1 00:00:00,770 --> 00:00:03,032 This is a lot of ones and zeros. 2 00:00:03,032 --> 00:00:06,131 It's what we call binary information. 3 00:00:06,131 --> 00:00:07,573 This is how computers talk. 4 00:00:07,573 --> 00:00:09,502 It's how they store information. 5 00:00:09,502 --> 00:00:11,128 It's how computers think. 6 00:00:11,128 --> 00:00:12,747 It's how computers do 7 00:00:12,747 --> 00:00:15,129 everything it is that computers do. 8 00:00:15,129 --> 00:00:17,176 I'm a cybersecurity researcher, 9 00:00:17,176 --> 00:00:19,246 which means my job is to sit down with this information 10 00:00:19,246 --> 00:00:20,930 and try to make sense of it, 11 00:00:20,930 --> 00:00:23,683 to try to understand what all the ones and zeroes mean. 12 00:00:23,683 --> 00:00:25,526 Unfortunately for me, we're not just talking 13 00:00:25,526 --> 00:00:27,760 about the ones and zeros I have on the screen here. 14 00:00:27,760 --> 00:00:30,443 We're not just talking about a few pages of ones and zeros. 15 00:00:30,443 --> 00:00:33,052 We're talking about billions and billions 16 00:00:33,052 --> 00:00:34,385 of ones and zeros, 17 00:00:34,385 --> 00:00:37,026 more than anyone could possibly comprehend. 18 00:00:37,026 --> 00:00:38,885 Now, as exciting as that sounds, 19 00:00:38,885 --> 00:00:41,377 when I first started doing cyber — 20 00:00:41,377 --> 00:00:43,120 (Laughter) — 21 00:00:43,120 --> 00:00:45,123 when I first started doing cyber, I wasn't sure 22 00:00:45,123 --> 00:00:46,596 that sifting through ones and zeros 23 00:00:46,596 --> 00:00:48,890 was what I wanted to do with the rest of my life, 24 00:00:48,890 --> 00:00:50,910 because in my mind, cyber 25 00:00:50,910 --> 00:00:54,591 was keeping viruses off of my grandma's computer, 26 00:00:54,591 --> 00:00:57,939 it was keeping people's Myspace pages from being hacked, 27 00:00:57,939 --> 00:01:00,124 and maybe, maybe on my most glorious day, 28 00:01:00,124 --> 00:01:03,875 it was keeping someone's credit card information from being stolen. 29 00:01:03,875 --> 00:01:05,238 Those are important things, 30 00:01:05,238 --> 00:01:07,996 but that's not how I wanted to spend my life. 31 00:01:07,996 --> 00:01:09,930 But after 30 minutes of work 32 00:01:09,930 --> 00:01:11,283 as a defense contractor, 33 00:01:11,283 --> 00:01:14,073 I soon found out that my idea of cyber 34 00:01:14,073 --> 00:01:15,942 was a little bit off. 35 00:01:15,942 --> 00:01:17,887 In fact, in terms of national security, 36 00:01:17,887 --> 00:01:19,958 keeping viruses off of my grandma's computer 37 00:01:19,958 --> 00:01:23,144 was surprisingly low on their priority list. 38 00:01:23,144 --> 00:01:24,445 And the reason for that is cyber 39 00:01:24,445 --> 00:01:28,238 is so much bigger than any one of those things. 40 00:01:28,238 --> 00:01:31,063 Cyber is an integral part of all of our lives, 41 00:01:31,063 --> 00:01:34,123 because computers are an integral part of all of our lives, 42 00:01:34,123 --> 00:01:36,075 even if you don't own a computer. 43 00:01:36,075 --> 00:01:38,721 Computers control everything in your car, 44 00:01:38,721 --> 00:01:40,601 from your GPS to your airbags. 45 00:01:40,601 --> 00:01:41,917 They control your phone. 46 00:01:41,917 --> 00:01:43,088 They're the reason you can call 911 47 00:01:43,088 --> 00:01:44,884 and get someone on the other line. 48 00:01:44,884 --> 00:01:47,678 They control our nation's entire infrastructure. 49 00:01:47,678 --> 00:01:49,354 They're the reason you have electricity, 50 00:01:49,354 --> 00:01:51,692 heat, clean water, food. 51 00:01:51,692 --> 00:01:53,593 Computers control our military equipment, 52 00:01:53,593 --> 00:01:55,270 everything from missile silos to satellites 53 00:01:55,270 --> 00:01:59,184 to nuclear defense networks. 54 00:01:59,184 --> 00:02:01,173 All of these things are made possible 55 00:02:01,173 --> 00:02:02,589 because of computers, 56 00:02:02,589 --> 00:02:04,572 and therefore because of cyber, 57 00:02:04,572 --> 00:02:06,076 and when something goes wrong, 58 00:02:06,076 --> 00:02:09,194 cyber can make all of these things impossible. 