Fear and Coding in Las Vegas Click

Fear and Coding in Las Vegas

Similar Content

Browse content similar to Fear and Coding in Las Vegas. Check below for episodes and series from the same categories and more!



help at Wimbledon this year." Her baby is due in January. That's all


the sport for now. More in the next hour but now it is time for Click.


This week, the team are in Vegas, making faces for cash.


And this week, the largest hack-fest on the planet.


If there's one week of stuff in Vegas that isn't staying


in Vegas, it's this week's BSides, Black Hat and notorious


This is the week where hackers rub up against law enforcers


and everyone peeks over each other's shoulders and networks.


So, let's get straight into the action.


Daniel here has got an extra piece of software running allowing him


to hear what's being typed on the other end of a Skype call.


The software during a Skype call learns how your keyboard sounds


like and if you later during the call type


something sensitive, like a password or e-mail,


we can understand what you've typed using machine learning algorithms.


This is because each key has a unique fingerprint based


on the position of the key on the keyboard.


The suggested results from what our victim might be typing


As you can see, it's spotted every word except one but when asked


to choose the words to make the most likely sentence, it's


He is not just our victim, he's also a security researcher


who is here to keep Click on track with a hacker's view


of the conferences for the next couple of episodes.


So, the technology is still quite young.


It took a bit of setup to make this work but technology advances quite


quickly and things that are difficult today will


We have seen some things like this before as well.


I looked at a hack recently where they could measure


the vibrations in a crisp packet to record my voice.


So I think in the future, things and technologies like this


could be quite bad because it's going to allow people


to extract a lot more information from our devices.


It seems like the hackers are always going to find new and interesting


ways to get inside our computers and of course the weapon


of choice so far this year has been ransomware.


In part because it is so easy to setup.


I'd kind of assumed that getting hold of a piece of ransomware


wouldn't be as easy as searching for it on Google and then


This man has just informed me that I was wrong.


So, here is one which is very popular.


Then we can just download it straightaway.


That's it, you don't have to go on to the dark net


So, the code is actually really tiny, it's less


than 200 lines of code, and that's for a full


I could then change some of that code to specify how much money be


malware asks for and the Bitcoin address it needs to be delivered to.


And sure enough, the programme turns all of our sample documents


into illegible garbage, which can only be retrieved


if the creators, in this case us, provide the unlock code.


OK, I'm slightly depressed at how easy it was to find some ransomware


It's going to get easier in a minute.


Next we hop onto a site that will connect me to people


who will set up and run when somewhere for me.


So, this guy here will charge you $125.


These guys, they'll give you lots of customer support.


They also offer you some advice on how to deliver it to people.


Yeah, yeah, and by your phone you can talk to this guy over


And if you're too lazy to send this to people,


there is another guy who, for a cut, will then e-mail this


"Are you a criminal but too lazy to do any work?


There are some video adverts like that as well.


Surely you can engage this person in chat and go


They use software to make sure you can't find where


Actually, before you do, Spen, there is hope.


There are professionals looking out for us and Lara has been to meet


the good guys who are at the top of their game.


One report suggests that one in six businesses in Europe


Some of them, of course, providing critical care.


I'm in Newport, Wales, at Airbus CyberSecurity.


This is probably not the first thing you would associate


with the company name but here, some top tier network


Their clients include the Ministry of Defence as well as large airports


and power companies, plus many others who can't be named.


WannaCry was quite unique by way of ransomware in that once it


infected a single host it actually wanted to go out and look for other


hosts that are similar to it within its own network.


That's why it spread not just within the NHS but globally


across many other companies and many other individuals as well.


But how about an attack that exploits a vulnerability we've


Typically, the scramble around that is actually obtaining some code


and then almost putting it in a sandbox.


A sandbox being a place to isolate the issue so it can be played with,


Large organisations may employ companies like Airbus to keep


the water flowing and the lights on, but what advice would they give


Well, we use cyber threat indicators on our network and this is something


that is freely available to the general user.


So if you are more tech savvy, you can utilise this threat


intelligence to explain more about current malware threats


and trends and understand if you are susceptible to this


malware and particularly vulnerable or running a vulnerable version


So that information is out there and I would encourage


But what does all this mean for the future?


Does cyber security get better at the rate hackers do?


We get better and then they will follow.


And it just moves further and further into complex areas


but rest assure that we're working very hard to keep on top of those.


