WEBVTT

1
00:00:00.000 --> 00:00:00.833
[piano music]

2
00:00:00.833 --> 00:00:02.580
<v ->Keeps rewriting itself to counter my commands.</v>

3
00:00:02.580 --> 00:00:04.300
<v ->This has something to do with computers.</v>

4
00:00:04.300 --> 00:00:05.260
<v ->Hack 'em all.</v>

5
00:00:05.260 --> 00:00:06.743
<v ->Hi, I'm Samy Kamkar.</v>

6
00:00:06.743 --> 00:00:09.002
<v Narrator>Samy is the co-founder of OpenPath Security</v>

7
00:00:09.002 --> 00:00:10.600
and a computer hacker.

8
00:00:10.600 --> 00:00:12.078
<v ->I'm back to talk about more hacking scenes</v>

9
00:00:12.078 --> 00:00:13.853
in TV shows and movies.

10
00:00:13.853 --> 00:00:16.820
Breaking into a government system, "The X-Files."

11
00:00:16.820 --> 00:00:19.780
<v ->This has something to do with computers, the internet.</v>

12
00:00:19.780 --> 00:00:21.055
<v ->Actually the ARPANET.</v>

13
00:00:21.055 --> 00:00:22.689
You can access it through the internet.

14
00:00:22.689 --> 00:00:26.350
<v ->I want to believe, but this clip isn't too realistic.</v>

15
00:00:26.350 --> 00:00:28.810
ARPANET is essentially what the internet came from.

16
00:00:28.810 --> 00:00:31.410
DARPA, the U.S. government agency created ARPANET

17
00:00:31.410 --> 00:00:33.150
and that bubbled into the internet

18
00:00:33.150 --> 00:00:34.370
and became publicly available.

19
00:00:34.370 --> 00:00:35.246
When the "X-Files" came out,

20
00:00:35.246 --> 00:00:37.780
ARPANET was no longer in existence.

21
00:00:37.780 --> 00:00:39.900
<v ->Isn't there something you could-</v>

22
00:00:39.900 --> 00:00:42.720
I mean how do you say it, hack into?

23
00:00:42.720 --> 00:00:44.407
<v ->I'm sorry, I think this is the end of the line.</v>

24
00:00:44.407 --> 00:00:46.040
<v ->"How you say," that's what she says.</v>

25
00:00:46.040 --> 00:00:47.450
She says, "How you say, hack."

26
00:00:47.450 --> 00:00:48.283
[Samy laughs]

27
00:00:48.283 --> 00:00:49.949
<v ->How do you say it, hack into.</v>

28
00:00:49.949 --> 00:00:52.530
<v ->But "How you say" is what you say in other languages</v>

29
00:00:52.530 --> 00:00:53.394
when you don't know.

30
00:00:53.394 --> 00:00:54.227
Right?

31
00:00:54.227 --> 00:00:55.060
[computer beeps]

32
00:00:55.060 --> 00:00:56.160
<v ->What did you do?</v>

33
00:00:56.160 --> 00:00:57.218
<v ->Oh, it's a government system,</v>

34
00:00:57.218 --> 00:01:00.510
I know a couple of logging out tricks with VMS version five.

35
00:01:00.510 --> 00:01:02.660
<v ->If you're using a password that you know,</v>

36
00:01:02.660 --> 00:01:04.442
then I don't really consider that hacking.

37
00:01:04.442 --> 00:01:05.359
[tense music]

38
00:01:05.359 --> 00:01:06.253
<v Woman>What is that?</v>

39
00:01:06.253 --> 00:01:07.158
<v ->It's an encrypted file.</v>

40
00:01:07.158 --> 00:01:08.760
[computer beeps]

41
00:01:08.760 --> 00:01:10.023
Why would your three year old have an encrypted file

42
00:01:10.023 --> 00:01:12.091
in a secret defense department database?

43
00:01:12.091 --> 00:01:13.600
<v ->Can you decode it?</v>

44
00:01:13.600 --> 00:01:14.640
<v ->There's another issue here</v>

45
00:01:14.640 --> 00:01:18.080
in that they find a file that's encrypted,

46
00:01:18.080 --> 00:01:19.903
that by itself is not too unrealistic.

47
00:01:19.903 --> 00:01:23.020
They're showing the file in ASCII format.

48
00:01:23.020 --> 00:01:24.140
<v ->Can you print it out for me?</v>

49
00:01:24.140 --> 00:01:25.280
<v ->But when you print it out,</v>

50
00:01:25.280 --> 00:01:26.749
that's going to be useless information.

51
00:01:26.749 --> 00:01:28.830
And that's because many of the characters

52
00:01:28.830 --> 00:01:31.340
that would be in an encrypted file

53
00:01:31.340 --> 00:01:33.913
are not visible in an ASCII format.

54
00:01:33.913 --> 00:01:36.230
So you end up with things like periods,

55
00:01:36.230 --> 00:01:38.030
which may or may not be a period

56
00:01:38.030 --> 00:01:41.350
or it could be a totally different character or byte.

57
00:01:41.350 --> 00:01:43.361
<v ->So your ex-boyfriend is into computers.</v>

58
00:01:43.361 --> 00:01:44.837
<v ->I would totally say that.</v>

59
00:01:44.837 --> 00:01:46.470
"Wait, your boyfriend's into computers?

60
00:01:46.470 --> 00:01:47.303
I should meet him."

61
00:01:47.303 --> 00:01:48.930
[Samy laughs]

62
00:01:48.930 --> 00:01:51.267
Locking down a system, "Jurassic Park."

63
00:01:53.445 --> 00:01:54.278
[computer beeps]

64
00:01:54.278 --> 00:01:55.111
[tense music]

65
00:01:55.111 --> 00:01:57.969
[computer beeps]

66
00:01:57.969 --> 00:01:59.052
<v ->Five, four.</v>

67
00:02:00.208 --> 00:02:01.890
[door hisses]

68
00:02:01.890 --> 00:02:04.200
<v ->In this clip, it looks like Newman,</v>

69
00:02:04.200 --> 00:02:05.033
you know who I mean.

70
00:02:05.033 --> 00:02:05.866
<v ->Newman!</v>

71
00:02:05.866 --> 00:02:07.300
<v ->Is kind of running around,</v>

72
00:02:07.300 --> 00:02:09.880
activating or deactivating certain types of locks.

73
00:02:09.880 --> 00:02:12.730
But, at some point, someone else tries to run a command,

74
00:02:12.730 --> 00:02:15.730
like access grid, and that causes an access denied.

75
00:02:15.730 --> 00:02:17.649
But then he gets a series of messages.

76
00:02:17.649 --> 00:02:20.480
So, this doesn't look too realistic,

77
00:02:20.480 --> 00:02:23.530
just on the fact that he's getting access denied messages

78
00:02:23.530 --> 00:02:24.363
without a password.

79
00:02:24.363 --> 00:02:26.840
And he's also then getting a message in a loop,

80
00:02:26.840 --> 00:02:29.930
which is just less likely to happen in a realistic scenario.

81
00:02:29.930 --> 00:02:31.580
This reminds me of some of the clips

82
00:02:31.580 --> 00:02:34.380
that we saw in the first technique critique

83
00:02:34.380 --> 00:02:35.870
when we were seeing, really,

84
00:02:35.870 --> 00:02:37.710
just a lot of pop-ups that would occur.

