Top hacker shows us how it's done | Pablos Holman | TEDxMidwest

00:00

Transcriber: Bob Prottas Reviewer: Ariana Bleau Lugo

00:11

So this is a hotel room, kind of like the one I'm staying in.

00:15

I get bored sometimes.

00:17

A room like this has not a lot to offer for entertainment.

00:21

But for a hacker, it gets a little interesting because that television

00:25

is not like the television in your home,

00:28

it's a node on a network. Right?

00:31

That means I can mess with it.

00:33

If I plug a little device like this into my computer,

00:37

it's an infrared transceiver, I can send the codes that

00:40

the TV remote might send and some other codes.

00:43

So what? Well, I can watch movies for free.

00:47

(Laughter)

00:49

That doesn't matter to me so much, but I can play video games too.

00:54

Hey, but what's this?

00:57

I can not only do this for my TV in my hotel room,

01:01

I can control your TV in your hotel room.

01:03

(Laughter)

01:05

So I can watch you if you're checking out with one of these,

01:07

you know, TV based registration things,

01:10

if you're surfing the web on your hotel TV,

01:13

I can watch you do it.

01:17

Sometimes it's interesting stuff.

01:19

Funds transfer.

01:22

Really big funds transfers.

01:25

You never know what people might want to do

01:28

while they're surfing the web from their hotel room.

01:31

(Laughter)

01:34

The point is I get to decide if you're watching Disney or porn tonight.

01:38

Anybody else staying at the Affinia hotel?

01:40

(Laughter)

01:42

This is a project I worked on when we were trying to figure out

01:46

the security properties of wireless networks; it's called the "Hackerbot".

01:50

This is a robot we've built that can drive around and find Wi-Fi users,

01:54

drive up to them and show them their passwords on the screen.

01:57

(Laughter)

02:00

We just wanted to build a robot,

02:02

but we didn't know what to make it do, so -

02:05

We made the pistol version of the same thing.

02:07

This is called the "Sniper Yagi".

02:09

It's for your long-range password sniffing action,

02:12

about a mile away I can watch your wireless network.

02:14

This is a project I worked on with Ben Laurie to show passive surveillance.

02:18

So what it is, is a map of the conference called

02:22

"Computers, Freedom and Privacy".

02:23

And this conference was in a hotel, and what we did is we,

02:28

you know, put a computer in each room of the conference

02:31

that logged all the Bluetooth traffic.

02:33

So as everybody came and went with their phones and laptops

02:36

we were able to just log that, correlate it,

02:38

and then I can print out a map like this for everybody at the conference.

02:42

This is Kim Cameron, the Chief Privacy Architect at Microsoft.

02:45

(Laughter)

02:46

Unbeknownst to him,

02:49

I got to see everywhere he went.

02:52

And I can correlate this and show who he hangs out with

02:56

(phone dialing) when he got bored,

02:58

(phone dialing) hangs out in the lobby with somebody.

03:00

Anybody here use cellphones?

03:02

(Laughter)

03:04

(Phone ringing)

03:08

So my phone is calling -

03:12

(Ringing)

03:17

calling -

03:23

Voice mail: You have 100 messages.

03:25

Palbos Holman: Uh oh!

03:27

VM: First unheard message -

03:29

PH: Where do I press -

03:31

VM: Message skipped. First skipped message.

03:33

PH: Uh oh!

03:34

VM: Main menu. To listen to your - You have pressed an incorrect key -

03:38

You have two skipped messages. Three saved messages.

03:40

Goodbye.

03:42

PH: Uh oh! So we're in Brad's voice mail.

03:46

(Laughter)

03:47

And I was going to record him a new message,

03:50

but I seem to have pressed an invalid key,

03:52

so we're going to move on.

03:54

And I'll explain how that works some other day because we're short on time.

03:57

Anybody here used MySpace?

04:00

MySpace users? Oh!

04:01

Used to be popular. It's kind of like Facebook.

04:05

This guy, a buddy of ours Samy, was trying to meet chicks on MySpace

04:08

which I think is what it used to be good for.

04:10

And what he did is he had a page on MySpace about him.

04:16

It lists all your friends, and that's how you know

04:19

somebody's cool is that they have a lot of friends on MySpace.

04:22

Well, Samy didn't have any friends.

