WEBVTT - TechStuff Classic: Hacking for Dollars 0:00:04.360 --> 0:00:12.320 Welcome to tech Stuff, a production from iHeartRadio. Hey there, 0:00:12.360 --> 0:00:15.760 and welcome to tech Stuff. I'm your host, Jonathan Strickland. 0:00:15.840 --> 0:00:20.959 I'm an executive producer with iHeartRadio and how the tech area. Y'all, 0:00:21.040 --> 0:00:25.680 it is time for a classic tech Stuff episode. This 0:00:25.760 --> 0:00:28.920 is one where my friend Shannon Morse joined the show. 0:00:29.000 --> 0:00:36.800 Shannon is a really talented communicator of technology. She's a hacker, 0:00:37.360 --> 0:00:42.640 She's fantastic. She's got a ton of content out there online. 0:00:43.080 --> 0:00:45.720 So highly recommend you check out Shannon if you are 0:00:45.800 --> 0:00:49.560 unfamiliar with her work. She's great. And on this episode 0:00:49.720 --> 0:00:53.960 we talked about hacking for dollars, the various ways that 0:00:54.080 --> 0:00:58.600 hackers make money by being you know, hackers, and this 0:00:58.680 --> 0:01:02.880 episode public on Star Wars Day back in twenty sixteen. 0:01:02.960 --> 0:01:06.600 That of course is May the fourth on twenty sixteen. 0:01:07.000 --> 0:01:11.640 Sit back and enjoy. The term hacker is actually a 0:01:11.760 --> 0:01:14.640 very broad term that can apply to a lot of 0:01:14.640 --> 0:01:18.480 different things, and not all of them are that nefarious 0:01:18.640 --> 0:01:22.959 evil infiltrate a system and steal all the corporate secrets 0:01:23.040 --> 0:01:27.120 kind of approach to hacking that Hollywood often presents right 0:01:27.319 --> 0:01:29.720 right exactly. I actually ask this question to a lot 0:01:29.720 --> 0:01:32.440 of people, especially when I first meet them. Since I'm 0:01:32.600 --> 0:01:35.600 so closely affiliated with a lot of the infoset community, 0:01:36.160 --> 0:01:39.520 I want to surround myself with positive people. So you'll 0:01:39.560 --> 0:01:42.720 notice with the hacker definition, you can either get a 0:01:42.800 --> 0:01:46.479 very negative vibe from somebody or a very positive vibe. Oftentimes, 0:01:46.480 --> 0:01:48.680 with the negative vibe, you'll get somebody who says, oh, 0:01:48.760 --> 0:01:51.480 that's the person who stole my credit card data when 0:01:51.520 --> 0:01:53.800 I went to a restaurant the other day. But on 0:01:53.840 --> 0:01:56.320 the positive side, you'll get somebody that says, oh, they're 0:01:56.360 --> 0:01:59.400 the kind of people that will break something apart and 0:01:59.400 --> 0:02:01.120 then put it back together in a way that it 0:02:01.160 --> 0:02:03.440 wasn't supposed to be put back together to make it 0:02:03.440 --> 0:02:08.560 do something cool. And that's a hack in mainstream. So 0:02:08.639 --> 0:02:10.639 that's the way I see it. I see hackers as 0:02:10.639 --> 0:02:15.680 being people who reverse engineer different software, different hardware. It 0:02:15.720 --> 0:02:18.480 could just be a bicycle, for example, and put it 0:02:18.560 --> 0:02:21.320 back together in a way to make it harder, better, faster, 0:02:21.400 --> 0:02:25.960 and stronger. Nice the old daft punk approach. Of course, Yeah, 0:02:26.080 --> 0:02:30.240 I agree entirely. The original term hacker was really all 0:02:30.280 --> 0:02:35.240 about people who have almost an insatiable curiosity to learn 0:02:35.280 --> 0:02:39.840 how stuff works. Oddly enough, I share that quality having 0:02:39.880 --> 0:02:43.480 worked at how stuff works for a decade, but yeah, 0:02:43.480 --> 0:02:46.160 to understand how it works and then to make stuff 0:02:46.200 --> 0:02:49.480 do things it wasn't necessarily intended to do. Not for 0:02:49.560 --> 0:02:54.080 nefarious purposes necessarily, although that could clearly be an application, 0:02:54.480 --> 0:02:59.000 but just for curiosity's sake. Can I take these elements 0:02:59.360 --> 0:03:01.040 that are meant to do this one thing and do 0:03:01.200 --> 0:03:05.640 something completely transformative with it, whether it is hardware or software. 