85
00:02:37.710 --> 00:02:38.543
Stop the popups.

86
00:02:38.543 --> 00:02:39.376
[Samy laughs]

87
00:02:39.376 --> 00:02:40.900
And a lot of videos typically

88
00:02:40.900 --> 00:02:43.473
that will hackers will put onto devices.

89
00:02:43.473 --> 00:02:45.150
[cats meow]

90
00:02:45.150 --> 00:02:47.239
That's not something we generally see in the real world.

91
00:02:47.239 --> 00:02:49.215
[tense music]

92
00:02:49.215 --> 00:02:51.683
<v ->It's a Unix system.</v>

93
00:02:51.683 --> 00:02:53.470
It's all the files of the whole park.

94
00:02:53.470 --> 00:02:54.987
<v ->The girl gets to the computer and says,</v>

95
00:02:54.987 --> 00:02:55.820
"It's a Unix system."

96
00:02:55.820 --> 00:02:57.780
It doesn't look like a Unix system,

97
00:02:57.780 --> 00:03:00.509
which is typically a terminal or a console window.

98
00:03:00.509 --> 00:03:02.682
But it actually is Unix.

99
00:03:02.682 --> 00:03:04.459
<v ->It tells you everything.</v>

100
00:03:04.459 --> 00:03:05.600
I gotta find the right file.

101
00:03:05.600 --> 00:03:09.139
<v ->The 3D interface that she's using is a legitimate software</v>

102
00:03:09.139 --> 00:03:12.220
that a company called SGI made many years ago.

103
00:03:12.220 --> 00:03:14.050
It's not something anyone actually uses.

104
00:03:14.050 --> 00:03:15.840
It was really just about proof of concept

105
00:03:15.840 --> 00:03:17.767
of using a 3D file system.

106
00:03:17.767 --> 00:03:19.290
The reason no one would ever use it

107
00:03:19.290 --> 00:03:22.210
is because it takes forever to navigate a 3D system

108
00:03:22.210 --> 00:03:23.580
when you're just trying to find a file.

109
00:03:23.580 --> 00:03:25.169
<v ->Hate this hacker crap!</v>

110
00:03:25.169 --> 00:03:27.360
<v ->Decrypting a file, "The code."</v>

111
00:03:27.360 --> 00:03:29.260
<v ->I'm up in air in the video compression.</v>

112
00:03:29.260 --> 00:03:30.524
<v ->Can we fix that?</v>

113
00:03:30.524 --> 00:03:31.570
<v ->Maybe.</v>

114
00:03:31.570 --> 00:03:33.467
But, I would need to get online.

115
00:03:33.467 --> 00:03:34.307
[keyboard clicks]

116
00:03:34.307 --> 00:03:37.140
[tense music]

117
00:03:37.140 --> 00:03:40.770
<v ->Here we see Jesse taking a corrupted video file.</v>

118
00:03:40.770 --> 00:03:42.140
And, for a moment

119
00:03:42.140 --> 00:03:44.995
we see him start running a program called ffmpeg.

120
00:03:44.995 --> 00:03:47.266
And, he essentially tries to remove corruption

121
00:03:47.266 --> 00:03:48.823
from this video file.

122
00:03:48.823 --> 00:03:50.190
And that's totally reasonable.

123
00:03:50.190 --> 00:03:52.410
[keyboard clicks]

124
00:03:52.410 --> 00:03:55.810
ffmpeg is meant for all sorts of modifications

125
00:03:55.810 --> 00:03:58.590
or alterations to video images and audio.

126
00:03:58.590 --> 00:04:00.265
So, for example, if you have something that's corrupt,

127
00:04:00.265 --> 00:04:03.120
you could take all of the frames that are not corrupt,

128
00:04:03.120 --> 00:04:06.100
extract them, and then reconstruct all of those frames

129
00:04:06.100 --> 00:04:07.670
into a single video.

130
00:04:07.670 --> 00:04:09.590
There was a part that was inaccurate

131
00:04:09.590 --> 00:04:12.648
in where we saw the red, green, and blue channels

132
00:04:12.648 --> 00:04:14.320
all visually come up.

133
00:04:14.320 --> 00:04:16.300
While that would be possible to do,

134
00:04:16.300 --> 00:04:19.490
ffmpeg, the tool itself is a terminal based tool.

135
00:04:19.490 --> 00:04:22.760
So, it's all text-based despite operating on video image

136
00:04:22.760 --> 00:04:23.800
and audio.

137
00:04:23.800 --> 00:04:25.090
<v ->Can we fix that?</v>

138
00:04:25.090 --> 00:04:28.210
<v ->Maybe. But I would need to get online.</v>

139
00:04:28.210 --> 00:04:29.410
<v ->He asked to go online,</v>

140
00:04:29.410 --> 00:04:31.780
but if he already has that ffmpeg tool

141
00:04:31.780 --> 00:04:33.110
downloaded to his machine,

142
00:04:33.110 --> 00:04:35.210
there's actually no reason for him to go online.

143
00:04:35.210 --> 00:04:36.740
So, who knows what he was actually doing?

144
00:04:36.740 --> 00:04:39.900
Sometimes you do hear of hackers getting sentenced

145
00:04:39.900 --> 00:04:42.290
not to use computers or be on the internet.

146
00:04:42.290 --> 00:04:43.485
Unfortunately, that occurred to me

147
00:04:43.485 --> 00:04:45.613
earlier in my life for several years.

148
00:04:45.613 --> 00:04:46.999
I don't know if we want to go into it.

149
00:04:46.999 --> 00:04:48.540
[Samy laughs]

150
00:04:48.540 --> 00:04:49.878
Now I'm allowed to be on the internet.

151
00:04:49.878 --> 00:04:50.930
[Samy laughs]

152
00:04:50.930 --> 00:04:53.521
Hardware hacking, "Firewall."

153
00:04:53.521 --> 00:04:56.540
<v ->I need my daughter's MP3 player to use as a hard drive.</v>

154
00:04:56.540 --> 00:05:00.510
<v ->Here we see Jack Stanfield using his daughter's iPod</v>

155
00:05:00.510 --> 00:05:04.290
to store data while under duress in a kidnapping situation.

156
00:05:04.290 --> 00:05:06.877
<v ->This is the scanner head and the fax machine.</v>

157
00:05:06.877 --> 00:05:08.080
<v ->Yeah.</v>

158
00:05:08.080 --> 00:05:11.040
<v ->And you'll capture the images of the account numbers</v>

159
00:05:11.040 --> 00:05:13.480
off the server screen and transfer them to this.

160
00:05:13.480 --> 00:05:14.590
<v ->That's totally realistic.</v>

161
00:05:14.590 --> 00:05:17.360
If you think about an MP3, it's just a digital format

162
00:05:17.360 --> 00:05:18.390
of audio.

163
00:05:18.390 --> 00:05:21.350
And audio is really just an analog signal.

164
00:05:21.350 --> 00:05:23.800
So, you can convert that into a digital format

165
00:05:23.800 --> 00:05:24.633
and-

166
00:05:24.633 --> 00:05:25.910
Just like you can convert any other data

167
00:05:25.910 --> 00:05:27.330
into some digital format.

