Click is at the hacker conventions in Las Vegas looking into cyber security and how best to protect ourselves.
Browse content similar to Fear and Coding in Las Vegas. Check below for episodes and series from the same categories and more!
help at Wimbledon this year." Her baby is due in January. That's all
the sport for now. More in the next hour but now it is time for Click.
This week, the team are in Vegas, making faces for cash.
And this week, the largest hack-fest on the planet.
If there's one week of stuff in Vegas that isn't staying
in Vegas, it's this week's BSides, Black Hat and notorious
This is the week where hackers rub up against law enforcers
and everyone peeks over each other's shoulders and networks.
So, let's get straight into the action.
Daniel here has got an extra piece of software running allowing him
to hear what's being typed on the other end of a Skype call.
The software during a Skype call learns how your keyboard sounds
like and if you later during the call type
something sensitive, like a password or e-mail,
we can understand what you've typed using machine learning algorithms.
This is because each key has a unique fingerprint based
on the position of the key on the keyboard.
The suggested results from what our victim might be typing
As you can see, it's spotted every word except one but when asked
to choose the words to make the most likely sentence, it's
He is not just our victim, he's also a security researcher
who is here to keep Click on track with a hacker's view
of the conferences for the next couple of episodes.
So, the technology is still quite young.
It took a bit of setup to make this work but technology advances quite
quickly and things that are difficult today will
We have seen some things like this before as well.
I looked at a hack recently where they could measure
the vibrations in a crisp packet to record my voice.
So I think in the future, things and technologies like this
could be quite bad because it's going to allow people
to extract a lot more information from our devices.
It seems like the hackers are always going to find new and interesting
ways to get inside our computers and of course the weapon
of choice so far this year has been ransomware.
In part because it is so easy to setup.
I'd kind of assumed that getting hold of a piece of ransomware
wouldn't be as easy as searching for it on Google and then
This man has just informed me that I was wrong.
So, here is one which is very popular.
Then we can just download it straightaway.
That's it, you don't have to go on to the dark net
So, the code is actually really tiny, it's less
than 200 lines of code, and that's for a full
I could then change some of that code to specify how much money be
malware asks for and the Bitcoin address it needs to be delivered to.
And sure enough, the programme turns all of our sample documents
into illegible garbage, which can only be retrieved
if the creators, in this case us, provide the unlock code.
OK, I'm slightly depressed at how easy it was to find some ransomware
It's going to get easier in a minute.
Next we hop onto a site that will connect me to people
who will set up and run when somewhere for me.
So, this guy here will charge you $125.
These guys, they'll give you lots of customer support.
They also offer you some advice on how to deliver it to people.
Yeah, yeah, and by your phone you can talk to this guy over
And if you're too lazy to send this to people,
there is another guy who, for a cut, will then e-mail this
"Are you a criminal but too lazy to do any work?
There are some video adverts like that as well.
Surely you can engage this person in chat and go
They use software to make sure you can't find where
Actually, before you do, Spen, there is hope.
There are professionals looking out for us and Lara has been to meet
the good guys who are at the top of their game.
One report suggests that one in six businesses in Europe
Some of them, of course, providing critical care.
I'm in Newport, Wales, at Airbus CyberSecurity.
This is probably not the first thing you would associate
with the company name but here, some top tier network
Their clients include the Ministry of Defence as well as large airports
and power companies, plus many others who can't be named.
WannaCry was quite unique by way of ransomware in that once it
infected a single host it actually wanted to go out and look for other
hosts that are similar to it within its own network.
That's why it spread not just within the NHS but globally
across many other companies and many other individuals as well.
But how about an attack that exploits a vulnerability we've
Typically, the scramble around that is actually obtaining some code
and then almost putting it in a sandbox.
A sandbox being a place to isolate the issue so it can be played with,
Large organisations may employ companies like Airbus to keep
the water flowing and the lights on, but what advice would they give
Well, we use cyber threat indicators on our network and this is something
that is freely available to the general user.
So if you are more tech savvy, you can utilise this threat
intelligence to explain more about current malware threats
and trends and understand if you are susceptible to this
malware and particularly vulnerable or running a vulnerable version
So that information is out there and I would encourage
But what does all this mean for the future?
Does cyber security get better at the rate hackers do?
We get better and then they will follow.