04:23

He wrote a little bit of Javascript code that he put in his page,

04:27

so that whenever you look at his page

04:29

it would just automagically add you as his friend.

04:32

And it would skip the whole acknowledgement response protocol

04:35

saying "Is Samy really your friend?"

04:37

But then it would copy that code onto your page,

04:40

so that whenever anybody looked at your page

04:43

it would automatically add them as Samy's friend too.

04:45

(Laughter)

04:46

And it would change your page to say that "Samy is your hero."

04:50

(Laughter)

04:52

So in under 24 hours, Samy had over a million friends on MySpace.

04:56

(Laughter)

04:58

Hey, he just finished serving 3-years probation for that.

05:03

(Laughter)

05:05

Even better, Christopher Abad, this guy, another hacker,

05:09

also trying to meet chicks on MySpace but having spotty results.

05:13

Some of these dates didn't work out so well,

05:15

so what Abad did is he wrote a little bit of code

05:19

to connect MySpace to Spam Assassin, which is an open source spam filter.

05:25

It works just like the spam filter in your email.

05:28

You train it by giving it some spam

05:30

train it by giving it a little bit of legitimate email,

05:32

and it tries to use artificial intelligence

05:34

to work out the difference. Right?

05:37

Well, he just trained it on profiles from girls he dated and liked

05:41

as legitimate email.

05:43

Profiles from girls he dated and not liked, as spam,

05:46

and then ran it against every profile on MySpace.

05:50

(Laughter)

05:52

Out spits girls you might like to date.

05:56

What I say about Abad is, I think, there's like three startups here.

05:59

I don't know why we need Match.com, when we can have Spam dating?

06:02

You know this is innovation.

06:05

He's got a problem, he found a solution.

06:07

Does anybody use these - bleep - keys for opening your car remotely?

06:12

They're popular in, well, maybe not Chicago, OK.

06:16

So kids these days will drive through a Wal-Mart parking lot

06:19

clicking open, open, open, bloop.

06:22

Eventually you find another Jetta or whatever just like yours,

06:25

maybe a different color, that uses the same key code.

06:29

Kids will just loot it, lock it up and go.

06:31

Your insurance company will roll over on you

06:34

because there's not evidence of a break-in.

06:36

For one manufacturer we figured out how to manipulate that key

06:39

so that it will open every car from that manufacturer.

06:43

(Laughter)

06:44

There is a point to be made about this which I barely have time for,

06:47

but it's that your car is now a PC, your phone is also a PC,

06:52

your toaster, if it is not a PC, soon will be. Right?

06:55

And I'm not joking about that.

06:57

And the point of that is that when that happens

07:00

you inherit all the security properties and problems of PC's.

07:04

And we have a lot of them.

07:06

So keep that in mind, we can talk more about that later.

07:09

Anybody use a lock like this on your front door?

07:12

OK, good.

07:14

I do too.

07:15

This is a Schlage lock.

07:17

It's on half of the front doors in America.

07:19

I brought one to show you.

07:23

So this is my Schlage lock.

07:25

This is a key that fits the lock, but isn't cut right, so it won't turn it.

07:30

Anybody here ever tried to pick locks with tools like this?

07:34

All right, got a few, few nefarious lock pickers.

07:39

Well, it's for kids with OCD.

07:41

You've got to put them in there, and finick with them,

07:44

spend hours getting the finesse down to manipulate the pins.

07:47

You know, for the ADD kids in the house there's an easier way.

07:51

I put my little magic key in here,

07:53

I put a little pressure on there to turn it, (Tapping)

07:55

smack it a few times with this special mallet

07:59

and I just picked the lock. We're in.

08:03

It's easy.

08:05

And in fact, I don't really know much more about this than you do.

08:08

It's really, really easy.

08:09

I have a keychain I made of the same kind of key

08:12

for every other lock in America.

08:14

And if you're interested, I bought a key machine

08:19

so that I can cut these keys and I made some for all of you guys.

08:22

(Laughter)

08:23

(Applause)

08:25

So my gift to you, come afterwards and I will show you

08:28

how to pick a lock and give you one of these keys

08:30

you can take home and try it on your door.

08:32

Anybody used these USB thumb drives?

08:35

Yeah, print my Word document, yeah!

08:39

They're very popular.