168
00:05:27.330 --> 00:05:28.850
<v ->But, they're still just images,</v>

169
00:05:28.850 --> 00:05:29.729
what are you going to do with them?

170
00:05:29.729 --> 00:05:32.536
<v ->Use an OCR program to convert it to data</v>

171
00:05:32.536 --> 00:05:34.170
that the computer can use.

172
00:05:34.170 --> 00:05:36.140
<v ->He also mentions using OCR,</v>

173
00:05:36.140 --> 00:05:38.160
which is object character recognition.

174
00:05:38.160 --> 00:05:40.630
So, if I were to take a screenshot of a bank account,

175
00:05:40.630 --> 00:05:43.250
it's an image, there's not actually text in it,

176
00:05:43.250 --> 00:05:44.680
even though I can read the text.

177
00:05:44.680 --> 00:05:46.190
OCR software would then convert that

178
00:05:46.190 --> 00:05:48.490
and extract all of the text from it

179
00:05:48.490 --> 00:05:50.290
without me having to type it in manually.

180
00:05:50.290 --> 00:05:52.860
<v ->10,000 songs, 10,000 account codes,</v>

181
00:05:52.860 --> 00:05:54.280
it doesn't know the difference.

182
00:05:54.280 --> 00:05:55.800
<v ->The only thing he doesn't go over here</v>

183
00:05:55.800 --> 00:05:59.950
is how he converts the images from the scanner

184
00:05:59.950 --> 00:06:01.250
into the MP3s.

185
00:06:01.250 --> 00:06:02.821
You do need some conversion to occur.

186
00:06:02.821 --> 00:06:05.180
So, that needs to be a computer or a microcontroller

187
00:06:05.180 --> 00:06:06.130
or something.

188
00:06:06.130 --> 00:06:07.160
<v ->Should work.</v>

189
00:06:07.160 --> 00:06:09.210
<v ->Hacking a smart fridge, "Silicon Valley."</v>

190
00:06:09.210 --> 00:06:11.307
<v ->Hello my cofriend.</v>

191
00:06:11.307 --> 00:06:13.200
[fridge dings]

192
00:06:13.200 --> 00:06:14.033
Hello?

193
00:06:14.033 --> 00:06:16.110
<v Fridge>Huh, suck it Jin-Yang.</v>

194
00:06:16.110 --> 00:06:18.200
Mm, ah huh.

195
00:06:18.200 --> 00:06:20.337
<v ->Your attacking and destroying my refrigerator?</v>

196
00:06:20.337 --> 00:06:21.705
And you misspell my name.

197
00:06:21.705 --> 00:06:22.998
<v ->Essentially, smart fridges themselves</v>

198
00:06:22.998 --> 00:06:24.390
are really just computers.

199
00:06:24.390 --> 00:06:25.419
They're running some operating system,

200
00:06:25.419 --> 00:06:27.710
maybe a stripped down version of Linux.

201
00:06:27.710 --> 00:06:29.725
<v ->When I was able to brute force the backdoor password</v>

202
00:06:29.725 --> 00:06:32.841
to that chrome piece of shit in under 12 hours.

203
00:06:32.841 --> 00:06:34.260
<v ->What Gilfoyle was saying</v>

204
00:06:34.260 --> 00:06:37.340
is that he was able to brute force the password.

205
00:06:37.340 --> 00:06:38.173
All that means is

206
00:06:38.173 --> 00:06:40.644
he went through millions and millions of passwords

207
00:06:40.644 --> 00:06:43.040
trying to authenticate through some mechanism

208
00:06:43.040 --> 00:06:44.540
that the refridge exposed.

209
00:06:44.540 --> 00:06:46.037
Maybe it's connected to the WiFi network

210
00:06:46.037 --> 00:06:48.280
and it has a port open that you can then connect to.

211
00:06:48.280 --> 00:06:50.130
That is a possible scenario.

212
00:06:50.130 --> 00:06:54.392
A back door is a way to log in or authenticate into a system

213
00:06:54.392 --> 00:06:58.130
without going through the traditional mechanism.

214
00:06:58.130 --> 00:07:01.280
So, maybe a website has a username and password field.

215
00:07:01.280 --> 00:07:03.150
A backdoor would be a special URL

216
00:07:03.150 --> 00:07:05.287
that you wouldn't need to enter any username or password

217
00:07:05.287 --> 00:07:07.500
<v ->But I added a little visual flair.</v>

218
00:07:07.500 --> 00:07:08.345
<v Fridge>Huh, suck it.</v>

219
00:07:08.345 --> 00:07:09.178
[tense music]

220
00:07:09.178 --> 00:07:12.670
<v ->Hacking an ATM pin, "Terminator 2: Judgment Day."</v>

221
00:07:12.670 --> 00:07:15.169
<v Boy 1>Please insert your stolen card now.</v>

222
00:07:15.169 --> 00:07:17.391
[ATM revs]

223
00:07:17.391 --> 00:07:18.980
[keyboard clicks]

224
00:07:18.980 --> 00:07:21.740
<v ->They insert a device that looks like a credit card</v>

225
00:07:21.740 --> 00:07:23.242
tied to a computer with a ribbon cable.

226
00:07:23.242 --> 00:07:26.577
And it looks to do some type of brute force of the pin code.

227
00:07:26.577 --> 00:07:28.074
<v ->Go baby, go baby, go baby.</v>

228
00:07:28.074 --> 00:07:29.332
Right.

229
00:07:29.332 --> 00:07:30.605
Yes!

230
00:07:30.605 --> 00:07:31.760
Easy money.

231
00:07:31.760 --> 00:07:33.860
<v ->Some of this could be possible.</v>

232
00:07:33.860 --> 00:07:36.108
The problem is the pin code has nothing to do

233
00:07:36.108 --> 00:07:38.130
with the data on the credit card,

234
00:07:38.130 --> 00:07:40.840
nor is it ever inserted within the credit card slot.

235
00:07:40.840 --> 00:07:42.720
Those are two independent systems.

236
00:07:42.720 --> 00:07:44.060
What they're doing here with the pin

237
00:07:44.060 --> 00:07:46.120
just isn't talking to the right system.

238
00:07:46.120 --> 00:07:47.960
So, they'd have to be plugged into something else

239
00:07:47.960 --> 00:07:49.720
in order to even attempt an attack like this.

240
00:07:49.720 --> 00:07:51.540
<v Boy 2>Where did you learn this stuff from anyway?</v>

241
00:07:51.540 --> 00:07:52.510
<v ->From my mom.</v>

242
00:07:52.510 --> 00:07:54.384
<v ->Destroying a hard drive, "The Core."</v>

243
00:07:54.384 --> 00:07:56.092
<v ->This is the FBI, we have a warrant.</v>

244
00:07:56.092 --> 00:07:56.925
<v Man>Shit!</v>

245
00:07:56.925 --> 00:07:59.270
[electronic music]

246
00:07:59.270 --> 00:08:00.495
[toaster hisses]

247
00:08:00.495 --> 00:08:01.940
[microwave hums]

248
00:08:01.940 --> 00:08:04.560
<v ->In this scene, the main character is trying to wipe,</v>

249
00:08:04.560 --> 00:08:06.160
delete, purge any data he can

250
00:08:06.160 --> 00:08:08.438
from a number of different data storage types.

