Jedi Masters, Sith Lords, and Droids: 5 Generations of Hacking

it's headquartered to four i think we're ready to go i literally said that go for it we are going to start with a little bit of a test okay so hopefully you see me and only me on the right and you then see something on the left that looks like an h okay and shut up [ __ ] oh we've got a zoom bomber already you can take care of that yeah yeah

go ahead oh boy oh boy oh boy okay well maybe that wasn't such a good idea maybe that was a bad idea on my part uh hold on one second guys let's just take care of that real quick that's all room taken care of all right okay very good i just need to make one quick change real fast to myself and what what would be a zoom meeting without a few zoom uh uh bombers i guess but if this continues to happen then i'll just feel really really bad about it forever and ever and ever i suppose um let me get this back to hyperx and back to here right hang on a minute ben's having a

bit of a wobble about making sure we've got everything coming out what do you need ben uh whatever it's reconfiguring for people to see yeah i need it in a way that i can just kick it on the stream so he wants to be able to stream it no no i i want it sorry no come and talk to him come round come around come round the messenger sorry i'm tripping over the many many many many many boxes uh i was just wanted to make sure that everything you're gonna be looking at your stream right you can see your stream excellent cool no no no that that looks like it's streaming right that looks excellent

it may or may not work to see how you're seeing it here but if you can pass some recorder rights i'd like to ask her to record this just as a just in case because i want to see it i want to make sure it's presented how you'd like it presented basically all right well first of all tell me if you guys can hear the audio in this movie now yeah i have been told yeah that's the best crackers in 60 minutes you're very

angel i've accessed a system she was murdered and we believe it might have to do with whatever it was she was trying to access from your system i just got access to the system how the hell did you access this system a recent unknown intruder penetrated using a super user account giving him access to our whole system marshall do whatever it takes to break that encryption this may just be we need to break the encryption they did manage to break the uplink downlink encryption they're paying hackers to break the encryption once we break the encryption how long before they break your encryption an encryption like a code yes ma'am two different systems of encryption encryption i've never seen

somebody ask for my encryption key that's not uncommon is it no but then they ask for a higher level of encryption to get root access to a python web server exposes ssl encryption and then intercept all traffic over its secure port i don't think morse code is going to break the encryption your efforts to break the encryption codes will not be successful we haven't had any luck breaking the encryption i'm sure we've made progress breaking the encryption within seconds of breaking charles encryption but as soon as you break the encryption you find me yes sir there's someone trying to download a file right now who carry yeah i know all kerriegos no the other carry zips

downloading the file slowest speed possible downloading the file right now download the file can we just download this file and i'll download the files we are downloading all files i cannot allow you to download my files downloaded a file illegally who downloaded the face before he got shot he downloaded a file he downloaded a file and then he downloaded a file you got 30 seconds to download that file you copy download your file downloading secure files yes listen that thing has just uploaded a virus it's on top of that virus i've uploaded the virus so i love the virus now and upload the virus i uploaded the same virus and i'll upload a virus unfortunately i'm gonna need the

mainframe security code which is tattooed on the king's lower back sir he's uploading the virus everything but the virus i gave it a virus computer virus it works like a computer virus it's a computer virus a hacker planted the virus okay okay this is what we want if you guys are getting paranoid and logging off the network logging up just logging off please log off don't forget to log off now there's 113 movies that were in there and if you can name them all then you're going to win the pub quiz that we're doing right after this before yt cracker comes on to play for his set so i'm redacted this is the complete history

of hacking and freaking some of you may have seen the first half of this a few months ago at a charity uh fundraiser we were doing for the mini hats club uh let me tell you instead of getting into a big thing about who am i with regards to cves and certifications and colleges and universities and jobs and all that crap okay i'd like to tell you what stickers are on my laptop the stickers on my laptop are a fantastic logo that scott mccready made me uh for the infosec happy hour this has ray redacted on it uh by the way i was not born with that name redacted i just want to clarify that because my mom is on the call

that was not my actual born name uh i also launched tribal hackers podcast recently so that's a brand new podcast based on the tribe hackers books uh active and diana initiative mental health hackers mini hats club and then brand new i just became an ambassador to an organization called hacking is not a crime but you don't want to hear about me you want to hear about the complete history of hacking now kind of painfully one of the beer farmers started this because two years ago ian thornton trump fat hobbit actually made fun of a company marketing the fifth generation cyber threat said malware jake somebody i have enormous respect for said i'll see that fifth and give a six

then i'm just kind of going uh-oh because i'd already been a black hat talking about five generations of hacking and freaking and that's what we're going to talk about but before we even get to that first generation before we even kind of talk about the first generation this is mostly a uk audience and before there were ever hackers ever there were proto hackers there were people that would be hackers if we had the term hackers and one of my favorites is a woman and her name was ada lovelace and she lived in the 19th century the early 19th century and she was basically the first ever computer programmer she was the first person to realize

that you could use machines not just for calculation but also for analytics and also she was our first tech visionary now another one that was a proto hacker of course is alan turing he was a cryptographer he invented the logic engine he's basically the father of computer science and ai and unfortunately he was the first of many many people in our industry that ultimately ended their own lives and we're going to talk about mental health and the history of that but at the end of the day elementary was treated very very badly and ultimately decided to end his own life rather than suffer chemical castration but when we talk about hackers hackers that actual term hackers

we always start at mit now specifically it was building 2086 building 26 was a building on campus that was slated to be torn down and when this building is slated to be torn down people typically do crazy stuff in it before it gets torn out and it turned out a bunch of mit students and then professors started building model railroads the tmrc the tech model railroad club and these were super sophisticated railroads and they had computing to them they had switching if you think about all the stuff that happens with packet switching cars going in and out of a lot of rails was very very similar right it was also a drinking club so they were the first

drunk hackers so to speak right they engaged in something called midnight requisition which was you'd go after midnight to borrow equipment from other science labs from other universities and eventually from the phone company they went and got tandem switches because they were really good at moving trains in and out now at mit some of the grandfathers of all ai and hacking were professors right one was marvin minsky he was a director of the ai labs alan kotak who wrote space war and john mccarthy who actually created lisp and many many more but on april night in april 1955 the minutes okay so you young people don't know this but they used to write minutes of every meeting right the minutes of

the meeting for the tmrc actually said mr reckless requested anyone hacking on the electrical system turn the power off to avoid fuse blowing which by the way that's actually really good advice but it's the first time we've ever heard the term hacking and then it became known as anything you could do to make a shortcut right to shorten the process creatively think of ways that a is supposed to be able to do b but create it to do c and d as well right and one of the biggest ones there was code bumming so if you had a punch card program that was 14 cards long and you wanted to run it right away you could find a professor that had a

