You Should Learn How to Hack | Ymir Vigfusson | TEDxReykjavik

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Applause] let's hack a bank right here we have the fictional Bank of synthesis normally I would just enter my account details and then be on my merry way with whatever disappointing numbers it might show me for those of you who are new to hacking bags right here on the right we have the source code for the back this is the series of programmatic instructions that get executed when I try to authenticate now normally this source code isn't available to us sometimes it is maybe it was leaked or was stolen maybe we used to work at this particular Bank or maybe we just have a really good intuition for what this code might do so let's try to do something interesting mister authenticate actually because I'm unaccountably wearing this balaclava I'm gonna try to log on as the administrator so let's try that let's do an answer here admin try some password big Ted it failed failure is something that hackers are particularly good at in fact failure just energizes us to keep going to keep hacking to try to push the boundary of the system that we're trying to take away and it just increases the bliss that we feel one way ultimately break-in so let's keep at it so we start to do something tinker let's try something like Ted or carrot or some not to Ted Oh what do we notice what we noticed here is that the colors have changed oh why is that and that is the second hacker trait curiosity it's understanding the limits of the technology that you're trying to hack to see the boundary of what is possible to make something do what it was not intended to do that is hacking okay so what happened right here I'm sure most of you are familiar with the airline passenger announcement systems right you know the girls let's go can't they come to the event information disc right what if you told them that your names would be something like this what would happen all flights are cancelled all flights are canceled please evacuate please evacuate can't we come to the airline information desk what just happened you just injected a command into the airline passenger announcement system something that was not intended by its operators or by its makers this is called an injection attack so what's happening here in our back is that the back end the database here it is not understanding our passengers being just pad or ped or it's understanding it to be at war and then an additional command we've injected something into the protocol so if we carefully tinker with it around a little bit and we start to speak the underlying language called sequel then we can turn this question that's being asked from being the following question is that a user whose username is admin and whose passport is into the question is there a user whose username is admin and whose path suit is Ted oh there's one equal one ah you know it is the computers predicament that it must answer logically right it's like the math professor everybody had like this book and math professor right like the one guy whose wife went like oh he said a boy or a girl yes it is boy or girl you know that guy yep computers are the same way right so right now we are telling the computer to say yes because one equals one and what happens it's not gonna work because we're gonna take our little bit more and it's the third pillar of hacking that was in the details but we've broken it we can transfer money we can do what everyone we have administrative privileges hahaha so what happens now you get a car then you get a car everybody gets a car now before you sent me a mail telling me something to the order of like this is not really Steve some people the ski masks in the audience maybe I want me to retort first is but let me also explain to you why I am here I want you to become a hacker yes this is not some elaborate sting operation there's no SWAT team waiting on the roof Robo team aboard I really want you to become a hacker now why do I want that like I imagine most of you I lament the Bross of cybersecurity news like whether it's States attacking other states or criminal syndicates that are encrypting your photos for ransom or under socialized boys or dark Singh celebrities I also resent the fact that most cyber attacks we will never hear about because they were successful so why do I want you to become a hacker it's not because I want you to impose your moral codes on an incompatible Society it's not because I want you to inflict damage I want you to become a hacker because I believe it is the only way we can rebuild cybersecurity I want you to become a hacker because I think not understanding hacking creates a paralyzing fear of cybersecurity and you cannot understand defense if you do not understand offense so rather than be immobilized by this fear of cyber attacks and hacking and all this stuff let us embrace it let's all become hackers let's unmask why would anyone wear this right while they're coding seriously if you look up a hacker on the internet everybody's wearing these masks why on earth or while they're giving a talk I don't know anyway so when I was a teenager I was in this voice that are hacking each other right it's like a rivalry going on you were motivated not by malice curiosity and when we discovered pretty early on was that there were these big hacker teams the sophisticated hackers what they would do was would be to try to break into and use those machines as a launch pad for their own operations all right because his think of trees back it would be to the small fry hacker who had no possible deniability the