Hackers are everywhere, from Ashley Madison to JP Morgan, from Jennifer Lawrence to the federal government. Our biggest celebrities, corporations and institutions have all been the targets of devastating cyber attacks. I wanted to see how bad a hack can get, so I invited a few of the world's best hackers to try to hack me and show me one of my vulnerabilities are, and now I'm gonna meet them in Las Vegas at DEFCON, the biggest hacker convention of the year, and see what they found.
This might not have been the best idea. Defcon is the biggest hacker convention of the year, its place where thousands of hackers come to hear talks to demonstrate their newest hacks. It's actually a place that's so dangerous to be on the internet that they tell you to turn off the Wi-Fi and the Bluetooth on your phone and they tell you not to use the ATM - because those could be hacked as well. This is the ballroom hacking village. This cars locked. Can you get me in? I'll unlock it for you. It should be good. Hacking is no longer like this Fringe activity and you are at DEFCON. There's a good chance that you're here because you want to learn what could happen to you or your company. I am vited Chris to hack me with his team and, but they're gonna happen using social engineering, which is essentially hacking, without any code. They just use a phone and an internet connection. We help people with human security issues by testing vulnerabilities for for like a network test, but it's for the people network. We test those vulnerabilities, see where the holes are and then help people learn so they can patch them. Can we try some of this? Can we try some? Yeah, see if it works. We probably could have our Star Visser here make some phone calls as well. Sure, do you want to do a sample vision? Call what's phishing? Phishing is void solicitation and basically what you do is you use the phone to extract information or data points that can be used later attack. Let's do it when you, who are you gonna call? Maybe I'll call your cell phone provider see if I can get them to give me your email address. I bet they're good, I bet they have my back. But, yes, go, go for it. I'm gonna spoof from your number so it's gonna look like it's calling from you. Okay, hi, I'm actually, I'm so sorry. Can you hear me? Okay, I, my baby, I'm sorry. Yeah, my, my husband's like we're about to apply for a loan and we just had a baby and he's like: good, that's done by today. So I'm so sorry, I can't. I call you back. I'm trying to log in to our account for uses information and I can't remember what email address we used to log the account. The baby's crying and can you help me? Awesome, in just 30 seconds. Jessica gets my personal email address. Now, if I needed to, she could call in and make changes. How would I need to go about doing that? You would have to send me a secure pin through a Texas. Yeah. Well, the thing is, I don't think I'll be able to receive a text message if I'm on the phone. Oh, I'm not on there either. So I thought when we got married, he added me to the house. Jessica uses my girlfriend's name and a fake social security number- five, one, two, seven- to set up her own personal access to my account.
Wait, I'm sorry. So there's no password on my account right now. Can I set that up? She even gets the support person to change my past. Thank you so much for your help today. So she just basically blocked me out of my own account. I'll get her fed up, all right. Thank you, holy. So they. They just came, they just gave you access to my entire cell phone. Okay, you're gonna have to go on and change your password now, cuz it's just my name and all it took was a crying baby and a phone call. I really thought that my cell phone company would protect me. I mean, like, this is the most basic stuff and and they're not doing it. And if they're not doing it, you know all these other businesses aren't doing it either. Anyone with a phone and an internet connection can do social engineering. When I was curious, what can a hacker with serious coding skills do? Well, DEFCON is the world's biggest hacking convention. What's hacking? Everything, hacking the social hacking, hardware hacking software, hacking various systems. I asked Dan Tendler, a well-known security researcher, to turn all of his firepower on me. I did get into quite a number of things that I found. So what were the first things you did? How did you start hacking me? I quickly found your Squarespace blog and had an idea. Basically, what I did was created a bogus Squarespace site and sent an email to you- a fish, asking you to go to this website, run this certificate installer, and I did it because I'm an idiot. So once you ran that, it gave me access to computer and I created several fake pop-ups that looked like system pop-ups that would ask you for your credentials.
You didn't even have to have my passwords, so you gave them to me. I gave them to you, so I stole your one password keychain. Then one password is where I store all my other passwords so effectively by social security number and your Amex stuff and all your stock trading and bank information.
