Top hacker shows us how it's done | Pablos Holman | TEDxMidwest

so this is a hotel room kind of like the one I'm staying in I get bored sometimes room like this has not a lot to offer for entertainment but for hacker it gets a little interesting because that television is not like the television in your home it's a note on a network alright that means I can mess with it if I plug a little device like this into my computer it's an infrared transceiver I can send the codes that the TV remote might send and some other codes so what well I can watch movies for free that doesn't matter to me so much but I can play video games too Hey but what's this I can not only do this for my TV in my hotel room I can control your TV in your hotel room so I can watch you if you're checking out with one of these you know TV based registration things if you're surfing the web on your hotel TV I can watch you do it sometimes you see interesting stuff funds transfer really big funds transfers you never know what people might want to do while they're surfing the web from their hotel room but the point is I get to decide if you're watching Disney report tonight anybody else staying at the Affinia Hotel all right this is a project I worked on when we were trying to figure out the security properties of wireless networks it's called the hacker bot this is a robot we built that can drive around and find Wi-Fi users drive up to them and show them their passwords on the screen we just we just wanted to build a robot but you know we didn't know what to make it do so we made the pistol version of the same thing this is called the sniper yagi it's a for your long-range password sniffing action about a mile away I can watch your well–that's Network this is a project I worked on with Ben Laurie to show passive surveillance so what it is is a map of the conference called computers freedom and privacy in this conference was in a hotel and what we did is we um you know put a computer in each room of the conference that logged all the Bluetooth traffic so as everybody came and went with their phones and laptops we were able to just log that correlate it and then I can print out a map like this for everybody at the conference this is Kim Cameron the chief privacy architect at Microsoft unbeknownst to him I got to you know see everywhere he went and I can show I can correlate this and show you know who he hangs out with he got bored hangs out in the lobby with somebody anybody here use cell phones so my phone is calling calling you have one unheard message Oh first unheard message where do i press skin first its message phone menu to listen to you use pressed an incorrect key you have to Skip's messages three saved messages goodbye Oh so weird Brad's voicemail and I was going to record them a new message but I seem to have pressed an invalid key so we're going to move on and I'll explain how that works some other day because we're short on time anybody here use myspace myspace users oh used to be popular it's kind of like Facebook this guy a buddy of ours Sammy was trying to meet chicks on MySpace which i think is what it used to be good for and what he did is he didn't see you know he had a page on myspace about him it's all your friends and that's how you know you're somebody's cool is they have a lot of friends on MySpace well Sammy didn't have any friends so he wrote a little bit of JavaScript code that he put in his page so that whenever you look at his page would just automatically add you as his friend and it would skip the whole acknowledgment response protocol of saying is Sammy really your friend but then it would copy that code on to your page so that whenever anybody looked at your page it would automatically add them as Sammy's friend to and it would change your page to say that Sammy is your hero so in under 24 hours Sammy had over a million friends on MySpace you know hey he just finished serving three years probation for that even better Christopher a bad this guy another hacker also trying to meet chicks on MySpace but having spotty results some of these dates didn't work out so well so what a bad did is he wrote a little bit of code to connect myspace to spam assassin which is an open-source spam filter it works just like the spam filter in your email you train it by giving it some spam train it by giving it a little bit of legitimate email and it tries to use artificial intelligence to work out the difference right well he just trained it on profiles from girls he dated and liked as legitimate email profiles from girls he dated and not like as spam and then ran it against every profile on myspace out spits girls you might like to date I think you know what I say about a bet is I think there's like three startups here I don't know why we need when we could have spam dating you know this is this is innovation he's got a problem he found a solution anybody used these uh bloop keys for opening your car remotely they're popular and well maybe not Chicago okay yeah so kids these days will drive through a Walmart parking lot clicking open open open bloop eventually you find another Jetta or whatever just like yours maybe a different color that uses the same key code kids will just loot it lock it up and go your insurance company will roll over on you because there's no evidence of a break-in for one manufacturer we figured out how to manipulate that key so that will open every car from that manufacturer there is a point to be made about this which I barely have time for but it's that your car is now a PC your phone is also a PC your toaster if it is not a PC soon will be right and I'm not joking about that and the point of that is that when that happens you inherit all the security properties and problems of PCs and we have a lot of them so keep that in mind we could talk more about that later anybody use a lock like this on your front door okay good I do too this is a Schlage lock it's on half of the front doors in America I brought one to show you so this is my age lock this is a key that fits the lock but isn't cut right so it won't turn it anybody here ever try to pick locks with tools like this all right got a few few nefarious lock pickers well it's for kids with OCD you've got to put them in there and Finnick with them and spend hours getting the finesse down to manipulate the pins you know for the a D D kids in the house there's an easier way I put my little magic key in here and put a little pressure on there to turn it smack it a few times with this special mallet and I just pick the lock we're in it's easy and in fact I don't really know much more about this than you do it's really really easy I have a keychain I made of these same kind of key for every other lock in America and if you're interested I bought a key machine so that I can cut these keys and I made some for all of you guys so my gift to you come afterwards and I will show you how to pick a lock and give you one of these keys you can take home and try on your door anybody use these USB thumb drives yeah print my Word document yeah they're very popular mine works kind of like yours you can print my Word document for me but while you're doing that invisibly and magically in the background it's just making a handy backup of your My Documents folder and your browser history and cookies