59 00:02:09,194 --> 00:02:10,779 But that's where I step in. 60 00:02:10,779 --> 00:02:13,719 A big part of my job is defending all of these things, 61 00:02:13,719 --> 00:02:15,381 keeping them working, 62 00:02:15,381 --> 00:02:17,709 but once in a while, part of my job is to break one of these things, 63 00:02:17,709 --> 00:02:20,105 because cyber isn't just about defense, 64 00:02:20,105 --> 00:02:22,378 it's also about offense. 65 00:02:22,378 --> 00:02:23,954 We're entering an age where we talk about 66 00:02:23,954 --> 00:02:25,415 cyberweapons. 67 00:02:25,415 --> 00:02:28,550 In fact, so great is the potential for cyber offense 68 00:02:28,550 --> 00:02:32,171 that cyber is considered a new domain of warfare. 69 00:02:32,171 --> 00:02:33,971 Warfare. 70 00:02:33,971 --> 00:02:35,900 It's not necessarily a bad thing. 71 00:02:35,900 --> 00:02:38,651 On the one hand, it means we have whole new front 72 00:02:38,651 --> 00:02:40,394 on which we need to defend ourselves, 73 00:02:40,394 --> 00:02:41,879 but on the other hand, 74 00:02:41,879 --> 00:02:43,721 it means we have a whole new way to attack, 75 00:02:43,721 --> 00:02:45,580 a whole new way to stop evil people 76 00:02:45,580 --> 00:02:47,807 from doing evil things. 77 00:02:47,807 --> 00:02:49,618 So let's consider an example of this 78 00:02:49,618 --> 00:02:51,307 that's completely theoretical. 79 00:02:51,307 --> 00:02:53,565 Suppose a terrorist wants to blow up a building, 80 00:02:53,565 --> 00:02:55,633 and he wants to do this again and again 81 00:02:55,633 --> 00:02:57,084 in the future. 82 00:02:57,084 --> 00:02:59,924 So he doesn't want to be in that building when it explodes. 83 00:02:59,924 --> 00:03:01,442 He's going to use a cell phone 84 00:03:01,442 --> 00:03:03,777 as a remote detonator. 85 00:03:03,777 --> 00:03:05,648 Now, it used to be the only way we had 86 00:03:05,648 --> 00:03:07,284 to stop this terrorist 87 00:03:07,284 --> 00:03:09,957 was with a hail of bullets and a car chase, 88 00:03:09,957 --> 00:03:12,289 but that's not necessarily true anymore. 89 00:03:12,289 --> 00:03:13,852 We're entering an age where we can stop him 90 00:03:13,852 --> 00:03:14,962 with the press of a button 91 00:03:14,962 --> 00:03:16,969 from 1,000 miles away, 92 00:03:16,969 --> 00:03:18,558 because whether he knew it or not, 93 00:03:18,558 --> 00:03:20,269 as soon as he decided to use his cell phone, 94 00:03:20,269 --> 00:03:23,403 he stepped into the realm of cyber. 95 00:03:23,403 --> 00:03:26,520 A well-crafted cyber attack could break into his phone, 96 00:03:26,520 --> 00:03:28,669 disable the overvoltage protections on his battery, 97 00:03:28,669 --> 00:03:30,424 drastically overload the circuit, 98 00:03:30,424 --> 00:03:32,781 cause the battery to overheat, and explode. 99 00:03:32,781 --> 00:03:35,227 No more phone, no more detonator, 100 00:03:35,227 --> 00:03:37,150 maybe no more terrorist, 101 00:03:37,150 --> 00:03:38,181 all with the press of a button 102 00:03:38,181 --> 00:03:40,861 from a thousand miles away. 103 00:03:40,861 --> 00:03:42,612 So how does this work? 104 00:03:42,612 --> 00:03:44,880 It all comes back to those ones and zeros. 105 00:03:44,880 --> 00:03:47,885 Binary information makes your phone work, 106 00:03:47,885 --> 00:03:51,469 and used correctly, it can make your phone explode. 107 00:03:51,469 --> 00:03:53,941 So when you start to look at cyber from this perspective, 108 00:03:53,941 --> 00:03:57,104 spending your life sifting through binary information 109 00:03:57,104 --> 00:03:59,521 starts to seem kind of exciting. 110 00:03:59,521 --> 00:04:02,167 But here's the catch: This is hard, 111 00:04:02,167 --> 00:04:03,852 really, really hard, 112 00:04:03,852 --> 00:04:05,686 and here's why. 113 00:04:05,686 --> 00:04:08,452 Think about everything you have on your cell phone. 114 00:04:08,452 --> 00:04:10,415 You've got the pictures you've taken. 