0:03:05.760 --> 0:03:08.440 And we've seen some really cool stuff come out of that. 0:03:08.480 --> 0:03:10.640 I mean, I would argue that a lot of the 0:03:10.680 --> 0:03:13.760 things you see in the cosplay world and the steampunk world, 0:03:14.120 --> 0:03:18.600 those are all taking elements of hacking. Maker Fair is 0:03:18.760 --> 0:03:21.600 really just a hacker's paradise when you get down to it, 0:03:21.720 --> 0:03:24.520 especially for hardware hacks. Absolutely, I'm kind of sad I'm 0:03:24.520 --> 0:03:27.240 going to miss maker Fair this year. I haven't been 0:03:27.280 --> 0:03:29.200 to one yet. I've been to a small one here 0:03:29.200 --> 0:03:33.240 in Atlanta, a very modest maker Fair. Everyone there was 0:03:33.440 --> 0:03:37.040 great and passionate and intelligent, but it was, you know, 0:03:37.120 --> 0:03:39.200 a much smaller scale than something you would see in 0:03:39.240 --> 0:03:42.280 the Bay Area. Yeah, but that's the kind of thing 0:03:42.400 --> 0:03:45.680 that hacker means to me. Now that being said, in 0:03:45.720 --> 0:03:49.119 this episode, we're really going to be focusing on sort 0:03:49.120 --> 0:03:52.440 of the computer oriented, really the software side of hacking, 0:03:53.360 --> 0:03:54.960 and a large part of it's going to be on 0:03:55.120 --> 0:03:58.480 the bad guy, the naughty bits, as I call it 0:03:58.480 --> 0:04:01.960 in our notes about simply to talk about what are 0:04:02.000 --> 0:04:06.960 the ways that hackers cause or the malicious hackers cause problems, 0:04:07.880 --> 0:04:11.760 how do they expect to profit from that? And also 0:04:12.160 --> 0:04:15.640 we'll look at ways that hackers who don't follow that path, 0:04:15.680 --> 0:04:19.839 who are looking to help people, not hurt people, how 0:04:19.880 --> 0:04:23.279 do they make a living Because it's one of those 0:04:23.279 --> 0:04:25.520 things where you kind of take it for granted when 0:04:25.520 --> 0:04:28.240 you see the Hollywood depiction of a hacker, the person 0:04:28.320 --> 0:04:31.200 sitting down. Usually they're sitting at a keyboard and for 0:04:31.279 --> 0:04:35.640 some reason, their monitor only is monochromatic green. Yes, that's 0:04:35.640 --> 0:04:37.840 so true. Well, yeah, they're using the old Apple to 0:04:38.000 --> 0:04:42.240 ems terminals are actually written and green oftentimes, but you 0:04:42.279 --> 0:04:44.919 can change the colors to rainbow colors if you choose. 0:04:44.920 --> 0:04:48.119 That is a hack, it's a real life hack. Yeah, yeah, 0:04:48.120 --> 0:04:50.360 And usually you see them sitting down and then they 0:04:50.400 --> 0:04:56.160 cause some sort of mischief, sometimes bordering on sabotage. But 0:04:56.200 --> 0:04:58.359 then you when you think about it outside of the 0:04:58.400 --> 0:05:02.240 context of that scene, you think, Oh, how did they 0:05:02.279 --> 0:05:05.159 expect to profit from this? Yeah, so that's kind of 0:05:05.160 --> 0:05:08.560 what we're looking at. Yeah, because it's always important to 0:05:08.560 --> 0:05:11.839 me to reiterate too that there are always going to 0:05:11.880 --> 0:05:13.920 be two sides of a coin to everything in life. 0:05:14.040 --> 0:05:17.360 Of course, there are going to be bad guys in 0:05:16.480 --> 0:05:20.120 the in the world who do nefarious hacks, but there's 0:05:20.160 --> 0:05:23.560 also a lot of good guys too, And personally, for me, 0:05:23.600 --> 0:05:26.000 the reason why I'm so interested in researching this is 0:05:26.040 --> 0:05:29.039 because it has made me a much more privacy and 0:05:29.080 --> 0:05:32.000 security guarded person. I've gotten a lot better at my 0:05:32.040 --> 0:05:34.440 own protections online, and I feel like if somebody else 0:05:34.480 --> 0:05:37.400 can understand what a hacker does on the bad side 0:05:37.440 --> 0:05:39.279 as well as the good side, they can better protect 0:05:39.360 --> 0:05:42.559 themselves too, And that's what I've always tried to teach people. Yeah, 0:05:42.600 --> 0:05:44.680 I think all you have to really do is attend 0:05:44.760 --> 0:05:48.480 one def