Ο Chris Domas is a cyber security researcher working in what has become a new war front, "cyberspace". In this fascinating talk, he shows how researchers use pattern recognition and vice versa engineering (and some overnights) to understand a piece of binary code, the purpose and contents of which they do not know. Below is his speech at TED talk. The translation has been made by Chryssa Rapessi and edited by Nikolao Benia.
0:11 That's a lot of aces and zeroes. This is what we call binary information. This is how computers talk. This is how they store the information. This is how computers think. This is how computers do everything computers do. I'm a cybersecurity researcher, which means I sit with this information and try to make sense of it, figure out what all the aces and zeroes mean. Unfortunately for me, we're not just talking about the aces and zeroes I have here on the screen. We're not just talking about a few pages of aces and zeroes. We're talking billions and billions of aces and zeroes, more than anyone could fathom.
0:48 Now, as exciting as this sounds, when I first started in cybersecurity – (Laughter) – when I first started, I wasn't sure that the aces and zeroes was what I wanted to do with the rest of my life, because in my mind, cyber security was protecting my grandmother's computer from viruses, making sure my space pages weren't hacked, and maybe, maybe on my most glorious day, protecting the data of someone's credit card from theft. These are important, but I didn't want to spend my life like that.
1:18 But after 30 minutes of working as a defense contractor, I soon found out that my idea of cybersecurity was kind of wrong. In practice, as far as national security was concerned, protecting my grandmother's computer from viruses was very low on their list of priorities. Because cybersecurity is much bigger than these things. Cybersecurity is an integral part of all of our lives because computers are an integral part of all of our lives, even if you don't own a computer. Computers control everything in your car, from the GPS to the airbags. They check your phone. That's why you can call 100 and have someone answer. They control the entire infrastructure of our country. It is the reason you have electricity, heating, clean water, food. Computers control our military equipment, everything from missile silos to satellites to nuclear defense networks. All of this is possible because of computers, and therefore, because of cyberspace, and when something goes wrong, cyberspace can make all of this impossible.
2: 20 But there I go. A big part of my job is to protect all of this, to do them, but sometimes, my job is to spoil one of them, because cyber security has nothing to do with the defense, it has to do with the attack . We are entering a time when we are talking about cyber-bots. In fact, the possibility of cyber-attack is so great that cyberspace is considered the new area of war. War. It's not necessarily something bad. On the one hand, it means we have a new front where we have to defend, but on the other hand, we have a new way of assault, a new way to stop the bad guys from doing bad things.
2:58 Let's consider an example that is completely theoretical. Suppose a terrorist wants to blow up a building, and wants to do it again and again in the future. He doesn't want to be inside the building when it explodes. Will use one mobile phone as a remote detonator. In the past, the only way to stop a terrorist was with a hail of bullets and car chases, but that's not necessarily true anymore. Now we can stop him at the push of a button 1.000 kilometers away, because whether he knew it or not, as soon as he used his cell phone, he entered the realm of cyberspace. A well-crafted cyberattack can get into his phone, disable the surge protection on his battery, drastically overload the circuit, cause the battery to overheat and explode. We will no longer have a phone, no detonator, maybe no terrorist, all at the push of a button. a thousand kilometers away.
3: 51 How does this work? Everything returns to aces and zeros. Binary information makes your phone work, and if used properly, it can make your phone explode. When you see cyberspace from this point of view, passing your life looking at binary information starts to look somewhat exciting.
4: 10 But the trap: It's tough, too difficult, and why. Think of everything you have on your cell phone. Have the photos you have taken. You have the music you are listening to. You have your list of contacts, emails and 500 applications that you never used throughout your life, and behind all this is the software, the code that controls your cell phone, and somewhere buried in the code, is a little bit that controls your battery, and that's what I really want, but all that, just a few aces and zeros, is all mixed up. In cyberspace, we say it looking for a needle in needles, because it all looks a bit like that. I'm looking for a key piece, but it just ties with everything else.