300 punch card program and if you optimized his code down to 280 you could sneak yours in and run it as well that was actually known as code bombing and it was really ultimately the first hacking right it was bypassing systems it was optimizing code right and they also wrote down some of their oh i want to call it an ethos and some of this ethos you'll recognize from hacker ethos today number one was information wants to be free how about that right mistrust authority everybody should have access to computers and they can create beauty so this tiny little group of people is is inventing hacking they're they're the proto-jedi everything is actually happening there

and then one day everything changed at 7 28 pm specifically on october 4th 1957 the world completely changed and the reason that the world completely changed is because america's arch enemy at the time the soviet union put a little satellite into space called sputnik and it wasn't necessarily the fact that they had they could put a satellite in space that caused america to freak out it was the idea that they could have also put a bomb into space as well right and so collectively all of the folks in the united states completely panicked and passed certain laws and regulations one of which was dod directive 5105.15 which created okay this was the this was the act that actually created

darpa okay the defense advanced research projects agency now darpa did a bunch of things a bunch of defense things but one of the things they did was project mac and everybody argued about what max stood for because uh certain people said it was multiple access computing and others said machine aided cognition i guess it depended on where you were but it ultimately was about building communities and bulletin boards and email service and guess what people started exchanging they started exchanging software okay and also tricks about hacking as well so if you've ever seen this before this is what it looks like it actually looks like the original arpa net backbone the the uh the the unit if

you if you would even know that name as well so this is generation one there's no profit motive okay there's pure curiosity there's innovation and there's ingenuity and at this point in time there's no reason to have any cyber defenses okay so we don't need that right so here we are university environment now multiple university environments and that same sense of curiosity and the desire to explore spills over into the next logical place where you can explore computers which actually if you think about it was the biggest network of computers outside of the arbanet the pstn that's the public switched telephone network and it could probably be best epitomized by this which boards were replaced by mechanical

systems different noises were used to trigger the switches

if you had perfect pitch like blind phone freak joe and gracia you could whistle calls through the network let's see if i make it this time this is really hard to do it sounded like all the tones were present so it phone should be ringing about now okay it hit the phone it just takes a little while he even showed off his skills for the local media from his one phone to a town in illinois and back to his other phone a thousand mile phone call by whistling joe and grecia says he used to do these things because he is fascinated by the technology now he was fascinated by the technology right but he actually became known as uh joy

bubbles he eventually legally changed his name to joy bubbles he started at four years old listening to uh the phone system and uh joe ingressia was legally blind he was a ham radio enthusiast and it turned out that what the kids would do back then was blind kids would go to summer camp every year right summer camp blind summer camps or blankets and they wanted to keep in touch with each other each other throughout the rest of the year and so they figured out ways to whistle and take control of phone systems right and it spread like wildfire this became known as the age of freaking and it's spelled with a ph as a pun okay and it was mainly

attacking north america bell right but it was also tied in to the counterculture specifically the yippies the yipples the hippies right there was a guy by the name of um al bell that hung out with another person named abby hoffman and they kind of had an interesting take so not only were they a little bit rebellious in anti-authority period but at the time the vietnam war was financed almost entirely by telecommunication taxes so they felt like it was not only your your right to steal from the phone company it was your moral duty because you were stopping the vietnam war which they felt like was not a legitimate war so they started publishing these zines teaching people how to steal phone

service right the very first one tells you how to generate anybody's calling card from anybody's number whatsoever but freakers are more known especially if this is going to be a trivia question not necessarily for karting but for the boxes okay there were 17 or 18 different colored boxes one of those was a red box that would basically generate coin tones as so they could fake what you were doing at a pay phone there used to be these things called pay phones guys okay and you used to put these things called quarters in them and the red box would actually generate a tone that would sound like a quarter a dime or a nickel and this is what would

happen you would walk up the pay phone you would pick it up and then you would you would this is the noise it would make okay and if you had an operator on the line she might generate you like three or four bucks back or whatever else it was that simple because the coin tones were in band signaling in-band signaling meaning the actual data is in the same carrier as the rest now people don't really talk about red boxes that much except for maybe certain people my age that may have actually anyway everybody always talks about the blue box because it turns out that the phone system had nbn signaling too and 2600 hertz was a very very specific

tone that would allow you to grab a trunk and take it over okay and you could make free long distance calls you could do emergency breakthroughs you could do all kinds of amazing stuff as an operator especially if you had a female companion that could help you by social engineering because you could get a hold of an operator make it look like you were on a tandem right and then do three-way calling uh you know interrupt people steve wozniak very famously called i think it was uh the pope and woke him up right and these were nothing but little boxes that were generating these tones analog that 2600 hertz tone okay and these are in the museum and everything else like

that but it was relied on the fact that ss5 signalling system five used in-band signaling okay then esquire magazine in october 1971 published this little article called secrets of the little blue box now the author pretended like he wasn't talking about a real device this this box you could buy for 300 us dollars that would allow you to do all these things okay he was he made it sound like it was fiction but when he published it one guy in particular got a hold of this magazine and started reading it and then this is what happened well as i was talking to steve jobs on the phone i said it occurred to me that wait a minute

they're given too much information about certain frequencies and certain codes there's too much information here this doesn't sound right for a fiction and so we decided to go check some of it out so on a sunday we went to where's the technical library you could sneak into on a sunday well we picked the stanford linear accelerator center no question you go to any of these places you know in the the high research the very pure theoretical research type places and boy i'll tell you there's no such thing as a closed door or a locked door so we always found our way in and we go up to the library and read all the computer magazines every week and

when we found a book on the telephone system and it had the same frequencies that were mentioned in this article that was called fiction and we looked at each other and realized that we had stumbled onto something that was not though what's that now wozniak was an engineer's engineer right brilliant guy right he was actually kind of a hacker right the things that he could do uh you know with a circuit board and soldering and everything else like that but he was only half of the equation right so he's the one actually that's figuring out how to do it but in every major organization there's typically engineering and then there's sales one of the things that waz and i did was

