0:00:00.770,0:00:03.032
This is a lot of ones and zeros.

0:00:03.032,0:00:06.131
It's what we call binary information.

0:00:06.131,0:00:07.573
This is how computers talk.

0:00:07.573,0:00:09.502
It's how they store information.

0:00:09.502,0:00:11.128
It's how computers think.

0:00:11.128,0:00:12.747
It's how computers do

0:00:12.747,0:00:15.129
everything it is that computers do.

0:00:15.129,0:00:17.176
I'm a cybersecurity researcher,

0:00:17.176,0:00:19.246
which means my job is to sit[br]down with this information

0:00:19.246,0:00:20.930
and try to make sense of it,

0:00:20.930,0:00:23.683
to try to understand what all[br]the ones and zeroes mean.

0:00:23.683,0:00:25.526
Unfortunately for me, we're not just talking

0:00:25.526,0:00:27.760
about the ones and zeros[br]I have on the screen here.

0:00:27.760,0:00:30.443
We're not just talking about a[br]few pages of ones and zeros.

0:00:30.443,0:00:33.052
We're talking about billions and billions

0:00:33.052,0:00:34.385
of ones and zeros,

0:00:34.385,0:00:37.026
more than anyone could possibly comprehend.

0:00:37.026,0:00:38.885
Now, as exciting as that sounds,

0:00:38.885,0:00:41.377
when I first started doing cyber —

0:00:41.377,0:00:43.120
(Laughter) —

0:00:43.120,0:00:45.123
when I first started doing cyber, I wasn't sure

0:00:45.123,0:00:46.596
that sifting through ones and zeros

0:00:46.596,0:00:48.890
was what I wanted to do with the rest of my life,

0:00:48.890,0:00:50.910
because in my mind, cyber

0:00:50.910,0:00:54.591
was keeping viruses off of my grandma's computer,

0:00:54.591,0:00:57.939
it was keeping people's Myspace[br]pages from being hacked,

0:00:57.939,0:01:00.124
and maybe, maybe on my most glorious day,

0:01:00.124,0:01:03.875
it was keeping someone's credit[br]card information from being stolen.

0:01:03.875,0:01:05.238
Those are important things,

0:01:05.238,0:01:07.996
but that's not how I wanted to spend my life.

0:01:07.996,0:01:09.930
But after 30 minutes of work

0:01:09.930,0:01:11.283
as a defense contractor,

0:01:11.283,0:01:14.073
I soon found out that my idea of cyber

0:01:14.073,0:01:15.942
was a little bit off.

0:01:15.942,0:01:17.887
In fact, in terms of national security,

0:01:17.887,0:01:19.958
keeping viruses off of my grandma's computer

0:01:19.958,0:01:23.144
was surprisingly low on their priority list.

0:01:23.144,0:01:24.445
And the reason for that is cyber

0:01:24.445,0:01:28.238
is so much bigger than any one of those things.

0:01:28.238,0:01:31.063
Cyber is an integral part of all of our lives,

0:01:31.063,0:01:34.123
because computers are an[br]integral part of all of our lives,

0:01:34.123,0:01:36.075
even if you don't own a computer.

0:01:36.075,0:01:38.721
Computers control everything in your car,

0:01:38.721,0:01:40.601
from your GPS to your airbags.

0:01:40.601,0:01:41.917
They control your phone.

0:01:41.917,0:01:43.088
They're the reason you can call 911

0:01:43.088,0:01:44.884
and get someone on the other line.

0:01:44.884,0:01:47.678
They control our nation's entire infrastructure.

0:01:47.678,0:01:49.354
They're the reason you have electricity,

0:01:49.354,0:01:51.692
heat, clean water, food.

0:01:51.692,0:01:53.593
Computers control our military equipment,

0:01:53.593,0:01:55.270
everything from missile silos to satellites

0:01:55.270,0:01:59.184
to nuclear defense networks.

0:01:59.184,0:02:01.173
All of these things are made possible

0:02:01.173,0:02:02.589
because of computers,

0:02:02.589,0:02:04.572
and therefore because of cyber,

0:02:04.572,0:02:06.076
and when something goes wrong,

0:02:06.076,0:02:09.194
cyber can make all of these things impossible.

