Top hacker shows us how it’s done | Pablos Holman | TEDxMidwest

July 31, 2019 posted by

Translator: Bob Prottas
Reviewer: Ariana Bleau Lugo So this is a hotel room,
kind of like the one I’m staying in. I get bored sometimes. A room like this has not a lot
to offer for entertainment. But for a hacker, it gets a little
interesting because that television is not like the television in your home, it’s a node on a network. Right? That means I can mess with it. If I plug a little device
like this into my computer, it’s an infrared transceiver,
I can send the codes that the TV remote might send
and some other codes. So what?
Well, I can watch movies for free. (Laughter) That doesn’t matter to me so much,
but I can play video games too. Hey, but what’s this? I can not only do this
for my TV in my hotel room, I can control your TV in your hotel room. (Laughter) So I can watch you
if you’re checking out with one of these, you know, TV based registration things, if you’re surfing
the web on your hotel TV, I can watch you do it. Sometimes it’s interesting stuff. Funds transfer. Really big funds transfers. You never know what people
might want to do while they’re surfing the web
from their hotel room. (Laughter) The point is I get to decide
if you’re watching Disney or porn tonight. Anybody else staying
at the Affinia hotel? (Laughter) This is a project I worked on
when we were trying to figure out the security properties of wireless
networks; it’s called the “Hackerbot”. This is a robot we’ve built that can
drive around and find Wi-Fi users, drive up to them and show them
their passwords on the screen. (Laughter) We just wanted to build a robot, but we didn’t know
what to make it do, so – We made the pistol
version of the same thing. This is called the “Sniper Yagi”. It’s for your long-range
password sniffing action, about a mile away I can watch
your wireless network. This is a project I worked on with
Ben Laurie to show passive surveillance. So what it is, is a map
of the conference called “Computers, Freedom and Privacy”. And this conference was
in a hotel, and what we did is we, you know, put a computer
in each room of the conference that logged all the Bluetooth traffic. So as everybody came and went
with their phones and laptops we were able to just log that,
correlate it, and then I can print out a map like this
for everybody at the conference. This is Kim Cameron,
the Chief Privacy Architect at Microsoft. (Laughter) Unbeknownst to him, I got to see everywhere he went. And I can correlate this
and show who he hangs out with (phone dialing)
when he got bored, (phone dialing)
hangs out in the lobby with somebody. Anybody here use cellphones? (Laughter) (Phone ringing) So my phone is calling – (Ringing) calling – Voice mail: You have 100 messages. Palbos Holman: Uh oh! VM: First unheard message – PH: Where do I press – VM: Message skipped.
First skipped message. PH: Uh oh! VM: Main menu. To listen to your –
You have pressed an incorrect key – You have two skipped messages.
Three saved messages. Goodbye. PH: Uh oh!
So we’re in Brad’s voice mail. (Laughter) And I was going to record him
a new message, but I seem to have pressed an invalid key, so we’re going to move on. And I’ll explain how that works some
other day because we’re short on time. Anybody here used MySpace? MySpace users? Oh! Used to be popular.
It’s kind of like Facebook. This guy, a buddy of ours Samy,
was trying to meet chicks on MySpace which I think is what
it used to be good for. And what he did is he had
a page on MySpace about him. It lists all your friends,
and that’s how you know somebody’s cool is that they have
a lot of friends on MySpace. Well, Samy didn’t have any friends. He wrote a little bit of Javascript code
that he put in his page, so that whenever you look at his page it would just automagically
add you as his friend. And it would skip the whole
acknowledgement response protocol saying “Is Samy really your friend?” But then it would copy
that code onto your page, so that whenever anybody
looked at your page it would automatically add them
as Samy’s friend too. (Laughter) And it would change your page
to say that “Samy is your hero.” (Laughter) So in under 24 hours, Samy had
over a million friends on MySpace. (Laughter) Hey, he just finished serving
3-years probation for that. (Laughter) Even better, Christopher Abad,
this guy, another hacker, also trying to meet chicks
on MySpace but having spotty results. Some of these dates
didn’t work out so well, so what Abad did
is he wrote a little bit of code to connect MySpace to Spam Assassin,
which is an open source spam filter. It works just like
the spam filter in your email. You train it by giving it some spam train it by giving it a little
bit of legitimate email, and it tries to use
artificial intelligence to work out the difference. Right? Well, he just trained it on profiles
from girls he dated and liked as legitimate email. Profiles from girls he dated
and not liked, as spam, and then ran it against
every profile on MySpace. (Laughter) Out spits girls you might like to date. What I say about Abad is, I think,