115 00:04:10,415 --> 00:04:12,201 You've got the music you listen to. 116 00:04:12,201 --> 00:04:13,849 You've got your contacts list, 117 00:04:13,849 --> 00:04:15,474 your email, and probably 500 apps 118 00:04:15,474 --> 00:04:18,475 you've never used in your entire life, 119 00:04:18,475 --> 00:04:22,462 and behind all of this is the software, the code, 120 00:04:22,462 --> 00:04:23,842 that controls your phone, 121 00:04:23,842 --> 00:04:26,498 and somewhere, buried inside of that code, 122 00:04:26,498 --> 00:04:29,046 is a tiny piece that controls your battery, 123 00:04:29,046 --> 00:04:30,917 and that's what I'm really after, 124 00:04:30,917 --> 00:04:34,603 but all of this, just a bunch of ones and zeros, 125 00:04:34,603 --> 00:04:36,134 and it's all just mixed together. 126 00:04:36,134 --> 00:04:39,679 In cyber, we call this finding a needle in a stack of needles, 127 00:04:39,679 --> 00:04:42,028 because everything pretty much looks alike. 128 00:04:42,028 --> 00:04:43,760 I'm looking for one key piece, 129 00:04:43,760 --> 00:04:46,994 but it just blends in with everything else. 130 00:04:46,994 --> 00:04:49,246 So let's step back from this theoretical situation 131 00:04:49,246 --> 00:04:51,590 of making a terrorist's phone explode, 132 00:04:51,590 --> 00:04:54,406 and look at something that actually happened to me. 133 00:04:54,406 --> 00:04:55,749 Pretty much no matter what I do, 134 00:04:55,749 --> 00:04:57,191 my job always starts with sitting down 135 00:04:57,191 --> 00:04:59,563 with a whole bunch of binary information, 136 00:04:59,563 --> 00:05:01,290 and I'm always looking for one key piece 137 00:05:01,290 --> 00:05:03,277 to do something specific. 138 00:05:03,277 --> 00:05:05,354 In this case, I was looking for a very advanced, 139 00:05:05,354 --> 00:05:06,872 very high-tech piece of code 140 00:05:06,872 --> 00:05:08,087 that I knew I could hack, 141 00:05:08,087 --> 00:05:09,801 but it was somewhere buried 142 00:05:09,801 --> 00:05:11,827 inside of a billion ones and zeroes. 143 00:05:11,827 --> 00:05:13,405 Unfortunately for me, I didn't know 144 00:05:13,405 --> 00:05:15,096 quite what I was looking for. 145 00:05:15,096 --> 00:05:16,292 I didn't know quite what it would look like, 146 00:05:16,292 --> 00:05:19,210 which makes finding it really, really hard. 147 00:05:19,210 --> 00:05:21,249 When I have to do that, what I have to do 148 00:05:21,249 --> 00:05:23,591 is basically look at various pieces 149 00:05:23,591 --> 00:05:25,314 of this binary information, 150 00:05:25,314 --> 00:05:27,516 try to decipher each piece, and see if it might be 151 00:05:27,516 --> 00:05:28,740 what I'm after. 152 00:05:28,740 --> 00:05:30,365 So after a while, I thought I had found the piece 153 00:05:30,365 --> 00:05:31,702 I was looking for. 154 00:05:31,702 --> 00:05:33,806 I thought maybe this was it. 155 00:05:33,806 --> 00:05:35,838 It seemed to be about right, but I couldn't quite tell. 156 00:05:35,838 --> 00:05:38,756 I couldn't tell what those ones and zeros represented. 157 00:05:38,756 --> 00:05:42,130 So I spent some time trying to put this together, 158 00:05:42,130 --> 00:05:43,800 but wasn't having a whole lot of luck, 159 00:05:43,800 --> 00:05:44,986 and finally I decided, 160 00:05:44,986 --> 00:05:46,595 I'm going to get through this, 161 00:05:46,595 --> 00:05:48,106 I'm going to come in on a weekend, 162 00:05:48,106 --> 00:05:49,446 and I'm not going to leave 163 00:05:49,446 --> 00:05:51,158 until I figure out what this represents. 164 00:05:51,158 --> 00:05:53,324 So that's what I did. I came in on a Saturday morning, 165 00:05:53,324 --> 00:05:56,969 and about 10 hours in, I sort of had all the pieces to the puzzle. 166 00:05:56,969 --> 00:05:58,361 I just didn't know how they fit together. 167 00:05:58,361 --> 00:06:01,151 I didn't know what these ones and zeros meant. 