Insecurities of the Internet | Dr. Bright Gameli | TEDxYouth@Parklands

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] so I believe it both of you are trying to wonder why I have a complete picture right a new practice column is about the security joy so I wonder why you see the second security institutional internet but I set up a console picture right because I try to protect people in any way I can so I'm going to talk about all the insecurities of the internet but before I even start let's ask a few questions when y'all came in right now what what you told us it was the wife writing check your Wi-Fi right now there's another one and the thing is Marjorie - if you not right if I leave it to my fifth wife I and I can see what you doing if you don't believe me you can check so I can basically see what kind of informations you posted I can see the kind of Victor touch a view on what's up no no what's up the mini Instagram and the thing is now that we knew that you actually connected to a Wi-Fi so do you know that actually connected to any kind of what important coffee shop the first thing you get to the app is Wi-Fi but how did we do that anything that you do the Wi-Fi can force you to download any file that you want to pan I wanted to download I can talk to ghosts atleast I don't want to go to when you make internet banking is a possibility the one you see is not what you see it's mine and how many of you know that when you actually connected to that I could control everything you do I can force to play music on the laptop and you can never turn it down when you turn it down to go back up if you do know that and you do know that every single time that you have to buy a new laptop the lot of cars unencrypted but the thing is that the doctor we have is not really in the best things it takes me five minutes when I have physical access to a Windows machine to actually compromise at all I mean that is different real slow-like on its snow day when I'm really tired it takes me five minutes to bring it to Windows machine when you have a Linux operating system for the past four techies it takes me six minutes I got a snow day what happened hard tough tough talk with everybody feels like it's the best always that is the most security six seconds because it's one of these two combination of keys commit to actually compromise the Macintosh laptop how many do you know that oh this doesn't know that but again did you know that every single time how did you open who you're all business men and women and all of you are asked to this somewhere and you open documents every day if you know that what I say the records of word document to you it only takes five seconds when we talk to the control everything you do I mean I can basically manipulate all the documents you have I cannot change because of the laptop I cannot any user is shutting down and did you know that when I send your PowerPoint presentation there very nice part but you be seen around it's all it takes to hover over a small space I don't need to click anything you don't need to click yes you're I'm pretty sure you're asking some questions right now you don't need to click anything but it's when you move the mouse a little bit by a minute second it only takes me to actually control what you watch what you do basically if you have a sit around reading open it and close it for you I should be able to basically stain the network or the system's whatever it is forever yes I can actually listen to a device in the background and if you have a smart TV understand why that's difficult what ever it is I can control or to watch which I've done a few times again every time we what's up Bruce people keep on getting things like hey check out this new what's up check out this new link and now how did you click on those links I mean I bet majority of you click on that right don't you now the thing is mobile applications as you receive it only takes one second for you to open an application to compromise you and I'm talking about that you take over some database I can send SMS it from your phone I can listen to the mic activate a camera back in front and I can ideally force you to actually have fixed you don't want to know how safe are you and this other kind is the creatures of the incident I must say not using it and at least use it you can survive without it I bet some of you came here you can survive without social media can you well I think you there's some question that I've been through your mind and you want to be this is really true right or wrong again there are many times that when it comes to you right now is hey please can I charge my phone for just five minutes how did you do that with a bit of clubs right when you go to offices the front desk now the only text against seven seconds for me to actually compromise your laptop when I plug in my laptop to charge or when I plug in this flashiest this is not your everyday flashes by the way it looks normal but it's not this actions were to call the human interface device a mouse keyboard when you when the bottom of the key or did you actually have to install anything no it works out of the box this is a real modified really reverse engineered thrusters that when I give it to you and you plug into your laptop it types everything that I wanted to type yes I don't need to touch a laptop so basically what I mean is I can tell it to have to download a virus from my somewhere and by the time I leaned forward with the less colonists smile at you as I keep distraction for what seven seconds and how many of you actually allowed to plug this with your Flash since your teachers would you want to track that he trusts me already but again I don't want to just give a short demonstration of how some of these things work I wish I'll be able to show you all of them but let me just give you a little taste right or wrong all right so the first thing I have ever used to compromise you is Google Google is a habit for hackers I'm asking to do this bad and it's awful but the way you Google or the way you search for document information on Google is not a right into it when I decide to say site I'll type dog and I said no this basically says that look through every Kenyan website or dot Kane website any Microsoft Word document that has the word canon law edit now I want to go further to the details on what I can do with the people with kind of search engines the undersea more maybe sure now if I was to say that I'm looking for saying recipe somebody down on the Nile University websites there are residues of people that are still hidden that are