0:02:09.194,0:02:10.779
But that's where I step in.

0:02:10.779,0:02:13.719
A big part of my job is defending all of these things,

0:02:13.719,0:02:15.381
keeping them working,

0:02:15.381,0:02:17.709
but once in a while, part of my[br]job is to break one of these things,

0:02:17.709,0:02:20.105
because cyber isn't just about defense,

0:02:20.105,0:02:22.378
it's also about offense.

0:02:22.378,0:02:23.954
We're entering an age where we talk about

0:02:23.954,0:02:25.415
cyberweapons.

0:02:25.415,0:02:28.550
In fact, so great is the potential for cyber offense

0:02:28.550,0:02:32.171
that cyber is considered a new domain of warfare.

0:02:32.171,0:02:33.971
Warfare.

0:02:33.971,0:02:35.900
It's not necessarily a bad thing.

0:02:35.900,0:02:38.651
On the one hand, it means we have whole new front

0:02:38.651,0:02:40.394
on which we need to defend ourselves,

0:02:40.394,0:02:41.879
but on the other hand,

0:02:41.879,0:02:43.721
it means we have a whole new way to attack,

0:02:43.721,0:02:45.580
a whole new way to stop evil people

0:02:45.580,0:02:47.807
from doing evil things.

0:02:47.807,0:02:49.618
So let's consider an example of this

0:02:49.618,0:02:51.307
that's completely theoretical.

0:02:51.307,0:02:53.565
Suppose a terrorist wants to blow up a building,

0:02:53.565,0:02:55.633
and he wants to do this again and again

0:02:55.633,0:02:57.084
in the future.

0:02:57.084,0:02:59.924
So he doesn't want to be in[br]that building when it explodes.

0:02:59.924,0:03:01.442
He's going to use a cell phone

0:03:01.442,0:03:03.777
as a remote detonator.

0:03:03.777,0:03:05.648
Now, it used to be the only way we had

0:03:05.648,0:03:07.284
to stop this terrorist

0:03:07.284,0:03:09.957
was with a hail of bullets and a car chase,

0:03:09.957,0:03:12.289
but that's not necessarily true anymore.

0:03:12.289,0:03:13.852
We're entering an age where we can stop him

0:03:13.852,0:03:14.962
with the press of a button

0:03:14.962,0:03:16.969
from 1,000 miles away,

0:03:16.969,0:03:18.558
because whether he knew it or not,

0:03:18.558,0:03:20.269
as soon as he decided to use his cell phone,

0:03:20.269,0:03:23.403
he stepped into the realm of cyber.

0:03:23.403,0:03:26.520
A well-crafted cyber attack[br]could break into his phone,

0:03:26.520,0:03:28.669
disable the overvoltage protections on his battery,

0:03:28.669,0:03:30.424
drastically overload the circuit,

0:03:30.424,0:03:32.781
cause the battery to overheat, and explode.

0:03:32.781,0:03:35.227
No more phone, no more detonator,

0:03:35.227,0:03:37.150
maybe no more terrorist,

0:03:37.150,0:03:38.181
all with the press of a button

0:03:38.181,0:03:40.861
from a thousand miles away.

0:03:40.861,0:03:42.612
So how does this work?

0:03:42.612,0:03:44.880
It all comes back to those ones and zeros.

0:03:44.880,0:03:47.885
Binary information makes your phone work,

0:03:47.885,0:03:51.469
and used correctly, it can make your phone explode.

0:03:51.469,0:03:53.941
So when you start to look at[br]cyber from this perspective,

0:03:53.941,0:03:57.104
spending your life sifting through binary information

0:03:57.104,0:03:59.521
starts to seem kind of exciting.

0:03:59.521,0:04:02.167
But here's the catch: This is hard,

0:04:02.167,0:04:03.852
really, really hard,

0:04:03.852,0:04:05.686
and here's why.

0:04:05.686,0:04:08.452
Think about everything you have on your cell phone.

0:04:08.452,0:04:10.415
You've got the pictures you've taken.

