Articles Blog

Top hacker shows us how it’s done | Pablos Holman | TEDxMidwest

Top hacker shows us how it’s done | Pablos Holman | TEDxMidwest


Translator: Bob Prottas
Reviewer: Ariana Bleau Lugo So this is a hotel room,
kind of like the one I’m staying in. I get bored sometimes. A room like this has not a lot
to offer for entertainment. But for a hacker, it gets a little
interesting because that television is not like the television in your home, it’s a node on a network. Right? That means I can mess with it. If I plug a little device
like this into my computer, it’s an infrared transceiver,
I can send the codes that the TV remote might send
and some other codes. So what?
Well, I can watch movies for free. (Laughter) That doesn’t matter to me so much,
but I can play video games too. Hey, but what’s this? I can not only do this
for my TV in my hotel room, I can control your TV in your hotel room. (Laughter) So I can watch you
if you’re checking out with one of these, you know, TV based registration things, if you’re surfing
the web on your hotel TV, I can watch you do it. Sometimes it’s interesting stuff. Funds transfer. Really big funds transfers. You never know what people
might want to do while they’re surfing the web
from their hotel room. (Laughter) The point is I get to decide
if you’re watching Disney or porn tonight. Anybody else staying
at the Affinia hotel? (Laughter) This is a project I worked on
when we were trying to figure out the security properties of wireless
networks; it’s called the “Hackerbot”. This is a robot we’ve built that can
drive around and find Wi-Fi users, drive up to them and show them
their passwords on the screen. (Laughter) We just wanted to build a robot, but we didn’t know
what to make it do, so – We made the pistol
version of the same thing. This is called the “Sniper Yagi”. It’s for your long-range
password sniffing action, about a mile away I can watch
your wireless network. This is a project I worked on with
Ben Laurie to show passive surveillance. So what it is, is a map
of the conference called “Computers, Freedom and Privacy”. And this conference was
in a hotel, and what we did is we, you know, put a computer
in each room of the conference that logged all the Bluetooth traffic. So as everybody came and went
with their phones and laptops we were able to just log that,
correlate it, and then I can print out a map like this
for everybody at the conference. This is Kim Cameron,
the Chief Privacy Architect at Microsoft. (Laughter) Unbeknownst to him, I got to see everywhere he went. And I can correlate this
and show who he hangs out with (phone dialing)
when he got bored, (phone dialing)
hangs out in the lobby with somebody. Anybody here use cellphones? (Laughter) (Phone ringing) So my phone is calling – (Ringing) calling – Voice mail: You have 100 messages. Palbos Holman: Uh oh! VM: First unheard message – PH: Where do I press – VM: Message skipped.
First skipped message. PH: Uh oh! VM: Main menu. To listen to your –
You have pressed an incorrect key – You have two skipped messages.
Three saved messages. Goodbye. PH: Uh oh!
So we’re in Brad’s voice mail. (Laughter) And I was going to record him
a new message, but I seem to have pressed an invalid key, so we’re going to move on. And I’ll explain how that works some
other day because we’re short on time. Anybody here used MySpace? MySpace users? Oh! Used to be popular.
It’s kind of like Facebook. This guy, a buddy of ours Samy,
was trying to meet chicks on MySpace which I think is what
it used to be good for. And what he did is he had
a page on MySpace about him. It lists all your friends,
and that’s how you know somebody’s cool is that they have
a lot of friends on MySpace. Well, Samy didn’t have any friends. He wrote a little bit of Javascript code
that he put in his page, so that whenever you look at his page it would just automagically
add you as his friend. And it would skip the whole
acknowledgement response protocol saying “Is Samy really your friend?” But then it would copy
that code onto your page, so that whenever anybody
looked at your page it would automatically add them
as Samy’s friend too. (Laughter) And it would change your page
to say that “Samy is your hero.” (Laughter) So in under 24 hours, Samy had
over a million friends on MySpace. (Laughter) Hey, he just finished serving
3-years probation for that. (Laughter) Even better, Christopher Abad,
this guy, another hacker, also trying to meet chicks
on MySpace but having spotty results. Some of these dates
didn’t work out so well, so what Abad did
is he wrote a little bit of code to connect MySpace to Spam Assassin,
which is an open source spam filter. It works just like
the spam filter in your email. You train it by giving it some spam train it by giving it a little
bit of legitimate email, and it tries to use
artificial intelligence to work out the difference. Right? Well, he just trained it on profiles
from girls he dated and liked as legitimate email. Profiles from girls he dated
and not liked, as spam, and then ran it against
every profile on MySpace. (Laughter) Out spits girls you might like to date. What I say about Abad is, I think,
