WEBVTT 00:00:00.770 --> 00:00:03.032 This is a lot of ones and zeros. 00:00:03.032 --> 00:00:06.131 It's what we call binary information. 00:00:06.131 --> 00:00:07.573 This is how computers talk. 00:00:07.573 --> 00:00:09.502 It's how they store information. 00:00:09.502 --> 00:00:11.128 It's how computers think. 00:00:11.128 --> 00:00:12.747 It's how computers do 00:00:12.747 --> 00:00:15.129 everything it is that computers do. 00:00:15.129 --> 00:00:17.176 I'm a cybersecurity researcher, 00:00:17.176 --> 00:00:19.246 which means my job is to sit down with this information 00:00:19.246 --> 00:00:20.930 and try to make sense of it, 00:00:20.930 --> 00:00:23.683 to try to understand what all the ones and zeroes mean. 00:00:23.683 --> 00:00:25.526 Unfortunately for me, we're not just talking 00:00:25.526 --> 00:00:27.760 about the ones and zeros I have on the screen here. 00:00:27.760 --> 00:00:30.443 We're not just talking about a few pages of ones and zeros. 00:00:30.443 --> 00:00:33.052 We're talking about billions and billions 00:00:33.052 --> 00:00:34.385 of ones and zeros, 00:00:34.385 --> 00:00:37.026 more than anyone could possibly comprehend. NOTE Paragraph 00:00:37.026 --> 00:00:38.885 Now, as exciting as that sounds, 00:00:38.885 --> 00:00:41.377 when I first started doing cyber — 00:00:41.377 --> 00:00:43.120 (Laughter) — 00:00:43.120 --> 00:00:45.123 when I first started doing cyber, I wasn't sure 00:00:45.123 --> 00:00:46.596 that sifting through ones and zeros 00:00:46.596 --> 00:00:48.890 was what I wanted to do with the rest of my life, 00:00:48.890 --> 00:00:50.910 because in my mind, cyber 00:00:50.910 --> 00:00:54.591 was keeping viruses off of my grandma's computer, 00:00:54.591 --> 00:00:57.939 it was keeping people's Myspace pages from being hacked, 00:00:57.939 --> 00:01:00.124 and maybe, maybe on my most glorious day, 00:01:00.124 --> 00:01:03.875 it was keeping someone's credit card information from being stolen. 00:01:03.875 --> 00:01:05.238 Those are important things, 00:01:05.238 --> 00:01:07.996 but that's not how I wanted to spend my life. NOTE Paragraph 00:01:07.996 --> 00:01:09.930 But after 30 minutes of work 00:01:09.930 --> 00:01:11.283 as a defense contractor, 00:01:11.283 --> 00:01:14.073 I soon found out that my idea of cyber 00:01:14.073 --> 00:01:15.942 was a little bit off. 00:01:15.942 --> 00:01:17.887 In fact, in terms of national security, 00:01:17.887 --> 00:01:19.958 keeping viruses off of my grandma's computer 00:01:19.958 --> 00:01:23.144 was surprisingly low on their priority list. 00:01:23.144 --> 00:01:24.445 And the reason for that is cyber 00:01:24.445 --> 00:01:28.238 is so much bigger than any one of those things. 00:01:28.238 --> 00:01:31.063 Cyber is an integral part of all of our lives, 00:01:31.063 --> 00:01:34.123 because computers are an integral part of all of our lives, 00:01:34.123 --> 00:01:36.075 even if you don't own a computer. 00:01:36.075 --> 00:01:38.721 Computers control everything in your car, 00:01:38.721 --> 00:01:40.601 from your GPS to your airbags. 00:01:40.601 --> 00:01:41.917 They control your phone. 00:01:41.917 --> 00:01:43.088 They're the reason you can call 911 00:01:43.088 --> 00:01:44.884 and get someone on the other line. 00:01:44.884 --> 00:01:47.678 They control our nation's entire infrastructure. 00:01:47.678 --> 00:01:49.354 They're the reason you have electricity, 00:01:49.354 --> 00:01:51.692 heat, clean water, food. 00:01:51.692 --> 00:01:53.593 Computers control our military equipment, 00:01:53.593 --> 00:01:55.270 everything from missile silos to satellites 00:01:55.270 --> 00:01:59.184 to nuclear defense networks. 