You Should Learn How to Hack | Ymir Vigfusson | TEDxReykjavik

Let's

hack

a bank right here, we have the dummy synthesis bank. Normally, I would just enter my account details and then go merrily on my way with whatever disappointing numbers you could show me for those of you who are new to stock

hack

ing right here on the Well, we have the source code in the back. This is the series of programmatic instructions that are executed when I try to authenticate. Now normally this source code is not available to us. Sometimes, maybe it was leaked or stolen, maybe we used to work. at this particular bank or maybe we just have a really good intuition of what this code could do, so let's try to do something interesting, mister authenticate, actually, because I'm inexplicably wearing this balaclava, I'm going to try to log in as an administrator, so Try that, let's make a response here, admin, try some password, Big Ted, failed.

Failure is something that hackers are particularly good at, in fact, failure simply gives us energy to keep hacking and try to push the limits of the system we are attempting. to remove and that just increases the happiness that we feel in a way, we finally break in, so let's keep it up to start doing something, let's try something like Ted or carrot or something that's not Ted. Oh, what do we notice? Here it is that the colors have changed, oh why? And that is the second trait of the hacker. Curiosity is understanding the limits of the technology you are trying to hack to see the limit of what is possible to make something do what was not intended.

Doing that is hacking, okay? So what happened here? I'm sure most of you are familiar with airline passenger announcement systems, right? You know, girls, let's go, can't you come to the event information disk? What if you told them that? their names would be something like this what would happen all flights are canceled all flights are canceled please evacuate please evacuate can't we go to the airline information desk? what just happened you just injected a command into the airline passenger announcement system something that was not planned by its operators or by its creators this is called injection attack so what is happening here in our back is that the back end of the database here doesn't understand that our passengers are just pad or ped or it understands that they are at war and then an additional command, we have injected something into the protocol, so if we modify it a little bit carefully and we start to speak the underlying language called sequel, then we can convert this question being asked into the next question is that a user whose username is admin and whose passport is in the question, is there a user whose username is admin And whose road suit is Ted?

Oh, there's one just like it. Ah, you know, it's the computer situation that must answer logically correctly. It's like the math teacher. I had like this book and a math teacher like that guy whose wife said, oh, he said boy or girl, yeah, it's a boy or girl, you know, that guy, yeah, computers are the same way, so right now I'm telling him We are telling the computer to say yes because one is equal to one and whatever happens is not going to work because we are going to take our little bit more and it is the third pillar of hacking that was in the details but we have broken it we can transfer money we can do what we all have administrative privileges lol so what happens now? you get a car, then you get a car, everyone gets a car now before you emailed me saying something like this, it's not actually Steve, some people in balaclavas in the audience.

Maybe I want to answer first, but let me also explain why I'm here. I want you to become a hacker. Yes, this is not an elaborate covert operation. There's no SWAT team waiting on the roof. Team Robbery on board. I really want you to do it. Become a hacker now, why do I want that? As I imagine most of you. I'm sorry for the bross of cybersecurity news, like it's states attacking other states or criminal syndicates encrypting your photos for ransom or socializing children or obscure Singh celebrities. It bothers me too. The fact that we will never hear about most cyber attacks because they were successful.

So why do I want you to become a hacker? It's not because I want you to impose your moral codes on an incompatible society. It's not because I want you to inflict damage. I want you to become a hacker because I think it's the only way we can rebuild cybersecurity. I want you to become a hacker because I believe that not understanding hacking creates a paralyzing fear of cybersecurity and you can't understand defense if you don't understand offense. Instead of being immobilized by this fear of cyber attacks, hacking, and all these things, let's embrace it, let's all become hackers, unmask why anyone would use this while coding seriously.

If you look for a hacker on the Internet, everyone wears these masks. Why the hell or while they are giving a talk? I don't know anyway, so when I was a teenager I was in this voice that they are hacking each other, it's like a rivalry, you were not motivated by malice and curiosity, and when What I discovered very quickly was that there were great teams Of hackers, what sophisticated hackers would do is try to break in and use those machines as a launching pad for their own operations, because he thinks about the trees in the back.