251
00:08:08.438 --> 00:08:11.560
[electronic music]

252
00:08:11.560 --> 00:08:13.400
He takes some pretty big magnets

253
00:08:13.400 --> 00:08:16.090
and he goes over, what I assume are hard drives.

254
00:08:16.090 --> 00:08:16.960
Which would work

255
00:08:16.960 --> 00:08:19.160
for traditional spinning platter hard drives.

256
00:08:19.160 --> 00:08:20.698
That would erase a lot of the data

257
00:08:20.698 --> 00:08:23.419
as the data is kept in magnetic fields.

258
00:08:23.419 --> 00:08:24.594
If I had to destroy something

259
00:08:24.594 --> 00:08:27.190
like a traditional spinning hard drive,

260
00:08:27.190 --> 00:08:30.510
then I probably would do something similar by using magnets.

261
00:08:30.510 --> 00:08:33.430
But, ideally, I would also want to open it after the fact

262
00:08:33.430 --> 00:08:35.040
and then crush it into bits.

263
00:08:35.040 --> 00:08:36.449
The more small pieces you have,

264
00:08:36.449 --> 00:08:38.073
the less data someone will be able to extract

265
00:08:38.073 --> 00:08:39.246
and be able to put them together.

266
00:08:39.246 --> 00:08:41.078
[electronic music]

267
00:08:41.078 --> 00:08:42.605
[microwave hums]

268
00:08:42.605 --> 00:08:43.438
[microwave dings]

269
00:08:43.438 --> 00:08:46.070
He also throws some CDs or DVDs into a microwave.

270
00:08:46.070 --> 00:08:48.640
The data there is actually stored within the polycarbonate.

271
00:08:48.640 --> 00:08:50.610
So, if he had a sufficient time to melt it

272
00:08:50.610 --> 00:08:51.443
he could make it disappear,

273
00:08:51.443 --> 00:08:53.850
but it just depends on that amount of time.

274
00:08:53.850 --> 00:08:54.683
[electronic music]

275
00:08:54.683 --> 00:08:55.516
<v Man>Purge.</v>

276
00:08:57.330 --> 00:08:59.900
<v ->He also deleted some data, just using software.</v>

277
00:08:59.900 --> 00:09:02.520
Now, a quick software delete, in the period of time he had,

278
00:09:02.520 --> 00:09:03.850
which was only a few seconds.

279
00:09:03.850 --> 00:09:06.080
While that appears to delete the files,

280
00:09:06.080 --> 00:09:07.610
it actually doesn't delete the data.

281
00:09:07.610 --> 00:09:10.180
All it does is tell your hard drive or your computer

282
00:09:10.180 --> 00:09:13.355
that the data in this sector is now free.

283
00:09:13.355 --> 00:09:15.954
In order to actually delete data from a drive

284
00:09:15.954 --> 00:09:18.380
you actually need to overwrite that data.

285
00:09:18.380 --> 00:09:20.870
And typically you want to overwrite it several times.

286
00:09:20.870 --> 00:09:22.430
Then, for a safe measure,

287
00:09:22.430 --> 00:09:23.980
hit it with a hammer a bunch of times.

288
00:09:23.980 --> 00:09:26.630
<v ->I know these look like computers,</v>

289
00:09:26.630 --> 00:09:28.030
totally not.

290
00:09:28.030 --> 00:09:30.592
<v ->Faraday cage, "Enemy of the state."</v>

291
00:09:30.592 --> 00:09:31.425
[machine grinds]

292
00:09:31.425 --> 00:09:32.258
<v ->This is where I work.</v>

293
00:09:32.258 --> 00:09:33.550
Completely secure.

294
00:09:33.550 --> 00:09:36.440
Copper wire mesh keeps the radio signals out.

295
00:09:36.440 --> 00:09:39.400
<v ->He says this copper wire cage or a faraday cage</v>

296
00:09:39.400 --> 00:09:40.810
keeps radio signals out.

297
00:09:40.810 --> 00:09:41.950
Normally that is true.

298
00:09:41.950 --> 00:09:45.120
When you have a conductive mesh or a metallic mesh,

299
00:09:45.120 --> 00:09:47.180
the only thing that can penetrate that mesh

300
00:09:47.180 --> 00:09:49.740
are wavelengths that are essentially smaller

301
00:09:49.740 --> 00:09:51.080
than the mesh itself.

302
00:09:51.080 --> 00:09:52.300
So, the holes themselves.

303
00:09:52.300 --> 00:09:53.133
But, in this case,

304
00:09:53.133 --> 00:09:54.930
there is a lot of radio frequency

305
00:09:54.930 --> 00:09:56.850
that can fit in that wavelength.

306
00:09:56.850 --> 00:09:59.970
So, really, even something like five gigahertz,

307
00:09:59.970 --> 00:10:02.570
Wifi would be able to penetrate that mesh.

308
00:10:02.570 --> 00:10:03.790
If the mesh were smaller,

309
00:10:03.790 --> 00:10:06.580
then it would be able to block a lot more radio frequency.

310
00:10:06.580 --> 00:10:08.797
<v ->Hate to see the chicken that lives in this coop.</v>

311
00:10:08.797 --> 00:10:11.047
<v ->Acoustic analysis, "Eagle Eye."</v>

312
00:10:12.320 --> 00:10:14.280
[computer whines]

313
00:10:14.280 --> 00:10:16.177
<v ->Sir, all the threats we've been tracking chatter all-</v>

314
00:10:16.177 --> 00:10:17.010
<v ->Hold it.</v>

315
00:10:19.170 --> 00:10:21.000
<v ->In this scene a couple of things are happening.</v>

316
00:10:21.000 --> 00:10:23.231
There is a voice over IP phone

317
00:10:23.231 --> 00:10:25.110
that they ultimately disconnect

318
00:10:25.110 --> 00:10:28.320
to prevent someone from snooping or enabling the microphone.

319
00:10:28.320 --> 00:10:33.161
It shows that the camera is essentially able to read lips.

320
00:10:33.161 --> 00:10:35.744
[camera beeps]

321
00:10:37.120 --> 00:10:40.117
Really creative and absolutely doable with software today.

322
00:10:40.117 --> 00:10:41.289
[camera beeps]

323
00:10:41.289 --> 00:10:42.207
<v Woman>Section 216 of the Patriot Act.</v>

324
00:10:43.930 --> 00:10:47.400
What they didn't expect, and, which is really creative,

325
00:10:47.400 --> 00:10:50.490
is they're actually using acoustic analysis

326
00:10:50.490 --> 00:10:53.790
to look at vibrations off the coffee cup that was there.

327
00:10:53.790 --> 00:10:55.790
So, when you're speaking or when someone's speaking

328
00:10:55.790 --> 00:10:58.170
they are moving air molecules

329
00:10:58.170 --> 00:10:59.900
and that's going at a certain frequency

330
00:10:59.900 --> 00:11:01.550
based off the frequency of their sound.

331
00:11:01.550 --> 00:11:04.300
When that hits something like the drink,

332
00:11:04.300 --> 00:11:07.109
you're actually able to convert that physical change

333
00:11:07.109 --> 00:11:09.300
of that liquid back into audio.

334
00:11:09.300 --> 00:11:11.920
Because, essentially, it's moving at the frequency of sound.

335
00:11:11.920 --> 00:11:13.160
And if you can visually see that,

336
00:11:13.160 --> 00:11:15.650
you can then convert that visual frequency

337
00:11:15.650 --> 00:11:17.820
back into the frequency of sound and hear it.