there’s like three startups here. I don’t know why we need,
when we can have Spam dating? You know this is innovation. He’s got a problem, he found a solution. Does anybody use these – bleep –
keys for opening your car remotely? They’re popular in, well,
maybe not Chicago, OK. So kids these days will drive
through a Wal-Mart parking lot clicking open, open, open, bloop. Eventually you find another
Jetta or whatever just like yours, maybe a different color,
that uses the same key code. Kids will just loot it, lock it up and go. Your insurance company
will roll over on you because there’s not
evidence of a break-in. For one manufacturer we figured
out how to manipulate that key so that it will open every car
from that manufacturer. (Laughter) There is a point to be made about this
which I barely have time for, but it’s that your car is now a PC,
your phone is also a PC, your toaster, if it is not a PC,
soon will be. Right? And I’m not joking about that. And the point of that is
that when that happens you inherit all the security
properties and problems of PC’s. And we have a lot of them. So keep that in mind,
we can talk more about that later. Anybody use a lock like this
on your front door? OK, good. I do too. This is a Schlage lock. It’s on half of the front doors
in America. I brought one to show you. So this is my Schlage lock. This is a key that fits the lock,
but isn’t cut right, so it won’t turn it. Anybody here ever tried
to pick locks with tools like this? All right, got a few,
few nefarious lock pickers. Well, it’s for kids with OCD. You’ve got to put them in there,
and finick with them, spend hours getting the finesse
down to manipulate the pins. You know, for the ADD kids in the house
there’s an easier way. I put my little magic key in here, I put a little pressure on there
to turn it, (Tapping) smack it a few times
with this special mallet and I just picked the lock. We’re in. It’s easy. And in fact, I don’t really know
much more about this than you do. It’s really, really easy. I have a keychain I made
of the same kind of key for every other lock in America. And if you’re interested,
I bought a key machine so that I can cut these keys
and I made some for all of you guys. (Laughter) (Applause) So my gift to you,
come afterwards and I will show you how to pick a lock
and give you one of these keys you can take home and try it on your door. Anybody used these USB thumb drives? Yeah, print my Word document, yeah! They’re very popular. Mine works kind of like yours.
You can print my Word document for me. But while you’re doing that,
invisibly and magically in the background it’s just making a handy backup
of your My Documents folder, and your browser history and cookies
and your registry and password database, and all the things that you might need
someday if you have a problem. So we just like to make these things
and litter them around at conferences. (Laughter) Anybody here use credit cards? (Laughter) Oh, good! Yeah, so they’re popular
and wildly secure. (Laughter) Well, there’s new credit cards
that you might have gotten in the mail with a letter explaining how
it’s your new “Secure credit card”. Anybody get one of these? You know it’s secure because
it has a chip in it, an RFID tag, and you can use these in
Taxicabs and at Starbucks, I brought one to show you,
by just touching the reader. Has anybody seen these before? Okay, who’s got one? Bring it on up here. (Laughter) There’s a prize in it for you. I just want to show you
some things we learned about them. I got this credit card in the mail. I really do need some volunteers,
in fact, I need one, two, three, four, five
volunteers because the winners are going to get these
awesome stainless steel wallets that protect you against the problem that
you guessed, I’m about to demonstrate. Bring your credit card up here
and I’ll show you. I want to try it on one of these
awesome new credit cards. OK. Do we have a conference organizer, somebody who can coerce people
into cooperating? (Laughing) It’s by your own volition because – This is where the demo gets really awesome I know you guys have never seen – (Inaudible question) What’s that? They’re really cool wallets
made of stainless steel. Anybody else seen code
on screen at TED before? Yeah, this is pretty awesome. (Laughter) OK, great I got volunteers. So who has one of these
exciting credit cards? OK, here we go. I’m about to share
your credit card number only to 350 close friends. Hear the beep? That means someone’s hacking
your credit card. OK, what did we get? Valued customer and the credit
card number and expiration date. It turns out your secure new
credit card is not totally secure. Anybody else want to try yours
while you’re here? Man: Can you install overdraft protection? PH: Beep, let’s see what we got? So we bitched about
this and AMEX changed it, so it doesn’t show the name anymore. Which is progress.
You can see mine, if it shows it. Yeah, it shows my name on it,
that’s what my Mom calls me anyway. Yours doesn’t have it. Anyway, so next time you get