08:42

Mine works kind of like yours. You can print my Word document for me.

08:46

But while you're doing that, invisibly and magically in the background

08:50

it's just making a handy backup of your My Documents folder,

08:54

and your browser history and cookies and your registry and password database,

08:58

and all the things that you might need someday if you have a problem.

09:02

So we just like to make these things and litter them around at conferences.

09:05

(Laughter)

09:09

Anybody here use credit cards?

09:11

(Laughter)

09:13

Oh, good!

09:14

Yeah, so they're popular and wildly secure.

09:17

(Laughter)

09:19

Well, there's new credit cards that you might have gotten in the mail

09:22

with a letter explaining how it's your new "Secure credit card".

09:25

Anybody get one of these?

09:27

You know it's secure because it has a chip in it, an RFID tag,

09:31

and you can use these in Taxicabs and at Starbucks,

09:34

I brought one to show you, by just touching the reader.

09:37

Has anybody seen these before?

09:39

Okay, who's got one?

09:44

Bring it on up here.

09:45

(Laughter)

09:47

There's a prize in it for you.

09:50

I just want to show you some things we learned about them.

09:53

I got this credit card in the mail.

09:55

I really do need some volunteers, in fact, I need

09:58

one, two, three, four, five volunteers because the winners

10:01

are going to get these awesome stainless steel wallets

10:04

that protect you against the problem that you guessed, I'm about to demonstrate.

10:08

Bring your credit card up here and I'll show you.

10:10

I want to try it on one of these awesome new credit cards.

10:14

OK.

10:18

Do we have a conference organizer,

10:21

somebody who can coerce people into cooperating?

10:23

(Laughing)

10:24

It's by your own volition because -

10:29

This is where the demo gets really awesome

10:32

I know you guys have never seen -

10:34

(Inaudible question)

10:35

What's that?

10:37

They're really cool wallets made of stainless steel.

10:41

Anybody else seen code on screen at TED before?

10:44

Yeah, this is pretty awesome.

10:47

(Laughter)

10:51

OK, great I got volunteers.

10:53

So who has one of these exciting credit cards?

10:57

OK, here we go.

10:59

I'm about to share your credit card number

11:01

only to 350 close friends.

11:03

Hear the beep?

11:06

That means someone's hacking your credit card.

11:08

OK, what did we get?

11:10

Valued customer and the credit card number and expiration date.

11:14

It turns out your secure new credit card is not totally secure.

11:19

Anybody else want to try yours while you're here?

11:21

Man: Can you install overdraft protection?

11:24

PH: Beep, let's see what we got?

11:26

So we bitched about this and AMEX changed it,

11:28

so it doesn't show the name anymore.

11:31

Which is progress. You can see mine, if it shows it.

11:37

Yeah, it shows my name on it, that's what my Mom calls me anyway.

11:40

Yours doesn't have it.

11:44

Anyway, so next time you get something in the mail

11:48

that says it's secure, send it to me.

11:51

(Laughter)

11:55

Oh wait, one of these is empty, hold on.

12:00

I think this is the one, yep, here you go.

12:03

You get the one that's disassembled.

12:05

All right, cool.

12:06

(Applause)

12:10

I still have a few minutes yet left, so I'm going to make a couple of points.

12:14

(Laughter)

12:15

Oh, shit.

12:16

That's my subliminal messaging campaign. It was supposed to be much faster.

12:21

Here's the most exciting slide ever shown at TED.

12:25

This is the protocol diagram for SSL,

12:27

which is the encryption system in your web browser

12:29

that protects your credit card when you're sending it to Amazon and so on.

12:33

Very exciting, I know, but the point is

12:35

hackers will attack every point in this protocol, right?

12:39

I'm going to send two responses when the server's expecting one.

12:42

I'm going to send a zero when it's expecting a one.

12:45

I'm going to send twice as much data as it's expecting.

12:48

I'm going to take twice as long answering as it's expecting.

12:51

Just try a bunch of stuff. See where it breaks.

12:54

See what falls in my lap.

12:56

When I find a hole like that then I can start looking for an exploit.

13:01

This is a little more what SSL looks like to hackers, that's really boring.

13:06

This guy kills a million Africans a year.

13:11

It's Anopheles stephensi mosquito carrying malaria.

