Hackers are all about curiosity, and security is just a feeling | Chris Nickerson | TEDxFultonStreet

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi good there's people that good that's good all right so I'm Chris I wanted to start by thanking all of the people here who put on this conference for us right more than anything it's places like this where we get to thrive we get to find new ideas we get inspired I've already completely wanted to change my entire talk a couple times from watching these people so now you're gonna have to deal with me wrestling my own thoughts while I'm standing here I want to thank you guys for being you know so attentive and watching PowerPoint because god that's really fun isn't it you know when when I got nominated to do this from my friend Ashley who's sitting over there I was really really excited and then I was scared to death because I was like well I'm really used to ranting in front of my InfoSec crowd right I can have a thousand people in the room and there's a whole bunch of hackers that I'm used to talking to and now I'm like wait a second I have to talk to real people and I realized that you know the agoraphobia of my industry was starting to manifest itself and me so I was like all right all right go back to the basics right try and explain how I got to where I am so capricious youth right that's me that's who I was that's how I figured out my life is just trying to fly through it because I thought I could and anytime I saw a red button or any button at all I pushed it because who doesn't like pushing buttons it's super fun it's so much fun that I actually grew up and I made a career of pushing buttons you know people can call me whatever you want to call me but that's what I do I push buttons for a living just to see what it does and it's real fun I can give you the standard shock and all war stories of how last week we are running around trying to steal a jet from a runway and could successfully do it a couple different ways or what computers we could hack into but it's more interesting to me to think back of you know where did I start and how did I get to some of the places I was in and we didn't have the internet when I was young we just had a whole bunch of computers you could dial into we had little magazines that you could read and figure out how to tap the phone line a couple times and try and get a free collect call right I wasn't really interested in what I could break into I was interested in what stuff was but I wasn't even more interested in what it could be you know I want to repurpose everything anything that I had in my room would get taken apart that didn't necessarily work out for my social life because I got grounded a whole lot for that but I really wanted to play with all that stuff how does this work I don't know open it up with like hope I broke it that sucks you know and I had to learn how to fix them at the same time and that's really part of that kind of hacker inside of me you know a lot of these people use this word hacker right if we type in hacker in Google it's the most depressing thing in the world to me it's so depressing first off none of us sit behind our computer in a ski mask fact no hacker ever wear ski masks when they're hacking that [ __ ] is hot we don't do that we don't yes we wear hoodies but we don't keep them up like how are you gonna drink Mountain Dew and sit at a console for 15 hours and you got a frickin hoodie on Plus then your headphones get messed up and you got to listen to techno music cuz you're hacker right no Chopin for me it's only rave music but I want people to respect real hackers right I want to take some of the hackers that I see in the world right these are the people who are hackers these are the people who are out there going yeah it's cute that you do it that way with that thing but I can turn this into renewable source of energy for the entire world you're just using it for what Oh powering the battery of your tank that's cool I'm gonna make it a better place and that's what we try and do right we try and become like the meme cat Internet defenders of the world taking our skills that we had from our beautiful capricious youth of I can't call it breaking into things because there weren't laws around that but we were investigating the ability to attain information from particular systems that had open authentications um thank you lawyer uh-huh but you know in order to do that we had to see the world I didn't know much outside of my office that I wasn't supposed to get into that I eventually had to learn how to pick locks so I could get into the office to play with the computer that my stepdad had so that he could do word processing stuff I was like I can look at porn I can do all sorts of cool things you know so I had to find my way around the industry to do this and and you know I worked at a law firm so I could see what it was like for the people that were getting attacked I worked at a big giant carrier so I could see what it was like to run the highways that have all this stuff going on in it and all this cool technology and then I was like whoa I could probably have a bigger effect if I get actually work at the companies that audited the big companies because then I get the trickle down and then I was like wait a second what if I worked at a company like I was working at Alltech where I could be a resource that worked for the auditors that work for the people that people bought stuff from I could really get a big picture of it and what I found when I made my company is that none of those views really helped the world they helped me go around and speak and you know break my ankle in foreign countries and meet people from all over the world sure that's neat but you know what really happened is I need to find out and what I did find out was that you have to inspire action