Ο Chris Domas is a cyber security researcher and works on what has become a new war front, "cyberspace". In this fascinating speech, it shows how researchers use recognition patterns and reverse engineering (and a few overnight) to understand a piece of binary code that they do not know about purpose and content. Below we cite his speech at TED talk. The translation has been made by Chryssa Rapessi and edited by Nikolao Benia.
0:11 That's a lot of aces and zeroes. This is what we call binary information. This is how computers talk. This is how they store the information. This is how computers think. This is how computers do everything computers do. I'm a cybersecurity researcher, which means I sit with this information and try to make sense of it, figure out what all the aces and zeroes mean. Unfortunately for me, we're not just talking about the aces and zeroes I have here on the screen. We're not just talking about a few pages of aces and zeroes. We're talking billions and billions of aces and zeroes, more than anyone could fathom.
0:48 Now, as exciting as that sounds, when I first started with cybersecurity - (Laughter) - when I first started, I wasn't sure aces and zeros were what I wanted to do for the rest of my life, because in my mind, cybersecurity was to protect my grandmother's computer from viruses, to be careful not to hack Myspace pages, and perhaps, on my most glorious day, to protect someone's credit card information from theft. These are important, but I did not want to spend my life like that.
1:18 Αλλά μετά από 30 λεπτά δουλειάς ως συμβασιούχος άμυνας, ανακάλυψα σύντομα ότι η ιδέα που είχα για την κυβερνοασφάλεια ήταν κάπως λανθασμένη. Στην πράξη, όσον αφορά την εθνική ασφάλεια, η προστασία του υπολογιστή της γιαγιάς μου από ιούς ήταν πολύ χαμηλά στη λίστα με τις προτεραιότητές τους. Επειδή η κυβερνοασφάλεια είναι πολύ μεγαλύτερη από αυτά τα πράγματα. Η κυβερνοασφάλεια είναι αναπόσπαστο μέρος της ζωής όλων μας, επειδή οι υπολογιστές είναι αναπόσπαστο μέρος της ζωής όλων μας, ακόμη κι αν δεν έχετε υπολογιστή. Οι υπολογιστές ελέγχουν τα πάντα στο αυτοκίνητό σας, από το GPS έως τους αερόσακους. Ελέγχουν το τηλέφωνό σας. Γι' αυτό μπορείτε να καλέσετε το 100 και να απαντήσει κάποιος. Ελέγχουν ολόκληρη την υποδομή της χώρας μας. Είναι ο λόγος που έχετε ηλεκτρικό, θέρμανση, καθαρό νερό, φαγητό. Οι υπολογιστές ελέγχουν τον στρατιωτικό εξοπλισμό μας, τα πάντα από σιλό πυραύλων, δορυφconditions έως δίκτυα πυρηνικής άμυνας. Όλα αυτά είναι δυνατά λόγω των υπολογιστών, και ως εκ τούτου, λόγω του κυβερνοχώρου, και όταν κάτι πάει στραβά, ο κυβερνοχώρος μπορεί να τα κάνει όλα αυτά αδύνατα.
2: 20 But there I go. A big part of my job is to protect all of this, to do them, but sometimes, my job is to spoil one of them, because cyber security has nothing to do with the defense, it has to do with the attack . We are entering a time when we are talking about cyber-bots. In fact, the possibility of cyber-attack is so great that cyberspace is considered the new area of war. War. It's not necessarily something bad. On the one hand, it means we have a new front where we have to defend, but on the other hand, we have a new way of assault, a new way to stop the bad guys from doing bad things.