00:01:59.184 --> 00:02:01.173 All of these things are made possible 00:02:01.173 --> 00:02:02.589 because of computers, 00:02:02.589 --> 00:02:04.572 and therefore because of cyber, 00:02:04.572 --> 00:02:06.076 and when something goes wrong, 00:02:06.076 --> 00:02:09.194 cyber can make all of these things impossible. NOTE Paragraph 00:02:09.194 --> 00:02:10.779 But that's where I step in. 00:02:10.779 --> 00:02:13.719 A big part of my job is defending all of these things, 00:02:13.719 --> 00:02:15.381 keeping them working, 00:02:15.381 --> 00:02:17.709 but once in a while, part of my job is to break one of these things, 00:02:17.709 --> 00:02:20.105 because cyber isn't just about defense, 00:02:20.105 --> 00:02:22.378 it's also about offense. 00:02:22.378 --> 00:02:23.954 We're entering an age where we talk about 00:02:23.954 --> 00:02:25.415 cyberweapons. 00:02:25.415 --> 00:02:28.550 In fact, so great is the potential for cyber offense 00:02:28.550 --> 00:02:32.171 that cyber is considered a new domain of warfare. 00:02:32.171 --> 00:02:33.971 Warfare. 00:02:33.971 --> 00:02:35.900 It's not necessarily a bad thing. 00:02:35.900 --> 00:02:38.651 On the one hand, it means we have whole new front 00:02:38.651 --> 00:02:40.394 on which we need to defend ourselves, 00:02:40.394 --> 00:02:41.879 but on the other hand, 00:02:41.879 --> 00:02:43.721 it means we have a whole new way to attack, 00:02:43.721 --> 00:02:45.580 a whole new way to stop evil people 00:02:45.580 --> 00:02:47.807 from doing evil things. NOTE Paragraph 00:02:47.807 --> 00:02:49.618 So let's consider an example of this 00:02:49.618 --> 00:02:51.307 that's completely theoretical. 00:02:51.307 --> 00:02:53.565 Suppose a terrorist wants to blow up a building, 00:02:53.565 --> 00:02:55.633 and he wants to do this again and again 00:02:55.633 --> 00:02:57.084 in the future. 00:02:57.084 --> 00:02:59.924 So he doesn't want to be in that building when it explodes. 00:02:59.924 --> 00:03:01.442 He's going to use a cell phone 00:03:01.442 --> 00:03:03.777 as a remote detonator. 00:03:03.777 --> 00:03:05.648 Now, it used to be the only way we had 00:03:05.648 --> 00:03:07.284 to stop this terrorist 00:03:07.284 --> 00:03:09.957 was with a hail of bullets and a car chase, 00:03:09.957 --> 00:03:12.289 but that's not necessarily true anymore. 00:03:12.289 --> 00:03:13.852 We're entering an age where we can stop him 00:03:13.852 --> 00:03:14.962 with the press of a button 00:03:14.962 --> 00:03:16.969 from 1,000 miles away, 00:03:16.969 --> 00:03:18.558 because whether he knew it or not, 00:03:18.558 --> 00:03:20.269 as soon as he decided to use his cell phone, 00:03:20.269 --> 00:03:23.403 he stepped into the realm of cyber. 00:03:23.403 --> 00:03:26.520 A well-crafted cyber attack could break into his phone, 00:03:26.520 --> 00:03:28.669 disable the overvoltage protections on his battery, 00:03:28.669 --> 00:03:30.424 drastically overload the circuit, 00:03:30.424 --> 00:03:32.781 cause the battery to overheat, and explode. 00:03:32.781 --> 00:03:35.227 No more phone, no more detonator, 00:03:35.227 --> 00:03:37.150 maybe no more terrorist, 00:03:37.150 --> 00:03:38.181 all with the press of a button 00:03:38.181 --> 00:03:40.861 from a thousand miles away. NOTE Paragraph 00:03:40.861 --> 00:03:42.612 So how does this work? 00:03:42.612 --> 00:03:44.880 It all comes back to those ones and zeros. 00:03:44.880 --> 00:03:47.885 Binary information makes your phone work, 00:03:47.885 --> 00:03:51.469 and used correctly, it can make your phone explode. 00:03:51.469 --> 00:03:53.941 So when you start to look at cyber from this perspective, 00:03:53.941 --> 00:03:57.104 spending your life sifting through binary information 00:03:57.104 --> 00:03:59.521 starts to seem kind of exciting. NOTE Paragraph 00:03:59.521 --> 00:04:02.167 But here's the catch: This is hard, 00:04:02.167 --> 00:04:03.852 really, really hard, 00:04:03.852 --> 00:04:05.686 and here's why. 00:04:05.686 --> 00:04:08.452 Think about everything you have on your cell phone. 00:04:08.452 --> 00:04:10.415 You've got the pictures you've taken. 