and your registry and password database and all the things that you know you might need someday if you have a problem so we just like to make these things and litter them around at conferences anybody here use credit cards oh good yeah so they're popular and wildly secure well there's new credit cards that you might have gotten in the mail with a letter explaining how it's your new secure credit card anybody get one of these you know it's secure because it has a chip in it an RFID tag and you can use these in taxi cabs and at Starbucks I brought one to show you by just touching the reader anybody seen these before okay who's got one bring it on up here there's a there's a prize in it for you I just want to show you some things we learned about them I got this credit card in the mail I really do need some volunteers in fact I need one two three four or five volunteers because the winners are going to get these awesome stainless steel wallets that protect you against the problem that you guessed I'm about to demonstrate bring you a credit card up here and I'll show you I want I want to try it on one of these uh awesome new credit cards okay so somebody can do we have like a conference organizer somebody can coerce people into cooperating it's really it's by your own volition because you know okay so this is a this is where the demo gets really awesome I know you guys have never seen what's that they're really cool wallets made of stainless steel okay anybody else seen code on screen at Ted before yeah this is pretty awesome okay okay great I got volunteers so who has one of these exciting credit cards okay here we go I'm about to show your credit card number only to 350 close friends hear the beep that means someone's hacking your credit card okay what did we get valued customer and the credit card number and expiration date it turns out your secure new credit card is not totally secure anybody else want to try yours while we're here beep let's see what we got so we bitched about this and AMEX changed it so that doesn't show the name anymore which is progress you can see mine if it shows it yeah it shows my name on or that's what my mom calls me anyway Oh yours doesn't have it okay anyway so when next time you get something in the mail that says it's secure send it to me oh wait one of these is empty hold on I think this is the one yep here you go you get the one that's just assembled all right cool okay I still have a few minutes yet left so I'm gonna make a couple points oh that's my subliminal messaging campaign it was supposed to be much faster okay here's the most exciting slide ever shown at Ted this is the protocol diagram for SSL which is the encryption system in your web browser that protects your credit card when you're sending it to Amazon and whatnot very exciting I know but the point is hackers will attack every point in this protocol right I'm going to send two responses when the server's accepting one I'm going to send a zero and it's expecting a one I'm going to send twice as much data as it's expecting I'm going to take twice as long answering as it's expecting I'll just try a bunch of stuff see where it breaks see what falls in my lap when I find a hole like that then I can start looking for an exploit all right this is a little more what SSL looks like hackers that really boring this guy kills a million Africans a year it's an awfully steep NZ mosquito carrying malaria is this wrong talk this is a protocol diagram for malaria so what we're doing in our lab is attacking this protocol at every point we can find right it has a very complex life cycle that I won't go into now but it's been some time in humans some time and mosquitoes and what I need are hackers because hackers have a mind that's optimized for discovery they have a mind that's optimized for figuring out what's possible you know I often illustrate this by saying if you you know get some random new gadget and show it to your mom she might say well what does this do and you'd say mom it's a phone and instantly she would know exactly what it's for but with a hacker the question is different the question is what can I make this do I'm going to take all the screws out and take the back off and break it into a lot of little pieces but then I'm going to figure out what I can build from the rubble that's discovery and we need to do that in science and technology to figure out what's possible and so in the lab what I'm trying to do is apply that mindset to some of the biggest problems humans have we work on malaria thanks to Bill Gates who asked us to work on it this is how we used to solve malaria this is a real ad from like the 40s we eradicated a malaria in the u.s. by spraying DDT everywhere in the lab what we do is a lot of work to try and understand the problem this is a high-speed video we have a badass video camera trying to learn how mosquitoes fly and you can see that they're more like swimming in air we actually have no idea how they fly but we have a cool video camera so we know yeah cost more than a Ferrari anyway we came up with some ways to take care of mosquitoes let's shoot them down with laser beams this is what happens you know when you put one of every kind of scientist in the room and a laser junkie so people thought it was funny at first but we figured out you know we can build this out of consumer electronics it's using the CCD from a webcam the laser from like a blu-ray burner the laser gal bows from a laser printer if we do the motion detection on a GPU processor like you might find a video game system it's all stuff that follows Moore's law so it's actually not going to be that expensive to do it the idea is that we would put a like perimeter of these laser systems around a building or a village and just shoot all the mosquitoes on their way in to feed on humans and we might want to do that you know for your backyard we could also do it to protect crops our team is right now working on characterizing what they need to do the same thing for the pests that has wiped out about two-thirds of the I think it's about two-thirds of the orange groves in Florida so people laughed at first this is a video of our system working we are tracking mosquitoes live as they fly around those crosshairs are put there by our computer it just watches them finds them moving and then it's aims a laser at them to sample their wing beat frequency figure out from that is this a mosquito is it an awfully stiff Enzi is it female and if all that's true then we shoot it down with lethal laser so we have this working in a lab we're working on that taking that project into the field now all this happens at the intellectual Ventures lab in Seattle where I work and we try and take on some of the hardest problems that humans have and this is the money shot you can see we just burned his wing off with a UV laser he's not coming back kind of vaporized his wing right there yeah they love it I mean you know never got called by PETA or anyone else I mean there's so it's the perfect enemy there's just no one coming to the rescue of mosquitoes sometimes we overdo it yeah so anyway I'm going off stage this is the intellectual Ventures lab where I work basically we use every kind of scientist and one of every tool in the world to work on crazy invention projects so thanks

