v.回顾;
|
| Of course, if you're going to buy an attack, you're going to buy from a reputable criminal with good ratings, right? |
如果你要买攻击服务, 你当然会向评分高、 名声好的罪犯购买,对吧? |
|
reputable:adj.声誉好的;受尊敬的;卓越的;
|
| (Laughter) |
(笑声) |
| This isn't any different than checking on Yelp or TripAdvisor before going to a new restaurant. |
这就像你要到一间新的餐厅之前, 会先到 Yelp 或 TripAdvisor 网站 查询评价一样。 |
|
different than:不同于; Yelp:v.叫喊;狗吠;n.尖叫,大叫;吠声;
|
| So, here is an example. |
我举个例子。 |
| This is an actual screenshot of a vendor selling malware. |
这是从恶意软体贩卖者的网页 所擷取的真实画面。 |
|
screenshot:n.屏幕截图(截图软件名称); vendor:n.卖主;小贩;[贸易]自动售货机;
|
| Notice they're a vendor level four, they have a trust level of six. |
他是属于第四级的贩卖商, 他的信赖度则是第六级。 |
| They've had 400 positive reviews in the last year, and only two negative reviews in the last month. |
他在去年得到 400 个正面评价, 而在上个月的负面评价只有两个。 |
|
positive:adj.积极的;[数]正的,[医][化学]阳性的;确定的;n.正数;[摄]正片; negative:adj.[数]负的;消极的;否定的;阴性的;n.否定;负数;[摄]底片;v.否定;拒绝;
|
| We even see things like licensing terms. |
我们甚至在上面看到授权条款。 |
|
licensing:v.批准;许可;(license的现在分词)
|
| Here's an example of a site you can go to if you want to change your identity . |
另外这个网站, 如果你想要改变个人身分, 可以上去看看。 |
|
site:n.地点;位置;场所;v.设置;为…选址; identity:n.身份;同一性,一致;特性;恒等式;
|
| They will sell you a fake ID, fake passports. |
他们贩卖假身分证、 假护照。 |
| But note the legally binding terms for purchasing your fake ID. |
特别注意有关购买假证件的法律条款。 |
|
binding:v.结合; n.(书籍的)封皮; adj.必须遵守的; (bind的现在分词) purchasing:n.购买;采购;v.买;购买;采购;(purchase的现在分词)
|
| Give me a break. |
饒了我吧! |
| What are they going to do -- sue you if you violate them? |
就算你违反了这些条款, 他们能怎样?控告你吗? |
|
sue:v.控告;提起诉讼;(尤指在法庭上)提出请求; violate:v.违反,违背(法律、协议等);侵犯(隐私等);亵渎;
|
| (Laughter) |
(笑声) |
| This occurred a couple of months ago. |
就在几个月前, |
|
occurred:v.发生;出现;存在于;出现在;(occur的过去分词和过去式)
|
| One of our security researchers was looking at a new Android malware application that we had discovered. |
我们的一位资安研究员 正在分析新发现的一个 Android 恶意程式。 |
|
Android:n.机器人;安卓操作系统; application:n.应用;申请;应用程序;敷用;
|
| It was called Bilal Bot. |
这个程式叫 Bilal Bot。 |
| In a blog post, she positioned Bilal Bot as a new, inexpensive and beta alternative to the much more advanced GM Bot that was commonplace in the criminal underground. |
在一篇部落格文章中, 她(部落格作者) 将 Bilal Bot 定位为 新颖、便宜、待测试修正的、 另一个 GM Bot 程式的替代品, 而 GM Bot 更为先进, 在地下黑市非常普及。 |
|
blog:n.博客;部落格;网络日志; inexpensive:adj.廉价的;不昂贵的; beta:n.贝它(希腊字母表的第二个字母); alternative:adj.供选择的;选择性的;交替的;n.二中择一;供替代的选择;
|
| This review did not sit well with the authors of Bilal Bot. |
Bilal Bot 作者对此评论感到不满。 |
| So they wrote her this very email, pleading their case and making the argument that they felt she had evaluated an older version. |
所以他们写了这封信给她, 除了为产品辩护, 并认为她所评测的是旧版程式。 |
|
pleading:n.恳求;答辩;辩论,诉状;adj.恳求的;v.辩护(plead的ing形式); evaluated:v.估计;评价;评估;(evaluate的过去分词和过去式)
|
| They asked her to please update her blog with more accurate information and even offered to do an interview to describe to her in detail how their attack software was now far better than the competition . |