168 00:06:01,151 --> 00:06:03,218 At the 15-hour mark, 169 00:06:03,218 --> 00:06:05,820 I started to get a better picture of what was there, 170 00:06:05,820 --> 00:06:07,592 but I had a creeping suspicion 171 00:06:07,592 --> 00:06:09,181 that what I was looking at 172 00:06:09,181 --> 00:06:12,104 was not at all related to what I was looking for. 173 00:06:12,104 --> 00:06:14,591 By 20 hours, the pieces started to come together 174 00:06:14,591 --> 00:06:18,355 very slowly — (Laughter) — 175 00:06:18,355 --> 00:06:19,621 and I was pretty sure I was going down 176 00:06:19,621 --> 00:06:21,560 the wrong path at this point, 177 00:06:21,560 --> 00:06:23,811 but I wasn't going to give up. 178 00:06:23,811 --> 00:06:26,645 After 30 hours in the lab, 179 00:06:26,645 --> 00:06:28,906 I figured out exactly what I was looking at, 180 00:06:28,906 --> 00:06:31,724 and I was right, it wasn't what I was looking for. 181 00:06:31,724 --> 00:06:33,423 I spent 30 hours piecing together 182 00:06:33,423 --> 00:06:36,145 the ones and zeros that formed a picture of a kitten. 183 00:06:36,145 --> 00:06:37,940 (Laughter) 184 00:06:37,940 --> 00:06:41,746 I wasted 30 hours of my life searching for this kitten 185 00:06:41,746 --> 00:06:43,584 that had nothing at all to do 186 00:06:43,584 --> 00:06:45,571 with what I was trying to accomplish. 187 00:06:45,571 --> 00:06:49,434 So I was frustrated, I was exhausted. 188 00:06:49,434 --> 00:06:52,660 After 30 hours in the lab, I probably smelled horrible. 189 00:06:52,660 --> 00:06:54,890 But instead of just going home 190 00:06:54,890 --> 00:06:57,420 and calling it quits, I took a step back 191 00:06:57,420 --> 00:06:59,961 and asked myself, what went wrong here? 192 00:06:59,961 --> 00:07:02,173 How could I make such a stupid mistake? 193 00:07:02,173 --> 00:07:03,571 I'm really pretty good at this. 194 00:07:03,571 --> 00:07:04,890 I do this for a living. 195 00:07:04,890 --> 00:07:07,038 So what happened? 196 00:07:07,038 --> 00:07:09,813 Well I thought, when you're looking at information at this level, 197 00:07:09,813 --> 00:07:12,640 it's so easy to lose track of what you're doing. 198 00:07:12,640 --> 00:07:14,384 It's easy to not see the forest through the trees. 199 00:07:14,384 --> 00:07:16,548 It's easy to go down the wrong rabbit hole 200 00:07:16,548 --> 00:07:18,310 and waste a tremendous amount of time 201 00:07:18,310 --> 00:07:20,130 doing the wrong thing. 202 00:07:20,130 --> 00:07:21,730 But I had this epiphany. 203 00:07:21,730 --> 00:07:24,729 We were looking at the data completely incorrectly 204 00:07:24,729 --> 00:07:26,219 since day one. 205 00:07:26,219 --> 00:07:28,322 This is how computers think, ones and zeros. 206 00:07:28,322 --> 00:07:29,714 It's not how people think, 207 00:07:29,714 --> 00:07:32,028 but we've been trying to adapt our minds 208 00:07:32,028 --> 00:07:33,373 to think more like computers 209 00:07:33,373 --> 00:07:35,970 so that we can understand this information. 210 00:07:35,970 --> 00:07:37,920 Instead of trying to make our minds fit the problem, 211 00:07:37,920 --> 00:07:39,568 we should have been making the problem 212 00:07:39,568 --> 00:07:40,537 fit our minds, 213 00:07:40,537 --> 00:07:42,646 because our brains have a tremendous potential 214 00:07:42,646 --> 00:07:45,732 for analyzing huge amounts of information, 215 00:07:45,732 --> 00:07:47,029 just not like this. 216 00:07:47,029 --> 00:07:48,496 So what if we could unlock that potential 217 00:07:48,496 --> 00:07:50,023 just by translating this 218 00:07:50,023 --> 00:07:52,871 to the right kind of information? 219 00:07:52,871 --> 00:07:54,065 So with these ideas in mind, 220 00:07:54,065 --> 00:07:55,683 I sprinted out of my basement lab at work 221 00:07:55,683 --> 00:07:56,990 to my basement lab at home, 222 00:07:56,990 --> 00:07:58,986 which looked pretty much the same. 223 00:07:58,986 --> 00:08:00,810 The main difference is, at work, 224 00:08:00,810 --> 00:08:02,389 I'm surrounded by cyber materials, 225 00:08:02,389 --> 00:08:04,994 and cyber seemed to be the problem in this situation. 226 00:08:04,994 --> 00:08:08,347 At home, I'm surrounded by everything else I've ever learned. 227 00:08:08,347 --> 00:08:10,219 So I poured through every book I could find, 228 00:08:10,219 --> 00:08:11,551 every idea I'd ever encountered, 229 00:08:11,551 --> 00:08:13,697 to see how could we translate a problem 230 00:08:13,697 --> 00:08:16,829 from one domain to something completely different? 