For the small time hacker who had no chance of denying that the computer is full of hacking software, yes it can be insidious, so to escape this fate it became my group's manifesto to try to hack other hackers computer scientists, they try to be at the forefront and that's what we had incredible success in that we would break into other hackers, we would collect all the encrypted weapons, all the exploited shelters, etc. I just have an arsenal for us completely justified in everything we did because we are right if this group identity we had assumed was much Later we realized the limit of what we

should

have been doing anyway, there is something intoxicating about power , something seductive, something tempting and it's a little difficult to explain, but let me perhaps illustrate it with a story.

There was a night that I remember very well. Well, I was sitting in front of my computer in my room because that's what happens and I was looking at my screen and in front of me was this attack code, this exploit against the service called Secure Shell that was used by all the system administrators in the planet. to gain remote access to members were the keys to the kingdom. I could enter any door on the Internet by this code. Nobody knew he had it. Nobody would exist. Nobody had approved it. I remember being flabbergasted when looking at this code. in front of me and I had three thoughts and I thought: wow, there is no challenge anymore, but this is it, this is the one ring to rule them all.

I don't need any more feats and the second thought was: wow, this is so much power! I can enter anywhere. I can change anything that has a digital representation. I could get revenge on my boys. Hmm, could. I could get a job. We don't even need a job. I could hack a bank like you guys. I can change the third one. I thought that night it was like, oh, it's 4am, school starts in 3 hours. I was just a kid facing that dilemma. How would you fare if you had that one chance in your life to change history and alter its course?

Would you take advantage of it? Would you let her escape? How would you say that fortune favors the bold? You know what I think is nonsense. I believe history favors telling us stories of those whose audacity created fortune and ignores those who were not faced with the dilemma of having this incredible opportunity once. In a lifetime opportunity to change history to alter its course to impose my will on it, what did I do? I stopped hacking I left the scene and watched from the sidelines as many of my friends made the opposite decision and grabbed this ring. of power and they were chasing this corrosive spiral, this mirage of wealth and power, they finally ended up with no one being in prison, some are still in prison, someone took their own life and said look, I just got lucky, but I saw how cybercrime became the fastest growing.

The industry is faster than Bitcoin, that's why Bitcoin is big and became the fastest growing. I understand that I felt tremendous guilt for what I had done, my moral compass developed and I began to think that I had had this privileged position of having an understanding of the underground of knowing how it works, knowing how it all fits together, wondering what I can do to make it happen. the world to be safer and what we observed was that people kept repeating the same mistakes because people do not understand the piracy that is seen in the developer cycle. making mistakes and then hackers exploit those mistakes and then we

learn

from that experimental experience and solve those kinds of problems that we weren't

learn

ing about.

We had an abject failure in cybersecurity education 15 years ago, that injection attack I showed you for the bank. that was in fashion 15 years ago it's like 200 years in cyberspace last year one in five security vulnerabilities identified by the ingestion of things one in five the problem is that it is also an opaque definition what cyber security really is yes the word is broken down what does correct mean? You could define it as the absence of vulnerability, but that doesn't make any sense unless you know what a vulnerability is. It is a negative definition. It is defined by what it is not.

I mean, imagine this if I asked you how you would do it. defend your organization, how would you impose security controls on your organization? Where does your mind go? It may come down to I would just buy this security solution from snakes or printers, but what if instead I asked you how you would break into your own organization? Would you mind going now? Is it like sending a fake letter from the IRS? that's you numbering the vulnerabilities that's the hacker mentality that's all I want you to take off this hat from this talk is the hacker mentality that I have I spent a lot of my career just trying to communicate this idea, this mindset.

I founded companies. I have given talks. I have organized hockey competitions. I have developed several types of materials. I even have a new business like the one I'm selling. adversary, where you can just take the seeds from the hacker to create a patch so we can understand what goes wrong and try to adopt that mindset because I think security is at a critical point right now where we need to make changes to achieve a better world Five years ago I was on this same stage and explained why I teach people how difficult it is, but today I implore you to learn it.

I want you to make the world safer by becoming a hacker. Thank you so much.