something in the mail that says it’s secure, send it to me. (Laughter) Oh wait, one of these is empty, hold on. I think this is the one, yep, here you go. You get the one that’s disassembled. All right, cool. (Applause) I still have a few minutes yet left,
so I’m going to make a couple of points. (Laughter) Oh, shit. That’s my subliminal messaging campaign.
It was supposed to be much faster. Here’s the most exciting slide
ever shown at TED. This is the protocol diagram for SSL, which is the encryption
system in your web browser that protects your credit card when you’re
sending it to Amazon and so on. Very exciting, I know, but the point is hackers will attack every
point in this protocol, right? I’m going to send two responses
when the server’s expecting one. I’m going to send a zero
when it’s expecting a one. I’m going to send twice as much
data as it’s expecting. I’m going to take twice as long
answering as it’s expecting. Just try a bunch of stuff.
See where it breaks. See what falls in my lap. When I find a hole like that
then I can start looking for an exploit. This is a little more what SSL looks
like to hackers, that’s really boring. This guy kills a million Africans a year. It’s Anopheles stephensi mosquito
carrying malaria. Is this the wrong talk? (Laughter) This is a protocol diagram for malaria. So what we’re doing in our lab
is attacking this protocol at every point we can find. It has a very complex life cycle
that I won’t go into now, but it spends some time in humans,
some time in mosquitos and what I need are hackers. Because hackers have a mind
that’s optimized for discovery. They have a mind that’s optimized
for figuring out what’s possible. You know, I often illustrate this
by saying, If you get some random new
gadget and show it to your Mom, she might say, “Well, what does this do?”
And you’d say “Mom, it’s a phone.” And instantly, she’d would know
exactly what it’s for. But with a hacker,
the question is different. The question is,
“What can I make this do?” I’m going to take all the screws out,
and take the back off, and break it into a lot of little pieces. But then I’m going to figure out
what I can build from the rubble. That’s discovery, and we need to do that
in science and technology to figure out what’s possible. And so in the lab what I’m trying
to do is apply that mindset to some of the biggest
problems humans have. We work on malaria, thanks to
Bill Gates, who asked us to work on it. This is how we used to solve malaria. This is a real ad from like the 40’s. We eradicated malaria in the US
by spraying DDT everywhere. In the lab what we do is a lot of work
to try and understand the problem. This is a high-speed video,
we have a badass video camera, trying to learn how mosquitos fly. And you can see that
they’re more like swimming in air. We actually have no idea how they fly. But we have a cool video camera so we – (Laughter) Yeah, it cost more than a Ferrari. Anyway we came up with some
ways to take care of mosquitos. Let’s shoot them down with laser beams. This is what happens when you put
one of every kind of scientist in a room and a laser junky. So people thought it was funny at first, but we figured out, you know, we can
build this out of consumer electronics. It’s using the CCD from a webcam, the laser from a Blu-ray burner, the laser galvo is from a laser printer. We do motion detection on a GPU processor like you might find in video game system. It’s all stuff that follows Moore’s law. So it’s actually not going to
be that expensive to do it. The idea is that we would put a perimeter of these laser systems
around a building or a village and just shoot all the mosquitos
on their way in to feed on humans. And we might want to do that
for your backyard. We could also do it to protect crops. Our team is right now working on characterizing what they
need to do the same thing for the pest that has wiped out
about two thirds of the Orange groves in Florida. So people laughed at first. This is a video of our system working. We are tracking mosquitos live
as they fly around. Those crosshairs are put there
by our computer. It just watches them, finds them moving and then it aims a laser at them
to sample their wing beat frequency. Figure out from that, is this a mosquito? Is it Anopheles Stephensi?
Is it female? And if all that’s true then
we shoot it down with lethal laser. (Laughter) So we have this working in a lab. We’re working on taking
that project into the field now. All this happens at the Intellectual
Ventures Lab in Seattle where I work and we try and take on some
of the hardest problems that humans have. This is the money shot. You can see we just burned
his wing off with a UV laser. He’s not coming back. (Applause) Kind of vaporized
his wing right there, yeah. They love it.
I mean, you know. Never got called by PETA or anyone else. I mean, it’s the perfect enemy. There’s just no one coming
to the rescue of mosquitos. Sometimes we overdo it. So anyway, I’m going to get off stage. This is the Intellectual Ventures Lab
where I work. Basically we use every kind of scientist and one of every tool in the world
to work on crazy invention projects. Thanks. (Applause)