And it just moves further and further into complex areas
but rest assure that we're working very hard to keep on top of those.
So, the advice on how to avoid a cyber attack may not have changed
in years: make sure you always do your software update,
back everything up and generally be sensible online, but WannaCry may
have just frightened more of us into taking action.
Lara Lewington battling the bad guys, which is exactly
what this conference, Black Hat, is all about.
The corporate side of this cyber security conference
But what happens when you've caught a cybercriminal?
What it is a first-time hacker who probably didn't even realise
Well, Dan has been to the UK's first ever rehab for hackers.
It was me and two other friends, just a bit of fun.
I manipulate people's feelings, thoughts.
We tried to break into our school's network.
We could control people's screens, change passwords.
I got arrested for Misuse of Computer Act, 1990, section three.
I can't name the company but they lost a lot of money.
This is definitely a way to get ahead of the curve and to stop
anyone from possibly taking a misinformed choice
This is the UK's first reboot camp for hackers.
The first seven through the doors, aged 16-20, all intend
to change their ways, so we've agreed to keep
Rehab includes spotting moments when they might be tempted to cross
the line of what's legal and what's not.
That looks like I could get everyone's details.
Your parents will not have any idea how you do what you do.
Solomon Gilbert was caught as a teenage offender.
Now he's the one giving the lecture is, in between tackling
I was getting drawn into making my own malicious code,
making my own exploits, stealing things like credit card
I wouldn't do anything with them but it ended up with me getting
kicked out of school and arrested and looked into by the
What were the key moments that changed your path?
Everyone in the cyber security industry has one person that
they've met that's gone, well, you're very talented at this,
Cyber Security Challenge UK has set up a capture the flag competition
so that teenagers can show off their skills.
Several large companies are here to talk future job opportunities.
The UK hasn't got enough people to protect itself.
Businesses, the nation, individual accounts,
we all need protecting and that's why we exist.
We know they're there, we need to find them.
These offenders know this is a second chance,
one they didn't realise they were so well qualified for.
I was more interested in the dark side, back when I was young.
I wasn't really looking at the good side.
The dark side was mainly just attacks, attacks, attacks,
Well, now I know that it exists, it sounds like something that I'd
really, really like to go into because you get the same, like,
rush, the same excitement, but you're doing it for fun,
still, but it's legal and you get paid.
Did you know you can get money out of an ATM even if you don't
What you'll need instead is a drill, a USB keyboard, some malware
on a USB stick and an intention to break the law.
So, in this specific example that we've got set up here,
an attacker has come to the front of the ATM, they've drilled
What we can do now, you can see we can access this USB cable.
Right, so, inside here something that has a USB port.
According to Positive Technologies Research,
more than half of ATMs still run Windows XP.
And although the USB port will rarely be this easy
to access inside the ATM, recent cash machine hacks
in Taiwan and Thailand showed that it can be done.
I'm sure not many people would expect this to just be
Perhaps not but it's just a safe with a computer on top.
Which means that with a keyboard plugged in, it's pretty simple
to download and run the malware to, well, show me the money.
Your malicious software basically says, dispense cash.
Shouldn't the ATMs be slightly more protected and locked down?
You would think that but it's how you would configure those computers.
But we found they are not particularly secure,
so you could put malware on a system that could collect data
That would be information that is held on our cards.
So I, as a consumer, if I'm using this machine,
And that could spread around a whole network of ATMs.
So, you could use one ATM to infect a whole network?
One way to protect yourself is to use ATMs inside bank branches
or which are watched over by security cameras.
We spoke to NCR, one of the leading manufacturers and the maker
They agree that security threats are becoming more complex
and sophisticated and told us, "NCR provides its customers
with comprehensive recommendations and security defences to address
these challenges and help them to assess and improve
It was the week that Google unveiled its SOS Alerts feature,
which will show where a crisis is taking place.
Adobe announced plans to kill off Flash Player from 2020.
And a company in Wisconsin are microchip being their employees.
And the Boring Company is firmly going against its name,
as Elon Musk posted a video to Instagram of a car
going underground on an elevator in Los Angeles.
The Tesla CEO's side project proposes building a network
of tunnels under the city, which will drag cars,
passengers and cargo in super fast moving sleds.