0:04:10.415,0:04:12.201
You've got the music you listen to.

0:04:12.201,0:04:13.849
You've got your contacts list,

0:04:13.849,0:04:15.474
your email, and probably 500 apps

0:04:15.474,0:04:18.475
you've never used in your entire life,

0:04:18.475,0:04:22.462
and behind all of this is the software, the code,

0:04:22.462,0:04:23.842
that controls your phone,

0:04:23.842,0:04:26.498
and somewhere, buried inside of that code,

0:04:26.498,0:04:29.046
is a tiny piece that controls your battery,

0:04:29.046,0:04:30.917
and that's what I'm really after,

0:04:30.917,0:04:34.603
but all of this, just a bunch of ones and zeros,

0:04:34.603,0:04:36.134
and it's all just mixed together.

0:04:36.134,0:04:39.679
In cyber, we call this finding a[br]needle in a stack of needles,

0:04:39.679,0:04:42.028
because everything pretty much looks alike.

0:04:42.028,0:04:43.760
I'm looking for one key piece,

0:04:43.760,0:04:46.994
but it just blends in with everything else.

0:04:46.994,0:04:49.246
So let's step back from this theoretical situation

0:04:49.246,0:04:51.590
of making a terrorist's phone explode,

0:04:51.590,0:04:54.406
and look at something that actually happened to me.

0:04:54.406,0:04:55.749
Pretty much no matter what I do,

0:04:55.749,0:04:57.191
my job always starts with sitting down

0:04:57.191,0:04:59.563
with a whole bunch of binary information,

0:04:59.563,0:05:01.290
and I'm always looking for one key piece

0:05:01.290,0:05:03.277
to do something specific.

0:05:03.277,0:05:05.354
In this case, I was looking for a very advanced,

0:05:05.354,0:05:06.872
very high-tech piece of code

0:05:06.872,0:05:08.087
that I knew I could hack,

0:05:08.087,0:05:09.801
but it was somewhere buried

0:05:09.801,0:05:11.827
inside of a billion ones and zeroes.

0:05:11.827,0:05:13.405
Unfortunately for me, I didn't know

0:05:13.405,0:05:15.096
quite what I was looking for.

0:05:15.096,0:05:16.292
I didn't know quite what it would look like,

0:05:16.292,0:05:19.210
which makes finding it really, really hard.

0:05:19.210,0:05:21.249
When I have to do that, what I have to do

0:05:21.249,0:05:23.591
is basically look at various pieces

0:05:23.591,0:05:25.314
of this binary information,

0:05:25.314,0:05:27.516
try to decipher each piece, and see if it might be

0:05:27.516,0:05:28.740
what I'm after.

0:05:28.740,0:05:30.365
So after a while, I thought I had found the piece

0:05:30.365,0:05:31.702
I was looking for.

0:05:31.702,0:05:33.806
I thought maybe this was it.

0:05:33.806,0:05:35.838
It seemed to be about right, but I couldn't quite tell.

0:05:35.838,0:05:38.756
I couldn't tell what those[br]ones and zeros represented.

0:05:38.756,0:05:42.130
So I spent some time trying to put this together,

0:05:42.130,0:05:43.800
but wasn't having a whole lot of luck,

0:05:43.800,0:05:44.986
and finally I decided,

0:05:44.986,0:05:46.595
I'm going to get through this,

0:05:46.595,0:05:48.106
I'm going to come in on a weekend,

0:05:48.106,0:05:49.446
and I'm not going to leave

0:05:49.446,0:05:51.158
until I figure out what this represents.

0:05:51.158,0:05:53.324
So that's what I did. I came[br]in on a Saturday morning,

0:05:53.324,0:05:56.969
and about 10 hours in, I sort of[br]had all the pieces to the puzzle.

0:05:56.969,0:05:58.361
I just didn't know how they fit together.

0:05:58.361,0:06:01.151
I didn't know what these ones and zeros meant.

0:06:01.151,0:06:03.218
At the 15-hour mark,

0:06:03.218,0:06:05.820
I started to get a better picture of what was there,

0:06:05.820,0:06:07.592
but I had a creeping suspicion

0:06:07.592,0:06:09.181
that what I was looking at

0:06:09.181,0:06:12.104
was not at all related to what I was looking for.