in people for this stuff to change me being mr. cool hacker does nothing for the world it really doesn't it doesn't even help the world if anything the best thing I can do is give you a laugh or you know docked somebody and then you could be like oh he's a hero and then I'll be like now I'm a traitor I just didn't do what I said I was gonna do but more that I can do to inspire people to learn the more that I can do to inspire people to be aware of what's going on that's how I found that it's starting to work you know 15 years into this and I'm now starting to find my pace so I wanted to share kind of some of the lessons that are outside of what the normal security people will say to you you know most security companies out there most industry Moffitt's whatever you're gonna call them they spread the fear and gloom right to them the sky is falling all the time and it's your job to block the falling sky with piles of money buying crap because it's gonna protect you even though we're worse every single year we lose more money every single year I mean this year alone we've already lost a hundred and seventy four million credit card numbers that sucks like we just suck at it and and I think that you know back to that like you know 12-step program like we just need to understand that we sucked and let be ready to move on right like we have to admit and we sucked okay somebody help us out and and one of the things that I look at when I figured out some of the path of this is that security isn't something you could buy it's a feeling I mean when you go to Oxford and you ask Oxford Dictionary by typing it into the web browser because that's what we all do or our little phones it tells us it's a feeling yet we keep putting money into it like it's a thing right security isn't a thing no matter how you cut it it's how you feel oh well the crash-test-dummy didn't break its neck when the Mercedes ran into a brick wall at 80 miles an hour I'm safe really are you a crash-test dummy no I would say that it's never been tested with you then and then they're like ah you're right but it's supposed to be like me but it's nothing like you right and and we need to kind of get through that so the first part is knowing that it's a feeling and if we know that it's a feeling we start to know how to address our own feelings I mean grants that I have you know abandoned daddy issues and God knows whatever else is going on in my life but at least I can admit that those things are going on and be aware of it and try and start prescribing something to do about it so the second one and this one's really really hard to wrestle with I believe very strongly that awareness is greater than knowledge knowledge oftentimes makes us hurt ourselves oh I should have known better no you shouldn't have you didn't even know it you didn't even know it existed how could you have known better if you if this was a totally foreign concept to you I would much rather you just be aware I mean when you're walking down the street try and be aware of your surroundings not just oh there's this lady in a blue shirt there's this person there I mean I want you to look at all the things is the door open yes or no I don't know okay put your hand on it why well no no I just want to see if it's open you know is this is the streetlamp able to do something different is there something in front of me that shouldn't be in front of me that I could move you know could I get a discount at the hotdog stand why would I get a discount I don't know let's think of all the different ways you know don't just think of oh I can't get home from you know on time I can't get to work on time even though technically this is exactly what I'm thinking of when I'm walking down the road I'm like how can i hack that sign to kind of troll people make them laugh but also make them realize that I could hack that sign by the way real easy it's just the default password if it's even password alone which most of the time it isn't we're teaching people to pick locks upstairs because sometimes there's locks in the way of a neat little keyboard inside of that really easy very Zen thing to do picking locks you know using your fingers in order to see that's so zen-like you like really meet with those things but you know Ian's walking through the city yesterday what the hell is going on with that why is there a serial cable connected to it what does it do I mean if you have your eyes open and you walk through the world security is a really easy thing hey how do you control the street signs with a serial cable cool step one don't put the freaking serial cable out where people can use it like you don't need advanced stuff you don't need to go by a firewall or something crazy we just don't do it BAM secure you feel way better knowing it hey this do you can't just jack into it awesome you know you have all this crap in your pockets all day long I mean how many of you guys walk around with you know God knows how many lithium-ion batteries of stuff all right you can attack every piece of these things I mean this stuff is super easy to attack and by super easy I mean within seconds any of the badges that you guys have that let you access them to your facility from here on the stage I can read and clone but it's so secure beep I'm like yes it is beep and I get to walk in as you you know there's there's all you know we have computers we even have barcodes on our little tickets right oh hey look at my ticket here's scan it boy you should see how mad Ticketmaster gets when I put sequel injection inside of the barcode and it causes the whole database to dump and everybody gets in for free hey warrior um you know there's just so much this stuff taking taking cell phones even a cell phone I can put a USRP which is a little defined radio I can put it on one of those little funny drones that everybody's