00:04:10.415 --> 00:04:12.201 You've got the music you listen to. 00:04:12.201 --> 00:04:13.849 You've got your contacts list, 00:04:13.849 --> 00:04:15.474 your email, and probably 500 apps 00:04:15.474 --> 00:04:18.475 you've never used in your entire life, 00:04:18.475 --> 00:04:22.462 and behind all of this is the software, the code, 00:04:22.462 --> 00:04:23.842 that controls your phone, 00:04:23.842 --> 00:04:26.498 and somewhere, buried inside of that code, 00:04:26.498 --> 00:04:29.046 is a tiny piece that controls your battery, 00:04:29.046 --> 00:04:30.917 and that's what I'm really after, 00:04:30.917 --> 00:04:34.603 but all of this, just a bunch of ones and zeros, 00:04:34.603 --> 00:04:36.134 and it's all just mixed together. 00:04:36.134 --> 00:04:39.679 In cyber, we call this finding a needle in a stack of needles, 00:04:39.679 --> 00:04:42.028 because everything pretty much looks alike. 00:04:42.028 --> 00:04:43.760 I'm looking for one key piece, 00:04:43.760 --> 00:04:46.994 but it just blends in with everything else. NOTE Paragraph 00:04:46.994 --> 00:04:49.246 So let's step back from this theoretical situation 00:04:49.246 --> 00:04:51.590 of making a terrorist's phone explode, 00:04:51.590 --> 00:04:54.406 and look at something that actually happened to me. 00:04:54.406 --> 00:04:55.749 Pretty much no matter what I do, 00:04:55.749 --> 00:04:57.191 my job always starts with sitting down 00:04:57.191 --> 00:04:59.563 with a whole bunch of binary information, 00:04:59.563 --> 00:05:01.290 and I'm always looking for one key piece 00:05:01.290 --> 00:05:03.277 to do something specific. 00:05:03.277 --> 00:05:05.354 In this case, I was looking for a very advanced, 00:05:05.354 --> 00:05:06.872 very high-tech piece of code 00:05:06.872 --> 00:05:08.087 that I knew I could hack, 00:05:08.087 --> 00:05:09.801 but it was somewhere buried 00:05:09.801 --> 00:05:11.827 inside of a billion ones and zeroes. 00:05:11.827 --> 00:05:13.405 Unfortunately for me, I didn't know 00:05:13.405 --> 00:05:15.096 quite what I was looking for. 00:05:15.096 --> 00:05:16.292 I didn't know quite what it would look like, 00:05:16.292 --> 00:05:19.210 which makes finding it really, really hard. 00:05:19.210 --> 00:05:21.249 When I have to do that, what I have to do 00:05:21.249 --> 00:05:23.591 is basically look at various pieces 00:05:23.591 --> 00:05:25.314 of this binary information, 00:05:25.314 --> 00:05:27.516 try to decipher each piece, and see if it might be 00:05:27.516 --> 00:05:28.740 what I'm after. 00:05:28.740 --> 00:05:30.365 So after a while, I thought I had found the piece 00:05:30.365 --> 00:05:31.702 I was looking for. 00:05:31.702 --> 00:05:33.806 I thought maybe this was it. 00:05:33.806 --> 00:05:35.838 It seemed to be about right, but I couldn't quite tell. 00:05:35.838 --> 00:05:38.756 I couldn't tell what those ones and zeros represented. 00:05:38.756 --> 00:05:42.130 So I spent some time trying to put this together, 00:05:42.130 --> 00:05:43.800 but wasn't having a whole lot of luck, 00:05:43.800 --> 00:05:44.986 and finally I decided, 00:05:44.986 --> 00:05:46.595 I'm going to get through this, 00:05:46.595 --> 00:05:48.106 I'm going to come in on a weekend, 00:05:48.106 --> 00:05:49.446 and I'm not going to leave 00:05:49.446 --> 00:05:51.158 until I figure out what this represents. 00:05:51.158 --> 00:05:53.324 So that's what I did. I came in on a Saturday morning, 00:05:53.324 --> 00:05:56.969 and about 10 hours in, I sort of had all the pieces to the puzzle. 00:05:56.969 --> 00:05:58.361 I just didn't know how they fit together. 00:05:58.361 --> 00:06:01.151 I didn't know what these ones and zeros meant. 