Photos: James Duncan Davidson

Cybersecurity specialist James Lyne takes the TED2013 stage to show us some of the newest and nastiest creations that cybercriminals have designed to steal data, make off with billions of dollars, watch people through their webcams and target power and utility companies. Every day, he says, about 250,000 new pieces of malware are created and 30,000 websites infected.

“People think that, if you get a computer virus, you’ve been on a porn site,” says Lyne, of the security firm Sophos. “Actually, statistically speaking, if you only visit porn sites you’re safer.” Shockingly, 80% of infecting sites are actually small businesses or other legitimate enterprises that have themselves been infected.

The world of malware is becoming commercialized. Cybercriminals now advertise online, offering their services for $10 to $50 per hour. Lyne shows this video as an example.

There are sites where you can test a virus to make sure it works before unleashing on the world, and sophisticated services for tracking your malware. Some of these services even offer customer support.

So what are some ways to infect a computer with malware? In addition to the old “Hello, I’m a Nigerian banker,” you could, perhaps, walk into a corporate lobby with a copy of your resume soaked in coffee, and make a sad face and ask the receptionist to plug in a USB key and print you a new copy. Or perhaps you can target a website that has an insecure comments section; anyone who visits the page will then be infected. And there’s a new tactic that Lyne has noticed — creating a virus that pops open a fake anti-virus protection software window on a person’s screen. By clicking the button, not only does a person give a hacker access to their computer, but might even pay for the .

So many stories about cybercrime are terrifying. But Lyne has a success story to share — a time he was able to track the group of cybercriminals behind the Koobface malware. This group didn’t protect their malicious code, which was written to send each of them a text message daily to show them how much money they’d accumulated. In other words, Lyne’s team had their phone numbers. From there, he could tell they were located in Russia.

Because many smartphones embed GPS data about where photo is taken, Lyne was able to find the hackers’ exact location through photos they uploaded to Flickr. From there, Lyne’s team generated a 27-page report filled with information about this group — including an ad one of them had posted for the sale of kittens, shots from a fishing trip, a photo of their office on the third floor of a building and images from the office Christmas party. He eventually even found their bank accounts.

Sadly, Lyne reveals that this report wasn’t enough to bring these hackers to justice. Most laws pertaining to cybercrime are national, and because there is no common definition between countries, this group is still at large.

Lyne stresses that, for the time being, the onus is on individuals to protect themselves by creating different passwords for different websites and using basic internet safety protocols. For example, don’t upload smartphone photos to an online dating site – Lyne has found that 60% of photos there contain location data. But vulnerabilites can be even more subtle than that. As you move through the world, using your phone to connect to wireless networks Lyne warns that you are “beaming a list of the wireless networks you’ve previously connected to.”

Lyne collected data on the TED2013 audience by tracing these signals:

• 23% had been to Starbucks recently
• 46% could be linked to a specific business
• 761 could be traced to a specific hotel
• And 234 could be traced to coordinates of their homes

“As we play with these shiny new toys, how much are we trading off convenience over privacy and security?” asks Lyne. ”The internet is a fantastic resource for business, art and learning. Help me and the security community make life much more difficult for cybercriminals.”

By Shyam Sankar and Gabe Rosen

The Internet is the new Wild West, a frontier big enough for every pioneer and outlaw to roam free. Today, The New York Times revealed that hackers in China had spent the last four months infiltrating its computer systems and pilfering employee passwords. As in the old West, it’s not a question of if you’ll be hit — but when and how. Online, primitive DDOS attacks rain down like arrows, while artful hackers can steal the data equivalent of 5,000 head of cattle before any breach is detected. There’s no choice but to defend the homestead as best you can – and retreating to civilization is no longer an option.

According to Mandiant, the infosec firm that conducted the investigation, the Times was first compromised on September 13. The attackers established at least three backdoors and installed 45 pieces of malware, only one of which was detected by Symantec security software. After two weeks, the attackers found the domain controller that contained all staff passwords. Times executive editor Jill Abramson maintains there is “no evidence that sensitive emails or files” were accessed, yet the investigation found that the attackers “created custom software that allowed them to search for and grab [Times journalists] Mr. Barboza’s and Mr. Yardley’s e-mails and documents.”