So, the advice on how to avoid a cyber attack may not have changed


in years: make sure you always do your software update,


back everything up and generally be sensible online, but WannaCry may


have just frightened more of us into taking action.


Lara Lewington battling the bad guys, which is exactly


what this conference, Black Hat, is all about.


The corporate side of this cyber security conference


But what happens when you've caught a cybercriminal?


What it is a first-time hacker who probably didn't even realise


Well, Dan has been to the UK's first ever rehab for hackers.


It was me and two other friends, just a bit of fun.


I manipulate people's feelings, thoughts.


We tried to break into our school's network.


We could control people's screens, change passwords.


I got arrested for Misuse of Computer Act, 1990, section three.


I can't name the company but they lost a lot of money.


This is definitely a way to get ahead of the curve and to stop


anyone from possibly taking a misinformed choice


This is the UK's first reboot camp for hackers.


The first seven through the doors, aged 16-20, all intend


to change their ways, so we've agreed to keep


Rehab includes spotting moments when they might be tempted to cross


the line of what's legal and what's not.


That looks like I could get everyone's details.


Your parents will not have any idea how you do what you do.


Solomon Gilbert was caught as a teenage offender.


Now he's the one giving the lecture is, in between tackling


I was getting drawn into making my own malicious code,


making my own exploits, stealing things like credit card


I wouldn't do anything with them but it ended up with me getting


kicked out of school and arrested and looked into by the


What were the key moments that changed your path?


Everyone in the cyber security industry has one person that


they've met that's gone, well, you're very talented at this,


Cyber Security Challenge UK has set up a capture the flag competition


so that teenagers can show off their skills.


Several large companies are here to talk future job opportunities.


The UK hasn't got enough people to protect itself.


Businesses, the nation, individual accounts,


we all need protecting and that's why we exist.


We know they're there, we need to find them.


These offenders know this is a second chance,


one they didn't realise they were so well qualified for.


I was more interested in the dark side, back when I was young.


I wasn't really looking at the good side.


The dark side was mainly just attacks, attacks, attacks,


Well, now I know that it exists, it sounds like something that I'd


really, really like to go into because you get the same, like,


rush, the same excitement, but you're doing it for fun,


still, but it's legal and you get paid.


Did you know you can get money out of an ATM even if you don't


What you'll need instead is a drill, a USB keyboard, some malware


on a USB stick and an intention to break the law.


So, in this specific example that we've got set up here,


an attacker has come to the front of the ATM, they've drilled


What we can do now, you can see we can access this USB cable.


Right, so, inside here something that has a USB port.


According to Positive Technologies Research,


more than half of ATMs still run Windows XP.


And although the USB port will rarely be this easy


to access inside the ATM, recent cash machine hacks


in Taiwan and Thailand showed that it can be done.


I'm sure not many people would expect this to just be


Perhaps not but it's just a safe with a computer on top.


Which means that with a keyboard plugged in, it's pretty simple


to download and run the malware to, well, show me the money.


Your malicious software basically says, dispense cash.


Shouldn't the ATMs be slightly more protected and locked down?


You would think that but it's how you would configure those computers.


But we found they are not particularly secure,


so you could put malware on a system that could collect data


That would be information that is held on our cards.


So I, as a consumer, if I'm using this machine,


And that could spread around a whole network of ATMs.


So, you could use one ATM to infect a whole network?


One way to protect yourself is to use ATMs inside bank branches


or which are watched over by security cameras.


We spoke to NCR, one of the leading manufacturers and the maker


They agree that security threats are becoming more complex


and sophisticated and told us, "NCR provides its customers


with comprehensive recommendations and security defences to address


these challenges and help them to assess and improve


It was the week that Google unveiled its SOS Alerts feature,


which will show where a crisis is taking place.


Adobe announced plans to kill off Flash Player from 2020.


And a company in Wisconsin are microchip being their employees.


And the Boring Company is firmly going against its name,


as Elon Musk posted a video to Instagram of a car


going underground on an elevator in Los Angeles.


The Tesla CEO's side project proposes building a network


of tunnels under the city, which will drag cars,


passengers and cargo in super fast moving sleds.