他们要求她更新部落格 以提供更正确的资讯, 甚至要求当面对谈, 好向她详细解释 他们的攻击程式如何比竞争对手更好。 |
|
update:vt.使现代化;更新;n.现代化;更新的信息; accurate:adj.精确的; interview:n.接见,采访;面试,面谈;v.采访;接见;对…进行面谈; competition:n.竞争;比赛,竞赛;
|
| So look, you don't have to like what they do, but you do have to respect the entrepreneurial nature of their endeavors . |
所以你瞧, 你不需认同他们的行为, 但你得敬佩他们 在努力的过程中 所流露出的创業家特质。 |
|
entrepreneurial:adj.企业家的,创业者的;中间商的; endeavors:尽力;
|
| (Laughter) |
(笑声) |
| So how are we going to stop this? |
所以,我们要如何阻止这一切? |
| It's not like we're going to be able to identify who's responsible -- remember, they operate with anonymity and outside the reach of the law. |
并不是说我们要找出某个人 来追究责任── 记住,他们都匿名行事, 置身法律之外。 |
|
identify:v.识别:鉴定:确认:发现: responsible:adj.负责的,可靠的;有责任的;
|
| We're certainly not going to be able to prosecute the offenders . |
我们确实无法起诉这些犯罪份子。 |
|
prosecute:vt.检举;贯彻;从事;依法进行;vi.起诉;告发;作检察官; offenders:n.罪犯(offender的复数);冒犯者;
|
| I would propose that we need a completely new approach . |
我提议,采用完全不同的作法。 |
|
propose:v.建议;提议;求婚;打算; approach:n.方法;路径;v.接近;建议;着手处理;
|
| And that approach needs to be centered on the idea that we need to change the economics for the bad guys. |
这个作法的核心观念是: 我们要顛覆那些坏蛋的经济体系。 |
| And to give you a perspective on how this can work, let's think of the response we see to a healthcare pandemic : |
为了让你们了解这个方法为何有效, 先回想我们如何面对以下这些传染病: |
|
healthcare:n.医疗保健;健康护理,健康服务;卫生保健; pandemic:adj.(疾病等)全国流行的;普遍的;n.流行性疾病;
|
| SARS, Ebola , bird flu , Zika. |
SARS、伊波拉、禽流感、兹卡病毒。 |
|
Ebola:n.埃博拉病毒; bird flu:n.禽流感(鸟类传染病,可感染人类并导致死亡);
|
| What is the top priority ? |
第一要务是什么? |
|
priority:n.优先;优先权;[数]优先次序;优先考虑的事;
|
| It's knowing who is infected and how the disease is spreading. |
是知道谁受到感染 以及疾病如何传播。 |
|
infected:adj.带菌的; v.传染; (infect的过去分词和过去式) disease:n.病,[医]疾病;弊病;vt.传染;使…有病;
|
| Now, governments, private institutions , hospitals, physicians -- everyone responds openly and quickly. |
现在,包括政府、私人机构、 医院、医师── 所有人都能开放、迅速地 做好应对工作。 |
|
institutions:n.机构;慈善机构;风俗习惯,制度;(institution的复数) physicians:n.[内科]内科医生(physician的复数); responds:v.(口头或书面)回答,回应;作出反应;响应;(respond的第三人称单数)
|
| This is a collective and altruistic effort to stop the spread in its tracks and to inform anyone not infected how to protect or inoculate themselves. |
这样的集体利他行为, 遏止了疾病的传播, 并告知尚未被感染者 如何自保或接种疫苗。 |
|
collective:adj.集体的;共同的;集合的;集体主义的;n.集团;集合体;集合名词; altruistic:adj.利他的;无私心的; tracks:n.小道;足迹;车辙;轨道;v.追踪;跟踪;(track的第三人称单数和复数) inform:v.通知;告诉;报告;告发;告密; inoculate:vt.[医]接种;嫁接;灌输;
|
| Unfortunately , this is not at all what we see in response to a cyber attack. |
不幸地,在面对网路攻击时, 我们看到的完全不是这样。 |
|
Unfortunately:adv.不幸地; not at all:毫无;一点也不;不用谢; in response to:响应;回答;对…有反应;
|
| Organizations are far more likely to keep information on that attack to themselves. |
组织更倾向于 将受到攻击的相关资讯 采取保密。 |
| Why? |
为什么? |
| Because they're worried about competitive advantage , litigation or regulation . |