100 Replies to “Top hacker shows us how it’s done | Pablos Holman | TEDxMidwest”

  1. BEST OF LAUGH says:

    actually my pc is a toaster

  2. DAILY updates says:

    Can anybody teach me hacking please I want to learn

  3. Eddie Vale says:

    Watching this 7 years later and still no anti mosquito lasers in my yard :/

  4. BIO GAMING says:


  5. AndyTheWoman says:

    Next is top predator shows us how it’s done

  6. 53 12 says:

    cicada3301 anyone?

  7. MrAMP1520 says:

    "I'm going to show this to your 250 closest friends"
    *20 million views online

  8. corporatehippy says:

    Gave up after five minutes of bragging and no showing.

  9. Sgtjohn Sannicolas says:

    It takes the right connections to find a real hacker I’ve finally come across a very legit hacker if you need real legit and professional hacker to help you with all your hacking services then contact HACKERVALLEY247ATGMAILCOM he’s the pro founder of app valley try him today he’s reliable affordable and fast hacker

  10. Jeff Matheson says:

    Even bill uses Apple 😂😏

  11. DWYS WYSD says:


  12. ItzShallow says:

    what a nerd

  13. tyler massage says:

    He shows none of HOW it is done, just what might be done

  14. sweiland75 says:

    WOW! That automated voice on the phone is the same person I get on my phone here in Canada. I wonder who she is and where they get those automated voice messages from.

  15. sweiland75 says:

    "meet chicks on Myspace"

    Feminists triggered

  16. Asse Rodgers says:

    6:09 Bleup

  17. Jack Frost says:

    Samy is my HERO

  18. Tarun Kumaar says:

    I swear I even thought about using lasers to kill mosquitoes but looks like someone already had that idea.

  19. Dr. Paul Plumbing Heating says:

    I'm Getting their,, Me Paul hacker mind, just like the bad government , lol

  20. Dr. Paul Plumbing Heating says:

    cool video's,, like i said i'm getting their

  21. Thompson L says:

    This guy hacked my resolution

  22. SeedPlanter says:

    Laser field defense. Cool…a lot cleaner than cheniicals… it will never happen because Monsaaaan…..Bayer .controls the pesticides… mmm mmm yummy

  23. Austin Verlinden says:

    why would Ted film in 240P?

  24. chris kostopoulos says:

    If hackers want to be real heros, hack into banks and delete everyones debt.

  25. Charlie Cameron says:


  26. Jose Rendon says:

    My question is: How do you learn this? By learning to code? By studying computer science? How?

  27. flange says:

    That mozzy killing lazor just blew my mind……..

  28. Madbeens RC says:

    The shady lady😂😂😂

  29. oddaniel vives says:

    Perfect example of what the future holds for AI technology!!!