338
00:11:17.820 --> 00:11:20.860
So, it's actually a very creative, but it is doable.

339
00:11:20.860 --> 00:11:23.087
Denial of service attack, "Ralph Breaks the Internet."

340
00:11:23.087 --> 00:11:25.169
<v ->[Malicious character] Scanning for insecurities.</v>

341
00:11:25.169 --> 00:11:27.831
<v ->Come on, don't leave me!</v>

342
00:11:27.831 --> 00:11:30.502
<v ->[Malicious character] Insecurity detected.</v>

343
00:11:30.502 --> 00:11:31.629
[creature fires]

344
00:11:31.629 --> 00:11:34.640
<v ->In this clip, we see some sort of malicious system</v>

345
00:11:34.640 --> 00:11:38.130
that is finding this insecurity in Ralph.

346
00:11:38.130 --> 00:11:40.700
And they're essentially duplicating Ralph

347
00:11:40.700 --> 00:11:42.100
and duplicating this insecurity

348
00:11:42.100 --> 00:11:45.670
which then takes over all sorts of websites, sops.

349
00:11:45.670 --> 00:11:47.483
It starts interfering with people's web browsers.

350
00:11:47.483 --> 00:11:49.370
<v ->The internet is under assault</v>

351
00:11:49.370 --> 00:11:51.630
as a massive denial of service attack

352
00:11:51.630 --> 00:11:53.290
crashes servers across the web.

353
00:11:53.290 --> 00:11:54.630
<v ->Denial of service</v>

354
00:11:54.630 --> 00:11:57.260
typically isn't going to do something manipulative

355
00:11:57.260 --> 00:12:00.850
like alter your web browser or alter a video feed.

356
00:12:00.850 --> 00:12:03.610
Instead, its goal is one simple thing

357
00:12:03.610 --> 00:12:05.490
and that's to bring a system down.

358
00:12:05.490 --> 00:12:08.990
While this is a pretty unrealistic

359
00:12:08.990 --> 00:12:11.140
I think we can give Ralph a pass here,

360
00:12:11.140 --> 00:12:12.693
just for his insecurity.

361
00:12:14.498 --> 00:12:15.410
[girl yells]

362
00:12:15.410 --> 00:12:18.129
Hijacking a TV channel, "V for Vendetta."

363
00:12:18.129 --> 00:12:19.176
[static hisses]

364
00:12:19.176 --> 00:12:20.009
<v ->For god-</v>

365
00:12:20.009 --> 00:12:22.042
<v ->Dad, what's wrong with the tele?</v>

366
00:12:22.042 --> 00:12:23.650
<v ->Good evening London.</v>

367
00:12:23.650 --> 00:12:24.483
<v ->In this scene,</v>

368
00:12:24.483 --> 00:12:28.030
we see someone essentially taking over a TV station.

369
00:12:28.030 --> 00:12:29.342
In this case, I don't consider this hacking,

370
00:12:29.342 --> 00:12:32.050
because they essentially already have the capability,

371
00:12:32.050 --> 00:12:34.260
they're in the station and they have the ability

372
00:12:34.260 --> 00:12:37.260
to already override the video that's been playing right now.

373
00:12:37.260 --> 00:12:38.560
What makes it a little less unlikely,

374
00:12:38.560 --> 00:12:40.550
is that they're also taking over billboards.

375
00:12:40.550 --> 00:12:42.930
And often those are coming off a separate feed

376
00:12:42.930 --> 00:12:44.760
off some prerecorded video.

377
00:12:44.760 --> 00:12:48.600
Granted, those could be based off of live video as well.

378
00:12:48.600 --> 00:12:50.010
In Tim Burton's "Batman,"

379
00:12:50.010 --> 00:12:51.310
we do see something similar

380
00:12:51.310 --> 00:12:55.800
where a live newscast is taken over by the Joker.

381
00:12:55.800 --> 00:12:57.860
Now, that is actually a lot more realistic

382
00:12:57.860 --> 00:12:59.230
and is an actual hack

383
00:12:59.230 --> 00:13:03.290
because often, live broadcasts are being aired over radio.

384
00:13:03.290 --> 00:13:04.970
So, if someone can intercept,

385
00:13:04.970 --> 00:13:08.007
and by intercept I just mean send a stronger signal,

386
00:13:08.007 --> 00:13:09.767
and they can actually override that signal

387
00:13:09.767 --> 00:13:12.880
if they can hit the receiver and take over that.

388
00:13:12.880 --> 00:13:14.870
So, that is something that can happen

389
00:13:14.870 --> 00:13:16.198
and has happened in the past.

390
00:13:16.198 --> 00:13:17.676
<v ->He don't look happy.</v>

391
00:13:17.676 --> 00:13:20.497
He's been using Brand X.

392
00:13:20.497 --> 00:13:22.834
<v ->Stock market hack, "Who Am I?"</v>

393
00:13:22.834 --> 00:13:25.251
[rock music]

394
00:13:26.900 --> 00:13:28.871
In this clip they're on the roof

395
00:13:28.871 --> 00:13:30.820
of what appears to be a stock exchange.

396
00:13:30.820 --> 00:13:33.660
And they're somehow connecting to the network.

397
00:13:33.660 --> 00:13:35.540
This, by itself, is going to be a little challenging

398
00:13:35.540 --> 00:13:37.720
because there are many different networks

399
00:13:37.720 --> 00:13:38.970
and just being on the roof

400
00:13:38.970 --> 00:13:41.260
is typically not enough to jump on the network.

401
00:13:41.260 --> 00:13:45.160
We do see them run something called bashbufferoverflow.sh

402
00:13:45.160 --> 00:13:46.380
and some number.

403
00:13:46.380 --> 00:13:48.550
And bufferoverflow is a common technique

404
00:13:48.550 --> 00:13:51.030
to exploit various types of software

405
00:13:51.030 --> 00:13:52.570
by overflowing their memory so much

406
00:13:52.570 --> 00:13:54.830
that you get to a point in memory

407
00:13:54.830 --> 00:13:57.513
that you can tell the processor where to run code,

408
00:13:57.513 --> 00:13:58.651
and you can then point that back

409
00:13:58.651 --> 00:14:00.760
to the original memory you overflowed

410
00:14:00.760 --> 00:14:01.990
and that's now your code.

411
00:14:01.990 --> 00:14:04.175
So, it's a way to take over a computer

412
00:14:04.175 --> 00:14:06.040
just by inputting some data.

413
00:14:06.040 --> 00:14:06.873
What they're demonstrating

414
00:14:06.873 --> 00:14:08.132
is that they were able to connect to

415
00:14:08.132 --> 00:14:09.608
and then run their own code

416
00:14:09.608 --> 00:14:11.103
and run their own instructions.

417
00:14:11.103 --> 00:14:11.936
[rock music]

418
00:14:11.936 --> 00:14:15.360
[speaking in foreign language]

419
00:14:15.360 --> 00:14:18.031
We're also seeing, essentially, video of a graph.

420
00:14:18.031 --> 00:14:20.733
And that chart is probably going to be extracted

421
00:14:20.733 --> 00:14:22.690
from some other location,

422
00:14:22.690 --> 00:14:25.640
maybe from a website or from some other feed.