As the TED Blog recently recounted, we know a bit about this sort of thing at Palantir. Our platform was used to investigate “GhostNet”, a Chinese cyber espionage network. In 2008, an unnamed country received an email from China warning them not to host the Dalai Lama for a scheduled visit. The email was startling because this visit was not public knowledge. The country sought to find out how this sensitive information had been leaked. Not only the Dalai Lama’s personal computer been hacked, but 1,300 computers across the globe had been infected in the same way. This network had been operating for two years without notice.

Naturally, when we heard about The New York Times hack today, we looked for parallels. The Dalai Lama’s office was infiltrated by “spear phishing” — where hackers research a person and create an email, with an attachment, that looks like it came from a confidant. Spear phishing is suspected, though not confirmed, in the Times attack. Like GhostNet, the Times attackers covered their tracks through intermediaries in numerous countries, and employed remote access tools (RATs) and malware. The attacks also appear related to Chinese political sensitivities, though the exact loyalties in play are murky.

While it’s important to resist easy conclusions, Occam’s razor and common sense shouldn’t be ignored. The difficulty is that positive attribution is rare in cyber warfare, so when something looks like the work of someone who was never actually identified, it may not be exceptionally meaningful. As open-source sleuth Jeff Carr points out, there are several doubts. Beijing’s time zone includes numerous other cities. The attacks were ultimately traced to Chinese IPs, though their geo-locations encompass millions of people. The attackers used RATs, but these are widely available and hardly confined to China. According to Richard Bejtlich, Mandiant’s chief security officer, “When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction.” Given the vast spectrum of potentially interested parties, it’s a very general direction – but it’s a start nonetheless.

The lack of clear answers notwithstanding, Mr. Bejtlich is certainly correct that cyber defense “requires an internal vigilance model.” You have to sleep with one eye open, and preoccupation with one mode of attack leaves you vulnerable to others. As in the old West, it’s essential to make common cause with your neighbors, however distant. During the recent spate of suspected Iranian DDOS attacks, two global Top 20 banks shared threat data in real time with each other as well as US law enforcement, and collaboration across public/private lines is essential to countering the matrix of state and non-state combatants.

Above all, we need to adopt a Wild West approach of our own. The sheriff’s only hope is to become as swift, resourceful, and adaptive as the outlaws.

Shyam Sankar is the Director at Palantir Technologies. He gave the TED Talk “The rise of human-computer collaboration” at TEDGlobal 2012, as well as the talk embedded above at TED2010. Gabe Rosen works in Business Development at Palantir.

Below, in a TED Blog exclusive recorded at TED2010, Sankar explains how his company, Palantir Technologies, helped create software to solve a mystery: Who hacked the Dalai Lama’s email?

Here is the story.

In 2008, an unnamed country received an email from China warning them not to host the Dalai Lama for a scheduled visit. The email was startling for a single reason: The upcoming visit was not public knowledge yet. And so the country brought in a team of data experts to find out where the message had come from and how this sensitive info had been leaked. The team used Palantir’s data analysis tools to help crack the case.

As it turns out, the Dalai Lama’s email had been targeted by spies using a practice known as “spear-fishing” — in which hackers do research on a specific person to create an email that looks like it came from someone they know well. The email includes an attachment that, if opened, gives hackers access to the target’s computer without their knowledge. As Sankar explains, hackers can not only read your email, export documents and send emails as you — they can even turn on your webcam and hear every word you say.

In this case, the hackers had downloaded negotiation documents off the Dalai Lama’s computer.

“These guys literally took the goods while sitting at home in their pajamas,” says Sankar in the talk.

But in the hands of a team of human data experts, Palantir’s technology helped showed something even more sinister at work. About 1,300 computers in 103 countries had been infected in the same way. The computers belonged to both individuals and companies with interests in Southeast Asia. And this network had existed for a shocking two years before it was made visible.

It’s a story that should warn us all to be very careful when it comes to opening attachments.

Anthropologist and academic Gabriella Coleman starts her talk with a simple-sounding question: “Who is Anonymous?” She promptly confesses that even after “exhilarating and extremely frustrating” years of studying the group, she still finds this question difficult to answer.

First of all, it’s not an organization with one or even a few leaders at the helm. It’s a name adopted by various unrelated groups of hackers and technologists to describe a whole range of actions, from hacks against security firms to technical support for occupiers to those involved in national revolutions. Subgroups such as Antisec, meanwhile, scour servers to look for sensitive national, military or political information they can leak to the world. What links the groups is a spirit of irreverence and disdain for the law as it stands.