we built blue boxes uh they were devices that you could build you know when you make a long distance phone call in the background those are the telephone computers actually signaling each other sending information to each other to set up your call there used to be a way to fool the entire telephone system into thinking you were a telephone computer and to open up itself and let you call anywhere in the world for free and these were illegal i i have to add uh but in spite of that we were so fascinated by them that waz and i actually figured out how to build one we built the best one in the world it was the first

digital blue box in the world but it was the it was the magic of the fact that two teenagers could build this box for a hundred dollars worth of parts and control hundreds of billions of dollars of infrastructure in the entire telephone network in the whole world that was magical and experiences like that taught us the power of ideas the power of understanding that if you could build this box you can control hundreds of millions of dollars worth of telephone infrastructure around the world that's a powerful thing and and that if we hadn't made blue boxes there would have been no apple and these little boxes these wozniak boxes were really well made they even had a

warranty even though it's an illegal device it came with a money-back guarantee if you opened it up uh one of the trivia questions is what did it say on that slip of paper in there and of course they're worth you know twenty five thousand dollars today if you get a real one but if you think about it that little box allowed them to take control of the entire phone system and then they ended up inventing the iphone which is a lot smaller but basically allows you to take control of the entire phone system right and so here we are it is now a point in time where people can buy blue boxes either cheap knockoffs

from uh you know your local bookie or some kind of person in the mafia or really good digital ones from wozniak right and the phone company started to notice but it was less than one percent of their total billing because phone calls used to be really really expensive and this was just a flies now right so it wasn't in mainstream at all okay it might have remained that way until one day general mills changed the equation now for the young folks out there i should explain we used to buy cereal that had toys in every box there was a toy and you would just dig your hand dirty or not to get the toy out and general mills

decided that a good toy would be a boson whistle and it turns out that the whistle that general mills sent 12 million out could generate the 2 600 hertz stone so teenagers all over the place could grab these tones and the first prank they would pull is if they walk by a bank of phones like everyone's on the pay phones at the airport you could blow it and it would knock everyone off because they would immediately go into operator mode right but then eventually everybody started learning what does that tone mean what can i do oh this is fantastic oh let's set this up in my dorm right and it was popularized by a guy by

the name of john draper he changed his name to captain crunch but he cruised around in his hippie van talking about this okay and popularizing it on pirate radio and he also met the blind freakers and basically depending on who you ask either exploited them or embrace them and that's all i'm going to say about john draper period because we don't consider him part of the infosec community anymore additionally ian murphy came along and he felt like it was unfair for bell to charge different rates for date time and nighttime so he programmed every phone switch in america with a default password okay so that it always treated every call like it was 3 a.m

basically ripping off billions of dollars from the phone company and they didn't even know how to undo it right uh we also had kevin paulsen who went by dark dante uh he's now a legitimate writer uh red red box chili pepper who was a member of the cult of the dead cow wrote for 2600 and pla but what we would do what what the freakers would do was exploring the phone system using things like beige boxes which was basically like a lineman's handset doing sweep tones war dialing looking for all of these special numbers so that you could eventually get to what was called the simultaneous seizure trick okay and that would basically allow you

to do all kinds of wonderful things or all kinds of tricky things to phone numbers okay you can also look for sweep tones ring backs abns and arn's which are still very useful today if you're hunting a scammer it's great to have an always busy number or an always ringing number if you want to leave it for somebody right the phone company has those too but what we were always looking for were loops and bridges okay and a loop and a bridge were two different ways that you could connect multiple phone calls so one person could call chicago another person could call europe and then you could bridge it basically together and what's funny about that is that

in um in the deviant psychology book about behavior they talk about how obsessed freaks were with looking for this so that they could do conference calls with total strangers right and ultimately that's really ironic because a lot of these freaks grew up to become infosec professionals and we hate conference calls right spending hours and hours and hours looking for uh these special bridge numbers that you could do that now not surprisingly bell was not happy when every teenager in america could do this and so the third generation defense they came up with which is actually still in use today is ss7 okay signaling system seven took the out of the in-band communication took it out of band added some really crappy

basic uh authentic authentication mechanisms right and the problem is it is insanely insecure we're gonna talk about the uk voicemail hacking and how that relates to ss7 how sim hijacking relates to ss7 but ultimately ss7 just like the first protocols of the internet assumed that the people participating were trusted parties right so if somebody passed you a certain piece of information you just kind of assumed why would they possibly give me the wrong number what they're calling from right or something like that but it was electronic switching systems and it shut down blue boxing literally like in a month right a lot of the a lot of the actual calls when they show when they went to ss7 by

country you can actually see the call volume dropping uh country by country by country so we're now talking about the third generation and the third generation is defined kind of in the period of 83 to 85 because a ton of stuff happened in 1984. four or five major historic events happened but the one i think had the biggest impact period and it's not just because i happen to be an adolescent for 12 years old at the time was in 1984 this happened

what are you doing dying into the school's computer

[Music] they change the password every couple of weeks but i know where they write it down and a promising student with an electronic twist those your grades yep i don't think that i deserved it do you can go to jail for that only if you're over 18. this computer company is coming out with these amazing new games in a couple of months but i want to play those games wow he got something he found the right code word to play the game we're in but it was the wrong computer now that of course is war games right and it actually had some accurate stuff in there one of the things it showed was that when you had a modem and you

wanted to find other modems you would dial every single number in an npa and xx okay either sequentially or randomize and that was known as war dialing because that became known as war dialing there's also a crappy demonstration of how to pay phone freak he didn't use a red box he is like a little tone right but even the name of the conference defcon was a play off of defense condition right but it also showed uh kids i mean most of you caught that right because i blared it out that if you're under 18 you're not going to get prosecuted right you can do whatever you want go look for games go break into computers why not

but that wasn't even the biggest impact it had because it also told a bunch of 12 year old and 13 year old boys with commodore 64's or apple twos or maybe their parents computer that if you hack you can get laid because in the movie matthew broderick got the girl as a result of his hacking activity right and this led to thousands and thousands and thousands of people trying to connect bulletin board systems both locally and long distance okay side note by the way i've never actually told this story but i'm going to today about three weeks after war games was released the president of the united states ronald reagan watched the movie because they