423
00:14:25.640 --> 00:14:27.510
So, it might be possible,

424
00:14:27.510 --> 00:14:29.273
but it's going to be challenging to do this.

425
00:14:29.273 --> 00:14:30.106
[rock music]

426
00:14:30.106 --> 00:14:31.920
<v All>Yeah!</v>

427
00:14:31.920 --> 00:14:35.400
<v ->Autonomous vehicle exploitation, "Fate of the Furious."</v>

428
00:14:35.400 --> 00:14:37.530
<v ->There's over a thousand of them.</v>

429
00:14:37.530 --> 00:14:38.363
<v ->Hack 'em all.</v>

430
00:14:38.363 --> 00:14:39.933
[computer squeaks]

431
00:14:39.933 --> 00:14:41.016
[engine starts]

432
00:14:41.016 --> 00:14:41.980
[tires squeal]

433
00:14:41.980 --> 00:14:44.460
<v ->In this clip we see a bunch of cars</v>

434
00:14:44.460 --> 00:14:46.340
getting hacked and taken over.

435
00:14:46.340 --> 00:14:49.100
Some of this could be possible.

436
00:14:49.100 --> 00:14:51.720
And there's a pretty incredible demonstration

437
00:14:51.720 --> 00:14:52.553
of this type of attack

438
00:14:52.553 --> 00:14:54.460
where they were able to take a Jeep

439
00:14:54.460 --> 00:14:56.241
that was driving on the road

440
00:14:56.241 --> 00:14:58.640
with someone from "Wired" inside.

441
00:14:58.640 --> 00:15:00.650
And they were able to take that car over.

442
00:15:00.650 --> 00:15:03.726
They first started just controlling the windshield wipers,

443
00:15:03.726 --> 00:15:05.510
adjusting the radio,

444
00:15:05.510 --> 00:15:06.594
and then actually started messing

445
00:15:06.594 --> 00:15:09.780
with the controls of the vehicle, like the throttle.

446
00:15:09.780 --> 00:15:11.181
And that's because some vehicles

447
00:15:11.181 --> 00:15:13.840
do have these components computerized.

448
00:15:13.840 --> 00:15:14.809
However, what they're showing here

449
00:15:14.809 --> 00:15:18.940
where they're just arbitrarily choosing cars to take over

450
00:15:18.940 --> 00:15:22.350
is really unlikely because it's a lot of effort

451
00:15:22.350 --> 00:15:23.937
and it's typically a targeted attack.

452
00:15:23.937 --> 00:15:25.372
You have to really know the vehicle

453
00:15:25.372 --> 00:15:27.388
that you are trying to get to first.

454
00:15:27.388 --> 00:15:28.795
[speaking in foreign language]

455
00:15:28.795 --> 00:15:29.740
[cars crunch]

456
00:15:29.740 --> 00:15:30.760
<v ->Ouch.</v>

457
00:15:30.760 --> 00:15:31.593
<v ->You see a bunch of cars</v>

458
00:15:31.593 --> 00:15:34.820
that are actually parked and they start driving.

459
00:15:34.820 --> 00:15:35.660
Well, that's not going to happen

460
00:15:35.660 --> 00:15:36.960
if you have something like an e-brake.

461
00:15:36.960 --> 00:15:38.270
As far as I know today

462
00:15:38.270 --> 00:15:41.350
there aren't many vehicles with a computerized e-brake.

463
00:15:41.350 --> 00:15:43.950
So, we're just seeing way too many vehicles

464
00:15:43.950 --> 00:15:44.930
doing way too many things

465
00:15:44.930 --> 00:15:46.854
they simply don't have the capability to.

466
00:15:46.854 --> 00:15:49.050
<v ->I'd buckle up if I were you.</v>

467
00:15:49.050 --> 00:15:51.967
<v ->Credential hack, "Mission: Impossible - Ghost Protocol."</v>

468
00:15:54.176 --> 00:15:55.532
[machine whines]

469
00:15:55.532 --> 00:15:57.650
[machine beeps]

470
00:15:57.650 --> 00:16:00.330
In this scene we see Ethan Hunt

471
00:16:00.330 --> 00:16:02.340
going into a government building.

472
00:16:02.340 --> 00:16:04.620
He reveals his credentials

473
00:16:04.620 --> 00:16:06.850
and the person working behind the desk

474
00:16:06.850 --> 00:16:08.630
starts scanning the credentials.

475
00:16:08.630 --> 00:16:12.370
[speaking in foreign language]

476
00:16:12.370 --> 00:16:15.286
<v ->He looks at kind of what percentage of this hacking</v>

477
00:16:15.286 --> 00:16:16.549
is being done.

478
00:16:16.549 --> 00:16:19.010
This seems pretty unlikely for a couple of reasons.

479
00:16:19.010 --> 00:16:21.950
For one, when you're talking about a credential

480
00:16:21.950 --> 00:16:23.710
or authorization system,

481
00:16:23.710 --> 00:16:25.898
it's likely not going to be on some wireless network.

482
00:16:25.898 --> 00:16:27.720
Even if you do have a wireless network

483
00:16:27.720 --> 00:16:28.630
in a government building,

484
00:16:28.630 --> 00:16:31.930
it's again, likely not tied to a security checkpoint.

485
00:16:31.930 --> 00:16:32.890
Another problem here is

486
00:16:32.890 --> 00:16:35.760
that we see a percentage of completion.

487
00:16:35.760 --> 00:16:37.670
You almost never have percentages

488
00:16:37.670 --> 00:16:38.750
when you're talking about hacking.

489
00:16:38.750 --> 00:16:42.580
Either you have found a mechanism to get in or you haven't.

490
00:16:42.580 --> 00:16:44.700
So, the loading bar in hacking scenes

491
00:16:44.700 --> 00:16:46.780
is usually not very accurate.

492
00:16:46.780 --> 00:16:48.320
<v ->Love your disguise by the way.</v>

493
00:16:48.320 --> 00:16:49.866
<v ->Max booth, "Mr. Robot."</v>

494
00:16:49.866 --> 00:16:50.760
[funk music]

495
00:16:50.760 --> 00:16:51.593
<v ->Thanks doll.</v>

496
00:16:56.720 --> 00:16:58.330
<v ->In this scene, we see Darlene</v>

497
00:16:58.330 --> 00:17:01.240
take a little magnetic read head

498
00:17:01.240 --> 00:17:02.970
and take a hotel card and scan it.

499
00:17:02.970 --> 00:17:05.710
And then store it into the device called MagSpoof.

500
00:17:05.710 --> 00:17:08.820
And then she goes up to the hotel room

501
00:17:08.820 --> 00:17:10.760
and she essentially hits play,

502
00:17:10.760 --> 00:17:11.804
which either replays that

503
00:17:11.804 --> 00:17:16.350
or it brute forces the code and that unlocks the door.

504
00:17:16.350 --> 00:17:18.630
And that is something that can absolutely occur.

505
00:17:18.630 --> 00:17:20.980
MagSpoof is a device I personally created

506
00:17:20.980 --> 00:17:24.850
and it's designed to essentially perform penetration testing

507
00:17:24.850 --> 00:17:25.939
around different types of mag stripes,

508
00:17:25.939 --> 00:17:27.960
primarily around credit cards.

509
00:17:27.960 --> 00:17:29.568
The device itself is an electromagnet.

