Placeholder Image

Subtitles section Play video

  • Four years ago, a security researcher,

  • or, as most people would call it, a hacker,

  • found a way to literally

  • make ATMs throw money at him.

  • His name was Barnaby Jack,

  • and this technique was later called "jackpotting"

  • in his honor.

  • I'm here today because I think

  • we actually need hackers.

  • Barnaby Jack could have easily turned

  • into a career criminal or James Bond villain

  • with his knowledge,

  • but he chose to show the world

  • his research instead.

  • He believed that sometimes

  • you have to demo a threat

  • to spark a solution,

  • and I feel the same way.

  • That's why I'm here today.

  • We are often terrified and fascinated

  • by the power hackers now have.

  • They scare us,

  • but the choices they make

  • have dramatic outcomes

  • that influence us all.

  • So I am here today because I think we need hackers,

  • and in fact, they just might be

  • the immune system for the information age.

  • Sometimes they make us sick,

  • but they also find those hidden threats in our world,

  • and they make us fix it.

  • I knew that I might get hacked for giving this talk,

  • so let me save you the effort.

  • In true TED fashion,

  • here is my most embarrassing picture.

  • But it would be difficult for you to find me in it,

  • because I'm the one who looks like a boy

  • standing to the side.

  • I was such a nerd back then

  • that even the boys on the Dungeons and Dragons team

  • wouldn't let me join.

  • This is who I was,

  • but this is who I wanted to be:

  • Angelina Jolie.

  • She portrayed Acid Burn

  • in the '95 film "Hackers."

  • She was pretty and she could rollerblade,

  • but being a hacker, that made her powerful.

  • And I wanted to be just like her,

  • so I started spending a lot of time

  • on hacker chat rooms and online forums.

  • I remember one late night

  • I found a bit of PHP code.

  • I didn't really know what it did,

  • but I copy-pasted it

  • and used it anyway

  • to get into a password-protected site

  • Like that,

  • Open Sesame.

  • It was a simple trick,

  • and I was just a script kiddie back then,

  • but to me, that trick,

  • it felt like this,

  • like I had discovered limitless potential

  • at my fingertips.

  • This is the rush of power that hackers feel.

  • It's geeks just like me

  • discovering they have access to superpower,

  • one that requires the skill and tenacity

  • of their intellect,

  • but thankfully no radioactive spiders.

  • But with great power comes great responsibility,

  • and you all like to think that if we had such powers,

  • we would only use them for good.

  • But what if you could read your ex's emails,

  • or add a couple zeros to your bank account.

  • What would you do then?

  • Indeed, many hackers do not resist

  • those temptations,

  • and so they are responsible in one way or another

  • to billions of dollars lost each year

  • to fraud, malware or plain old identity theft,

  • which is a serious issue.

  • But there are other hackers,

  • hackers who just like to break things,

  • and it is precisely those hackers

  • that can find the weaker elements in our world

  • and make us fix it.

  • This is what happened last year

  • when another security researcher

  • called Kyle Lovett

  • discovered a gaping hole

  • in the design of certain wireless routers

  • like you might have in your home or office.

  • He learned that anyone could remotely connect

  • to these devices over the Internet

  • and download documents from hard drives

  • attached to those routers, no password needed.

  • He reported it to the company, of course,

  • but they ignored his report.

  • Perhaps they thought universal access was a feature, not a bug.

  • Until two months ago,

  • when a group of hackers used it

  • to get into people's files.

  • But they didn't steal anything.

  • They left a note:

  • Your router and your documents

  • can be accessed by anyone in the world.

  • Here's what you should do to fix it.

  • We hope we helped.

  • By getting into people's files like that,

  • yeah, they broke the law,

  • but they also forced that company

  • to fix their product.

  • Making vulnerabilities known to the public

  • is a practice called full disclosure

  • in the hacker community,

  • and it is controversial,

  • but it does make me think of how hackers

  • have an evolving effect on technologies we use

  • every day.

  • This is what Khalil did.

  • Khalil is a Palestinian hacker from the West Bank,

  • and he found a serious privacy flaw on Facebook

  • which he attempted to report

  • through the company's bug bounty program.

  • These are usually great arrangements for companies

  • to reward hackers disclosing vulnerabilities

  • they find in their code.