have like a like a theater in the white house right near the private theater and he watched the movie and he was scared to death so he called together all of the joint chiefs of staff all of his main cabinet secretaries and this is what happened and says has anybody seen this movie war games nobody's seen it it just came out he goes into this enormous uh plot description people are looking around wondering where this is going then he turns to his the chairman of the joint chiefs of staff general john vessey and says general could could something like this really happen could someone just break into our most secure computers and the general says i'll look into that mr

president he comes back a week later and says mr president the problem is much worse than you think this leads to the government's first presidential directive on computer security the first directives and the first laws were badly written right this is the first time we got into that pattern where it was punitive it didn't make sense uh it was an overreaction right they didn't consult people that actually knew security right but in this time frame something else happened because the year 1984 was the year george orwell had predicted everything was going to go away and so suddenly we started to see publications pop up right like 2600 which is the hacker quarterly right which is still published today

right you still get that uh every every three months and of course it's named after the 2600 hertz tone right uh you could get frack right frack is still published today yeah kinda but you can still contribute to frack or 2600 if you want to and then there were text files okay text files g-files that was one of the reasons why you dialed these bbs's which were always busy their phone numbers were always busy oh i forgot to even tell you this a lot of the bbs's were like kids and they were using their mom's phone line like after 10 p.m so like in the bbs listing you couldn't call until after 10 p.m like

literally that would happen but ultimately what you wanted when you got to that pbs is you wanted access to the hpp sections that was the hacking freaking and piracy sections now they didn't just let anybody into uh that particular area you couldn't just walk up okay and say hey i want to get access to that because this is where they held the boxes plans right this is where you could get i think the anarchist cookbook right which seems a little archaic now by today's standards so in order to do that you had to demonstrate that you were leaked and the way that you did that was by showing that you knew the language okay that's

elite speak that's writing things in numbers this is actually an alternate glyph alphabet that's designed to reflect in group or out group status right and this remains today if you've ever wondered why 1337 is a special number that's why because it actually spelled leet and it meant that you were leaked at this time also what you were doing was you were calling bulletin boards either locally for free or long distance using other method methods and you were looking for software because everybody was trading games right everybody with the games weren't that big they were like 140 kilobytes but the modals are also slow too and so if i was talking to uh scott mccready and i bragged that i had three-day

software and he wanted to one-up me he would say well i've got two day software i got two day man i got two days that's only been out for two days i got it i got i went to babbages and bought it today it came out but the best thing you could ever get was oh day zero day minute was unreleased that's what david lightman was looking for when he was breaking into that computer he thought it was a game placed and so he actually was looking for odays and where that term odai came from is where's bbs's how long has it been around right and now of course it means an exploit that has never been patched

or is unknown to the manufacturers but at the time what actually happened was was zero day meant that software that's not out yet now when i was researching this it was kind of funny and i'll leave this to the reader to check out on their own but actually one of the pieces of one of the programs that you could use to ward out an entire exchange very very very quickly was something called tone lock and tone loc author actually showed up in the discussion and he tells his life story which i'm not going to get into so much here but basically it goes bbs's dumpster diving and phone places going to prison back to college and then of course he

started a security company but that software issue was a way that you could learn programming okay the easiest and stupidest thing you could do is slap your name on the splash page of somebody else's and it is still kind of funny that people were putting their actual phone numbers on those splash pages right they were out there but for me it was a way to learn assembly language right i learned hexadecimal learn how to get around copy protection routines really basic ones right really mimicking etc now everybody always wanted to learn cobol and pascal but come on you're 14 years old who who's going to spend that much time but it's really about breaking that software

right and so eventually you would want to learn from others and it formed into cracking groups so all over the nation you didn't have to be in the same ndaa next if you know what i mean groups like fahrenheit 451 formed eventually frozen crew and then something interesting happened the cracking groups started to migrate to bigger things because software piracy was kind of lame i mean you didn't even play the games they became hacking groups now these hacky groups did not have the profit motive they were more like kids having fun and had these crazy names that would scare the crap out of the fbi like legion of doom right or cult of the dead

cow right and by the way call to the dead cow you had to be really careful you didn't want your mom to find those files because she might think you're in a cult okay never mind never mind what the was doing that now cdc is of course world famous because they released back orifice and back orifice 2k carrying around a speaking spell right at defcon launching them into the audience that would actually give you control of anyone else's windows machine now another one was stephen andreas okay aka uncle didmeyer and he wrote the world's best freaking tool ever created now i could go on for this section for another hour but i've got more so we're going to talk about the fourth

generation now some of you think we're still in the fourth generation and we could be but i'm going to argue that we're really in the fifth and i'll get there in a second but people could say what date started the fourth right and some of you out there will say this is the day that the fourth generation started pack the planet it's not just something they do sure this sweet machine's not going to waste are you challenging me it's who they are i win you wear a dress on our date and if i win so do you they can crack any code [Music] and get inside any system hello mr gill according to our records you're

dead i'm what but this time look at this it's some kind of virus unless five million dollars is transferred to the following account i will capsize five oil tankers they just hacked the wrong guy game's over whoever wrote this needs somebody to take the phone he's about to commit the perfect computer crime you've created a virus that's going to cause a worldwide disaster and they're about to take the blame hacker planet the virus that's the perfect cover we're being framed can we be allies i don't play well with others oh wow we are fried okay let's nail it no you're not good enough to beat me yeah maybe i'm not but we are they're the only ones who can prevent a

catastrophe i know how to stop this guy they'll trace you like that are you nuts come at me unlike any the world has ever seen never send a boy to do a woman's job hackers of the world unite cops on the building i need more time this is the end my friend united artists welcomes you to the new [Music] world