0:06:12.104,0:06:14.591
By 20 hours, the pieces started to come together

0:06:14.591,0:06:18.355
very slowly — (Laughter) —

0:06:18.355,0:06:19.621
and I was pretty sure I was going down

0:06:19.621,0:06:21.560
the wrong path at this point,

0:06:21.560,0:06:23.811
but I wasn't going to give up.

0:06:23.811,0:06:26.645
After 30 hours in the lab,

0:06:26.645,0:06:28.906
I figured out exactly what I was looking at,

0:06:28.906,0:06:31.724
and I was right, it wasn't what I was looking for.

0:06:31.724,0:06:33.423
I spent 30 hours piecing together

0:06:33.423,0:06:36.145
the ones and zeros that[br]formed a picture of a kitten.

0:06:36.145,0:06:37.940
(Laughter)

0:06:37.940,0:06:41.746
I wasted 30 hours of my life searching for this kitten

0:06:41.746,0:06:43.584
that had nothing at all to do

0:06:43.584,0:06:45.571
with what I was trying to accomplish.

0:06:45.571,0:06:49.434
So I was frustrated, I was exhausted.

0:06:49.434,0:06:52.660
After 30 hours in the lab, I probably smelled horrible.

0:06:52.660,0:06:54.890
But instead of just going home

0:06:54.890,0:06:57.420
and calling it quits, I took a step back

0:06:57.420,0:06:59.961
and asked myself, what went wrong here?

0:06:59.961,0:07:02.173
How could I make such a stupid mistake?

0:07:02.173,0:07:03.571
I'm really pretty good at this.

0:07:03.571,0:07:04.890
I do this for a living.

0:07:04.890,0:07:07.038
So what happened?

0:07:07.038,0:07:09.813
Well I thought, when you're[br]looking at information at this level,

0:07:09.813,0:07:12.640
it's so easy to lose track of what you're doing.

0:07:12.640,0:07:14.384
It's easy to not see the forest through the trees.

0:07:14.384,0:07:16.548
It's easy to go down the wrong rabbit hole

0:07:16.548,0:07:18.310
and waste a tremendous amount of time

0:07:18.310,0:07:20.130
doing the wrong thing.

0:07:20.130,0:07:21.730
But I had this epiphany.

0:07:21.730,0:07:24.729
We were looking at the data completely incorrectly

0:07:24.729,0:07:26.219
since day one.

0:07:26.219,0:07:28.322
This is how computers think, ones and zeros.

0:07:28.322,0:07:29.714
It's not how people think,

0:07:29.714,0:07:32.028
but we've been trying to adapt our minds

0:07:32.028,0:07:33.373
to think more like computers

0:07:33.373,0:07:35.970
so that we can understand this information.

0:07:35.970,0:07:37.920
Instead of trying to make our minds fit the problem,

0:07:37.920,0:07:39.568
we should have been making the problem

0:07:39.568,0:07:40.537
fit our minds,

0:07:40.537,0:07:42.646
because our brains have a tremendous potential

0:07:42.646,0:07:45.732
for analyzing huge amounts of information,

0:07:45.732,0:07:47.029
just not like this.

0:07:47.029,0:07:48.496
So what if we could unlock that potential

0:07:48.496,0:07:50.023
just by translating this

0:07:50.023,0:07:52.871
to the right kind of information?

0:07:52.871,0:07:54.065
So with these ideas in mind,

0:07:54.065,0:07:55.683
I sprinted out of my basement lab at work

0:07:55.683,0:07:56.990
to my basement lab at home,

0:07:56.990,0:07:58.986
which looked pretty much the same.

0:07:58.986,0:08:00.810
The main difference is, at work,

0:08:00.810,0:08:02.389
I'm surrounded by cyber materials,

0:08:02.389,0:08:04.994
and cyber seemed to be the[br]problem in this situation.

0:08:04.994,0:08:08.347
At home, I'm surrounded by[br]everything else I've ever learned.