231 00:08:16,829 --> 00:08:18,223 The biggest question was, 232 00:08:18,223 --> 00:08:20,191 what do we want to translate it to? 233 00:08:20,191 --> 00:08:22,303 What do our brains do perfectly naturally 234 00:08:22,303 --> 00:08:24,181 that we could exploit? 235 00:08:24,181 --> 00:08:26,470 My answer was vision. 236 00:08:26,470 --> 00:08:29,619 We have a tremendous capability to analyze visual information. 237 00:08:29,619 --> 00:08:32,202 We can combine color gradients, depth cues, 238 00:08:32,202 --> 00:08:33,990 all sorts of these different signals 239 00:08:33,990 --> 00:08:36,385 into one coherent picture of the world around us. 240 00:08:36,385 --> 00:08:37,792 That's incredible. 241 00:08:37,792 --> 00:08:39,173 So if we could find a way to translate 242 00:08:39,173 --> 00:08:41,359 these binary patterns to visual signals, 243 00:08:41,359 --> 00:08:43,191 we could really unlock the power of our brains 244 00:08:43,191 --> 00:08:45,901 to process this stuff. 245 00:08:45,901 --> 00:08:47,744 So I started looking at the binary information, 246 00:08:47,744 --> 00:08:48,834 and I asked myself, what do I do 247 00:08:48,834 --> 00:08:50,710 when I first encounter something like this? 248 00:08:50,710 --> 00:08:52,333 And the very first thing I want to do, 249 00:08:52,333 --> 00:08:53,692 the very first question I want to answer, 250 00:08:53,692 --> 00:08:54,970 is what is this? 251 00:08:54,970 --> 00:08:57,498 I don't care what it does, how it works. 252 00:08:57,498 --> 00:08:59,977 All I want to know is, what is this? 253 00:08:59,977 --> 00:09:01,652 And the way I can figure that out 254 00:09:01,652 --> 00:09:03,335 is by looking at chunks, 255 00:09:03,335 --> 00:09:05,788 sequential chunks of binary information, 256 00:09:05,788 --> 00:09:08,690 and I look at the relationships between those chunks. 257 00:09:08,690 --> 00:09:10,462 When I gather up enough of these sequences, 258 00:09:10,462 --> 00:09:12,466 I begin to get an idea of exactly 259 00:09:12,466 --> 00:09:15,100 what this information must be. 260 00:09:15,100 --> 00:09:16,284 So let's go back to that 261 00:09:16,284 --> 00:09:18,374 blow up the terrorist's phone situation. 262 00:09:18,374 --> 00:09:20,577 This is what English text looks like 263 00:09:20,577 --> 00:09:21,890 at a binary level. 264 00:09:21,890 --> 00:09:24,216 This is what your contacts list would look like 265 00:09:24,216 --> 00:09:25,776 if I were examining it. 266 00:09:25,776 --> 00:09:28,010 It's really hard to analyze this at this level, 267 00:09:28,010 --> 00:09:30,114 but if we take those same binary chunks 268 00:09:30,114 --> 00:09:31,296 that I would be trying to find, 269 00:09:31,296 --> 00:09:33,060 and instead translate that 270 00:09:33,060 --> 00:09:34,980 to a visual representation, 271 00:09:34,980 --> 00:09:36,777 translate those relationships, 272 00:09:36,777 --> 00:09:38,333 this is what we get. 273 00:09:38,333 --> 00:09:40,247 This is what English text looks like 274 00:09:40,247 --> 00:09:42,918 from a visual abstraction perspective. 275 00:09:42,918 --> 00:09:44,058 All of a sudden, 276 00:09:44,058 --> 00:09:45,493 it shows us all the same information 277 00:09:45,493 --> 00:09:46,665 that was in the ones and zeros, 278 00:09:46,665 --> 00:09:48,986 but show us it in an entirely different way, 279 00:09:48,986 --> 00:09:50,703 a way that we can immediately comprehend. 280 00:09:50,703 --> 00:09:53,668 We can instantly see all of the patterns here. 281 00:09:53,668 --> 00:09:56,260 It takes me seconds to pick out patterns here, 282 00:09:56,260 --> 00:09:58,514 but hours, days, to pick them out 283 00:09:58,514 --> 00:09:59,834 in ones and zeros. 284 00:09:59,834 --> 00:10:01,570 It takes minutes for anybody to learn 285 00:10:01,570 --> 00:10:03,235 what these patterns represent here, 286 00:10:03,235 --> 00:10:05,482 but years of experience in cyber 287 00:10:05,482 --> 00:10:07,136 to learn what those same patterns represent 288 00:10:07,136 --> 00:10:08,722 in ones and zeros. 