[Music]

all right i let that play along that was there a long time so it was cheesy right it was campy um during the pandemic okay one of the best moments of my life is i got to spend 45 minutes with sam asmail the creator of mr robot on a webinar that was like a sponsored thing or whatever and i got to talk to him about everything and if it weren't for hackers there would be no mr robot but not because the reason you think he was infuriated by how badly people portrayed hackers in movies and the tvs and everything else and wanted to have one that was super duper realistic right so we've got congress

and we've got the president passing shitty law passing ineffective laws okay we have the popular culture now thinking that everything is angelina jolie oh my god that was the woman from the sopranos by the way i don't know if anybody caught that that was a psychiatrist for the sopranos that was in that movie as well um but then something else happened and this is a historic date this is this is a date that you probably should remember i mean i actually do it's may 19 1998 5 1998 or in the uk i guess that would be 1995 98. what happened was okay so we didn't really talk about cdc but we definitely didn't talk about loft

loft heavy industries okay and this was a group of people that hung out in boston and were absolutely brilliant at so much stuff right it was a hacker collective at first it was a non-profit right and they came up with so much stuff right and on may 19th they actually got called in front of the senate okay that's brian oblivion john tan kingpin mudge okay weld pond that space rogue and stefan von neumann almost every one of these is on twitter by the way now the testimony was an hour it was fred thompson this movie star guy from law and order that was asking all these kind of questions but what's crazy about this session and

i encourage you to watch the full hour was during this hour there's like seven things that happened during this hour for the first time that you would either recognize or roll your eyes at they they called them rock stars for the first time ever right uh he explained what a what a buffer overrun was for the first time ever the guys from loft had bragged that they could take down the entire internet in 30 minutes and people were a little bit concerned about that which it turned out he had a few different ways he could do it but he wasn't actually talking about bgp right so it's just absolutely amazing the things that happened in this session

and such a historic moment in the history of hacking god i wish i could show you this this this testimony because it was just so good but there's no way you're gonna sit through an hour so last night i cut it down to two minutes and here's two minutes of the testimony watch this carefully it's real fast they'll be using their hacker names of mudge weld brian oblivion kingpin space rogue tan and stefan i hope my grandkids don't ask me who my witnesses were today and especially in light of the fact that the washington post described you as rock stars of the computer hacking elite the person who breaks into the systems and undermines the network security and

that's what i do in my day job unfortunately many times they would not improve the software until we actually went public with the findings within 30 minutes the seven of you could make the internet unusable for the entire nation is that correct that's correct actually one of us with just a few packets many of the problems that are out there that that contribute to this lack of security are are extremely simple buffer overflows are spottable in source code your testimony that you given 30 minutes you might be able to uh render the internet unusable so what can we do we'll try to protect against that the um the one the one uh method of doing that

that we were referencing uh there there are several there are dozens of them actually this is definitely a double-edged sword because when you give the information out right um other people can figure out how to exploit it however if you don't give the information out the people out there can't protect themselves

the first time some big company has been compromised because of this that that it may fix itself no the problem did not fix itself uh at all and it was at this time that the harmless pranks and the non-profit motive exploration stuff took a little bit of a nasty turn and we started to see things that were either vindictive or that were illegal and one of them became known as doxing right and so what doxting was and sometimes it's spelled with an x sometimes it's spelled with two x's it's not a uk versus america thing it's actually however you spell it somebody on twitter is going to tell you you spelled it wrong but the origin was if my name

was oh god i got to pick a name david lightman that was my hacker name you could tell at the world what school i went to who my parents were my social security number and i would have to give up that name right that persona i'd have to give it up because i got it i've been doxxed right it was also associated with vigilantism as well now doxxing of course remains a very very big issue and i know that you think i'm going to make a joke about brian krabs but i'm not we're going to talk about carding okay carding was also something that came along the scene at that point in time and that was

credit cards were insanely easy to fake right if you knew the loon algorithm which most people memorized you could just generate a number and it would work if you guys have ever seen the movie the jerk steve martin is like looking through this book of all the credit card numbers that don't work every other number that worked in the loon system did that and so people started carting uh services right started stealing things right there was very very specific ways but it was really a debt compared to what it was later this was also the first time we ever saw a denial of service attacks but the one that came along that has changed every single one of our lives

was now we didn't talk about social engineering okay that's a whole nother talk the history of social engineering is a completely different talk but social engineering is when you use psychology to get somebody to do what you want typically to give their credentials or their logins right well somebody at america online a hacker that wanted to pursue america online came up with a combination of electronic use with social engineering and wrote a visual basic program called ao hell and what you could do is you could send out a thousand messages you could change your username to uh aol uh support desk or maybe even desk with an extra k right and if you sent out a

thousand notes asking people for their login and password a hundred people would write you back period okay it was a ten percent return rate on an aol it was just ridiculous right you could ask them their credit card numbers you could ask them their logins and passwords and the reason that people wanted this is because it used to cost money by the hour to use these online services right and if you actually look at the tool phish was actually still spelled with an f at the time right and you could even customize the letter hey i'm with america online due to a problem we are experiencing we lost vital information please give us your login and password now the reason that

this is so important is because at my company we track the total number of breaches that we're involved in isn't it reports and everything else like that and it's still well over 90 start with a fish right probably closer to 95 if depending on how you actually looked at it so this was when attacks started people started stealing source codes okay people started going after a little actual property pii and credit card theft became a very profitable enterprise right the bots started showing up we all lost the concept of privacy everyone did right this became the age of the breach right and then we started to see ddos evolving with much more sophisticated timing attacks but

the worst part of all about stage four is the profit motive was driving it and the profit motive is ultimately what drives probably our second biggest problem in the industry today which is ransomware now it wasn't just hackers at this point it was criminals criminals of any kind and that actually included some reporters there were reporters in england that figured out well they actually used a private detective to do this if you set your caller id to your own cell phone number right you could call your own cell phone number and get your voicemail right that's number one number two most people didn't change their default pin on their voicemail number three was every system whether it's orange or ee had a

dial-in number that you could dial in let's say from a land line and then put in your number right well it turns out if you called that number while spoofing that number you had administrative rights and you could reset anyone else's so there were seven ways that voice mails could be hacked and it became very very prevalent 2 200 people were in the media it was this massive mess right and these were not sophisticated hackers at all these were people that were pouring through voicemails and listening to it now when i was doing this research first of all i was surprised at how many different ways you could do it but there's still vulnerabilities on

that there's still ways that you can actually retrieve someone else's voicemail uh on one of the uk carriers today right and i'll leave the research that to somebody else because i know that there's people out there so that mainstreaming happened and the hackers always knew ways that you could get to systems that were exploitable right but john mathingly came along and he decided that we really should if we want to expose iot vulnerabilities and we do so that they'll be patched why not build a search engine okay and put that in the hands of everyone so that people can search and even today there are certain showdown searches that when you tell the company you found it