supposed to be see Jake what website there so like hidden you're supposed to sit back and Goodloe so some of the commands that you can actually use to actually comfort not compromise the basically grab information and I've seen for a hacker to compromise you he only needs enough information so that's what I'm going to show you how to get information now I can use this and again if everything I want to say would say in title index and to say beauty remixes okay and they are coming there for mp3 now particularly delicious Kita's kind of a exactly it's just ciske right now his website tells you to possibly buy to face way anything but when google they're gonna get the back end of it we call it an index format of which you can download for free okay free and I mean all music all of it so the very graphical interface that you ever have is not the same thing that I use if I want to get information about you I can find out every document that exists on every website in the entire world inside that document where your name has been mentioned we have to find them right so assume that I want to find out details about you know is how we wanted the tax of Viacom a very good friend so if I catch something like this our lattice for Hamas and as an attack vector our magic friend of who says they actually work as a particle and with a schematic and child anybody who stays may be federal positions or people at Safari gone I get I wanna gather information because if you were to Safaricom right now and you expected me for that email from the head of say corporate affairs you can't open that emoji okay but find out this information is really good for me because I know who the head of corporate affairs is what he or she does and whatever information I can use to actually actually social engineering you to actually open that document I'll be together anyway but to a hacker okay the most interesting tools will happen is this what you call it terminal the terminal is basically some sort of its right to console or as we call it to gather information if I run this command it's called a harvest the harvester basically goes through every internet visited websites in the world where there is somebody as Safaricom being measured and it gives all the email addresses because what is important to me right now is I want to find out that limit confession of suffering from emails so now I have information about who our target have information about who I want to use to target you and right now what I can see is the email address format okay again what I finished that I don't like to find out what are the various ways that I can actually make you believe I can't get an even a surprise compost facility I mean there won't be a building and that's not work here right so I run something basically to show me what other possible ways that I can use some prior called similar emails or simpler domains as a college to compromise you now if you look at all of these results here though they are dissimilar to spark on the see that we need it can ideally not tell the difference Kenny but exactly and if he said that question why the question basically means that nobody has registered that domain that means for 2000s in is I can purchase that domain registered email that I have found well here and I know who the person for Corporate Affairs is or anything right and I'll send you a very malicious documents are we together now finding out certain information I still need some form of detail about you so when you all came here you started tweeted don't you but when you're tweeting information give me crap about you if I put put where we right now it's a frat house and I said I want to find out the GPS coordinates and if I copy that entire to be AZ coordinate I'll go to do that a lot to go back and put the longitude and I put a range of 1 kilometer that's one final everybody who's ever tweeted within one kilometer radius about this place there's a possibility or might be there and I want to so I don't put too many resource up to 20 well I think your friend very similar name be very famous names or names of people who actually are around this place so these are all Twitter names of people who are actually treated within one kilometer radius of the Franklin house I have Amelia now again what a government information so because if I do want to compromise somebody's lost a fire door within this range all I want to find out is that it's a handicap transport which is can actually if I want to find out more than just about a particular person are used by my mind to that house because I don't expose anybody our other tool to find out every detail about who right and the result that it gives me is analyzing every tweet account that I have obviously good analyzed about 200 tweets and less than the results right here now if you look at all of this information it tells you how many trees that I've ever tweeted what kind of lights when I went to wrap which ones I went to Twitter and what kind of information like if you look at all this you can tell that I meant to what we tweet a lot don't I again if you look at the statistics here if you look at almost Reformation you can turn on a techie okay and if I go further you can only tell the time that I like to eat it a lot the time at like the particular time that I ask you like to eat it so you know what to send me a particular tweet and as we go further and look here you're rather I am an Android user all together all this is the information gathering using publicly available tool we call them open source intelligence I'm not using any tool that are but look I write things though but with the publicly available information so don't don't feel like a feel for anyone now such information that I've gotten I still want to find out again what right what exactly is about right now you'll find some lose this I want to do what I get to know bright email address and with that I just want to find out again for publicly available websites what is likely is it about right that we don't know easy or social media into an AB social media that we don't know if you look at this results here I never like to show this results but either by with you so now Brides has another name what call it family and he's somewhere are suited with what Africa hotline because think it's Facebook accounts Foursquare Google and gravity' is basically an image of you we look at an Instagram account cloud participate application that was collectively connected to other social media for Facebook and then there's MySpace which I actually thought I deleted them because I can't remember