  1. I read an article awhile back that talked about Wi-Fi appliances. It stated that hackers can cruise by neighborhoods and they use their laptop to identify which house has theses appliances. Then they can see a layout of the interior of your home.Your Wi-Fi appliance betrayed you , Dang. They can even see If your home. Now that is scary.

  2. Very educative video, more light needs to be shed on ethical hacking as well. An experienced hacker offered me his service through the deep web. Ever since I have been finding unsual way around everything tech.
    This hacker executed various tasks for me based on Web ( HTML, PHP, SQL, APACHE), C/C++, Assemble, Delphi, 0day Exploits, highly persornalized Trojans and boots and DDoS. You can hire him for any kind of website hacks, phone hack or phone spying, email hacks and credit card/bank hacks. All you need is to be discrete and text his email
    [email protected] com

  3. It would be more effective to put the mosquito killer around their breeding areas. Stop them at the source and they will be eliminated. We did that when building the Panama Canal and it worked.

  4. Even thinking about hacking is not just a felony, it is a terrorist act.
    If you are really good you will go to work for the NSA or CIA, not by choice

    If another govt finds you before ours, you will be working for them, again, not by choice.

    If you are not really good you will be thrown in a hole and forgotten about

    The best hackers in the world work in the coolest places that the govt doesn't want you to know exist

    Just ask Ed.

Leave a Reply

Your email address will not be published. Required fields are marked *