510
00:17:29.568 --> 00:17:30.783
And what all that means is

511
00:17:30.783 --> 00:17:32.846
it's able to create a magnetic field,

512
00:17:32.846 --> 00:17:34.510
both in North and South.

513
00:17:34.510 --> 00:17:36.880
The writers of "Mr. Robot" were really creative here

514
00:17:36.880 --> 00:17:38.810
and asked if this were possible

515
00:17:38.810 --> 00:17:41.720
on hotel mag stripes, and it's entirely possible.

516
00:17:41.720 --> 00:17:43.610
And they actually came up with the idea

517
00:17:43.610 --> 00:17:47.006
of taking that same device and using it here in a hotel

518
00:17:47.006 --> 00:17:50.439
to brute force through various numeric codes for a room

519
00:17:50.439 --> 00:17:53.120
just by having somebody else's room card.

520
00:17:53.120 --> 00:17:55.218
And that's a totally feasible scenario.

521
00:17:55.218 --> 00:17:57.367
Hacking at an Apple store,

522
00:17:57.367 --> 00:17:59.440
"Captain America: The Winter Soldier."

523
00:17:59.440 --> 00:18:00.670
[computer beeps]

524
00:18:00.670 --> 00:18:03.490
<v Woman>Now, it's trying to hide something.</v>

525
00:18:03.490 --> 00:18:05.225
<v ->Can I help you guys with anything?</v>

526
00:18:05.225 --> 00:18:07.171
<v ->Oh no, my fiance was just helping me</v>

527
00:18:07.171 --> 00:18:09.009
with some honeymoon destinations.

528
00:18:09.009 --> 00:18:10.898
<v ->It seems that, really, what they're trying to do</v>

529
00:18:10.898 --> 00:18:14.290
is just hide who they are and what they're doing.

530
00:18:14.290 --> 00:18:15.520
So, they're going to an Apple store

531
00:18:15.520 --> 00:18:16.405
so they can take the IP address

532
00:18:16.405 --> 00:18:18.172
of the Apple store rather than doing it safe

533
00:18:18.172 --> 00:18:23.172
from their home or office or Captain America network.

534
00:18:23.600 --> 00:18:24.570
<v ->How much time do we have?</v>

535
00:18:24.570 --> 00:18:27.157
<v ->Uh, about nine minutes from</v>

536
00:18:28.494 --> 00:18:29.327
now.

537
00:18:29.327 --> 00:18:30.939
<v ->Generally, you wouldn't want to do it in an Apple store.</v>

538
00:18:30.939 --> 00:18:32.929
For one, they're going to have a lot of cameras.

539
00:18:32.929 --> 00:18:35.430
So, all they have to do is correlate the time,

540
00:18:35.430 --> 00:18:37.420
the computer and then look at the video feed

541
00:18:37.420 --> 00:18:39.420
and they might be able to capture who was there.

542
00:18:39.420 --> 00:18:41.460
<v ->Well, maybe we can find out where it came from.</v>

543
00:18:41.460 --> 00:18:43.370
<v ->There was an art prank done,</v>

544
00:18:43.370 --> 00:18:45.490
many years ago at an Apple store in New York.

545
00:18:45.490 --> 00:18:46.700
The creator, Kyle,

546
00:18:46.700 --> 00:18:49.220
ended up getting the secret service sent to his house.

547
00:18:49.220 --> 00:18:51.070
So, you probably don't want to try this.

548
00:18:51.070 --> 00:18:53.623
<v ->Congratulations, where you guys thinking about going?</v>

549
00:18:54.970 --> 00:18:56.012
<v ->New Jersey.</v>

550
00:18:56.012 --> 00:18:57.240
<v Man>Huh.</v>

551
00:18:57.240 --> 00:18:59.010
<v ->If you did want to actually perform attacks</v>

552
00:18:59.010 --> 00:19:00.710
and hide your IP address,

553
00:19:00.710 --> 00:19:02.930
it would make more sense to have some sort of device,

554
00:19:02.930 --> 00:19:05.692
say a Raspberry Pi computer connected to a solar panel,

555
00:19:05.692 --> 00:19:09.800
throw it on top of a store and then connect to that.

556
00:19:09.800 --> 00:19:12.870
So, that is now connecting to the free wifi

557
00:19:12.870 --> 00:19:13.997
of somewhere nearby.

558
00:19:13.997 --> 00:19:17.210
And now, you're sort of proxied, there's no video of you,

559
00:19:17.210 --> 00:19:18.043
you're not at the store,

560
00:19:18.043 --> 00:19:20.450
but you're taking advantage of their IP address.

561
00:19:20.450 --> 00:19:23.153
And now it's going to be much harder to link back to you.

562
00:19:23.153 --> 00:19:26.345
<v ->Person who developed this is slightly smarter than me,</v>

563
00:19:26.345 --> 00:19:27.178
slightly.

564
00:19:27.178 --> 00:19:29.868
A phishing attack, "Oceans Eight."

565
00:19:29.868 --> 00:19:31.823
[computer dings]

566
00:19:31.823 --> 00:19:34.962
[mouse clicks]

567
00:19:34.962 --> 00:19:36.170
[man gasps]

568
00:19:36.170 --> 00:19:39.680
<v ->Rihanna, or Nine Ball, is trying to phish somebody.</v>

569
00:19:39.680 --> 00:19:42.430
She's constructing an email or message.

570
00:19:42.430 --> 00:19:45.900
It has some link that the person clicks

571
00:19:45.900 --> 00:19:48.472
and then that person had their camera engaged,

572
00:19:48.472 --> 00:19:51.280
and the video feed went back to Nine Ball.

573
00:19:51.280 --> 00:19:53.730
That is pretty unlikely.

574
00:19:53.730 --> 00:19:56.360
In order to actually enable somebody's web camera,

575
00:19:56.360 --> 00:19:59.470
you need to get code to execute on their computer.

576
00:19:59.470 --> 00:20:01.140
That's usually very difficult.

577
00:20:01.140 --> 00:20:03.603
When you employ those attacks, and they get executed,

578
00:20:03.603 --> 00:20:05.820
they're going to be discovered pretty quickly,

579
00:20:05.820 --> 00:20:06.760
if you start using it.

580
00:20:06.760 --> 00:20:08.610
And it's going to be patched pretty quickly.

581
00:20:08.610 --> 00:20:10.170
So, it's not to say it's not possible.

582
00:20:10.170 --> 00:20:12.574
It's just that, once you start using these types of attacks,

583
00:20:12.574 --> 00:20:14.040
you're essentially burning them.

584
00:20:14.040 --> 00:20:16.110
Otherwise a phishing attack by itself,

585
00:20:16.110 --> 00:20:17.510
getting someone to click something,

586
00:20:17.510 --> 00:20:19.991
or visit a malicious link, that is pretty easy to do.

587
00:20:19.991 --> 00:20:22.103
And that happens honestly, every day.

588
00:20:22.103 --> 00:20:23.300
<v ->You poor thing.</v>

589
00:20:23.300 --> 00:20:26.001
Discovering a worm, "Hackers."