4:57 Let's get out of this hypothetical situation where we make a terrorist's phone explode and look at something that happened to me. Pretty much whatever I do, my work starts with very binary information and I'm always looking for a key piece to do something specific. In this case, I was looking for a very advanced piece of high-tech code that I knew I could hack, but was buried somewhere in billions of aces and zeroes. Unfortunately for me, I didn't know exactly what I was looking for. I didn't know exactly what it looked like, which makes it very difficult to search for it. When I have to do that, what I do is look at different pieces of that binary information, try to decode each piece, and see if it's what I'm looking for. After a while, I thought I had found the piece I was looking for. I thought maybe that was it. It seemed about right, but I wasn't sure. I didn't understand what those aces and zeroes represented. So I spent quite a bit of time trying to figure it out, but I didn't have much luck, and I finally decided that I would finish it, come in for a weekend, and not leave until I discovered what it represented. And that is what I did. I came in on a Saturday morning, and after about 10 hours, I kind of had all the pieces of the puzzle. I just didn't know how they connected. I didn't know the meaning of aces and zeroes. At 15 hours, I started to get a better picture of what was there, but I had a suspicion that what I was looking at had nothing to do with what I was looking for. At 20 hours, the pieces started coming together very slowly – (Laughter) – and I was pretty sure I was going down the wrong path at that point, but I wasn't going to give up. After 30 hours in the lab, I found exactly what I was looking for, and I was right, it wasn't what I was looking for. I spent 30 hours connecting the aces and zeroes that made the picture of a cat. (Laughs) I wasted 30 hours of my life looking for this kitty that had nothing to do with what I was trying to achieve.
6: 56 I was disappointed, I was exhausted. After 30 hours in the lab, I was probably dying. But instead of just going home and giving up, I took a step back and wondered what went wrong here? How could I make such a stupid mistake? I'm pretty good at it. It's my job. So what happened? I thought that when you see the information at this level, it's easy to get lost in what you do. It's easy to lose the forest in the trees. It's easy to get into the wrong swallowtail and spend incredible time doing something wrong. But I have had this affection. We were looking at the data in the totally wrong way from day one. This is how computers, aces and zeros think. People do not think so, but we try to adapt our minds to think more like computers so we can understand this information. Instead of trying to match our minds to the problem, we should make the problem fit our minds because our brain has huge potential for analyzing large amounts of information, just not like that. And if we could unlock the possibility simply by translating it into the right kind of information? With that in mind, I ran out of my underground workshop to work in my underground workshop at home, which looks down the same. The main difference is that I'm surrounded by cyber-related work, and cyberspace seems to be the problem here. At home I am surrounded by everything else I've ever learned. So I looked into all the books I could find, all the ideas I met, to see how we can translate a problem from one field into something completely different?
8:27 The biggest question was, what do we want to translate it into? What do our brains do completely naturally that we could take advantage of? My answer was sight. We have a tremendous ability to analyze visual information. We can combine color gradients, depth cues, various such signals into a coherent picture of the world around us. It is incredible. If we can find a way to translate these binary patterns into visual signals, we could unlock the power of our minds to process these things. So I started looking at binary information and I asked myself, what do I do when I first come across something like this? The first thing I want to do, the first question I want to answer, is, what is this? I don't care what it does, how it works. What I want to know is, what is this? And I can find that by looking at pieces, successive pieces of binary information, and looking at the relationships between those pieces. When I gather enough information about these sequences, I start to get an idea of what exactly that information should be. Let's go back to theme of the terrorist's phone exploding. English text looks like this in binary. This is what your contact list should look like if I reviewed it. It's very difficult to analyze at this level, but if we take out these binary pieces that we're trying to find, and instead translate them into a visual representation, translate these relationships, here's what we get. This is what the text looks like in English from a visual pumping point of view. Suddenly, it shows us the same information that was in the aces and zeroes but in a completely different way that we can immediately understand. We immediately see all the patterns here. It takes me seconds to distinguish the patterns here, but hours, days to separate them into aces and zeroes. Anyone can learn in minutes what the patterns here represent, but it took years of cyber experience to learn what the same patterns in aces and zeroes represent. This bit was caused by lowercase letters followed by lowercase letters within a contact list. These are uppercase to uppercase, uppercase to lowercase, lowercase to uppercase. This is caused by gaps. This from a reset character. We can go through every detail of binary information in seconds, as opposed to weeks, months, at this level. This is what a picture from your mobile phone looks like. But this is how it looks in a visual pump. This is what your music looks like. but here is its visual appeal. The most important thing to me is how the code looks on your mobile phone. That's what I'm looking for in the end, but that's the visual appeal of it. If I can't find it, I can't make the phone explode. I can spend weeks trying to find it in the aces and zeroes, but it takes me seconds to pick out such visual pumping.