there’s like three startups here. I don’t know why we need Match.com,
when we can have Spam dating? You know this is innovation. He’s got a problem, he found a solution. Does anybody use these – bleep –
keys for opening your car remotely? They’re popular in, well,
maybe not Chicago, OK. So kids these days will drive
through a Wal-Mart parking lot clicking open, open, open, bloop. Eventually you find another
Jetta or whatever just like yours, maybe a different color,
that uses the same key code. Kids will just loot it, lock it up and go. Your insurance company
will roll over on you because there’s not
evidence of a break-in. For one manufacturer we figured
out how to manipulate that key so that it will open every car
from that manufacturer. (Laughter) There is a point to be made about this
which I barely have time for, but it’s that your car is now a PC,
your phone is also a PC, your toaster, if it is not a PC,
soon will be. Right? And I’m not joking about that. And the point of that is
that when that happens you inherit all the security
properties and problems of PC’s. And we have a lot of them. So keep that in mind,
we can talk more about that later. Anybody use a lock like this
on your front door? OK, good. I do too. This is a Schlage lock. It’s on half of the front doors
in America. I brought one to show you. So this is my Schlage lock. This is a key that fits the lock,
but isn’t cut right, so it won’t turn it. Anybody here ever tried
to pick locks with tools like this? All right, got a few,
few nefarious lock pickers. Well, it’s for kids with OCD. You’ve got to put them in there,
and finick with them, spend hours getting the finesse
down to manipulate the pins. You know, for the ADD kids in the house
there’s an easier way. I put my little magic key in here, I put a little pressure on there
to turn it, (Tapping) smack it a few times
with this special mallet and I just picked the lock. We’re in. It’s easy. And in fact, I don’t really know
much more about this than you do. It’s really, really easy. I have a keychain I made
of the same kind of key for every other lock in America. And if you’re interested,
I bought a key machine so that I can cut these keys
and I made some for all of you guys. (Laughter) (Applause) So my gift to you,
come afterwards and I will show you how to pick a lock
and give you one of these keys you can take home and try it on your door. Anybody used these USB thumb drives? Yeah, print my Word document, yeah! They’re very popular. Mine works kind of like yours.
You can print my Word document for me. But while you’re doing that,
invisibly and magically in the background it’s just making a handy backup
of your My Documents folder, and your browser history and cookies
and your registry and password database, and all the things that you might need
someday if you have a problem. So we just like to make these things
and litter them around at conferences. (Laughter) Anybody here use credit cards? (Laughter) Oh, good! Yeah, so they’re popular
and wildly secure. (Laughter) Well, there’s new credit cards
that you might have gotten in the mail with a letter explaining how
it’s your new “Secure credit card”. Anybody get one of these? You know it’s secure because
it has a chip in it, an RFID tag, and you can use these in
Taxicabs and at Starbucks, I brought one to show you,
by just touching the reader. Has anybody seen these before? Okay, who’s got one? Bring it on up here. (Laughter) There’s a prize in it for you. I just want to show you
some things we learned about them. I got this credit card in the mail. I really do need some volunteers,
in fact, I need one, two, three, four, five
volunteers because the winners are going to get these
awesome stainless steel wallets that protect you against the problem that
you guessed, I’m about to demonstrate. Bring your credit card up here
and I’ll show you. I want to try it on one of these
awesome new credit cards. OK. Do we have a conference organizer, somebody who can coerce people
into cooperating? (Laughing) It’s by your own volition because – This is where the demo gets really awesome I know you guys have never seen – (Inaudible question) What’s that? They’re really cool wallets
made of stainless steel. Anybody else seen code
on screen at TED before? Yeah, this is pretty awesome. (Laughter) OK, great I got volunteers. So who has one of these
exciting credit cards? OK, here we go. I’m about to share
your credit card number only to 350 close friends. Hear the beep? That means someone’s hacking
your credit card. OK, what did we get? Valued customer and the credit
card number and expiration date. It turns out your secure new
credit card is not totally secure. Anybody else want to try yours
while you’re here? Man: Can you install overdraft protection? PH: Beep, let’s see what we got? So we bitched about
this and AMEX changed it, so it doesn’t show the name anymore. Which is progress.
You can see mine, if it shows it. Yeah, it shows my name on it,
that’s what my Mom calls me anyway. Yours doesn’t have it. Anyway, so next time you get