0:08:08.347,0:08:10.219
So I poured through every book I could find,

0:08:10.219,0:08:11.551
every idea I'd ever encountered,

0:08:11.551,0:08:13.697
to see how could we translate a problem

0:08:13.697,0:08:16.829
from one domain to something completely different?

0:08:16.829,0:08:18.223
The biggest question was,

0:08:18.223,0:08:20.191
what do we want to translate it to?

0:08:20.191,0:08:22.303
What do our brains do perfectly naturally

0:08:22.303,0:08:24.181
that we could exploit?

0:08:24.181,0:08:26.470
My answer was vision.

0:08:26.470,0:08:29.619
We have a tremendous capability[br]to analyze visual information.

0:08:29.619,0:08:32.202
We can combine color gradients, depth cues,

0:08:32.202,0:08:33.990
all sorts of these different signals

0:08:33.990,0:08:36.385
into one coherent picture of the world around us.

0:08:36.385,0:08:37.792
That's incredible.

0:08:37.792,0:08:39.173
So if we could find a way to translate

0:08:39.173,0:08:41.359
these binary patterns to visual signals,

0:08:41.359,0:08:43.191
we could really unlock the power of our brains

0:08:43.191,0:08:45.901
to process this stuff.

0:08:45.901,0:08:47.744
So I started looking at the binary information,

0:08:47.744,0:08:48.834
and I asked myself, what do I do

0:08:48.834,0:08:50.710
when I first encounter something like this?

0:08:50.710,0:08:52.333
And the very first thing I want to do,

0:08:52.333,0:08:53.692
the very first question I want to answer,

0:08:53.692,0:08:54.970
is what is this?

0:08:54.970,0:08:57.498
I don't care what it does, how it works.

0:08:57.498,0:08:59.977
All I want to know is, what is this?

0:08:59.977,0:09:01.652
And the way I can figure that out

0:09:01.652,0:09:03.335
is by looking at chunks,

0:09:03.335,0:09:05.788
sequential chunks of binary information,

0:09:05.788,0:09:08.690
and I look at the relationships[br]between those chunks.

0:09:08.690,0:09:10.462
When I gather up enough of these sequences,

0:09:10.462,0:09:12.466
I begin to get an idea of exactly

0:09:12.466,0:09:15.100
what this information must be.

0:09:15.100,0:09:16.284
So let's go back to that

0:09:16.284,0:09:18.374
blow up the terrorist's phone situation.

0:09:18.374,0:09:20.577
This is what English text looks like

0:09:20.577,0:09:21.890
at a binary level.

0:09:21.890,0:09:24.216
This is what your contacts list would look like

0:09:24.216,0:09:25.776
if I were examining it.

0:09:25.776,0:09:28.010
It's really hard to analyze this at this level,

0:09:28.010,0:09:30.114
but if we take those same binary chunks

0:09:30.114,0:09:31.296
that I would be trying to find,

0:09:31.296,0:09:33.060
and instead translate that

0:09:33.060,0:09:34.980
to a visual representation,

0:09:34.980,0:09:36.777
translate those relationships,

0:09:36.777,0:09:38.333
this is what we get.

0:09:38.333,0:09:40.247
This is what English text looks like

0:09:40.247,0:09:42.918
from a visual abstraction perspective.

0:09:42.918,0:09:44.058
All of a sudden,

0:09:44.058,0:09:45.493
it shows us all the same information

0:09:45.493,0:09:46.665
that was in the ones and zeros,

0:09:46.665,0:09:48.986
but show us it in an entirely different way,

0:09:48.986,0:09:50.703
a way that we can immediately comprehend.

0:09:50.703,0:09:53.668
We can instantly see all of the patterns here.

0:09:53.668,0:09:56.260
It takes me seconds to pick out patterns here,

0:09:56.260,0:09:58.514
but hours, days, to pick them out

0:09:58.514,0:09:59.834
in ones and zeros.

0:09:59.834,0:10:01.570
It takes minutes for anybody to learn

0:10:01.570,0:10:03.235
what these patterns represent here,

0:10:03.235,0:10:05.482
but years of experience in cyber

0:10:05.482,0:10:07.136
to learn what those same patterns represent

0:10:07.136,0:10:08.722
in ones and zeros.