00:06:01.151 --> 00:06:03.218 At the 15-hour mark, 00:06:03.218 --> 00:06:05.820 I started to get a better picture of what was there, 00:06:05.820 --> 00:06:07.592 but I had a creeping suspicion 00:06:07.592 --> 00:06:09.181 that what I was looking at 00:06:09.181 --> 00:06:12.104 was not at all related to what I was looking for. 00:06:12.104 --> 00:06:14.591 By 20 hours, the pieces started to come together 00:06:14.591 --> 00:06:18.355 very slowly — (Laughter) — 00:06:18.355 --> 00:06:19.621 and I was pretty sure I was going down 00:06:19.621 --> 00:06:21.560 the wrong path at this point, 00:06:21.560 --> 00:06:23.811 but I wasn't going to give up. 00:06:23.811 --> 00:06:26.645 After 30 hours in the lab, 00:06:26.645 --> 00:06:28.906 I figured out exactly what I was looking at, 00:06:28.906 --> 00:06:31.724 and I was right, it wasn't what I was looking for. 00:06:31.724 --> 00:06:33.423 I spent 30 hours piecing together 00:06:33.423 --> 00:06:36.145 the ones and zeros that formed a picture of a kitten. 00:06:36.145 --> 00:06:37.940 (Laughter) 00:06:37.940 --> 00:06:41.746 I wasted 30 hours of my life searching for this kitten 00:06:41.746 --> 00:06:43.584 that had nothing at all to do 00:06:43.584 --> 00:06:45.571 with what I was trying to accomplish. NOTE Paragraph 00:06:45.571 --> 00:06:49.434 So I was frustrated, I was exhausted. 00:06:49.434 --> 00:06:52.660 After 30 hours in the lab, I probably smelled horrible. 00:06:52.660 --> 00:06:54.890 But instead of just going home 00:06:54.890 --> 00:06:57.420 and calling it quits, I took a step back 00:06:57.420 --> 00:06:59.961 and asked myself, what went wrong here? 00:06:59.961 --> 00:07:02.173 How could I make such a stupid mistake? 00:07:02.173 --> 00:07:03.571 I'm really pretty good at this. 00:07:03.571 --> 00:07:04.890 I do this for a living. 00:07:04.890 --> 00:07:07.038 So what happened? 00:07:07.038 --> 00:07:09.813 Well I thought, when you're looking at information at this level, 00:07:09.813 --> 00:07:12.640 it's so easy to lose track of what you're doing. 00:07:12.640 --> 00:07:14.384 It's easy to not see the forest through the trees. 00:07:14.384 --> 00:07:16.548 It's easy to go down the wrong rabbit hole 00:07:16.548 --> 00:07:18.310 and waste a tremendous amount of time 00:07:18.310 --> 00:07:20.130 doing the wrong thing. 00:07:20.130 --> 00:07:21.730 But I had this epiphany. 00:07:21.730 --> 00:07:24.729 We were looking at the data completely incorrectly 00:07:24.729 --> 00:07:26.219 since day one. 00:07:26.219 --> 00:07:28.322 This is how computers think, ones and zeros. 00:07:28.322 --> 00:07:29.714 It's not how people think, 00:07:29.714 --> 00:07:32.028 but we've been trying to adapt our minds 00:07:32.028 --> 00:07:33.373 to think more like computers 00:07:33.373 --> 00:07:35.970 so that we can understand this information. 00:07:35.970 --> 00:07:37.920 Instead of trying to make our minds fit the problem, 00:07:37.920 --> 00:07:39.568 we should have been making the problem 00:07:39.568 --> 00:07:40.537 fit our minds, 00:07:40.537 --> 00:07:42.646 because our brains have a tremendous potential 00:07:42.646 --> 00:07:45.732 for analyzing huge amounts of information, 00:07:45.732 --> 00:07:47.029 just not like this. 00:07:47.029 --> 00:07:48.496 So what if we could unlock that potential 00:07:48.496 --> 00:07:50.023 just by translating this 00:07:50.023 --> 00:07:52.871 to the right kind of information? 00:07:52.871 --> 00:07:54.065 So with these ideas in mind, 00:07:54.065 --> 00:07:55.683 I sprinted out of my basement lab at work 00:07:55.683 --> 00:07:56.990 to my basement lab at home, 00:07:56.990 --> 00:07:58.986 which looked pretty much the same. 00:07:58.986 --> 00:08:00.810 The main difference is, at work, 00:08:00.810 --> 00:08:02.389 I'm surrounded by cyber materials, 00:08:02.389 --> 00:08:04.994 and cyber seemed to be the problem in this situation. 00:08:04.994 --> 00:08:08.347 At home, I'm surrounded by everything else I've ever learned. 00:08:08.347 --> 00:08:10.219 So I poured through every book I could find, 00:08:10.219 --> 00:08:11.551 every idea I'd ever encountered, 00:08:11.551 --> 00:08:13.697 to see how could we translate a problem 00:08:13.697 --> 00:08:16.829 from one domain to something completely different? NOTE Paragraph 00:08:16.829 --> 00:08:18.223 The biggest question was, 00:08:18.223 --> 00:08:20.191 what do we want to translate it to? 00:08:20.191 --> 00:08:22.303 What do our brains do perfectly naturally 00:08:22.303 --> 00:08:24.181 that we could exploit? 