289 00:10:08,722 --> 00:10:10,384 So this piece is caused by 290 00:10:10,384 --> 00:10:12,408 lower case letters followed by lower case letters 291 00:10:12,408 --> 00:10:14,175 inside of that contact list. 292 00:10:14,175 --> 00:10:15,516 This is upper case by upper case, 293 00:10:15,516 --> 00:10:18,201 upper case by lower case, lower case by upper case. 294 00:10:18,201 --> 00:10:20,887 This is caused by spaces. This is caused by carriage returns. 295 00:10:20,887 --> 00:10:22,395 We can go through every little detail 296 00:10:22,395 --> 00:10:25,361 of the binary information in seconds, 297 00:10:25,361 --> 00:10:28,895 as opposed to weeks, months, at this level. 298 00:10:28,895 --> 00:10:30,407 This is what an image looks like 299 00:10:30,407 --> 00:10:32,283 from your cell phone. 300 00:10:32,283 --> 00:10:33,296 But this is what it looks like 301 00:10:33,296 --> 00:10:35,187 in a visual abstraction. 302 00:10:35,187 --> 00:10:37,172 This is what your music looks like, 303 00:10:37,172 --> 00:10:39,375 but here's its visual abstraction. 304 00:10:39,375 --> 00:10:41,135 Most importantly for me, 305 00:10:41,135 --> 00:10:44,410 this is what the code on your cell phone looks like. 306 00:10:44,410 --> 00:10:46,567 This is what I'm after in the end, 307 00:10:46,567 --> 00:10:48,707 but this is its visual abstraction. 308 00:10:48,707 --> 00:10:51,216 If I can find this, I can't make the phone explode. 309 00:10:51,216 --> 00:10:53,835 I could spend weeks trying to find this 310 00:10:53,835 --> 00:10:55,012 in ones and zeros, 311 00:10:55,012 --> 00:10:56,796 but it takes me seconds to pick out 312 00:10:56,796 --> 00:11:00,100 a visual abstraction like this. 313 00:11:00,100 --> 00:11:02,592 One of those most remarkable parts about all of this 314 00:11:02,592 --> 00:11:05,424 is it gives us an entirely new way to understand 315 00:11:05,424 --> 00:11:08,663 new information, stuff that we haven't seen before. 316 00:11:08,663 --> 00:11:11,167 So I know what English looks like at a binary level, 317 00:11:11,167 --> 00:11:13,277 and I know what its visual abstraction looks like, 318 00:11:13,277 --> 00:11:16,592 but I've never seen Russian binary in my entire life. 319 00:11:16,592 --> 00:11:18,392 It would take me weeks just to figure out 320 00:11:18,392 --> 00:11:21,389 what I was looking at from raw ones and zeros, 321 00:11:21,389 --> 00:11:23,140 but because our brains can instantly pick up 322 00:11:23,140 --> 00:11:25,957 and recognize these subtle patterns inside 323 00:11:25,957 --> 00:11:27,445 of these visual abstractions, 324 00:11:27,445 --> 00:11:29,277 we can unconsciously apply those 325 00:11:29,277 --> 00:11:30,850 in new situations. 326 00:11:30,850 --> 00:11:32,332 So this is what Russian looks like 327 00:11:32,332 --> 00:11:33,912 in a visual abstraction. 328 00:11:33,912 --> 00:11:35,716 Because I know what one language looks like, 329 00:11:35,716 --> 00:11:37,292 I can recognize other languages 330 00:11:37,292 --> 00:11:39,162 even when I'm not familiar with them. 331 00:11:39,162 --> 00:11:40,948 This is what a photograph looks like, 332 00:11:40,948 --> 00:11:42,835 but this is what clip art looks like. 333 00:11:42,835 --> 00:11:45,390 This is what the code on your phone looks like, 334 00:11:45,390 --> 00:11:48,097 but this is what the code on your computer looks like. 335 00:11:48,097 --> 00:11:49,961 Our brains can pick up on these patterns 336 00:11:49,961 --> 00:11:51,912 in ways that we never could have 337 00:11:51,912 --> 00:11:54,408 from looking at raw ones and zeros. 338 00:11:54,408 --> 00:11:56,264 But we've really only scratched the surface 339 00:11:56,264 --> 00:11:58,401 of what we can do with this approach. 340 00:11:58,401 --> 00:12:00,079 We've only begun to unlock the capabilities 341 00:12:00,079 --> 00:12:03,394 of our minds to process visual information. 342 00:12:03,394 --> 00:12:05,384 If we take those same concepts and translate them 343 00:12:05,384 --> 00:12:07,035 into three dimensions instead, 344 00:12:07,035 --> 00:12:10,230 we find entirely new ways of making sense of information. 345 00:12:10,230 --> 00:12:12,715 In seconds, we can pick out every pattern here. 346 00:12:12,715 --> 00:12:14,535 we can see the cross associated with code. 347 00:12:14,535 --> 00:12:16,467 We can see cubes associated with text. 348 00:12:16,467 --> 00:12:18,943 We can even pick up the tiniest visual artifacts. 