0:10:08.722,0:10:10.384
So this piece is caused by

0:10:10.384,0:10:12.408
lower case letters followed by lower case letters

0:10:12.408,0:10:14.175
inside of that contact list.

0:10:14.175,0:10:15.516
This is upper case by upper case,

0:10:15.516,0:10:18.201
upper case by lower case, lower case by upper case.

0:10:18.201,0:10:20.887
This is caused by spaces. This[br]is caused by carriage returns.

0:10:20.887,0:10:22.395
We can go through every little detail

0:10:22.395,0:10:25.361
of the binary information in seconds,

0:10:25.361,0:10:28.895
as opposed to weeks, months, at this level.

0:10:28.895,0:10:30.407
This is what an image looks like

0:10:30.407,0:10:32.283
from your cell phone.

0:10:32.283,0:10:33.296
But this is what it looks like

0:10:33.296,0:10:35.187
in a visual abstraction.

0:10:35.187,0:10:37.172
This is what your music looks like,

0:10:37.172,0:10:39.375
but here's its visual abstraction.

0:10:39.375,0:10:41.135
Most importantly for me,

0:10:41.135,0:10:44.410
this is what the code on your cell phone looks like.

0:10:44.410,0:10:46.567
This is what I'm after in the end,

0:10:46.567,0:10:48.707
but this is its visual abstraction.

0:10:48.707,0:10:51.216
If I can find this, I can't make the phone explode.

0:10:51.216,0:10:53.835
I could spend weeks trying to find this

0:10:53.835,0:10:55.012
in ones and zeros,

0:10:55.012,0:10:56.796
but it takes me seconds to pick out

0:10:56.796,0:11:00.100
a visual abstraction like this.

0:11:00.100,0:11:02.592
One of those most remarkable parts about all of this

0:11:02.592,0:11:05.424
is it gives us an entirely new way to understand

0:11:05.424,0:11:08.663
new information, stuff that we haven't seen before.

0:11:08.663,0:11:11.167
So I know what English looks like at a binary level,

0:11:11.167,0:11:13.277
and I know what its visual abstraction looks like,

0:11:13.277,0:11:16.592
but I've never seen Russian binary in my entire life.

0:11:16.592,0:11:18.392
It would take me weeks just to figure out

0:11:18.392,0:11:21.389
what I was looking at from raw ones and zeros,

0:11:21.389,0:11:23.140
but because our brains can instantly pick up

0:11:23.140,0:11:25.957
and recognize these subtle patterns inside

0:11:25.957,0:11:27.445
of these visual abstractions,

0:11:27.445,0:11:29.277
we can unconsciously apply those

0:11:29.277,0:11:30.850
in new situations.

0:11:30.850,0:11:32.332
So this is what Russian looks like

0:11:32.332,0:11:33.912
in a visual abstraction.

0:11:33.912,0:11:35.716
Because I know what one language looks like,

0:11:35.716,0:11:37.292
I can recognize other languages

0:11:37.292,0:11:39.162
even when I'm not familiar with them.

0:11:39.162,0:11:40.948
This is what a photograph looks like,

0:11:40.948,0:11:42.835
but this is what clip art looks like.

0:11:42.835,0:11:45.390
This is what the code on your phone looks like,

0:11:45.390,0:11:48.097
but this is what the code on[br]your computer looks like.

0:11:48.097,0:11:49.961
Our brains can pick up on these patterns

0:11:49.961,0:11:51.912
in ways that we never could have

0:11:51.912,0:11:54.408
from looking at raw ones and zeros.

0:11:54.408,0:11:56.264
But we've really only scratched the surface

0:11:56.264,0:11:58.401
of what we can do with this approach.

0:11:58.401,0:12:00.079
We've only begun to unlock the capabilities

0:12:00.079,0:12:03.394
of our minds to process visual information.

0:12:03.394,0:12:05.384
If we take those same concepts and translate them

0:12:05.384,0:12:07.035
into three dimensions instead,

0:12:07.035,0:12:10.230
we find entirely new ways of[br]making sense of information.

0:12:10.230,0:12:12.715
In seconds, we can pick out every pattern here.