It all starts with Internet trolling, a long-established habit in Internet circles. ”Generally this contains a combination of four things: pranking, trickery, deceit and defilement,” says Coleman. Essentially a way to harm someone’s reputation, it often included the release of personal information, even the assault of an individual or company with unpaid-for pizzas. What’s the point? The laughs, or as Anonymous might put it, the “lulz.”

Declared the Internet Hate Machine by Fox News, a name Anonymous entirely embraced, the group has become more serious in recent years. What inspired them? Oddly, the church of Scientology. When they demanded that a leaked recruitment video be taken down, Anonymous got mad — and bombarded Scientology churches with free pizzas (and many other things besides). As an Anonymous member who taught Coleman’s class described it, it was “ultra coordinated motherfuckary.”

And it was at this point that a serious discussion began within Anonymous. Soon enough, it was clear that a political movement had been born. “Participants now saw themselves as bona fide activists–with an admittedly transgressive twist,” she says.

Not all geeks are members of Anonymous, or even agree with the group’s tactics. Yet together they have been an explosive force, and she has four ways to describe more about who they might be:

1. Anonymous scales and is participatory; it is not just hackers. 2011 was the “summer of endless hacks,” she acknowledges. The CIA website was taken down (again). PBS was defaced after an interview with Bradley Manning. “But the hacking is only one weapon among many,” says Coleman. Anonymous does many other things too, including distributing press releases, creating videos, designing propaganda posters.

And while technical elites certainly have authority within Anonymous, there are no barriers for participation. “All it takes is to self-identify as Anonymous,” says Coleman, saying that we could all declare ourselves right now (the audience doesn’t seem so tempted). But the scale and reach is not limited to any kind of hierarchy.

2. Anonymous may seem chaotic, but most targets are not random. Anonymous has names and reasons. “They may not be good reasons, but they exist,” says Coleman. Their most infamous operation humiliated HBGary CEO Aaron Barr, after Barr had boasted that he had infiltrated Anonymous and was ready to hand over names to the FBI. Anonymous instead gutted HBGary’s servers of 70,000 corporate emails. Operation BART happened after the transport agency blocked cell phone reception to block a planned protest. “Just yesterday, there was an operation in Japan after the country passed anti-piracy laws,” Coleman says. “Anonymous is not proactive, it is reactive, event-driven. It rises up most forcefully when internet freedom is in jeopardy.”

3. They put on a good performance, obvious even to their detractors. The political art of Anonymous is spectacle, says Coleman. The group has a formidable PR machine, which becomes a PR nightmare for others. Yet here’s the thing: Spectacle alone won’t engender political change. Perhaps the greatest accomplishment of all the spectacle, Coleman posits, is that “they dramatize the importance of anonymity and privacy in an era when both are rapidly eroding. Given that vast databases track us, given the vast explosion of surveillance, there’s something enchanting, mesmerizing and at a minimum thought-provoking about Anonymous’ interventions.”

4. They are visible and invisible. Unlike criminal groups that stay hidden at all costs, Anonymous allegedly announces itself loud and proud. It has received enormous attention, fear and admiration — it won the People’s Choice award on Time magazine’s online poll and was voted the top cybersecurity threat by IT professionals. Yet they’re also evasive and shifty. “It is hard to know how many people are involved,” says Coleman, thanks in part to an internal culture of avoiding personal fame at all costs. Hackers who have risen in visibility are chastised, marginalized, even banned. It’s difficult to know who did what when or how. What’s clear is that even though Anonymous members are so paradoxical and contradictory, “they have tapped into a deep disenchantment with the status quo as concerns censorship privacy and surveillance.”

This is why it doesn’t really matter whether Anonymous as it exists even lasts. Roiled by arrests and paranoia, the group may well implode. But, says Coleman firmly, “irreverent dissent on the internet is not going to go away with Anonymous.” Many geeks and hackers care about protecting the Internet, and they both invent and manage these resources, so it’s not surprising that this movement is under way. It might be difficult to come up with a blanket moral assessment of Anonymous’ influence, but it’s clear that this is just one moment. And, concludes Coleman, “if you try to hurt what’s so valuable about the internet, be careful — because the internet may very well hurt you back.”

Photos: James Duncan Davidson