因为他们担心失去竞争优势、 面对法律诉讼、 或是接受监督管理。 |
|
competitive:adj.竞争的;比赛的;求胜心切的; advantage:n.有利条件:优势:优点: litigation:n.诉讼;起诉; regulation:n.规则;法规;控制;规章制度;adj.规定的;必须穿戴的;必须使用的;
|
| We need to effectively democratize threat intelligence data. |
我们必须有效率地 将网路威胁情资公开。 |
|
democratize:vt.使民主化;使大众化;vi.民主化;大众化; intelligence:n.智力;智慧;才智;(尤指关于敌国的)情报;
|
| We need to get all of these organizations to open up and share what is in their private arsenal of information. |
我们必须让这些组织 开放并分享他们的情报资料庫。 |
|
arsenal:n.兵工厂;军械库;
|
| The bad guys are moving fast; we've got to move faster. |
犯罪份子的手法一日千里, 我们必须走在他们之前。 |
| And the best way to do that is to open up and share data on what's happening. |
最好的方式便是开放 并且共享即时资讯。 |
| Let's think about this in the construct of security professionals . |
让我们从资讯安全人员的角度 来反思一下。 |
|
construct:v.建造;创建;建筑;修建;n.概念;构筑物;结构体;建造物; professionals:n.[管理]专业人员(professional的复数);
|
| Remember, they're programmed right into their DNA to keep secrets. |
要知道,这群人 保密的天性深入骨子里。 |
| We've got to turn that thinking on its head. |
我们得扭转这样的习性。 |
| We've got to get governments, private institutions and security companies willing to share information at speed. |
我们得想办法让政府、私人机构, 还有资安服务業者, 愿意迅速地分享资讯。 |
| And here's why: because if you share the information, it's equivalent to inoculation . |
原因如下: 若是共享讯息, 就像是接种了疫苗。 |
|
equivalent:adj.等价的,相等的;同意义的;n.等价物,相等物; inoculation:n.[医]接种;接木;接插芽;
|
| And if you're not sharing, you're actually part of the problem, because you're increasing the odds that other people could be impacted by the same attack techniques. |
若是拒绝共享, 我们就等于是共犯, 因为你可能助长了他人 被相同手法攻击的机会。 |
|
odds:n.几率;胜算;不平等;差别; impacted:adj.压紧的;结实的;嵌入的;(人口)稠密的;v.装紧;挤满(impact的过去分词);
|
| But there's an even bigger benefit. |
这么做还有更大的好处。 |
| By destroying criminals' devices closer to real time , we break their plans. |
用近乎即时的速度消灭犯罪工具, 我们也破坏了歹徒的计画。 |
|
devices:n.[机][计]设备;[机]装置;[电子]器件(device的复数); real time:adj.实时的;接到指示立即执行的;
|
| We inform the people they aim to hurt far sooner than they had ever anticipated . |
我们能用罪犯措手不及的速度, 预先告知民众, 他们已经成为攻击目标。 |
|
anticipated:adj.预期的; v.预期; (anticipate的过去式和过去分词)
|
| We ruin their reputations, we crush their ratings and reviews. |
我们能破坏他们的声誉, 毁掉他们的评分及评论。 |
|
ruin:n.废墟;毁坏;灭亡;v.毁灭;使破产; crush:v.压碎;弄皱,变形;使…挤入;n.粉碎;迷恋;压榨;拥挤的人群;
|
| We make cybercrime not pay. |
我们让网路犯罪无利可图。 |
| We change the economics for the bad guys. |
我们顛覆犯罪份子的经济体系。 |
| But to do this, a first mover was required -- someone to change the thinking in the security industry overall . |
但要达成这个目标的第一步, 是要有人来改变 整个资安产業的思维。 |
|
mover:n.原动力;鼓动者;搬运公司;搬家工人; overall:v.全部; n.外套; adj.全面的;
|
| About a year ago, my colleagues and I had a radical idea. |
大约一年前, 我同事和我有个大胆的想法。 |
|
colleagues:n.同事;同行(colleague的复数); radical:n.自由基;激进分子;游离基;adj.根本的;彻底的;完全的;全新的;
|
| What if IBM were to take our data -- we had one of the largest threat intelligence databases in the world -- and open it up? |
如果把全球最大的 网路威胁情报资料庫── 也就是 IBM 拥有的资料庫── 把它开放出来如何? |
|
What if:如果…怎么办?