on showdown they assume that you broke into the network etc right but showdown was a revolutionary idea have i been pwned from troy hunt same exact thing right most people that don't know the industry assume that those are malicious tools but they don't understand how powerful they are for hardening our networks right in 2009 chris jeff matt jack and travis got together and renamed security fringes to b-sides and b-sides was designed to be decentralized it was designed to be global it was designed to expand the conversation involve more people and enable people to be a part of the discussion so that's b-sides and that brings us to the fifth generation again you could say we were still in the

fourth but i believe that we're in the fifth and here's why script kitties organized gangs um insiders people that were socially engineered was nothing compared to when the nation states came along now we can argue all day long about when this started but for me it was in 2011 with the launch of stuxnet okay sex that was the most sophisticated cyber weapon of all time you got to read kim zetter's book kim zetter's book is so amazing but stuxnet did stuff that nobody had ever seen before it was polymorphic it was multi-platform okay it could basically mutate it could hop air gaps it had multiple ways to get in and out it was very specifically targeting

only two nuclear reactors right it had amazing use of signed drivers okay not spoofed but signs drivers so it looked legitimate to microsoft right and it was designed to get in and ruin the centrifuges at three nuclear power plants okay this is a peaceful nation launching a weapon against another peaceful nation's energy generation the problem with stuxnet is of course it got out it spread all over the world you can still see it today out there right now it didn't do harm because it was only focusing on those specific areas but here is how it was covered at the time in 2011 when this happened this is how people talked about this big weapon last year a computer virus called

stuxnet was discovered lurking in the data banks of power plants traffic control systems and factories around the world 20 times more complex than any previous virus code it had an array of capabilities among them the ability to turn up the pressure inside nuclear reactors or switch off oil pipelines and stuxnet could tell the system operators everything was normal unlike most viruses stuxnet doesn't carry the usual forged security clearance that helps viruses burrow into systems it actually had a real clearance stolen from one of the most reputable computer technology companies in the world it exploited security gaps that system creators are unaware of these holes are known as zero days and the most successful viruses exploit them

the details of a zero day can be sold on the black market for a hundred thousand dollars stuxnet took advantage of twenty zero days and shut down the centrifuges that spin nuclear material at iran's enrichment facilities stuxnet was a weapon the first to be made entirely out of code the most important question may not be who designed it but who will redesign it the evolution has been so fast that nine months after its detection the first virus that could crash power grids or destroy oil pipelines is available online for anyone to download and tinker with it's an open source weapon and there's no way of knowing who will use it or what they will use it for first

weapon and of course adversaries started emulating it right it wasn't necessarily that it did damage it was that it taught the bad guys how to do this now the other response was that every single nation pretty much knew who did this right and today we know for sure who did it but it was a signal to the rest of the world that peaceful nations could attack other peaceful nations on cyber just with reckless abandon there's no reason not to right and so every single country went from having only defensive cyber defenses to offensive right well outside the five eyes everybody started developing those and as a result of that we started seeing activity from what cyber security

professionals call nation state actors nation state actors is a fancy way of saying financed by a government okay could be the military it could be a third party right but ultimately at the end of the day the one thing you need to know about nation state actors is they are really really really good okay typically um but you never abbreviate this term never okay because if you abbreviate nation state actors people get confused and they think you're talking about a very very very specific woman so let's fast forward to november 24th 2014. on um november 24th 2014 the employees at sony pictures entertainment came in to work and found that their laptops had been destroyed and wiped

right all because of a movie a bad movie actually it wasn't even that good but i'm not going to obsess about the movie or about sony but there's some big lessons that we can learn the first lesson you can learn about sony is asymmetry now that's a military term that means i can do with three people it takes you 300 people to defend right right so so cyber defenses is an asymmetrical warfare one kid with eternal time and eternal energy can do way more damage than 12 people can protect right and sony's a perfect example of this because the person in charge of security at sony pictures entertainment went to a magazine and told that

magazine hey man uh i'm not going to spend 10 million bucks to protect a one million dollar loss right so he's actually on the record talking about uh the damage now of course we know the damage was way more than 10 million right it was close to a billion dollars but here's another lesson risk assessment is sloppy the other lesson about sony pictures entertainment is alarms they had 20 000 alarms going off they had four different ids systems they had firewalls they did cisco they had everything but when you have that many alarms going off what do you do you turn them off right you ignore them you need actionable intelligence and it wasn't bad enough that they'd been

penetrated multiple times it wasn't bad enough that they'd been penetrated deeply but they didn't even catch the exfiltration terabytes and terabytes and terabytes of data and the worst part was reputational damage because it turns out all sony pictures employees had on their desktop an unencrypted big ass pst file okay and that contained every email you'd ever sent and received and it was trivial to basically open and read these like crazy and eventually they actually started dumping them now these emails were salacious they were scandalous they were horrible right this is the one that got amy pascal fired right because she's rambling on and on about a movie involving tom cruise it's really really really late at night

okay so we started to see way beyond just ashley madison reputational damage could be the worst thing you do to companies right it could even be worse than encrypting files that are there the other thing that was interesting about sony was the hackers which was most likely either paid contractors or actually part of the lazarus group left us a file called bonus.rar now don't you pretend like you don't know what an rar file is it's a compressed file okay but in that file was a list of passwords and sony's passwords were horrible 11 people had sony one two three as their password they had been through audits and the auditors had told them you cannot use your username as a

password but they were overridden and they passed compliance anyway so tons and tons and tons of horrible passwords right super duper easy and being reused so president obama goes on tv he starts talking about security everybody every newspaper is talking about security everybody's saying we gotta have better passwords we gotta have we gotta have better we gotta have better cyber security everyone change all your passwords and get it locked down do you think anybody anybody learned their lesson well we don't have to wonder because this guy went out and he asked people three weeks after sony and this is what he found today we sent a camera out on a hollywood boulevard to help people

by asking them to sorry let me get that going again here today we sent a camera out on hollywood boulevard to help people by asking them to tell us their password and this is how that went we're talking about cyber security today and how safe people's passwords are what is one of your online passwords currently it is my dog's name and the year i graduated from high school what kind of dog do you have i have a channel of papillon and what's his name jamison jamison and where'd you go to school i went to school back in greensburg pennsylvania what school uh hempfield area senior high school oh when did you graduate in 2009 it's like