00:08:24.181 --> 00:08:26.470 My answer was vision. 00:08:26.470 --> 00:08:29.619 We have a tremendous capability to analyze visual information. 00:08:29.619 --> 00:08:32.202 We can combine color gradients, depth cues, 00:08:32.202 --> 00:08:33.990 all sorts of these different signals 00:08:33.990 --> 00:08:36.385 into one coherent picture of the world around us. 00:08:36.385 --> 00:08:37.792 That's incredible. 00:08:37.792 --> 00:08:39.173 So if we could find a way to translate 00:08:39.173 --> 00:08:41.359 these binary patterns to visual signals, 00:08:41.359 --> 00:08:43.191 we could really unlock the power of our brains 00:08:43.191 --> 00:08:45.901 to process this stuff. 00:08:45.901 --> 00:08:47.744 So I started looking at the binary information, 00:08:47.744 --> 00:08:48.834 and I asked myself, what do I do 00:08:48.834 --> 00:08:50.710 when I first encounter something like this? 00:08:50.710 --> 00:08:52.333 And the very first thing I want to do, 00:08:52.333 --> 00:08:53.692 the very first question I want to answer, 00:08:53.692 --> 00:08:54.970 is what is this? 00:08:54.970 --> 00:08:57.498 I don't care what it does, how it works. 00:08:57.498 --> 00:08:59.977 All I want to know is, what is this? 00:08:59.977 --> 00:09:01.652 And the way I can figure that out 00:09:01.652 --> 00:09:03.335 is by looking at chunks, 00:09:03.335 --> 00:09:05.788 sequential chunks of binary information, 00:09:05.788 --> 00:09:08.690 and I look at the relationships between those chunks. 00:09:08.690 --> 00:09:10.462 When I gather up enough of these sequences, 00:09:10.462 --> 00:09:12.466 I begin to get an idea of exactly 00:09:12.466 --> 00:09:15.100 what this information must be. 00:09:15.100 --> 00:09:16.284 So let's go back to that 00:09:16.284 --> 00:09:18.374 blow up the terrorist's phone situation. 00:09:18.374 --> 00:09:20.577 This is what English text looks like 00:09:20.577 --> 00:09:21.890 at a binary level. 00:09:21.890 --> 00:09:24.216 This is what your contacts list would look like 00:09:24.216 --> 00:09:25.776 if I were examining it. 00:09:25.776 --> 00:09:28.010 It's really hard to analyze this at this level, 00:09:28.010 --> 00:09:30.114 but if we take those same binary chunks 00:09:30.114 --> 00:09:31.296 that I would be trying to find, 00:09:31.296 --> 00:09:33.060 and instead translate that 00:09:33.060 --> 00:09:34.980 to a visual representation, 00:09:34.980 --> 00:09:36.777 translate those relationships, 00:09:36.777 --> 00:09:38.333 this is what we get. 00:09:38.333 --> 00:09:40.247 This is what English text looks like 00:09:40.247 --> 00:09:42.918 from a visual abstraction perspective. 00:09:42.918 --> 00:09:44.058 All of a sudden, 00:09:44.058 --> 00:09:45.493 it shows us all the same information 00:09:45.493 --> 00:09:46.665 that was in the ones and zeros, 00:09:46.665 --> 00:09:48.986 but show us it in an entirely different way, 00:09:48.986 --> 00:09:50.703 a way that we can immediately comprehend. 00:09:50.703 --> 00:09:53.668 We can instantly see all of the patterns here. 00:09:53.668 --> 00:09:56.260 It takes me seconds to pick out patterns here, 00:09:56.260 --> 00:09:58.514 but hours, days, to pick them out 00:09:58.514 --> 00:09:59.834 in ones and zeros. 00:09:59.834 --> 00:10:01.570 It takes minutes for anybody to learn 00:10:01.570 --> 00:10:03.235 what these patterns represent here, 00:10:03.235 --> 00:10:05.482 but years of experience in cyber 00:10:05.482 --> 00:10:07.136 to learn what those same patterns represent 00:10:07.136 --> 00:10:08.722 in ones and zeros. 