590
00:20:26.001 --> 00:20:27.450
[rock music]

591
00:20:27.450 --> 00:20:30.117
[paper rustles]

592
00:20:31.060 --> 00:20:33.120
<v Man>It isn't a virus, it's a worm.</v>

593
00:20:33.120 --> 00:20:36.370
<v ->Here we see Zero Cool doing some sort of investigation.</v>

594
00:20:36.370 --> 00:20:40.090
We do see a lot of algebraic formulas, unfortunately.

595
00:20:40.090 --> 00:20:43.540
Which have really nothing to do with what he's doing.

596
00:20:43.540 --> 00:20:45.091
Granted, if you're programming,

597
00:20:45.091 --> 00:20:47.860
you will be writing a lot of algorithms,

598
00:20:47.860 --> 00:20:49.740
but you're never doing it in,

599
00:20:49.740 --> 00:20:51.712
let's say the algebraic format that they're showing.

600
00:20:51.712 --> 00:20:53.790
<v Man>It isn't a virus, it's a worm.</v>

601
00:20:53.790 --> 00:20:56.074
<v ->The worm eats a few cents from each transaction.</v>

602
00:20:56.074 --> 00:20:57.410
And when the worm's ready,

603
00:20:57.410 --> 00:20:59.760
it zips out with the money and erases it's tracks.

604
00:20:59.760 --> 00:21:01.615
<v ->He says this is a worm and not a virus.</v>

605
00:21:01.615 --> 00:21:03.126
And that seems true.

606
00:21:03.126 --> 00:21:07.190
Essentially, we think of a virus as some piece of software

607
00:21:07.190 --> 00:21:10.050
or malware that requires some action by a user

608
00:21:10.050 --> 00:21:11.010
in order for it to execute.

609
00:21:11.010 --> 00:21:12.941
Where, a worm is more likely something

610
00:21:12.941 --> 00:21:17.160
that requires little to no action in order to proliferate.

611
00:21:17.160 --> 00:21:17.993
<v ->By this point,</v>

612
00:21:17.993 --> 00:21:20.690
it's already running at twice the speed as when it started.

613
00:21:20.690 --> 00:21:21.570
<v ->When I was younger,</v>

614
00:21:21.570 --> 00:21:24.289
I did accidentally release a worm on a site

615
00:21:24.289 --> 00:21:26.600
popular many years ago called Myspace.

616
00:21:26.600 --> 00:21:27.433
All it did was,

617
00:21:27.433 --> 00:21:28.690
someone would visit my profile,

618
00:21:28.690 --> 00:21:30.880
without knowing it, they would add me as a friend

619
00:21:30.880 --> 00:21:33.080
and the code would copy to their profile.

620
00:21:33.080 --> 00:21:34.860
That means when someone visits their profile,

621
00:21:34.860 --> 00:21:36.791
the code would copy to their profile.

622
00:21:36.791 --> 00:21:40.830
Within about 24 hours over a million people were infected.

623
00:21:40.830 --> 00:21:42.840
It said, "Samy is my hero" on all these profiles

624
00:21:42.840 --> 00:21:46.920
and Myspace had to shut down in order to remove this worm.

625
00:21:46.920 --> 00:21:48.260
Unfortunately for me,

626
00:21:48.260 --> 00:21:49.980
I couldn't touch a computer for several years.

627
00:21:49.980 --> 00:21:51.590
I wasn't allowed on the internet

628
00:21:51.590 --> 00:21:53.530
until I went back to a judge.

629
00:21:53.530 --> 00:21:54.424
Now we're here.

630
00:21:54.424 --> 00:21:55.690
[Samy laughs]

631
00:21:55.690 --> 00:21:58.477
<v ->Crash 1,507 systems in one day?</v>

632
00:21:58.477 --> 00:22:00.693
<v ->Aptitude test, "Snowden."</v>

633
00:22:00.693 --> 00:22:02.964
<v ->We're going to start with an aptitude test.</v>

634
00:22:02.964 --> 00:22:04.560
[electronic music]

635
00:22:04.560 --> 00:22:07.170
The average test time is five hours.

636
00:22:07.170 --> 00:22:10.800
If you take more than eight, you will fail.

637
00:22:10.800 --> 00:22:13.030
<v ->I don't know whether aptitude tests like this</v>

638
00:22:13.030 --> 00:22:15.110
happen in government, I can only assume they do.

639
00:22:15.110 --> 00:22:16.890
I know with a lot of companies,

640
00:22:16.890 --> 00:22:18.280
you will go through some types of tests.

641
00:22:18.280 --> 00:22:19.300
You will be on the spot.

642
00:22:19.300 --> 00:22:20.740
You will be given a computer

643
00:22:20.740 --> 00:22:22.060
or you'll be given a whiteboard.

644
00:22:22.060 --> 00:22:24.220
And they'll say, "Okay, do X."

645
00:22:24.220 --> 00:22:26.450
You know, "Write some software to perform this."

646
00:22:26.450 --> 00:22:27.933
So, there are realistic tests like this.

647
00:22:27.933 --> 00:22:31.640
[electronic music]

648
00:22:31.640 --> 00:22:32.473
It's actually interesting

649
00:22:32.473 --> 00:22:34.480
because they're running legitimate commands.

650
00:22:34.480 --> 00:22:36.030
We see nmap run a few times.

651
00:22:36.030 --> 00:22:40.100
We see tar, an archiving utility used to compress some data

652
00:22:40.100 --> 00:22:41.690
and then extract that data.

653
00:22:41.690 --> 00:22:43.182
A lot of this was extremely realistic.

654
00:22:43.182 --> 00:22:44.445
I'm really just nitpicking,

655
00:22:44.445 --> 00:22:47.750
but a couple of those commands had a verbose flag enabled,

656
00:22:47.750 --> 00:22:49.020
which should have output a lot more data,

657
00:22:49.020 --> 00:22:50.670
but they did not output any data.

658
00:22:50.670 --> 00:22:52.703
But, otherwise it seemed like a reasonable clip.

659
00:22:52.703 --> 00:22:53.891
<v ->Eyes on screens.</v>

660
00:22:53.891 --> 00:22:55.175
<v Man>We don't have enough card space</v>

661
00:22:55.175 --> 00:22:57.480
to do all the other clips.

662
00:22:57.480 --> 00:22:58.525
<v ->Does anyone have an iPod?</v>

663
00:22:58.525 --> 00:23:00.226
[men laugh]

664
00:23:00.226 --> 00:23:01.070
[bell dings]

665
00:23:01.070 --> 00:23:01.930
<v Narrator>Conclusion.</v>

666
00:23:01.930 --> 00:23:02.788
<v ->Hacking itself</v>

667
00:23:02.788 --> 00:23:06.010
is not always the most glamorous to look at.

668
00:23:06.010 --> 00:23:08.442
However, we are seeing more and more hardware type hacking

669
00:23:08.442 --> 00:23:10.531
where people are taking physical devices

670
00:23:10.531 --> 00:23:12.353
and moving hacking into the real world.

671
00:23:12.353 --> 00:23:13.186
[gentle music]

672
00:23:13.186 --> 00:23:14.893
And that by itself, I think, looks more interesting.

673
00:23:14.893 --> 00:23:15.868
<v Man>And that's a wrap.</v>

674
00:23:15.868 --> 00:23:17.783
[group applauds]

675
00:23:17.783 --> 00:23:19.803
<v ->All right, guys, from the top.</v>

676
00:23:19.803 --> 00:23:22.136
[men laugh]