13:15

Is this the wrong talk?

13:17

(Laughter)

13:19

This is a protocol diagram for malaria.

13:23

So what we're doing in our lab is attacking this protocol

13:27

at every point we can find.

13:29

It has a very complex life cycle that I won't go into now,

13:32

but it spends some time in humans, some time in mosquitos

13:36

and what I need are hackers.

13:39

Because hackers have a mind that's optimized for discovery.

13:43

They have a mind that's optimized for figuring out what's possible.

13:47

You know, I often illustrate this by saying,

13:49

If you get some random new gadget and show it to your Mom,

13:55

she might say, "Well, what does this do?" And you'd say "Mom, it's a phone."

13:59

And instantly, she'd would know exactly what it's for.

14:02

But with a hacker, the question is different.

14:05

The question is, "What can I make this do?"

14:09

I'm going to take all the screws out, and take the back off,

14:12

and break it into a lot of little pieces.

14:13

But then I'm going to figure out what I can build from the rubble.

14:17

That's discovery, and we need to do that in science and technology

14:21

to figure out what's possible.

14:23

And so in the lab what I'm trying to do is apply that mindset

14:27

to some of the biggest problems humans have.

14:29

We work on malaria, thanks to Bill Gates, who asked us to work on it.

14:34

This is how we used to solve malaria.

14:36

This is a real ad from like the 40's.

14:39

We eradicated malaria in the US by spraying DDT everywhere.

14:44

In the lab what we do is a lot of work to try and understand the problem.

14:48

This is a high-speed video, we have a badass video camera,

14:53

trying to learn how mosquitos fly.

14:56

And you can see that they're more like swimming in air.

14:59

We actually have no idea how they fly.

15:01

But we have a cool video camera so we -

15:03

(Laughter)

15:05

Yeah, it cost more than a Ferrari.

15:09

Anyway we came up with some ways to take care of mosquitos.

15:12

Let's shoot them down with laser beams.

15:14

This is what happens when you put one of every kind of scientist in a room

15:19

and a laser junky.

15:21

So people thought it was funny at first,

15:25

but we figured out, you know, we can build this out of consumer electronics.

15:30

It's using the CCD from a webcam,

15:33

the laser from a Blu-ray burner,

15:36

the laser galvo is from a laser printer.

15:40

We do motion detection on a GPU processor

15:43

like you might find in video game system.

15:45

It's all stuff that follows Moore's law.

15:47

So it's actually not going to be that expensive to do it.

15:50

The idea is that we would put

15:52

a perimeter of these laser systems around a building or a village

15:56

and just shoot all the mosquitos on their way in to feed on humans.

15:59

And we might want to do that for your backyard.

16:02

We could also do it to protect crops.

16:04

Our team is right now working on

16:06

characterizing what they need to do the same thing for

16:09

the pest that has wiped out about two thirds

16:12

of the Orange groves in Florida.

16:18

So people laughed at first.

16:20

This is a video of our system working.

16:23

We are tracking mosquitos live as they fly around.

16:26

Those crosshairs are put there by our computer.

16:28

It just watches them, finds them moving

16:30

and then it aims a laser at them to sample their wing beat frequency.

16:34

Figure out from that, is this a mosquito?

16:37

Is it Anopheles Stephensi? Is it female?

16:40

And if all that's true then we shoot it down with lethal laser.

16:44

(Laughter)

16:46

So we have this working in a lab.

16:48

We're working on taking that project into the field now.

16:51

All this happens at the Intellectual Ventures Lab in Seattle where I work

16:56

and we try and take on some of the hardest problems that humans have.

17:01

This is the money shot.

17:03

You can see we just burned his wing off with a UV laser.

17:06

He's not coming back.

17:08

(Applause)

17:12

Kind of vaporized his wing right there, yeah.

17:15

They love it. I mean, you know.

17:18

Never got called by PETA or anyone else.

17:20

I mean, it's the perfect enemy.

17:23

There's just no one coming to the rescue of mosquitos.

17:26

Sometimes we overdo it.

17:29

So anyway, I'm going to get off stage.

17:32

This is the Intellectual Ventures Lab where I work.

17:35

Basically we use every kind of scientist

17:37

and one of every tool in the world to work on crazy invention projects.

17:42

Thanks.

17:43

(Applause)