00:10:08.722 --> 00:10:10.384 So this piece is caused by 00:10:10.384 --> 00:10:12.408 lower case letters followed by lower case letters 00:10:12.408 --> 00:10:14.175 inside of that contact list. 00:10:14.175 --> 00:10:15.516 This is upper case by upper case, 00:10:15.516 --> 00:10:18.201 upper case by lower case, lower case by upper case. 00:10:18.201 --> 00:10:20.887 This is caused by spaces. This is caused by carriage returns. 00:10:20.887 --> 00:10:22.395 We can go through every little detail 00:10:22.395 --> 00:10:25.361 of the binary information in seconds, 00:10:25.361 --> 00:10:28.895 as opposed to weeks, months, at this level. 00:10:28.895 --> 00:10:30.407 This is what an image looks like 00:10:30.407 --> 00:10:32.283 from your cell phone. 00:10:32.283 --> 00:10:33.296 But this is what it looks like 00:10:33.296 --> 00:10:35.187 in a visual abstraction. 00:10:35.187 --> 00:10:37.172 This is what your music looks like, 00:10:37.172 --> 00:10:39.375 but here's its visual abstraction. 00:10:39.375 --> 00:10:41.135 Most importantly for me, 00:10:41.135 --> 00:10:44.410 this is what the code on your cell phone looks like. 00:10:44.410 --> 00:10:46.567 This is what I'm after in the end, 00:10:46.567 --> 00:10:48.707 but this is its visual abstraction. 00:10:48.707 --> 00:10:51.216 If I can find this, I can't make the phone explode. 00:10:51.216 --> 00:10:53.835 I could spend weeks trying to find this 00:10:53.835 --> 00:10:55.012 in ones and zeros, 00:10:55.012 --> 00:10:56.796 but it takes me seconds to pick out 00:10:56.796 --> 00:11:00.100 a visual abstraction like this. NOTE Paragraph 00:11:00.100 --> 00:11:02.592 One of those most remarkable parts about all of this 00:11:02.592 --> 00:11:05.424 is it gives us an entirely new way to understand 00:11:05.424 --> 00:11:08.663 new information, stuff that we haven't seen before. 00:11:08.663 --> 00:11:11.167 So I know what English looks like at a binary level, 00:11:11.167 --> 00:11:13.277 and I know what its visual abstraction looks like, 00:11:13.277 --> 00:11:16.592 but I've never seen Russian binary in my entire life. 00:11:16.592 --> 00:11:18.392 It would take me weeks just to figure out 00:11:18.392 --> 00:11:21.389 what I was looking at from raw ones and zeros, 00:11:21.389 --> 00:11:23.140 but because our brains can instantly pick up 00:11:23.140 --> 00:11:25.957 and recognize these subtle patterns inside 00:11:25.957 --> 00:11:27.445 of these visual abstractions, 00:11:27.445 --> 00:11:29.277 we can unconsciously apply those 00:11:29.277 --> 00:11:30.850 in new situations. 00:11:30.850 --> 00:11:32.332 So this is what Russian looks like 00:11:32.332 --> 00:11:33.912 in a visual abstraction. 00:11:33.912 --> 00:11:35.716 Because I know what one language looks like, 00:11:35.716 --> 00:11:37.292 I can recognize other languages 00:11:37.292 --> 00:11:39.162 even when I'm not familiar with them. 00:11:39.162 --> 00:11:40.948 This is what a photograph looks like, 00:11:40.948 --> 00:11:42.835 but this is what clip art looks like. 00:11:42.835 --> 00:11:45.390 This is what the code on your phone looks like, 00:11:45.390 --> 00:11:48.097 but this is what the code on your computer looks like. 00:11:48.097 --> 00:11:49.961 Our brains can pick up on these patterns 00:11:49.961 --> 00:11:51.912 in ways that we never could have 00:11:51.912 --> 00:11:54.408 from looking at raw ones and zeros. 00:11:54.408 --> 00:11:56.264 But we've really only scratched the surface 00:11:56.264 --> 00:11:58.401 of what we can do with this approach. 00:11:58.401 --> 00:12:00.079 We've only begun to unlock the capabilities 00:12:00.079 --> 00:12:03.394 of our minds to process visual information. 00:12:03.394 --> 00:12:05.384 If we take those same concepts and translate them 00:12:05.384 --> 00:12:07.035 into three dimensions instead, 00:12:07.035 --> 00:12:10.230 we find entirely new ways of making sense of information. 00:12:10.230 --> 00:12:12.715 In seconds, we can pick out every pattern here. 00:12:12.715 --> 00:12:14.535 we can see the cross associated with code. 00:12:14.535 --> 00:12:16.467 We can see cubes associated with text. 00:12:16.467 --> 00:12:18.943 We can even pick up the tiniest visual artifacts. 