2:58 Ας αναλογιστούμε ένα παράδειγμα που είναι τελείως θεωρητικό. Έστω ότι ένας τρομοκράτης θέλει να ανατινάξει ένα κτίριο, και θέλει να το κάνει ξανά και ξανά στο μέλλον. Δεν θέλει να είναι μέσα στο κτίριο όταν εκραγεί. Θα χρησιμοποιήσει ένα κινητό τηλέφωνο ως απομακρυσμένο πυροκροτητή. Παλαιότερα, ο μοναδικός τρόπος για να σταματήσουμε τον τρομοκράτη ήταν με χαλάζι από σφαίρες και καταδίωξη με αυτοκίνητα, αλλά αυτό δεν είναι πια απαραίτητα αλήθεια. Τώρα μπορούμε να τον σταματήσουμε πατώντας ένα κουμπί 1.000 χιλιόμετρα μακριά, επειδή είτε το γνώριζε είτε όχι, μόλις χρησιμοποιήσε το κινητό του, μπήκε στο βασίλειο του κυβερνοχώρου. Μια καλοφτιαγμένη κυβερνοεπίθεση μπορεί να μπει στο τηλέφωνό του, να απενεργοποιήσει την προστασία υπέρτασης στην battery of, drastically overloading the circuit, causing the battery to overheat and explode. We will no longer have a phone, no detonator, maybe no terrorist, all at the push of a button. a thousand kilometers away.
3: 51 How does this work? Everything returns to aces and zeros. Binary information makes your phone work, and if used properly, it can make your phone explode. When you see cyberspace from this point of view, passing your life looking at binary information starts to look somewhat exciting.
4: 10 But the trap: It's tough, too difficult, and why. Think of everything you have on your cell phone. Have the photos you have taken. You have the music you are listening to. You have your list of contacts, emails and 500 applications that you never used throughout your life, and behind all this is the software, the code that controls your cell phone, and somewhere buried in the code, is a little bit that controls your battery, and that's what I really want, but all that, just a few aces and zeros, is all mixed up. In cyberspace, we say it looking for a needle in needles, because it all looks a bit like that. I'm looking for a key piece, but it just ties with everything else.
4:57 Let's get out of this hypothetical situation where we make a terrorist's phone explode and look at something that happened to me. Pretty much whatever I do, my work starts with very binary information and I'm always looking for a key piece to do something specific. In this case, I was looking for a very advanced piece of high-tech code that I knew I could hack, but was buried somewhere in billions of aces and zeroes. Unfortunately for me, I didn't know exactly what I was looking for. I didn't know exactly what it looked like, which makes it very difficult to search for it. When I have to do that, what I do is look at different pieces of that binary information, try to decode each piece, and see if it's what I'm looking for. After a while, I thought I had found the piece I was looking for. I thought maybe that was it. It seemed about right, but I wasn't sure. I didn't understand what those aces and zeroes represented. So I spent quite a bit of time trying to figure it out, but I didn't have much luck, and I finally decided that I would finish it, come in for a weekend, and not leave until I discovered what it represented. And that is what I did. I came in on a Saturday morning, and after about 10 hours, I kind of had all the pieces of the puzzle. I just didn't know how they connected. I didn't know the meaning of aces and zeroes. At 15 hours, I started to get a better picture of what was there, but I had a suspicion that what I was looking at had nothing to do with what I was looking for. At 20 hours, the pieces started coming together very slowly – (Laughter) – and I was pretty sure I was going down the wrong path at that point, but I wasn't going to give up. After 30 hours in the lab, I found exactly what I was looking for, and I was right, it wasn't what I was looking for. I spent 30 hours connecting the aces and zeroes that made the picture of one cats. (Laughs) I wasted 30 hours of my life looking for this kitty that had nothing to do with what I was trying to achieve.