  30. the9file says:

    why is he using netscape in 2007

  31. matt mccreadie says:

    20 million views and not enough pixels to fit on my calculator

  32. Lyman Fern says:

    This mans just made a twitch drone

  33. Equintrinity says:

    Is no one going to talk about how he looks a bit like Mark Zuckerberg?

  34. Felvincc Dy says:

    so uuhhh..

    which pixel do i look at?

  35. Half Seen says:

    I like how he works for Microsoft and the "videogame system" was a ps. 😂

  36. BadBoiFilms says:

    Wtf is this? It says 3.6 roentgen?

  37. BadBoiFilms says:

    typing sounds

    “AAAAND… WE…… ARE IN!”

  38. Ryan Stickler says:

    Andy Dick’s brother, Steve

  39. james hallam says:

    lmao that guy who didn't have a wireless card :L

  40. Phelippe Votto says:

    One less pixel, and it would be radio.

  41. Spam Mail says:

    Whenever I hear the phrase, spotty results, I think of a woman on her period.

  42. Karl Nickel says:

    Pablos are u able to hack my video quality?

  43. Alan Robb says:

    Remember there is a reason for mosquitoes being around (food for bats, etc). To create these kill zones will be effective, but it's still messing with nature, and will just be another piece in the environmental destruction puzzle. Sorry! Just a thought. I should put people first.

  44. Funny Memes says:

    Their credit cards are dead…

  45. Grand Marlon Doria says:

    Cure for cancer

  46. Ray Walker says:

    5 minutes in and the only thing he has showed us is phone # spoofing using someone's own # to enter voicemail. I guess anyone can call themselves a top hacker.

  47. Shibe Shook says:

    That automatically aimed laser that kill mosquitoes are quite cool. If they really did build it. I'm getting one pre-order

  48. Uhhh says:

    I scanned your card to show the information that it is designed to provide when it is scanned.

    M4a44d Haaa44aaxxxxXxXXxx

    Hack: Liked my own comment because nobody will ever see it anyways.

  49. Luke Rosnermanz says:

    “A laser junkie” 😂😂😂

  50. Luis San says:

    Is he gonna try playing video games on a macbook?

  51. sylvester john says:

    Hacked every devices watching this video

  52. Steve Clemente says:

    Yup lol

  53. JigSawPsycho says:

    7 years later and I still ain't seen no star wars laser beams killing mosquitoes O-o

  54. TheEDOTONY says:

    I want the mosquito killer

  55. Antoni Gates says:

    So many people watching this don’t know what MySpace was, I remember when it didn’t exist 🙁

  56. vleesevlons says:

    First 10 minutes are a waste of your time

  57. I am Cloud says:


  58. I am Cloud says:

    If i email him will he respond tho

  59. NightCrawler says:

    Anybody interested in what happened to the mosquito project?

  60. Justin Adie says:

    Oh no, he hacked my screen resolution.

  61. pricey0986ify says:

    Hopefully security has improved since this talk happened

  62. Hussein masri says:

    is this TED or stand up comedy

  63. Anthony Keown says:

    Ted talks in 240p


  64. Dhyey Shah says:

    2:56 thank me later headphone users

  65. Jacob says:

    Wouldn’t want to get on this guys bad side 😂

  66. GroundbreakTV says:

    5:55 Did he just invent Tinder?

  67. anton bacon says:

    This has no point we already know data is not safe the last bit was filler.

  68. Landon Pro says:

    Same also went to jail 6months later. Accidental on his behalf talk MySpace off-line to server 720hour community services(2years) now in 2019. No reasons to mess with hacking but a hobby and a little extra cash.

  69. Adventure_ Trac says:

    Mosquito laser?! Nah bro, cicada laser!!!!!

  70. Clash80ps3 says:

    “ Hacker shows us how it’s done”

    in 240p…. 😂

  71. Ron M says:

    The moral of the story is our privacy is gone.

  72. Shedding says:

    That mosquito doesn't just target africans. It targets a lot of other people as well… Malaria sucks.