00:12:18.943 --> 00:12:21.073 Things that would take us weeks, 00:12:21.073 --> 00:12:23.267 months to find in ones and zeroes, 00:12:23.267 --> 00:12:25.070 are immediately apparent 00:12:25.070 --> 00:12:27.340 in some sort of visual abstraction, 00:12:27.340 --> 00:12:28.472 and as we continue to go through this 00:12:28.472 --> 00:12:30.488 and throw more and more information at it, 00:12:30.488 --> 00:12:32.769 what we find is that we're capable of processing 00:12:32.769 --> 00:12:35.185 billions of ones and zeros 00:12:35.185 --> 00:12:36.353 in a matter of seconds 00:12:36.353 --> 00:12:39.587 just by using our brain's built-in ability 00:12:39.587 --> 00:12:41.541 to analyze patterns. NOTE Paragraph 00:12:41.541 --> 00:12:43.844 So this is really nice and helpful, 00:12:43.844 --> 00:12:46.203 but all this tells me is what I'm looking at. 00:12:46.203 --> 00:12:47.687 So at this point, based on visual patterns, 00:12:47.687 --> 00:12:50.096 I can find the code on the phone. 00:12:50.096 --> 00:12:52.761 But that's not enough to blow up a battery. 00:12:52.761 --> 00:12:54.329 The next thing I need to find is the code 00:12:54.329 --> 00:12:56.090 that controls the battery, but we're back 00:12:56.090 --> 00:12:57.821 to the needle in a stack of needles problem. 00:12:57.821 --> 00:13:00.210 That code looks pretty much like all the other code 00:13:00.210 --> 00:13:02.448 on that system. NOTE Paragraph 00:13:02.448 --> 00:13:04.849 So I might not be able to find the code that controls the battery, 00:13:04.849 --> 00:13:06.860 but there's a lot of things that are very similar to that. 00:13:06.860 --> 00:13:08.714 You have code that controls your screen, 00:13:08.714 --> 00:13:10.930 that controls your buttons, that controls your microphones, 00:13:10.930 --> 00:13:12.858 so even if I can't find the code for the battery, 00:13:12.858 --> 00:13:15.103 I bet I can find one of those things. 00:13:15.103 --> 00:13:17.808 So the next step in my binary analysis process 00:13:17.808 --> 00:13:19.039 is to look at pieces of information 00:13:19.039 --> 00:13:21.057 that are similar to each other. 00:13:21.057 --> 00:13:25.040 It's really, really hard to do at a binary level, 00:13:25.040 --> 00:13:28.683 but if we translate those similarities to a visual abstraction instead, 00:13:28.683 --> 00:13:31.121 I don't even have to sift through the raw data. 00:13:31.121 --> 00:13:33.276 All I have to do is wait for the image to light up 00:13:33.276 --> 00:13:35.512 to see when I'm at similar pieces. 00:13:35.512 --> 00:13:38.540 I follow these strands of similarity like a trail of bread crumbs 00:13:38.540 --> 00:13:41.646 to find exactly what I'm looking for. NOTE Paragraph 00:13:41.646 --> 00:13:43.380 So at this point in the process, 00:13:43.380 --> 00:13:44.698 I've located the code 00:13:44.698 --> 00:13:46.383 responsible for controlling your battery, 00:13:46.383 --> 00:13:48.959 but that's still not enough to blow up a phone. 00:13:48.959 --> 00:13:50.523 The last piece of the puzzle 00:13:50.523 --> 00:13:53.202 is understanding how that code 00:13:53.202 --> 00:13:54.404 controls your battery. 00:13:54.404 --> 00:13:56.792 For this, I need to identify 00:13:56.792 --> 00:13:58.508 very subtle, very detailed relationships 00:13:58.508 --> 00:14:00.597 within that binary information, 00:14:00.597 --> 00:14:02.352 another very hard thing to do 00:14:02.352 --> 00:14:04.664 when looking at ones and zeros. 00:14:04.664 --> 00:14:06.060 But if we translate that information 00:14:06.060 --> 00:14:08.240 into a physical representation, 00:14:08.240 --> 00:14:11.256 we can sit back and let our visual cortex do all the hard work. 00:14:11.256 --> 00:14:12.990 It can find all the detailed patterns, 00:14:12.990 --> 00:14:15.010 all the important pieces, for us. 00:14:15.010 --> 00:14:17.603 It can find out exactly how the pieces of that code 00:14:17.603 --> 00:14:20.537 work together to control that battery. 