6:56 I was frustrated, I was exhausted. After 30 hours in the lab, I probably stunk. But, instead of just going home και να τα παρατήσω, έκανα ένα βήμα πίσω και αναρωτήθηκα, τι πήγε στραβά εδώ; Πώς μπόρεσα να κάνω ένα τόσο χαζό λάθος; Είμαι αρκετά καλός σε αυτό. Είναι η δουλειά μου. Τι έγινε λοιπόν; Νόμιζα, ότι όταν βλέπετε την πληροφορία σε αυτό το επίπεδο, είναι εύκολο να χαθείς σε αυτό που κάνεις. Είναι εύκολο να χάσετε το δάσος μέσα στα δέντρα. Είναι εύκολο να μπείτε στη λάθος κουνελότρυπα και να σπαταλήσετε απίστευτο χρόνο κάνοντας κάτι λάθος. Αλλά είχα αυτή την επιφοίτηση. Κοιτούσαμε τα δεδομένα με τελείως λάθος τρόπο από την πρώτη μέρα. Έτσι σκέφτονται οι υπολογιστές, άσσοι και μηδενικά. Οι άνθρωποι δεν σκέφτονται έτσι, αλλά προσπαθούμε να προσαρμόσουμε τα μυαλά μας να σκέφτονται περισσότερο σαν υπολογιστές ώστε να μπορούμε να καταλάβουμε αυτήν την πληροφορία. Αντί να προσπαθούμε να ταιριάξουμε τα μυαλά μας στο πρόβλημα, θα έπρεπε να κάνουμε το πρόβλημα να ταιριάζει στα μυαλά μας, επειδή ο εγκέφαλός μας έχει τεράστιες δυνατότητες ανάλυσης μεγάλων ποσοτήτων πληροφοριών, απλώς όχι έτσι. Κι αν μπορούσαμε να ξεκλειδώσουμε τη δυνατότητα απλώς μεταφράζοντάς το στο σωστό είδος πληροφορίας; Με αυτά στο μυαλό, έτρεξα από το υπόγειο εργαστήριό μου στη δουλειά στο υπόγειο εργαστήριό μου στο σπίτι, τα οποία φαίνονται πάνω κάτω τα ίδια. Η κύρια διαφορά είναι ότι στη δουλειά περιτριγυρίζομαι από κυβερνοϋλικά, και ο κυβερνοχώρος φαίνεται πως ήταν το πρόβλημα εδώ. Στο σπίτι περιτριγυρίζομαι από οτιδήποτε άλλο έχω μάθει ποτέ μου. Έτσι κοίταξα σε όλα τα βιβλία που μπορούσα να βρω, όλες τις ιδέες που συνάντησα, για να δω πώς μπορούμε να μεταφράσουμε ένα πρόβλημα από ένα πεδίο σε κάτι τελείως διαφορετικό;
8:27 The biggest question was, what do we want to translate it into? What do our brains do completely naturally that we could take advantage of? My answer was sight. We have a tremendous ability to analyze visual information. We can combine color gradients, depth cues, various such signals into a coherent picture of the world around us. It is incredible. If we can find a way to translate these binary patterns into visual signals, we could unlock the power of our minds to process these things. So I started looking at binary information and I asked myself, what do I do when I first come across something like this? The first thing I want to do, the first question I want to answer, is, what is this? I don't care what it does, how it works. What I want to know is, what is this? And I can find that by looking at pieces, successive pieces of binary information, and looking at the relationships between those pieces. When I gather enough information about these sequences, I start to get an idea of what exactly that information should be. Let's go back to the subject of the terrorist's phone exploding. English text looks like this in binary. This is what your contact list should look like if I reviewed it. It's very difficult to analyze at this level, but if we take out these binary pieces that we're trying to find, and instead translate them into a visual representation, translate these relationships, here's what we get. This is what the text looks like in English from a visual pumping point of view. Suddenly, it shows us the same information that was in the aces and zeroes but in a completely different way that we can immediately understand. We immediately see all the patterns here. It takes me seconds to distinguish the patterns here, but hours, days to separate them into aces and zeroes. Anyone can learn in minutes what the patterns here represent, but it took years of experience in cyberspace to learn what the same patterns in aces and zeroes represent. This bit was caused by lowercase letters followed by lowercase letters within a contact list. These are uppercase to uppercase, uppercase to lowercase, lowercase to uppercase. This is caused by gaps. This from a reset character. We can go through every detail of binary information in seconds, as opposed to weeks, months, at this level. This is what a picture from your mobile phone looks like. But this is how it looks in a visual pump. This is what your music looks like. but here is its visual appeal. Most important to me is how the code looks on your mobile phone. That's what I'm looking for in the end, but that's the visual appeal of it. If I can't find it, I can't make the phone explode. I can spend weeks trying to find it in the aces and zeroes, but it takes me seconds to pick out such visual pumping.