have a myspace account but if you actually open that you will see myspace account and pictures of me and now the interest which if you look at this name here that I could name I used to use that when Austin a little bit it's a hacking back in the day there's not a condition in there other girl speaks I don't know putting force here and my Twitter account YouTube and what Jenna is what enter to city nice TT and if you click on all these pictures I made this image another open them but those are pictures of me I don't want to open them right now but it's not basic information to gather it again up up right if I really wanted to go further and find out more information this again publicly available tools I want to find out every picture bright as ever tweeted about and showing the results are right here he analyzes every tweet that ever have and you can see that I was tweeted a god and if you look at all those what is the show again on a technique are we together having all this information is good enough we're happy to be able to exploit you and to do that I was set about to call the command and control a command and control is basically a command and master who says how the messenger says going to member Justice Center pick up everybody with wearing black when they find us laughter and he was like okay I was able to slap about 30 people is that okay not go back and check who is wearing brown shoes and be able to count so the command and control is finding out something now set it up there to luminous free right now this is my target machine understand on a very simple Microsoft Excel document so as Excel document is open it you will think this is the normalized on sheet right but intentionally put an error of which one you want to read by the time you read that error is giving information it's gonna give a connection to this laptop which are waiting for when you click OK it closes slow internet to make sure enemy it's a connection from the door spider doors open close the connection between this which is not working see well all the things we should gather dyskinetic things are actually compromised you and I said wait for that to happen oh there we go there are two connections all I have to say is sessions interact with the first one now I like to show people exactly like little switches because you have no idea that this is actually showing information I want you what you think is actually very nice stuff but you open it but we can see exactly what we see Raven but again you see that is just having an American word document open what if I started to add in this process do you want to see what happens okay so I'm going to close this and I have to end this first thing again I'm sending up a command and control the command control being set up I want you to see I think for far away you cannot see it properly but just look on the screen what happens what a platinum flashes any count how many centers that it takes okay so that is that now right now you know most of what I do it with the something called demo gods even the demo gods everything works out station when you get online it's not sure it does get this low any of it good so if you look at the screen right now with a practice crash the skin and if you start counting one two three four five it goes that I'll walk away in that five second that I walk away do you believe me no you Johnson anyway [Music] because again when I do this I have to shut down so if you look at the laptop here and I'm very malicious to this person I will should be able to shut down this laptop how we say how many and I can do this my phone this other phone I can do the same thing with it I can do this with or have other flashes that are very interesting there whatever like it's your laptop and here for seven seconds or the lover that I stay with you you should be able to copy any file in the background it could copy anything such as your browser passwords you have the right man in the C&L to drive see or whatever it is that you have I can visit any instructor to do with anything how safe are we well that is a bit end and all are going to mobile applications because if I want to show you the mobile part of its can get a little more tricky right so now that you're scared now what are you scared are you sure but I wanna show you five percent of it you do not see more I wish that clear this time so how do you stay state you need to do more awareness than technology even not a few are aware of this place to be able to happen that's why I did not know but now that you know what you do don't you can rely on technology all the time because let me tell is starting decorative you buyers to buy poverty viruses that's not work it's 111 not enough to do so if we don't work in so much of technology we can't actually progress among these things kind of information that to share we share sort information on social media and the thing is that deformation is what we actually use to compromise you right so limit that much information digital social media you don't want it there don't put it and then of course any kind of evil you get link that you get to by the detail look at the email address for the source somebody got compromised the other day because of every indeed she actually went register on nbnb and guess what they replied with an Airbnb with what a double I she did not see that she paid three thousand faster for house enroll and guess what they sell the details that you know what the content is done this money to this vestibule account but the blah and then she's paid that cash is gone so scrutinize even in documents pay attention to anomalous you is really the most moving too fast but you feel like the something not right when your camera all of us that it comes on but the light comes on shut down because some like me when I have access to your laptop the next 10 seconds it's run a command to wear color persistency it stays in there for as long as I wanted many and every time you restart the Machine it's always cool right so in all school every time we get updates on our systems or other falls in the legs what we usually do we click custom the right typical habit we do I love the computers were happening allowed that the virus is that it's tough to update because we do remember the either does not forgive the either does not forget thank you very much [Applause] you

Info

Channel: TEDx Talks

Views: 12,788

Rating: undefined out of 5

Keywords: TEDxTalks, English, Technology, Cyber, Internet, Security

Id: 4pvMxvsFm44

Channel Id: undefined

Length: 24min 14sec (1454 seconds)

Published: Mon Aug 27 2018