00:14:20.537 --> 00:14:23.541 All of this can be done in a matter of hours, 00:14:23.541 --> 00:14:24.897 whereas the same process 00:14:24.897 --> 00:14:27.819 would have taken months in the past. NOTE Paragraph 00:14:27.819 --> 00:14:29.008 This is all well and good 00:14:29.008 --> 00:14:31.950 in a theoretical blow up a terrorist's phone situation. 00:14:31.950 --> 00:14:34.797 I wanted to find out if this would really work 00:14:34.797 --> 00:14:37.426 in the work I do every day. 00:14:37.426 --> 00:14:40.481 So I was playing around with these same concepts 00:14:40.481 --> 00:14:43.505 with some of the data I've looked at in the past, 00:14:43.505 --> 00:14:45.997 and yet again, I was trying to find 00:14:45.997 --> 00:14:48.205 a very detailed, specific piece of code 00:14:48.205 --> 00:14:51.800 inside of a massive piece of binary information. 00:14:51.800 --> 00:14:53.573 So I looked at it at this level, 00:14:53.573 --> 00:14:55.523 thinking I was looking at the right thing, 00:14:55.523 --> 00:14:57.844 only to see this doesn't have 00:14:57.844 --> 00:14:59.584 the connectivity I would have expected 00:14:59.584 --> 00:15:01.489 for the code I was looking for. 00:15:01.489 --> 00:15:04.092 In fact, I'm not really sure what this is, 00:15:04.092 --> 00:15:05.104 but when I stepped back a level 00:15:05.104 --> 00:15:06.819 and looked at the similarities within the code 00:15:06.819 --> 00:15:09.113 I saw, this doesn't have similarities 00:15:09.113 --> 00:15:10.604 like any code that exists out there. 00:15:10.604 --> 00:15:12.829 I can't even be looking at code. 00:15:12.829 --> 00:15:15.215 In fact, from this perspective, 00:15:15.215 --> 00:15:17.263 I could tell, this isn't code. 00:15:17.263 --> 00:15:19.311 This is an image of some sort. 00:15:19.311 --> 00:15:20.993 And from here, I can see, 00:15:20.993 --> 00:15:23.904 it's not just an image, this is a photograph. 00:15:23.904 --> 00:15:25.296 Now that I know it's a photograph, 00:15:25.296 --> 00:15:28.226 I've got dozens of other binary translation techniques 00:15:28.226 --> 00:15:30.647 to visualize and understand that information, 00:15:30.647 --> 00:15:33.190 so in a matter of seconds, we can take this information, 00:15:33.190 --> 00:15:35.587 shove it through a dozen other visual translation techniques 00:15:35.587 --> 00:15:39.318 in order to find out exactly what we were looking at. 00:15:39.318 --> 00:15:41.000 I saw — (Laughter) — 00:15:41.000 --> 00:15:44.456 it was that darn kitten again. 00:15:44.456 --> 00:15:45.506 All this is enabled 00:15:45.506 --> 00:15:47.001 because we were able to find a way 00:15:47.001 --> 00:15:49.030 to translate a very hard problem 00:15:49.030 --> 00:15:51.542 to something our brains do very naturally. NOTE Paragraph 00:15:51.542 --> 00:15:53.780 So what does this mean? 00:15:53.780 --> 00:15:55.325 Well, for kittens, it means 00:15:55.325 --> 00:15:57.742 no more hiding in ones and zeros. 00:15:57.742 --> 00:16:01.045 For me, it means no more wasted weekends. 00:16:01.045 --> 00:16:03.657 For cyber, it means we have a radical new way 00:16:03.657 --> 00:16:06.622 to tackle the most impossible problems. 00:16:06.622 --> 00:16:08.434 It means we have a new weapon 00:16:08.434 --> 00:16:10.850 in the evolving theater of cyber warfare, 00:16:10.850 --> 00:16:12.270 but for all of us, 00:16:12.270 --> 00:16:13.745 it means that cyber engineers 00:16:13.745 --> 00:16:15.891 now have the ability to become first responders 00:16:15.891 --> 00:16:18.474 in emergency situations. 00:16:18.474 --> 00:16:19.521 When seconds count, 00:16:19.521 --> 00:16:22.930 we've unlocked the means to stop the bad guys. NOTE Paragraph 00:16:22.930 --> 00:16:24.930 Thank you. NOTE Paragraph 00:16:24.930 --> 00:16:27.892 (Applause)