my cat's name and then just like a random number okay has you had this cat for a while yeah she's my childhood pet oh and what's her name her name is jolie jolie so like a password of yours would be jolie and then a number yeah like number one uh like my birthday oh when is your birthday uh june 12th oh nice what year were you born uh 95. oh great so jolie 6 12 95 yes got it so you mean to give my password right now no i cannot do that but we all want to know what it is so we can tell you if it's strong or not oh my goodness um um let me think

okay one is tel aviv yeah four six eight and then israel it's it's only three but it's you know it's uh for me it's strong enough ireland one two three four gemma one two three spell g-e-m-m-a he's gonna spell it for us actually uh to be specific now we know who did the sony pictures entertainment reach right we know right there's some of these that we know for a fact uh with attribution you always say i speak with a high degree of confidence but in this particular one there was a lot of evidence there was a lot of insider evidence and there was a lot of the same mechanisms that they used now lazarus is

still very active in stealing cryptocurrency because north korea used to manufacture counterfeit dollars but why futs with that when you can just steal bitcoins all over the world right billions and billions of them that are there that's like their main way of raising money if you're a member of this group you get to keep 20 of whatever you steal right and i will tell you if you're interested in these apts and in these governments and whatever else one fantastic resource that i've found to figure out who's who is apt.threattracking.com it's just a google doc like a really really big google doc that is actually kept up to date every single day that lists you know the the actual

people that did this and everything else now we talk about the lazarus group and we certainly talk about russia but at first when we talked about apts advanced persistent threats we talked about china they were named apt-1 right and china has very specific things that they do and for those of you that don't know uh their the people's liberation army 61398 is housed in this apartment complex in shanghai with millions of miles of fiber and all kinds of of backup electricity that's out there and if you pull up as a reporter and try to get footage of it this is what's going to happen from us uh cyber security for mandiant they say a hacking collective with

direct ties to the chinese military has stolen data from 141 organizations from around the world since 2006 a cnn crew tried to roll their their cameras through that neighborhood and uh this is what they discovered this is our crew being chased by chinese security officers chase off to us just yet

never slow down by the way never slow down keep driving drive away drive away drive away drive away drive away cnn's david mckenzie is live for us in shanghai with more walk me through so uh we know some of the things that china does one of the things that they do is they don't really weaponize what they take and one of the biggest breaches in north america was something that was known as the opm okay and what that was and it was really really painful was it wasn't just my information it was also anybody that i gave as a reference to get a security clearance right so if you listen to your neighbor your psychiatrist your doctor whatever

right it was all their personal data too and it was basically the fbi director right millions and millions of millions of records a treasure trove of the things coming about talking about who has worked for tried to work this was all kinds of secrets about people that don't know that you would want secret zones and it had the marks of china all over it as well now the reason we know that it wasn't north korea is because they would have probably dumped it to the world to cause damage right and whereas china just kind of hoards that and that's why i knew immediately when equifax happened that it was china as well because it wasn't really sold

right it had all the hallmarks of china and i think we could say with about 90 certainty that it was china at this point in time but it was a massive breach the beer farmers talked about it during the open it was absolutely huge okay and this is the most important information as an american citizen that you could ever have it was your tax information it was your address millions and millions of people right and we're numb we're numb to the breaches they just get worse and worse and worse but then the game changed the game changed because the russians figured out that you could change the world with the right breach you could actually break in and get a

hold of incriminating information and you could change or try to change the outcome of an election now the way they got in guess what was it all started with a fish now i know it's fashionable to tell everybody let's blame the users because of their stupidity for clicking these but the podesta fish was really really really good okay if you actually look at it uh you'll see that they actually encoded his google profile photo in there the url looks pretty real he wondered if it was real he forwarded it to his i.t guy his i.t guy said set your password back but what his it guy didn't tell him was don't use that bit.ly address down

there right and once they were into podesta they could get their tendrils into all kinds of other stuff and there is no debate that this was russia none zero there is one person on the entire planet that doubts that this was russia period we know because grizzly step was released okay with very very extensive unclassified intelligence talking about how apt 28 and 29 were actually banging into each other right they were in the rnc as well which is the other side and all of that really reached to plymouth when one night as a cyber security professional you're sitting at home and you see the most surreal moment of your entire life you're saying russia russia russia but i don't

maybe it was i mean it could be russia but it could also be china it could also be lots of other people it also could be somebody sitting on their bed that weighs 400 pounds okay now i could afford to lose a bit a little bit of weight but let's not call me 400 pounds okay we were not particularly happy with that but then something else happened the russians doubled down because um let me back up for a second when somebody hits you with cyber you have three ways you can respond okay you have to respond you can respond kinetically meaning you can launch missiles and the world can end you can respond with sanctions which we tried to

do or you could respond with cyber right cyber for cyber right proportionate response well russia wasn't really interested in that and the us really wasn't that interested in that either at the time because we really didn't know how much damage they could do so ultimately what happened next was a shadow brokerage came across the scene and according to edward snowden they were basically trying to tell the world hey if you retaliate on us on cyber we have a ton of other [ __ ] we can release we have evidence that you might be spying on some of your allies even the five eyes guys right we have all of these implants etc and so for a maximum effect

we're going to pretend like this isn't russia and we're going to dump them to the world now these were extremely advanced cyber weapons right i mean there was there were pieces of code that could let you take over any cisco router at all right and of course it was all tied to what they called equation group one of the most potent weapons period was actually pretty simple it's an smb based weapon known as eternal blue and when we saw that we were like whoa you can basically phone any windows machine right you got to weaponize it a little bit i guess what happened with that that weapon that was designed for cyber warfare between nation states

became wannacry and wannacry because we're talking to a british audience was ultimately stopped whether you like it or not by marcus hutches now i know that that's a controversial figure right i know people have different opinions about him but i met him i've spent time with him i think he's a brilliant guy and emily krauss on my podcast made a big point about empathy is one of the most important things you can do in cyber security and casting stones on people for what they did when they were a minor is not showing empathy right who among us can first cast the first stones but i highly encourage you to read this article and wire it it just came out