  73. P Graham says:

    Bump key.

  74. hekk_tech says:

    ironically hackers video in 240p. coudn't he hack it up to 1080p?

  75. SuperBrendan says:

    Anyone staying at that hotel changed their plans

  76. KARATE says:

    17:08 the nerd laugh

  77. Crooked Skate Supply Co says:

    7 years later and we're still all fine

  78. Steven O'Connor says:

    "I'm in"

  79. Rodrigo Muñoz says:

    Closing quote: "Mess with the best, die like the rest"

  80. 71 bop says:

    I hate tech. If Ted K. Actually used his time creating ways to defend against stuff like this and not bombs we may be alot safer with data. Its also terrible that electronic transaction are not more direct wire based than wirless. I'm a mechanic and I say LING LIVE THE CARBURETOR!!!!!! LOL I love all these Ted videos very cool and informative!!!!

  81. Gung Fu Guru says:

    better aim than storm troopers…

  82. Pam Cota says:

    Yes Anandu Mohan I am watching this mind boggling video. Hackers can be good or bad. The mind of a " Hacker " thinks " What can I make this do ? What Discovery can I find i.e, in the lab of " Intellectual Lab. " The bad ones can obtain key codes to all the cars and use the key to steal cars. Even credit cards with a chip can be hacked Knowing SSL Encryption seems to be the way hackers hack. Still unclear as to exactly how hackers hack. As one person seeing this ,the deduction I make is people like me don't know computers and all that Holman speaks in his lecture. However, the importance to me is to be alert.( for non computer minds like me )

  83. Muhammad Ridwan says:

    CCNA CyberOps brought me here xD

  84. Sad Machines says:

    Amazing that RFID credit cards are touted as the next level of high technology security. At my old work, we designed and built automated assembly lines for smart card manufacturing for the metro system in China….in 1998. I actually came up with a tip design used on the ultrasonic embedding "horns" that embed the copper antenna into the PVC substrate. Wouldnt be possible without this design. Chinese rfid card manufacturers copied this design and everyone copied it after that. I got no credit, no money and my name wasn't put on the patent….The American Dream

  85. Hellfire 2007 says:

    okay so let's take apart a blu ray burner and some other things that aren't even remotely related to it and make an anti-mosquito system that SHOOTS down mosquitoes with a UV-laser. seems fine to me. XD

  86. Keith go packers Boror says:

    Why did it turn into a mosquitoes talk? I'm lost.

  87. Devils Marinara says:

    This is the man that says he will fuq your mom after you beat him in rocket league

  88. kosmique says:

    this dude zaps mosquitos with lasers !!! 😀

  89. Silv3r Shadow says:

    can he hack the video quality?

  90. Ingo Knito says:

    thats actually cool

  91. xInfinity says:

    Honestly a little scary to see what could have been done YEARS AGO. I really want to learn more about this along with coding, but it just too much and i have no clue where to start. Amazing these people can do what they do and that they learned what they did

  92. Mitchell Sheppard says:

    It looks like the mosquito was folding his wings from the top to the bottom and funneling air under him like he's on a little cloud

  93. Simon Lessnick says:

    It's 2019 and my toaster still isn't a PC

  94. James Rick says:

    Just another YouTube distraction video to keep you looking outside instead of looking within and finding truth

  95. the21gamer says:

    Hacker:I can see your online transactions
    Audience:*music intensifies*

  96. Hugo Svensson says:

    7 Years later and nobody wants to live in the same Hotel as him

  97. Kuhtuva Malli says:

    Why a mosquito might be less valuable than say a dog? Point is that if you have fun killing it like that hacker then you are on your way to become a ……

  98. Carter Springer says:

    After they finished this ted talk the B&E’s in America went up by 200%

  99. Milan Gavrilov says:

    "Your toaster will become a PC"
    -me watching this in 2019 knowing that there is Razer Toaster on sale

  100. Ian Home says:

    Controlling a TV is simple. It's just known RF codes.

Leave a Comment

Your email address will not be published. Required fields are marked *