0:12:12.715,0:12:14.535
we can see the cross associated with code.

0:12:14.535,0:12:16.467
We can see cubes associated with text.

0:12:16.467,0:12:18.943
We can even pick up the tiniest visual artifacts.

0:12:18.943,0:12:21.073
Things that would take us weeks,

0:12:21.073,0:12:23.267
months to find in ones and zeroes,

0:12:23.267,0:12:25.070
are immediately apparent

0:12:25.070,0:12:27.340
in some sort of visual abstraction,

0:12:27.340,0:12:28.472
and as we continue to go through this

0:12:28.472,0:12:30.488
and throw more and more information at it,

0:12:30.488,0:12:32.769
what we find is that we're capable of processing

0:12:32.769,0:12:35.185
billions of ones and zeros

0:12:35.185,0:12:36.353
in a matter of seconds

0:12:36.353,0:12:39.587
just by using our brain's built-in ability

0:12:39.587,0:12:41.541
to analyze patterns.

0:12:41.541,0:12:43.844
So this is really nice and helpful,

0:12:43.844,0:12:46.203
but all this tells me is what I'm looking at.

0:12:46.203,0:12:47.687
So at this point, based on visual patterns,

0:12:47.687,0:12:50.096
I can find the code on the phone.

0:12:50.096,0:12:52.761
But that's not enough to blow up a battery.

0:12:52.761,0:12:54.329
The next thing I need to find is the code

0:12:54.329,0:12:56.090
that controls the battery, but we're back

0:12:56.090,0:12:57.821
to the needle in a stack of needles problem.

0:12:57.821,0:13:00.210
That code looks pretty much like all the other code

0:13:00.210,0:13:02.448
on that system.

0:13:02.448,0:13:04.849
So I might not be able to find the[br]code that controls the battery,

0:13:04.849,0:13:06.860
but there's a lot of things[br]that are very similar to that.

0:13:06.860,0:13:08.714
You have code that controls your screen,

0:13:08.714,0:13:10.930
that controls your buttons,[br]that controls your microphones,

0:13:10.930,0:13:12.858
so even if I can't find the code for the battery,

0:13:12.858,0:13:15.103
I bet I can find one of those things.

0:13:15.103,0:13:17.808
So the next step in my binary analysis process

0:13:17.808,0:13:19.039
is to look at pieces of information

0:13:19.039,0:13:21.057
that are similar to each other.

0:13:21.057,0:13:25.040
It's really, really hard to do at a binary level,

0:13:25.040,0:13:28.683
but if we translate those similarities[br]to a visual abstraction instead,

0:13:28.683,0:13:31.121
I don't even have to sift through the raw data.

0:13:31.121,0:13:33.276
All I have to do is wait for the image to light up

0:13:33.276,0:13:35.512
to see when I'm at similar pieces.

0:13:35.512,0:13:38.540
I follow these strands of similarity[br]like a trail of bread crumbs

0:13:38.540,0:13:41.646
to find exactly what I'm looking for.

0:13:41.646,0:13:43.380
So at this point in the process,

0:13:43.380,0:13:44.698
I've located the code

0:13:44.698,0:13:46.383
responsible for controlling your battery,

0:13:46.383,0:13:48.959
but that's still not enough to blow up a phone.

0:13:48.959,0:13:50.523
The last piece of the puzzle

0:13:50.523,0:13:53.202
is understanding how that code

0:13:53.202,0:13:54.404
controls your battery.

0:13:54.404,0:13:56.792
For this, I need to identify

0:13:56.792,0:13:58.508
very subtle, very detailed relationships

0:13:58.508,0:14:00.597
within that binary information,

0:14:00.597,0:14:02.352
another very hard thing to do

0:14:02.352,0:14:04.664
when looking at ones and zeros.

0:14:04.664,0:14:06.060
But if we translate that information

0:14:06.060,0:14:08.240
into a physical representation,

0:14:08.240,0:14:11.256
we can sit back and let our[br]visual cortex do all the hard work.

0:14:11.256,0:14:12.990
It can find all the detailed patterns,

0:14:12.990,0:14:15.010
all the important pieces, for us.