something in the mail that says it’s secure, send it to me. (Laughter) Oh wait, one of these is empty, hold on. I think this is the one, yep, here you go. You get the one that’s disassembled. All right, cool. (Applause) I still have a few minutes yet left,
so I’m going to make a couple of points. (Laughter) Oh, shit. That’s my subliminal messaging campaign.
It was supposed to be much faster. Here’s the most exciting slide
ever shown at TED. This is the protocol diagram for SSL, which is the encryption
system in your web browser that protects your credit card when you’re
sending it to Amazon and so on. Very exciting, I know, but the point is hackers will attack every
point in this protocol, right? I’m going to send two responses
when the server’s expecting one. I’m going to send a zero
when it’s expecting a one. I’m going to send twice as much
data as it’s expecting. I’m going to take twice as long
answering as it’s expecting. Just try a bunch of stuff.
See where it breaks. See what falls in my lap. When I find a hole like that
then I can start looking for an exploit. This is a little more what SSL looks
like to hackers, that’s really boring. This guy kills a million Africans a year. It’s Anopheles stephensi mosquito
carrying malaria. Is this the wrong talk? (Laughter) This is a protocol diagram for malaria. So what we’re doing in our lab
is attacking this protocol at every point we can find. It has a very complex life cycle
that I won’t go into now, but it spends some time in humans,
some time in mosquitos and what I need are hackers. Because hackers have a mind
that’s optimized for discovery. They have a mind that’s optimized
for figuring out what’s possible. You know, I often illustrate this
by saying, If you get some random new
gadget and show it to your Mom, she might say, “Well, what does this do?”
And you’d say “Mom, it’s a phone.” And instantly, she’d would know
exactly what it’s for. But with a hacker,
the question is different. The question is,
“What can I make this do?” I’m going to take all the screws out,
and take the back off, and break it into a lot of little pieces. But then I’m going to figure out
what I can build from the rubble. That’s discovery, and we need to do that
in science and technology to figure out what’s possible. And so in the lab what I’m trying
to do is apply that mindset to some of the biggest
problems humans have. We work on malaria, thanks to
Bill Gates, who asked us to work on it. This is how we used to solve malaria. This is a real ad from like the 40’s. We eradicated malaria in the US
by spraying DDT everywhere. In the lab what we do is a lot of work
to try and understand the problem. This is a high-speed video,
we have a badass video camera, trying to learn how mosquitos fly. And you can see that
they’re more like swimming in air. We actually have no idea how they fly. But we have a cool video camera so we – (Laughter) Yeah, it cost more than a Ferrari. Anyway we came up with some
ways to take care of mosquitos. Let’s shoot them down with laser beams. This is what happens when you put
one of every kind of scientist in a room and a laser junky. So people thought it was funny at first, but we figured out, you know, we can
build this out of consumer electronics. It’s using the CCD from a webcam, the laser from a Blu-ray burner, the laser galvo is from a laser printer. We do motion detection on a GPU processor like you might find in video game system. It’s all stuff that follows Moore’s law. So it’s actually not going to
be that expensive to do it. The idea is that we would put a perimeter of these laser systems
around a building or a village and just shoot all the mosquitos
on their way in to feed on humans. And we might want to do that
for your backyard. We could also do it to protect crops. Our team is right now working on characterizing what they
need to do the same thing for the pest that has wiped out
about two thirds of the Orange groves in Florida. So people laughed at first. This is a video of our system working. We are tracking mosquitos live
as they fly around. Those crosshairs are put there
by our computer. It just watches them, finds them moving and then it aims a laser at them
to sample their wing beat frequency. Figure out from that, is this a mosquito? Is it Anopheles Stephensi?
Is it female? And if all that’s true then
we shoot it down with lethal laser. (Laughter) So we have this working in a lab. We’re working on taking
that project into the field now. All this happens at the Intellectual
Ventures Lab in Seattle where I work and we try and take on some
of the hardest problems that humans have. This is the money shot. You can see we just burned
his wing off with a UV laser. He’s not coming back. (Applause) Kind of vaporized
his wing right there, yeah. They love it.
I mean, you know. Never got called by PETA or anyone else. I mean, it’s the perfect enemy. There’s just no one coming
to the rescue of mosquitos. Sometimes we overdo it. So anyway, I’m going to get off stage. This is the Intellectual Ventures Lab
where I work. Basically we use every kind of scientist and one of every tool in the world
to work on crazy invention projects. Thanks. (Applause)