|
| It had information not just on what had happened in the past, but what was happening in near-real time. |
这里面不只有过去事件的历史纪录, 还有近乎即时的资安动态资讯。 |
| What if we were to publish it all openly on the internet? |
把这些资料都公开会变成怎样呢? |
|
publish:v.出版;发表;公布;
|
| As you can imagine, this got quite a reaction . |
可想而知,这构想招来激烈反应。 |
|
reaction:n.反应,感应;反动,复古;反作用;
|
| First came the lawyers: |
首先是律师问: |
| What are the legal implications of doing that? |
「在法律上会有什么瓜葛?」 |
|
implications:n.蕴涵式;暗指,暗示;含蓄,含意;卷入(implication的复数);
|
| Then came the business: |
接着是商業人士: |
| What are the business implications of doing that? |
「在商業上会有什么含义?」 |
| And this was also met with a good dose of a lot of people just asking if we were completely crazy. |
我们还遇到许多声音 质疑我们是不是彻底疯了? |
|
dose:n.剂量;一剂,一服;v.服药;给药;给…服药;
|
| But there was one conversation that kept floating to the surface in every dialogue that we would have: the realization that if we didn't do this, then we were part of the problem. |
但是在我们参与的每场对话当中, 有一个论点持续、逐渐地浮出台面, 就是我们瞭解到: 如果不开放资讯, |
|
realization:n.实现;领悟;
|
| So we did something unheard of in the security industry. |
我们就成为网路犯罪的共犯。 |
|
unheard:adj.听不到的;未被倾听的;不予理睬的;
|
| We started publishing. |
所以我们做了 在资安产業中前所未有的事。 |
| Over 700 terabytes of actionable threat intelligence data, including information on real-time attacks that can be used to stop cybercrime in its tracks. |
我们开始将资料公开。 超过 700 兆位元组的资安威胁情报, 其中包含即时的攻击资讯, |
|
terabytes:n.兆兆字节(信息量度单位,terabyte的复数); actionable:adj.可控告的;可提起诉讼的; real-time:adj.实时的;接到指示立即执行的;
|
| And to date, over 4,000 organizations are leveraging this data, including half of the Fortune 100. |
可以协助我们阻断网路犯罪。 时至今日, 超过四千个组织正在利用这些资料, |
|
leveraging:v.利用贷款进行投机;(leverage的现在分词) Fortune:n.财富;命运;运气;v.给予财富,偶然发生
|
| And our hope as a next step is to get all of those organizations to join us in the fight, and do the same thing and share their information on when and how they're being attacked as well. |
包含全球百大企業的一半以上。 下一步,我们希望所有的组织 都能够加入这场战役, 跟我们一样, 公开分享他们的资讯── |
| We all have the opportunity to stop it, and we already all know how. |
关于他们何时、如何遭受攻击。 我们都有机会阻止这一切, |
| All we have to do is look to the response that we see in the world of health care , and how they respond to a pandemic. |
也已经知道该怎么做了。 我们要做的只不过是: 借鉴全球公共卫生体系 作为他山之石, |
|
health care:n.卫生保健;
|
| Simply put, we need to be open and collaborative . |
以及应对传染病的做法。 简而言之, |
|
collaborative:adj.合作的,协作的;
|
| Thank you. |
我们必须开放,并且彼此合作。 |
| (Applause) |
谢谢。 |