And it was a busy week for Musk, as he clashed with Mark Zuckerberg


During an informal Facebook Live, Mark Zuckerberg said Musk's claims


that AI poses a fundamental risk to human civilisation


But Musk took to Twitter to respond, writing Zuckerberg's knowledge


First it was gone and then it wasn't, as Microsoft puts to bed


reports that it was getting rid of its graphic programme, Paint.


People rushed to social media to show their love for the programme,


which won't remain on Microsoft 10 by default in the future


but will be available on the Windows Store for free.


And now you can live out your pop dreams in AR.


Not shying away, a Chicago-based studio have recreated the classic


A-ha Take On Me video using the iOS 11 AR kit.


Recently, there seems to have been an increase in the number of brute


This is where the hacker uses a programme to constantly


trying new passwords until they hit the jackpot.


In the past, security services have recommended creating as long


and complex passwords as possible, never writing them down


However, we're only human and we don't have the time


or patience to remember multiple strings of letters and digits.


To combat this, the National Cyber Security Centre has


Firstly, don't change your password constantly because this encourages


us to use simpler passwords and maybe just add a different


And besides, it only protects you from someone


who steals your password and then waits three months to use it.


You should, however, update your password if you have any


Keep your passwords complex, but not too complex.


For example, three random words stuck together.


This means instead of trying every one of the 200,000 or so words


in the English dictionary, hackers have to try every


combination of every word, and that is a massively harder task.


Set up two step authentication for any accounts that


This means the hacker needs to not only have your password


but also your phone, to break in.


And store your passwords, either on a piece of paper in a safe place


Now, this is either hardware software that generates and stores


long, complex passwords for your different accounts.


How can you remember 20 or 30 passwords that we frequently use


With a solution like Lastpass, it will create 100 character


passwords for every site, that is really, really hard to hack


While security is a really daunting subject and the stakes are high,


it can appear quite onerous, but these solutions


All you have to remember is one master password


Just make sure THAT password is really hard!


Humans have been using handprints to identify themselves


These ones here, the Hands Across Time just outside Las Vegas,


in Red Rock, are hundreds of years old.


They're some of the earliest examples of native Americans


In recent years we've started to use our hands to identify us


again and Dan's been finding out how secure they might be.


At Bristol Robotics Lab, they're taking an interest in every detail.


Now, if you're sensitive to flashing lights, look away now.


Is that more secure, then, than just using your fingerprint?


With a fingerprint, it's a small region of the hand.


Obviously with this system we're getting the whole surface and that,


combined with the vein structure, just add an extra layer of security.


Research recently showed the ability to extract fingerprints


or handprints off celebrities from a distance.


So, you could use that to generate a 3-D surface but you still wouldn't


have the vein structure on the back of the hand.


That would be very difficult to hack.


In Chicago, some people are already using their palm


PalmSecure's touchless readers only use infrared lights to take


Iris scanners are also about to emerge from the lab and be


From September, TSB will be the first bank in Europe to adopt


retina scan technology as a way of accessing online bank accounts,


although initially customers will need a Samsung Galaxy S8


In May, the Chaos Computer Club in Germany posted this video,


fooling the S8's iris scanner using a photograph


TSB and Samsung are hoping that others won't go


At the CyLab Biometrics Center in Pittsburgh, they've developed


a system that can identify the irises of people moving in


But if the eyes don't have it, the face just might.


Back at Bristol Robotics Lab, this 3-D face scanner


is using a technique they've developed called Photometric stereo.


Two invisible lights flash at high speed,


allowing the camera to capture the orientation, shape


So far, it has a 95% accuracy rate but that's good enough to attract


They are working with Cubic which develops the Oyster card


contactless payment system used in London's trains and buses.


It's being part funded by the British government


to innovate gateless technologies, allowing passengers to simply walk


You can imagine, if you can get rid of the gate line in a place


like Victoria Station, there's a massive potential


So we ran quite an interesting project for them, which they are now


installing at their laboratory in Salford and the aim is to move it


on to the Underground so that the system will recognise


people and you get rid of the gates and it will allow people to go


Now, this is a phototype but we have been told


that the system will recognise even a pair of glasses.


So, let's see if it knows who I am now.


Look at that, you can see my name come up right there.


Just walk around, the face is the key to doing everything


And just to double-check, I've tried to fool it with this guy.


It recognises me but this is very clearly an impostor.


This face clearly isn't going to get me anywhere.


Of course we'll be back with more next week from Vegas including


Download Subtitles