computer is full of hacking software yes can be insidious so to escape this fate it became my group's manifesto to try to hack other hackers they try to be ahead of the curve and so that's what we did insanely successful that we would break into other hackers collect all the cipher weapons all the exploited coats and so forth I just have an arsenal for ourselves completely justified in everything that we did because we right if this group identity that we had assumed I was much later that we realized about the boundary of what we should have been doing anyway there's something intoxicating about power something seductive something tantalizing and it's a little bit hard to explain but let me let me illustrate maybe with a story there was this one night I remember really well I was sitting in front of my computer in my bedroom because that's what happens and I was staring at my screen and in front of me was this attack code this exploit against the service called secure shell which was used by every system administrator on the planet to get remote access to the members it was the keys to the kingdom I could walk into any door in the internet for this code nobody knew I had it nobody would exist it nobody had passed against it I remember being dumbfounded as I looked at this code in front of me and I had three thoughts I was like wow there's no challenge anymore but this is it this is the one ring to rule them all I don't need any more exploits and the second thought was whoa this is so much power I can break in anywhere I can change anything that has a digital representation I could get back at my boys hmm I could I could get a job we don't even need a job I could just hack a bank like you guys I can change the third thought that night was that oh it's 4 a.m. school starts in 3 hours was just a kid facing that dilemma how would you do if you had that one chance in a lifetime to change history to alter its course would you seize it would you let it slip how would you do they say that fortune favors the bold you know what I think that's bollocks I think that history favours telling us accounts of those whose boldness generated fortune and it ignores those were it did not faced with this dilemma of having this incredible chance once in a lifetime chance to change history to alter its course to impose my will on it what did I do I quit I stopped hacking I left the scene and I watched from the sidelines as many of my friends made the opposite choice and they seized this ring of power and they were chasing this corrosive spiral this Mirage of wealth and power ultimately winding up with neither someone up in prison some are still in prison someone took their own lives who said watch I was simply lucky but I watched as cybercrime became the fastest growing industry it's faster than Bitcoin it's why bitcoin is big became the fastest growing understand I felt this tremendous guilt about what I had done is my moral compass developed and I started thinking to myself I've had this privileged position of being of having an understanding of the underground of knowing how it works knowing how it all fits together ask myself what can I do to make the world safer and what we observed was that people kept repeating the same mistakes because people don't understand hacking you see in the cycle of developers making mistakes and then hackers exploiting those mistakes and then us learning from that experiment experience and patching those types of problems we weren't learning we've had an abject failure of cybersecurity education 15 years ago that injection attack that I showed you for the bank that was all the rage 15 years ago is like 200 years in cyberspace last year one in five security vulnerabilities identified for ingestion of things one in five the issue is that it's also an opaque definition what is cyber security really if you break down the word what does it mean right it's you could define it as the absence of vulnerability but that doesn't make any sense unless you know what a vulnerability is it's a negative definition it's defined by what is not I I mean imagine this if I asked yourself how would you defend your organization how would you impose security controls at your organization where does your mind go it may go down to I would just buy this security solution from snake or letter presses but what if I asked you instead how would you break into your own organization how does you mind go now does it go like to send a fake letter from the IRS that is you in numerating vulnerabilities that is the hacker mindset that is all I want you to take away from this hat from this talk is the hacker mindset I've spent a big chunk of my career just trying to communicate this idea this mindset I founded companies I've given talks I've hosted hockey competitions I've developed various types of materials even have a start-up like the one that I sell to you adversary where you can just take the seeds of the hacker to break into a patch so we can understand what goes wrong to try to embrace that mindset because I think that security is at a critical Junction right now where we must make changes to make the world better five years ago I stood on this very stage and I explained why I teach people how hard but today I implore you to learn it today I want you to make the world safer by becoming a hacker thank you very much [Applause]

Info

Channel: TEDx Talks

Views: 220,125

Rating: 4.9485703 out of 5

Keywords: TEDxTalks, English, Technology, Coding, Computers, Cyber, Digital, Hack

Id: IaJtUCU004o

Channel Id: undefined

Length: 16min 40sec (1000 seconds)

Published: Tue Apr 21 2020