11:11 One of the most remarkable parts of all of this is that it gives us a whole new way to understand new information, things that we haven't seen before. So I know what English looks like in binary, and I know what their visual extraction looks like, but I've never seen Russian binaries in my life. It would take me weeks just to figure out what I was looking at in the raw aces and zeroes, but because our brains instantly pick out and recognize these subtle patterns within these visual inputs, we can subconsciously apply them to new situations. So this is what Russian looks like in a visual impression. Because I know what a language looks like, I can recognize other languages even if they are unfamiliar to me. This is what a photo looks like, but this is what a clipart looks like. This is what the code looks like on your phone, but this is what the code looks like on your computer. Our brains pick out these patterns in ways that we couldn't by looking at raw aces and zeroes. But we've only scratched the surface of what we can do with this approach. We have only just begun to unlock our mind's potential for processing visual information. If we take the same concepts and translate them into three dimensions, we will find entirely new ways of understanding information. In seconds, we can pick out every pattern here. We can see crosses related to code, cubes related to text. We can distinguish even the smallest visual objects. Things that would take weeks, months to find in aces and zeroes show up instantly in some kind of visual pumping, and as we go on and throw more information at it, we find that we're able to process billions of aces and zeroes in seconds just by using its innate ability our brain to analyze patterns.
12: 52 So it's nice and helps, but all I'm saying is what I'm looking at. Now, based on visual patterns I can find the code on the phone. But this is not enough to blast the battery. Then I have to find the code that controls the battery, but we return to needle needle problem. The code looks like any other code in this system.
13:13 So I might not find the code that controls the battery. but many things are similar to it. You have the code that controls your screen, your buttons, your microphone, and even if I can't find the code for the battery I bet I can find one of those. The next step in procedure binary analysis is to see pieces of information that are similar to each other. It's really hard to do at the binary level, but if we translate these similarities into a visual extraction, I won't even need to look at the raw data. I'll just have to wait for the picture to lighten up to see when I'm in similar pieces. I follow these threads of similarity like a crumb trail to find exactly what I'm looking for.
13:52 At this point in the process, I've identified the code that controls your battery, but it's not enough to blow up a phone. The last piece of the puzzle is figuring out how this code controls your battery. So I have to recognize the subtle and detailed relationships within the binary information, which is very difficult when you're looking at aces and zeroes. But if we translate that information into a physical representation, we're going to root and let our visual cortex do the work. He can find all the detailed patterns, all the important pieces, for us. He can figure out exactly how the pieces of code work to control the battery. All this can be done in hours, whereas the same process in the past would have taken months.
14: 38 Everything is fine and nice in a theoretical explosion of the terrorist's phone. I wanted to find out if he would really work this on the job I do every day. I was playing the same concepts with some data that I had looked at before, again, trying to find a very detailed, specific piece of code in a huge piece of binary information. So I looked at this level, thinking I was looking at the right thing, just to see that it does not have the connectivity I would expect for the code I was looking for. In fact, I'm not quite sure what it is, but when I went a level back and looked at the similarities in the code I saw that it does not have any similarity to any code that exists out there. I can not look at code. In fact, from this perspective, I could say that this was not a code. It's a kind of image. And from here, I can see, it's not just an image, it's a photo. Now that I know it's photography, I have dozens of other binary translation techniques to visualize and understand this information, so in a matter of seconds, we can get this information, get it through dozens of other visual translation techniques to find out exactly what we look at. I saw - (Laughter) - it was again this damn kitty. All this is possible because we were able to find a way to translate a very difficult problem into something that our brains do very naturally.
16: 02 What does this mean? For kittens, it means that they are no longer hidden in aces and zeros. For me, it means I will not have other lost weekends. For Cyber, it means that we have a radical new way to deal with the most incredible problems. It means we have a new weapon in the developing cyberwar theater, but for all of us, it means that cyber engineers now have the ability to be the first responders in emergency situations. When the seconds count, we unlock the means to stop the bad guys.
16: 33 Thank you.