100 thoughts on “Top hacker shows us how it’s done | Pablos Holman | TEDxMidwest”

  1. Remember there is a reason for mosquitoes being around (food for bats, etc). To create these kill zones will be effective, but it's still messing with nature, and will just be another piece in the environmental destruction puzzle. Sorry! Just a thought. I should put people first.

  2. 5 minutes in and the only thing he has showed us is phone # spoofing using someone's own # to enter voicemail. I guess anyone can call themselves a top hacker.

  3. That automatically aimed laser that kill mosquitoes are quite cool. If they really did build it. I'm getting one pre-order

  4. I scanned your card to show the information that it is designed to provide when it is scanned.

    M4a44d Haaa44aaxxxxXxXXxx

    Hack: Liked my own comment because nobody will ever see it anyways.

  5. Same guy also went to jail 6months later. Accidental on his behalf taking MySpace off-line, had served 720hour community services(2years). Now in 2019. No reasons to mess with hacking but a hobby and a little extra cash… Wouldn't do anything with theses major companies inless it's in a contract.

  6. I hate tech. If Ted K. Actually used his time creating ways to defend against stuff like this and not bombs we may be alot safer with data. Its also terrible that electronic transaction are not more direct wire based than wirless. I'm a mechanic and I say LING LIVE THE CARBURETOR!!!!!! LOL I love all these Ted videos very cool and informative!!!!

  7. Yes Anandu Mohan I am watching this mind boggling video. Hackers can be good or bad. The mind of a " Hacker " thinks " What can I make this do ? What Discovery can I find i.e, in the lab of " Intellectual Lab. " The bad ones can obtain key codes to all the cars and use the key to steal cars. Even credit cards with a chip can be hacked Knowing SSL Encryption seems to be the way hackers hack. Still unclear as to exactly how hackers hack. As one person seeing this ,the deduction I make is people like me don't know computers and all that Holman speaks in his lecture. However, the importance to me is to be alert.( for non computer minds like me )

  8. Amazing that RFID credit cards are touted as the next level of high technology security. At my old work, we designed and built automated assembly lines for smart card manufacturing for the metro system in China….in 1998. I actually came up with a tip design used on the ultrasonic embedding "horns" that embed the copper antenna into the PVC substrate. Wouldnt be possible without this design. Chinese rfid card manufacturers copied this design and everyone copied it after that. I got no credit, no money and my name wasn't put on the patent….The American Dream

  9. okay so let's take apart a blu ray burner and some other things that aren't even remotely related to it and make an anti-mosquito system that SHOOTS down mosquitoes with a UV-laser. seems fine to me. XD

  10. Honestly a little scary to see what could have been done YEARS AGO. I really want to learn more about this along with coding, but it just too much and i have no clue where to start. Amazing these people can do what they do and that they learned what they did

  11. It looks like the mosquito was folding his wings from the top to the bottom and funneling air under him like he's on a little cloud

  12. Just another YouTube distraction video to keep you looking outside instead of looking within and finding truth

  13. Why a mosquito might be less valuable than say a dog? Point is that if you have fun killing it like that hacker then you are on your way to become a ……

  14. Any and everything that is conectes to the WiFi or network or just a signal can be “hacked”. The only problem with finding a way to catch that signal and manipulate it is the gadget. Is it already made or not. If the program is already out there or do I have to create one? Credit cards, phone company’s, the biggest and most impressive company’s that you wouldn’t expect to be hacked can be hacked. You can’t slow and hacker down either it’s happening or not. They put firewalls and they are effective. These company’s have protection because it’s a complicated network that has more than one source you have to enter before you do anything else. Surprise is when ever a company say apple, Microsoft or a tech company coming up gets hacked, and when the hacker is arrested or a deal is set, the company that believed they were safe contacts the individual or individuals and basically ask them how they did it. Why? Because he saw something no one saw. He figured out how to beat them. Most the time charges are dropped unless is federal or government based situation but they offer them a job. Sure they don’t have to since they already repaired or fixed the problem in no problem. The point is he got in, and the problem is they don’t know how. When Sony was hacked years back they actually hired those hackers to improve their system and basically fix the problem their people missed. Hackers are smart individuals because they don’t see or think like others such as a cashier they are totally different. They view something as a problem they have to figure out and if there isn’t one, they make them to fix them. A phone I’m the 80’s could have been used as the start of a hack or phreaking. Nowadays everything that has a signal is open. Something small as a watch that shows time and YouTube videos. He showed a key could be used to open any model of car the same as the key car model its for. Hackers are the best people because they find a solution or make something shown as strong but is really weak. This ted talk was intriguing because they were laughing and it’s was funny but for the wrong reasons. Don’t believe when it says secure because nothing is, things are only more time and thinking based to figure out the weak points like with the amazon system. Trial and error. What if we could create a code a system that would not only stop the hack but put a rouse on as if they were. Idk what I’m talking about anymore brain fart

  15. The comment with OCD and ADD made absolutely no sense. Have both and didn't see the connection between either.

  16. If you really wanted to work on something cool, you'd be figuring out where the human body gets electricity from. It's not from food or water.

  17. Tragically, their teams dressed as mosquitoes for that year’s halloween party and were all killed on the way through the front doors. Thus the technology was buried and swept under the rug of 240p.

  18. It's not called the world web for no reason at all folks the spider is coming try and run sheep for we all thought the shepherd was the one to be.

  19. The top bar on my phone started messing up watching this… Now I'm freaking out he's embedded a code into the video…

  20. Recommending [email protected] because he has really been of tremendous benefit to me, he has helped me in gaining access to several account in few years, I never mentioned his name because I don’t want people misusing the talented hacker. Serious clients should contact [email protected] now I save you of stress

Leave a Reply

Your email address will not be published. Required fields are marked *