trying to fly around in helicopters and everybody's cell phone here will get routed through my antenna takes about five minutes to set up I mean granted five minutes is a long time these days but that's it that's all you need one blip gone all yours all your cell phones route through me that's why it's so easy for the government I mean it's not like they're doing advanced attacks but there are really basic stuff we just need to be more aware you know when you look around your office right oh yeah that's my office oh except you know I have a wireless headset oh it's Wireless yeah that means somebody can listen in on it you know I have wireless phone I have all these wireless things you have to think it's wireless all right let's just start there meaning that it's right here inside of my hand literally inside of my hand right now and all I have to do is put it in something so I can read it that's it it's not real hard and so the more we are aware of these things the easier it is for us to defend it you know when we think of wireless stuff as it's gonna hold things that are important to us we probably don't want to just give it to everybody right we want to take whatever precautions we need knowing that it's gonna be floating around in the air uncontrollably to protect it I mean you can even hack parking meters and yeah this is super fun for you guys trust me it's not real hard I mean granted Joe and a bunch of these guys did the really hard stuff of the reverse engineering but as hackers we like to help the world so we really scripts so that anyone could just go click and then it works for you because we found that we've tried a number of different ways to educate vendors on making their stuff better right we've had bug bounty programs where we're like hey guys we want to be responsible and tell you how this works so that you fix it and they're like well that would cost this 20 million dollars in development costs so and you're like oh hold on every single user that you have could get hacked by this and they're like that's cute but they haven't been and then you're like all right cool so the script gets released a whole bunch of those people get owned in you're like hey you guys gonna fix that thing yet and they're in the middle of really freaking out trying to fix it you know so we've learned over the years to be a little bit better with people but being aware kind of helps you know we're the only industry where we get to fight the big guys right like we're the only industry where I can sit on the stage as one person and tell Oracle to eat me and they and the best they can do is bring their lawyers and even then they're probably not gonna get anywhere with it so we try but if everyone else was more aware it would get fixed much much faster 3 we have some really really basic things to learn is that humans and just humans end up being the core problem for a lot of these issues but my prophet of information security is a man called Mike Tyson Mike Tyson said everybody has a plan until they get punched in the face y'all have plans every one of you have plans and the day that you get hacked the day that some of this happens all of your plans are gone you may have companies that have these elaborate security programs mystical treasures of things of blinky lights and racks that do super crazy anti hacker things does it work no vendor said it does that's like you know are you a good racecar driver I don't know but I got a cool car that means nothing it really does so we need to try and get to a point where we're actually testing these things make people prove it I lived in Missouri for a while when they say show me they mean show me don't spend a dollar till you see it work because otherwise you're just getting the placebo you're just getting that pill that somebody sold at Walmart last week because there is a bunch of cool infomercials where you got to see somebody get photoshopped and they went from big giant fat person to super little skinny person and it's probably needed in the same person but they kind of look the same and they Photoshop their face on it right like that's what we're buying for millions of dollars is the leg get skinny quick bill because none of us want to do work and the more that we make people prove it the better off we become and the less we spend finally hack more come on yes learn how to do presentations better go to places where you can learn these things I mean how many of you think it would be cool to be able to pick a lock that's awesome right that's like most of the crowd how come y'all don't know how to pick locks why did you forgot how Google works you need the tools I'll give them to you I don't care I'll bring down my backpack you have everything in it if it gives you one little stitch of inspiration to try and go do it you know there's places all over the city that map is just hackerspaces in Manhattan just places that people go and pay $50 a month to hang out and hack stuff together and that doesn't just mean computers that means locks that means social stuff that means building things it means tearing stuff apart figuring out how a camera works you want to know how a TV works and you don't know go to one of those places and ask somebody how TV works you will be amazed at the ten hours that you spend figuring out everything from circuit board design to what an LED is and the more that we can dig into these things the more that we can tap in to that kind of Buddhist new mind that we had when we were kids the more times that we opt to push the button instead of not push the button to safer all of us will be I said you

Info

Channel: TEDx Talks

Views: 233,625

Rating: 4.885664 out of 5

Keywords: TEDxTalks, English, United States, Technology, Computers, Data

Id: HW9hH0vlPEM

Channel Id: undefined

Length: 18min 47sec (1127 seconds)

Published: Wed Sep 03 2014