349 00:12:18,943 --> 00:12:21,073 Things that would take us weeks, 350 00:12:21,073 --> 00:12:23,267 months to find in ones and zeroes, 351 00:12:23,267 --> 00:12:25,070 are immediately apparent 352 00:12:25,070 --> 00:12:27,340 in some sort of visual abstraction, 353 00:12:27,340 --> 00:12:28,472 and as we continue to go through this 354 00:12:28,472 --> 00:12:30,488 and throw more and more information at it, 355 00:12:30,488 --> 00:12:32,769 what we find is that we're capable of processing 356 00:12:32,769 --> 00:12:35,185 billions of ones and zeros 357 00:12:35,185 --> 00:12:36,353 in a matter of seconds 358 00:12:36,353 --> 00:12:39,587 just by using our brain's built-in ability 359 00:12:39,587 --> 00:12:41,541 to analyze patterns. 360 00:12:41,541 --> 00:12:43,844 So this is really nice and helpful, 361 00:12:43,844 --> 00:12:46,203 but all this tells me is what I'm looking at. 362 00:12:46,203 --> 00:12:47,687 So at this point, based on visual patterns, 363 00:12:47,687 --> 00:12:50,096 I can find the code on the phone. 364 00:12:50,096 --> 00:12:52,761 But that's not enough to blow up a battery. 365 00:12:52,761 --> 00:12:54,329 The next thing I need to find is the code 366 00:12:54,329 --> 00:12:56,090 that controls the battery, but we're back 367 00:12:56,090 --> 00:12:57,821 to the needle in a stack of needles problem. 368 00:12:57,821 --> 00:13:00,210 That code looks pretty much like all the other code 369 00:13:00,210 --> 00:13:02,448 on that system. 370 00:13:02,448 --> 00:13:04,849 So I might not be able to find the code that controls the battery, 371 00:13:04,849 --> 00:13:06,860 but there's a lot of things that are very similar to that. 372 00:13:06,860 --> 00:13:08,714 You have code that controls your screen, 373 00:13:08,714 --> 00:13:10,930 that controls your buttons, that controls your microphones, 374 00:13:10,930 --> 00:13:12,858 so even if I can't find the code for the battery, 375 00:13:12,858 --> 00:13:15,103 I bet I can find one of those things. 376 00:13:15,103 --> 00:13:17,808 So the next step in my binary analysis process 377 00:13:17,808 --> 00:13:19,039 is to look at pieces of information 378 00:13:19,039 --> 00:13:21,057 that are similar to each other. 379 00:13:21,057 --> 00:13:25,040 It's really, really hard to do at a binary level, 380 00:13:25,040 --> 00:13:28,683 but if we translate those similarities to a visual abstraction instead, 381 00:13:28,683 --> 00:13:31,121 I don't even have to sift through the raw data. 382 00:13:31,121 --> 00:13:33,276 All I have to do is wait for the image to light up 383 00:13:33,276 --> 00:13:35,512 to see when I'm at similar pieces. 384 00:13:35,512 --> 00:13:38,540 I follow these strands of similarity like a trail of bread crumbs 385 00:13:38,540 --> 00:13:41,646 to find exactly what I'm looking for. 386 00:13:41,646 --> 00:13:43,380 So at this point in the process, 387 00:13:43,380 --> 00:13:44,698 I've located the code 388 00:13:44,698 --> 00:13:46,383 responsible for controlling your battery, 389 00:13:46,383 --> 00:13:48,959 but that's still not enough to blow up a phone. 390 00:13:48,959 --> 00:13:50,523 The last piece of the puzzle 391 00:13:50,523 --> 00:13:53,202 is understanding how that code 392 00:13:53,202 --> 00:13:54,404 controls your battery. 393 00:13:54,404 --> 00:13:56,792 For this, I need to identify 394 00:13:56,792 --> 00:13:58,508 very subtle, very detailed relationships 395 00:13:58,508 --> 00:14:00,597 within that binary information, 396 00:14:00,597 --> 00:14:02,352 another very hard thing to do 397 00:14:02,352 --> 00:14:04,664 when looking at ones and zeros. 398 00:14:04,664 --> 00:14:06,060 But if we translate that information 399 00:14:06,060 --> 00:14:08,240 into a physical representation, 400 00:14:08,240 --> 00:14:11,256 we can sit back and let our visual cortex do all the hard work. 401 00:14:11,256 --> 00:14:12,990 It can find all the detailed patterns, 402 00:14:12,990 --> 00:14:15,010 all the important pieces, for us. 403 00:14:15,010 --> 00:14:17,603 It can find out exactly how the pieces of that code 404 00:14:17,603 --> 00:14:20,537 work together to control that battery. 