0:14:15.010,0:14:17.603
It can find out exactly how the pieces of that code

0:14:17.603,0:14:20.537
work together to control that battery.

0:14:20.537,0:14:23.541
All of this can be done in a matter of hours,

0:14:23.541,0:14:24.897
whereas the same process

0:14:24.897,0:14:27.819
would have taken months in the past.

0:14:27.819,0:14:29.008
This is all well and good

0:14:29.008,0:14:31.950
in a theoretical blow up a terrorist's phone situation.

0:14:31.950,0:14:34.797
I wanted to find out if this would really work

0:14:34.797,0:14:37.426
in the work I do every day.

0:14:37.426,0:14:40.481
So I was playing around with these same concepts

0:14:40.481,0:14:43.505
with some of the data I've looked at in the past,

0:14:43.505,0:14:45.997
and yet again, I was trying to find

0:14:45.997,0:14:48.205
a very detailed, specific piece of code

0:14:48.205,0:14:51.800
inside of a massive piece of binary information.

0:14:51.800,0:14:53.573
So I looked at it at this level,

0:14:53.573,0:14:55.523
thinking I was looking at the right thing,

0:14:55.523,0:14:57.844
only to see this doesn't have

0:14:57.844,0:14:59.584
the connectivity I would have expected

0:14:59.584,0:15:01.489
for the code I was looking for.

0:15:01.489,0:15:04.092
In fact, I'm not really sure what this is,

0:15:04.092,0:15:05.104
but when I stepped back a level

0:15:05.104,0:15:06.819
and looked at the similarities within the code

0:15:06.819,0:15:09.113
I saw, this doesn't have similarities

0:15:09.113,0:15:10.604
like any code that exists out there.

0:15:10.604,0:15:12.829
I can't even be looking at code.

0:15:12.829,0:15:15.215
In fact, from this perspective,

0:15:15.215,0:15:17.263
I could tell, this isn't code.

0:15:17.263,0:15:19.311
This is an image of some sort.

0:15:19.311,0:15:20.993
And from here, I can see,

0:15:20.993,0:15:23.904
it's not just an image, this is a photograph.

0:15:23.904,0:15:25.296
Now that I know it's a photograph,

0:15:25.296,0:15:28.226
I've got dozens of other[br]binary translation techniques

0:15:28.226,0:15:30.647
to visualize and understand that information,

0:15:30.647,0:15:33.190
so in a matter of seconds,[br]we can take this information,

0:15:33.190,0:15:35.587
shove it through a dozen other[br]visual translation techniques

0:15:35.587,0:15:39.318
in order to find out exactly what we were looking at.

0:15:39.318,0:15:41.000
I saw — (Laughter) —

0:15:41.000,0:15:44.456
it was that darn kitten again.

0:15:44.456,0:15:45.506
All this is enabled

0:15:45.506,0:15:47.001
because we were able to find a way

0:15:47.001,0:15:49.030
to translate a very hard problem

0:15:49.030,0:15:51.542
to something our brains do very naturally.

0:15:51.542,0:15:53.780
So what does this mean?

0:15:53.780,0:15:55.325
Well, for kittens, it means

0:15:55.325,0:15:57.742
no more hiding in ones and zeros.

0:15:57.742,0:16:01.045
For me, it means no more wasted weekends.

0:16:01.045,0:16:03.657
For cyber, it means we have a radical new way

0:16:03.657,0:16:06.622
to tackle the most impossible problems.

0:16:06.622,0:16:08.434
It means we have a new weapon

0:16:08.434,0:16:10.850
in the evolving theater of cyber warfare,

0:16:10.850,0:16:12.270
but for all of us,

0:16:12.270,0:16:13.745
it means that cyber engineers

0:16:13.745,0:16:15.891
now have the ability to become first responders

0:16:15.891,0:16:18.474
in emergency situations.

0:16:18.474,0:16:19.521
When seconds count,

0:16:19.521,0:16:22.930
we've unlocked the means to stop the bad guys.

0:16:22.930,0:16:24.930
Thank you.

0:16:24.930,0:16:27.892
(Applause)