like a month ago oh my god it came out four months ago right uh and get his opinion and then maybe form your own opinions about that so fifth generation defense we're now defending against script kitties a possible labor shortage sophisticated cyber games and nation states right and we've got magic bullets right we got magic bullets we've been hearing about this for two days we're gonna fix it with machine learning and ai no we're not absolutely not because the problem is the problem is the non-artificial intelligence stop me if you've seen this one before multi-million dollar cyber security budget right rock solid password reuse and depending on who you ask as much as 70 of people are using passwords over and

over and over now we know the answer right we do everybody knows everybody in this call knows it's simple it's easy it's basic hygiene we need unique strong passwords we need patch hygiene we need antivirus we need multi-factor everywhere we need situational awareness on fishing but here's the problem even if we solve all of that there's a bigger problem that we're facing too and that is influence operations and that is actually psychology being designed to manipulate people to cause discord to cause fights right uh basically to cause chaos and the more we look into this the more we realize these are coordinated efforts and a lot of times they may not be on the side that you think

right in the case of brexit there was a ton of propaganda being generated by russia on both sides right on both sides both both remain and leave right but they do follow the same tactics and this is going on right now right now today it's going on about coven 19. for example and i would actually argue that it's going on in our industry there are people agents of chaos that are designed and that relish in causing to stir [ __ ] up right we definitely know that facebook is worse for you than smoking giving up facebook will give you a better life than giving up smoking right but it's ripe with examples everywhere and it wasn't just brexit it was a dutch

referendum it was a german elections back when aids was a thing a group of russians decided to try to convince a bunch of americans that aids was created by the cia right this is extremely well documented in this book right and today they're spending not really that much money for the effect they're getting to cause people to fight about masking about shutdowns about blaming china and the hallmarks for all of this and this could be russia it could be trolls okay it could be anybody that's saying you know we want to destroy the industry from within is come from come with a little nugget of history find yourself a useful idiot deny everything and keep your hand hidden so i do want

to close because i'm almost out of time with another history lesson and then also to tell you what you need to do next or actually to ask you a call to action right but in order to do that i need to do another history lesson and i'm definitely going to get a drink of water here in manchester in 2017 mike wrote about seeing ian jordan trump talk okay and he said one i'm doomed i need a blanket and b i'm not having this [ __ ] let's do something about it right and that actually was kind of the origin and the start of an organization that became known as the beer farmers right mike john ian scott and sean today they

have infosec happy hour they have non-profits and they have the phrase here for you here for you right here for you is not a discriminatory idea or anything else like that here's something else that happened because i was familiar with them definitely it was in the mini hats club knew about meadow but two years ago today today two years ago today september 5th 2018 i got a message from not meadow and cybersex 2 and basically decided that i would change my flight to coach so that we could go to the first ever mini hats club meetup and hopefully i could convince stu that we really need to pour some of this into non-profits and raise some money for charities which

it was easy to do absolutely easy to do now since meeting the beer farmers and the mini hats club i've never had a single lunch or dinner alone in any city in england period right and one of the things that's the craziest and i promised everybody i would tell this story the last time was i social engineered or did privileged escalation anyway my way to become a staff member i was a staff member of benny hat's club for 42 days before stu realized it and then kicked my ass out and this is exactly the moment that it happened and i'm not going to show you the audio but what ultimately it is is that stu

and dylan are telling a funny story and i convinced him that file permissions on my mobile app really required me to have staff to upload a file quite of that size so that's how i became staff at the mini hats club and you know bringing this back always to the beginning about jake and anne's piece about is there five is there five or six generations of hacking over the last few days when i was preparing this i came to the conclusion is there five generations of hacking there's five generations of hackers right we can count those people as different generations of hackers and what i would like to propose to you is that the sixth generation

starts right now okay and i listened to a lot of the sessions over the last few days and i picked out things that i think should be characteristics of the sixth generation if you'd like to join it number one here for you quit repeating history especially involving in russia right number two don't blow up that we have a skill shortage that wasn't beer farmers channie sims gave an amazing talk but the one thing i really took out of that was a diversity of strength and any of you that have ever had a team knows you have to have people of different backgrounds you have to have people of different races you have to have lgbtqia

different abilities and neurodivergence if you give me a team that is massively diverse against a team of all white guys that first team is going to kick that second team's ass every single time okay diversity is good for us we shouldn't just do it because it makes us feel good right it's actually selfish to do this and of course we know infosec needs more women the pipeline is not nearly full enough and we're also scaring the [ __ ] out of them with toxicity that we shouldn't and i think the answer here is mentors every single person should be a mentee and a mentor there is nobody that wouldn't benefit from that and i was convinced by that by

tanya jenkins if you don't know tanya jenka she runs we hack purple okay and cyber mentor mondays everybody can benefit from mentors that are out there now sean wright said hey you can't fix what you don't know and that really brought me back to the idea that which by the way is that sean that was awesome it was early for me it was like three in the morning but that really brought me back to the fact that if you want to become a see cell okay you need three things and number one or number two is you need to learn empathy you will never succeed as a cso without empathy and one of my favorite

talks in the world is by somebody named infosec sherpa tracy malife okay and she actually talks about how to get that empathy you have to be able to put yourself in the user's perspective in the criminals perspective maybe even the police officer's perspective right because empathy is an actual game changer for your performance so we have the tools we know what we can do i'm calling on us to hack the infosec community to smash the gates okay once those gates are smashed lower the ladder help newbies out let's get rid of bigotry and harassment let's build up diversity inclusion and let's do it all now i know some of you are going holy [ __ ] ray i thought this was a history of

hacking man now you're just getting preachy but are you up for it are you i want to give you the one i'm going to close with the wise words of one of the most brilliant poets in infosec history and he said here we go no telling what's next life's up and down you never know what you'll get be prepared when you're put to the test because you got to step up you got to stand above the rest and that of course is yt cracker do we have any questions uh did you guys have any questions

sean i can't hear you if you're talking hang on sorry i'm unmuting the entire room oh boy that's going to be loud oh no no no they're allowed to unmute themselves now is what i mean okay sure does they have any questions

do you want to drop this slide so that we can get the the room up if you want to come on video as well assuming yes i just want to make sure that everybody saw the messages that i snuck in on this final

fight