405 00:14:20,537 --> 00:14:23,541 All of this can be done in a matter of hours, 406 00:14:23,541 --> 00:14:24,897 whereas the same process 407 00:14:24,897 --> 00:14:27,819 would have taken months in the past. 408 00:14:27,819 --> 00:14:29,008 This is all well and good 409 00:14:29,008 --> 00:14:31,950 in a theoretical blow up a terrorist's phone situation. 410 00:14:31,950 --> 00:14:34,797 I wanted to find out if this would really work 411 00:14:34,797 --> 00:14:37,426 in the work I do every day. 412 00:14:37,426 --> 00:14:40,481 So I was playing around with these same concepts 413 00:14:40,481 --> 00:14:43,505 with some of the data I've looked at in the past, 414 00:14:43,505 --> 00:14:45,997 and yet again, I was trying to find 415 00:14:45,997 --> 00:14:48,205 a very detailed, specific piece of code 416 00:14:48,205 --> 00:14:51,800 inside of a massive piece of binary information. 417 00:14:51,800 --> 00:14:53,573 So I looked at it at this level, 418 00:14:53,573 --> 00:14:55,523 thinking I was looking at the right thing, 419 00:14:55,523 --> 00:14:57,844 only to see this doesn't have 420 00:14:57,844 --> 00:14:59,584 the connectivity I would have expected 421 00:14:59,584 --> 00:15:01,489 for the code I was looking for. 422 00:15:01,489 --> 00:15:04,092 In fact, I'm not really sure what this is, 423 00:15:04,092 --> 00:15:05,104 but when I stepped back a level 424 00:15:05,104 --> 00:15:06,819 and looked at the similarities within the code 425 00:15:06,819 --> 00:15:09,113 I saw, this doesn't have similarities 426 00:15:09,113 --> 00:15:10,604 like any code that exists out there. 427 00:15:10,604 --> 00:15:12,829 I can't even be looking at code. 428 00:15:12,829 --> 00:15:15,215 In fact, from this perspective, 429 00:15:15,215 --> 00:15:17,263 I could tell, this isn't code. 430 00:15:17,263 --> 00:15:19,311 This is an image of some sort. 431 00:15:19,311 --> 00:15:20,993 And from here, I can see, 432 00:15:20,993 --> 00:15:23,904 it's not just an image, this is a photograph. 433 00:15:23,904 --> 00:15:25,296 Now that I know it's a photograph, 434 00:15:25,296 --> 00:15:28,226 I've got dozens of other binary translation techniques 435 00:15:28,226 --> 00:15:30,647 to visualize and understand that information, 436 00:15:30,647 --> 00:15:33,190 so in a matter of seconds, we can take this information, 437 00:15:33,190 --> 00:15:35,587 shove it through a dozen other visual translation techniques 438 00:15:35,587 --> 00:15:39,318 in order to find out exactly what we were looking at. 439 00:15:39,318 --> 00:15:41,000 I saw — (Laughter) — 440 00:15:41,000 --> 00:15:44,456 it was that darn kitten again. 441 00:15:44,456 --> 00:15:45,506 All this is enabled 442 00:15:45,506 --> 00:15:47,001 because we were able to find a way 443 00:15:47,001 --> 00:15:49,030 to translate a very hard problem 444 00:15:49,030 --> 00:15:51,542 to something our brains do very naturally. 445 00:15:51,542 --> 00:15:53,780 So what does this mean? 446 00:15:53,780 --> 00:15:55,325 Well, for kittens, it means 447 00:15:55,325 --> 00:15:57,742 no more hiding in ones and zeros. 448 00:15:57,742 --> 00:16:01,045 For me, it means no more wasted weekends. 449 00:16:01,045 --> 00:16:03,657 For cyber, it means we have a radical new way 450 00:16:03,657 --> 00:16:06,622 to tackle the most impossible problems. 451 00:16:06,622 --> 00:16:08,434 It means we have a new weapon 452 00:16:08,434 --> 00:16:10,850 in the evolving theater of cyber warfare, 453 00:16:10,850 --> 00:16:12,270 but for all of us, 454 00:16:12,270 --> 00:16:13,745 it means that cyber engineers 455 00:16:13,745 --> 00:16:15,891 now have the ability to become first responders 456 00:16:15,891 --> 00:16:18,474 in emergency situations. 457 00:16:18,474 --> 00:16:19,521 When seconds count, 458 00:16:19,521 --> 00:16:22,930 we've unlocked the means to stop the bad guys. 459 00:16:22,930 --> 00:16:24,930 Thank you. 460 00:16:24,930 --> 00:16:27,892 (Applause)