And it was a busy week for Musk, as he clashed with Mark Zuckerberg
During an informal Facebook Live, Mark Zuckerberg said Musk's claims
that AI poses a fundamental risk to human civilisation
But Musk took to Twitter to respond, writing Zuckerberg's knowledge
First it was gone and then it wasn't, as Microsoft puts to bed
reports that it was getting rid of its graphic programme, Paint.
People rushed to social media to show their love for the programme,
which won't remain on Microsoft 10 by default in the future
but will be available on the Windows Store for free.
And now you can live out your pop dreams in AR.
Not shying away, a Chicago-based studio have recreated the classic
A-ha Take On Me video using the iOS 11 AR kit.
Recently, there seems to have been an increase in the number of brute
This is where the hacker uses a programme to constantly
trying new passwords until they hit the jackpot.
In the past, security services have recommended creating as long
and complex passwords as possible, never writing them down
However, we're only human and we don't have the time
or patience to remember multiple strings of letters and digits.
To combat this, the National Cyber Security Centre has
Firstly, don't change your password constantly because this encourages
us to use simpler passwords and maybe just add a different
And besides, it only protects you from someone
who steals your password and then waits three months to use it.
You should, however, update your password if you have any
Keep your passwords complex, but not too complex.
For example, three random words stuck together.
This means instead of trying every one of the 200,000 or so words
in the English dictionary, hackers have to try every
combination of every word, and that is a massively harder task.
Set up two step authentication for any accounts that
This means the hacker needs to not only have your password
but also your phone, to break in.
And store your passwords, either on a piece of paper in a safe place
Now, this is either hardware software that generates and stores
long, complex passwords for your different accounts.
How can you remember 20 or 30 passwords that we frequently use
With a solution like Lastpass, it will create 100 character
passwords for every site, that is really, really hard to hack
While security is a really daunting subject and the stakes are high,
it can appear quite onerous, but these solutions
All you have to remember is one master password
Just make sure THAT password is really hard!
Humans have been using handprints to identify themselves
These ones here, the Hands Across Time just outside Las Vegas,
in Red Rock, are hundreds of years old.
They're some of the earliest examples of native Americans
In recent years we've started to use our hands to identify us
again and Dan's been finding out how secure they might be.
At Bristol Robotics Lab, they're taking an interest in every detail.
Now, if you're sensitive to flashing lights, look away now.
Is that more secure, then, than just using your fingerprint?
With a fingerprint, it's a small region of the hand.
Obviously with this system we're getting the whole surface and that,
combined with the vein structure, just add an extra layer of security.
Research recently showed the ability to extract fingerprints
or handprints off celebrities from a distance.
So, you could use that to generate a 3-D surface but you still wouldn't
have the vein structure on the back of the hand.
That would be very difficult to hack.
In Chicago, some people are already using their palm
PalmSecure's touchless readers only use infrared lights to take
Iris scanners are also about to emerge from the lab and be
From September, TSB will be the first bank in Europe to adopt
retina scan technology as a way of accessing online bank accounts,
although initially customers will need a Samsung Galaxy S8
In May, the Chaos Computer Club in Germany posted this video,
fooling the S8's iris scanner using a photograph
TSB and Samsung are hoping that others won't go
At the CyLab Biometrics Center in Pittsburgh, they've developed
a system that can identify the irises of people moving in
But if the eyes don't have it, the face just might.
Back at Bristol Robotics Lab, this 3-D face scanner
is using a technique they've developed called Photometric stereo.
Two invisible lights flash at high speed,
allowing the camera to capture the orientation, shape
So far, it has a 95% accuracy rate but that's good enough to attract
They are working with Cubic which develops the Oyster card
contactless payment system used in London's trains and buses.
It's being part funded by the British government
to innovate gateless technologies, allowing passengers to simply walk
You can imagine, if you can get rid of the gate line in a place
like Victoria Station, there's a massive potential
So we ran quite an interesting project for them, which they are now
installing at their laboratory in Salford and the aim is to move it
on to the Underground so that the system will recognise
people and you get rid of the gates and it will allow people to go
Now, this is a phototype but we have been told
that the system will recognise even a pair of glasses.
So, let's see if it knows who I am now.
Look at that, you can see my name come up right there.
Just walk around, the face is the key to doing everything
And just to double-check, I've tried to fool it with this guy.
It recognises me but this is very clearly an impostor.
This face clearly isn't going to get me anywhere.
Of course we'll be back with more next week from Vegas including