  • Unfortunately, due to some miscommunications,

  • his report was not acknowledged.

  • Frustrated with the exchange,

  • he took to use his own discovery

  • to post on Mark Zuckerberg's wall.

  • This got their attention, all right,

  • and they fixed the bug,

  • but because he hadn't reported it properly,

  • he was denied the bounty usually paid out

  • for such discoveries.

  • Thankfully for Khalil,

  • a group of hackers were watching out for him.

  • In fact, they raised more than 13,000 dollars

  • to reward him for this discovery,

  • raising a vital discussion in the technology industry

  • about how we come up with incentives

  • for hackers to do the right thing.

  • But I think there's a greater story here still.

  • Even companies founded by hackers,

  • like Facebook was,

  • still have a complicated relationship

  • when it comes to hackers.

  • And so for more conservative organizations,

  • it is going to take time and adapting

  • in order to embrace hacker culture

  • and the creative chaos that it brings with it.

  • But I think it's worth the effort,

  • because the alternative,

  • to blindly fight all hackers,

  • is to go against the power you cannot control

  • at the cost of stifling innovation

  • and regulating knowledge.

  • These are things that will come back and bite you.

  • It is even more true

  • if we go after hackers

  • that are willing to risk their own freedom

  • for ideals like the freedom of the web,

  • especially in times like this, like today even,

  • as governments and corporates

  • fight to control the Internet.

  • I find it astounding

  • that someone from the shadowy corners of cyberspace

  • can become its voice of opposition,

  • its last line of defense even,

  • perhaps someone like Anonymous,

  • the leading brand of global hacktivism.

  • This universal hacker movement

  • needs no introduction today,

  • but six years ago

  • they were not much more than an Internet subculture

  • dedicated to sharing silly pictures of funny cats

  • and Internet trolling campaigns.

  • Their moment of transformation was in early 2008

  • when the Church of Scientology

  • attempted to remove certain leaked videos

  • from appearing on certain websites.

  • This is when Anonymous was forged

  • out of the seemingly random collection

  • of Internet dwellers.

  • It turns out,

  • the Internet doesn't like it

  • when you try to remove things from it,

  • and it will react with cyberattacks

  • and elaborate pranks

  • and with a series of organized protests

  • all around the world,

  • from my hometown of Tel Aviv

  • to Adelaide, Australia.

  • This proved that Anonymous and this idea

  • can rally the masses from the keyboards

  • to the streets,

  • and it laid the foundations

  • for dozens of future operations

  • against perceived injustices

  • to their online and offline world.

  • Since then, they've gone after many targets.

  • They've uncovered corruption, abuse.

  • They've hacked popes and politicians,

  • and I think their effect is larger

  • than simple denial of service attacks

  • that take down websites

  • or even leak sensitive documents.

  • I think that, like Robin Hood,

  • they are in the business of redistribution,

  • but what they are after isn't your money.

  • It's not your documents. It's your attention.

  • They grab the spotlight for causes they support,

  • forcing us to take note,

  • acting as a global magnifying glass

  • for issues that we are not as aware of

  • but perhaps we should be.

  • They have been called many names

  • from criminals to terrorists,

  • and I cannot justify their illegal means,

  • but the ideas they fight for

  • are ones that matter to us all.

  • The reality is,

  • hackers can do a lot more than break things.

  • They can bring people together.

  • And if the Internet doesn't like it

  • when you try to remove things from it,

  • just watch what happens

  • when you try to shut the Internet down.

  • This took place in Egypt in January 2011,

  • and as President Hosni Mubarak

  • attempted a desperate move

  • to quash the rising revolution on the streets of Cairo,

  • he sent his personal troops

  • down to Egypt's Internet service providers

  • and had them physically kill the switch

  • on the country's connection to the world overnight.

  • For a government to do a thing like that

  • was unprecedented,

  • and for hackers, it made it personal.

  • Hackers like the Telecomix group

  • were already active on the ground,

  • helping Egyptians bypass censorship

  • using clever workarounds like Morse code

  • and ham radio.

  • It was high season for low tech,

  • which the government couldn't block,

  • but when the Net went completely down,

  • Telecomix brought in the big guns.

  • They found European service providers

  • that still had 20-year-old

  • analog dial-up access infrastructure.

  • They opened up 300 of those lines

  • for Egyptians to use,