11:11 One of the most remarkable parts of all of this is that it gives us a whole new way to understand new information, things that we haven't seen before. So I know what English looks like in binary, and I know what their visual extraction looks like, but I've never seen Russian binaries in my life. It would take me weeks just to figure out what I was looking at in the raw aces and zeroes, but because our brains instantly pick out and recognize these subtle patterns within these visual inputs, we can subconsciously apply them to new situations. So this is what Russian looks like in a visual impression. Because I know what a language looks like, I can recognize other languages even if they are unfamiliar to me. This is what a photo looks like, but this is what a clipart looks like. This is what the code looks like on your phone, but this is what the code looks like on your computer. Our brains pick out these patterns in ways that we couldn't by looking at raw aces and zeroes. But we've only scratched the surface of what we can do with this approach. We have only just begun to unlock our mind's potential for processing visual information. If we take the same concepts and translate them into three dimensions, we will find entirely new ways of understanding information. In seconds, we can pick out every pattern here. We can see crosses related to code, cubes related to text. We can distinguish even the smallest visual objects. Things that would take weeks, months to find in aces and zeroes show up instantly in some kind of visual pumping, and as we go on and throw more information at it, we find that we're able to process billions of aces and zeroes in seconds just by using its innate ability our brain to analyze patterns.
12: 52 So it's nice and helps, but all I'm saying is what I'm looking at. Now, based on visual patterns I can find the code on the phone. But this is not enough to blast the battery. Then I have to find the code that controls the battery, but we return to needle needle problem. The code looks like any other code in this system.
13: 13 So maybe I can not find the code that controls the battery. but many things are similar to that. You have the code that controls your screen, buttons, microphone, and even if I do not find the code for the battery I bet I can find one of them. The next step in the binary analysis process is to look at pieces of information that are similar to each other. It is really difficult to do at binary level, but if we translate these similarities into a visual pumping, I will not even have to look at the raw data. I just have to wait for the picture to shine to see when I'm in similar tracks. I follow these similarity threads like a crumbling path to find exactly what I'm looking for.
13:52 At this point in the process, I've identified the code that controls her battery you, but not enough to blow up a phone. The last piece of the puzzle is figuring out how this code controls your battery. So I have to recognize the subtle and detailed relationships within the binary information, which is very difficult when you're looking at aces and zeroes. But if we translate that information into a physical representation, we're going to root and let our visual cortex do the work. He can find all the detailed patterns, all the important pieces, for us. He can figure out exactly how the pieces of code work to control the battery. All this can be done in hours, whereas the same process in the past would have taken months.
14: 38 Everything is fine and nice in a theoretical explosion of the terrorist's phone. I wanted to find out if he would really work this on the job I do every day. I was playing the same concepts with some data that I had looked at before, again, trying to find a very detailed, specific piece of code in a huge piece of binary information. So I looked at this level, thinking I was looking at the right thing, just to see that it does not have the connectivity I would expect for the code I was looking for. In fact, I'm not quite sure what it is, but when I went a level back and looked at the similarities in the code I saw that it does not have any similarity to any code that exists out there. I can not look at code. In fact, from this perspective, I could say that this was not a code. It's a kind of image. And from here, I can see, it's not just an image, it's a photo. Now that I know it's photography, I have dozens of other binary translation techniques to visualize and understand this information, so in a matter of seconds, we can get this information, get it through dozens of other visual translation techniques to find out exactly what we look at. I saw - (Laughter) - it was again this damn kitty. All this is possible because we were able to find a way to translate a very difficult problem into something that our brains do very naturally.
16: 02 What does this mean? For kittens, it means that they are no longer hidden in aces and zeros. For me, it means I will not have other lost weekends. For Cyber, it means that we have a radical new way to deal with the most incredible problems. It means we have a new weapon in the developing cyberwar theater, but for all of us, it means that cyber engineers now have the ability to be the first responders in emergency situations. When the seconds count, we unlock the means to stop the bad guys.
16: 33 Thank you.