I can send email to everyone in this room as you. I am you right now, if I want it to be. If my evilness is working correctly, it should actually be taking pictures of your desktop and pictures through your webcam every two minutes, and I have been watching you for about two days now, in coffee shops, at your mom's house, on a plane. Here's your editing stuff, there's- oh my god, so this is literally every two minutes- my webcam through this guy. How badly could you have messed up my life? I could have made you homeless. I could have made you homeless and penniless. How, how would you make me homeless like I have control of your digital life in its entirety.
I have all your credentials. I have all your access to all your financial information, all your work information, all your personal information. I can pay people with your bank account or your Amex account. I am you, I can fully impersonally. The only thing I couldn't doctor would be like your fingerprints. This is like as bad as a kick. It's ridiculous. Yeah, that's bad. So it turns out that damn tent ler is very good at his job. I mean, he hacked the hell out of me. He got everything. Well, I mean, frankly, I want to take my computer and throw it into the deepest part of the ocean and I want to become a hermit and I want to never touch a piece of technology again because, holy, that was.
That was everything, that was the keys to my entire life, and he just pulled them out of his pocket. But even if I keep my passwords and my bank accounts safe, I could still be in danger from hacks because, with factories, power plants and other major infrastructure being controlled by networked computers, the world itself is hackable. I'm gonna meet marina curta Phil. She's studying hacking chemical plants.
She's thinking about what happens if hackers decide to go after infrastructure. But this is the kind of hacking that could really ruin like an entire country. Who should be most worried about chemical plant hacking? Well, pretty much every, every plant, because big business meets big money, so the hackers are always there. Where's the money? I so it's a good target. So, for example, the most common cause is extortion. A large number of extortion attacks has happened already and our critical infrastructure swell- nura bill. So I let's just say, like a nuclear power plant could have a big accident and they think our machine just malfunctioned, our safeguards didn't work. But it's actually someone hacking, yes, but the worst case scenario- if it will be incompetent or unskillful attacker who doesn't understand what he's breaking in and that they will do something. What was a larger extensive collateral damage, but probably most carriers- is hacking the satellites, because now every single navigates with the GPS. So basically, even the huge oil tankers in the sea that completely navigated automatically by the signals from the satellites. So by SiC simply disrupting the satellite signals, you can lose Tatanka and/or the across skin collection and to me it seems obvious like this is how war will be conducted in the future.
But it's much easier than sending a million ground troops in or you know it's, or buying you know drones to fly over an enemy state. Like this is we're sort of looking at the future of not just infrastructure but like global conflicts. There's almost too much for me to worry about. Here. I'm almost just from numbed. People keep telling me: oh, this could get hacked, and that could get hacked, and this other thing could get hacked. No, chemical plants could get really hacked, and at some point, like I've got to get out of bed in the morning, so I have to find a way to make myself feel a little bit better about all of this. So I'm meeting Morgan Marquis Bois, a cybersecurity consultant and the director of security at first look media for some advice on locking down my digital life.
Should I be feeling helpless or can I help myself here? Do you worry about trained martial artists beating you up on the street? Not particularly, but you're aware that they exist. You're also aware that you probably couldn't do anything about it if one of them wanted to beat you up in the street. Probably not right, and I mean you can actually possibly think about the danger that hacking poses to you right now. In much the same terms. If it's, the first step is actually thinking sanely about digital security, which most people don't do so. For instance, how do we protect our physical integrity? Maybe we don't walk down the dodgy alley at night, right? People who haven't spent any time thinking about digital security, don't actually know what the dodgy alleys of the internet are like. Should I click that? Like you know, maybe I shouldn't install the software and I thought I was pretty good, like I thought I was tough, but chances that a skilled blackhat is designing no reason whatsoever to attack you, I mean, is actually reasonably small. Like it sort of begs the question why, right, you could hire security people to, you know, look after your online life, but you probably don't need to do that. We used to think of hackers as because our fringe characters, but now, when so much of our lives are lived on these connected devices, their power brokers, they can make or break us. They stole your one password, teaching, I mean. They know more about this stuff than anyone, and that's a power that is going to become increasingly valuable. We need to know where our flaws are so that we can be safer, and I think the best thing to do is to enable them to help us rather than shoo them away.
Do you guys have any of those little things that you put over the, the camera on your laptop? Paradoxically, I feel more secure now than I did last week, because now at least I know what I have to fix.