con and really have that driven home. I 0:05:48.520 --> 0:05:51.679 have not yet gone to a def con, mostly because 0:05:51.720 --> 0:05:53.840 I don't know that I could part with my smartphone 0:05:53.880 --> 0:05:56.479 for that long and I certainly wouldn't take it with me. 0:05:57.400 --> 0:06:02.040 Bring a burner phone, you'll be fine. Yeah, that's me Jonathan, 0:06:02.080 --> 0:06:05.279 the guy which carries the burner. It makes sense, I 0:06:05.320 --> 0:06:07.240 mean when you're doing something like that. So for those 0:06:07.279 --> 0:06:10.719 who don't know, Defcon is a large hacker based conference 0:06:11.160 --> 0:06:16.320 largely looking at the realm of information security, and often 0:06:16.360 --> 0:06:20.560 they will you'll have entire presentations dedicated to showing off 0:06:20.640 --> 0:06:24.200 vulnerabilities and security, again not necessarily so that people can 0:06:24.240 --> 0:06:27.280 take advantage of them, but rather to raise awareness and 0:06:27.360 --> 0:06:30.400 to kind of force the hands of the parties that 0:06:30.440 --> 0:06:34.599 are responsible for that software to take action and fix 0:06:34.640 --> 0:06:37.360 a problem. Right like that was what we saw with 0:06:38.400 --> 0:06:42.599 the hack about remotely taking control of a person's vehicle, 0:06:43.200 --> 0:06:46.400 specifically Jeep was really having that issue. Those one of 0:06:46.400 --> 0:06:49.440 those things where the researchers were saying, look, we're bringing 0:06:49.480 --> 0:06:52.320 this to light, not so that we can create an 0:06:52.360 --> 0:06:55.360 era where people are terrified of their vehicles that someone's 0:06:55.400 --> 0:06:57.760 going to take remote control of their car, but rather 0:06:57.839 --> 0:07:01.920 to really drive home the act that the information security 0:07:02.040 --> 0:07:05.640 is now it's important everywhere. It's not just your phone, 0:07:05.680 --> 0:07:08.880 it's not just your computer. As the Internet of Things 0:07:08.960 --> 0:07:12.760 continues to blossom, it's everything. Yes, I agree, And in 0:07:12.760 --> 0:07:16.440 that sense, those researchers were trying to use something the 0:07:16.480 --> 0:07:20.800 old school term is called responsible disclosure where they explain 0:07:21.400 --> 0:07:23.960 some kind of vulnerability that they found to the company 0:07:24.240 --> 0:07:27.440 in hopes that the company will fix this problem before 0:07:27.440 --> 0:07:30.320 it becomes mainstream and before it gets out into the wild. 0:07:30.760 --> 0:07:34.160 In the case of Jeep, I believe, if my memory 0:07:34.200 --> 0:07:37.880 serves me right, that Jeep did not necessarily release a 0:07:37.880 --> 0:07:41.200 patch for this vulnerability. So then the researchers decided to 0:07:41.240 --> 0:07:44.360 go out publicly about the information that they found, and 0:07:44.400 --> 0:07:46.920 then Jeep decided to fix it once everybody else knew 0:07:46.960 --> 0:07:50.080 about it, right, And sometimes that's what it takes. And 0:07:51.320 --> 0:07:54.360 I've had the same discussion offline with a mutual friend 0:07:54.360 --> 0:07:57.960 of ours, Brian Brushwood. Brian is a stage magician. He 0:07:58.000 --> 0:08:01.000 has a show called Scam School. It's all about social engineering. 0:08:01.400 --> 0:08:03.600 One of the things I have talked about with Brian 0:08:03.720 --> 0:08:06.560 is that his show, he often shows how to do 0:08:06.680 --> 0:08:10.120 certain types of scams or tricks, but they're mostly in 0:08:10.160 --> 0:08:13.360 the barbet world, right, Like, not stuff that you would 0:08:13.400 --> 0:08:16.200 do to ruin someone's life, but something that you know 0:08:16.240 --> 0:08:18.040 you might want to you might win a free beer 0:08:18.600 --> 0:08:23.280 that way. Yeah, And he showed off He had an 0:08:23.280 --> 0:08:27.160 episode where he showed off this guy who had was 0:08:27.320 --> 0:08:32.080 demonstrating a well known vulnerability of a popular bike lock 0:08:32.280 --> 0:08:34.079 that has been off the market for a couple of 0:08:34.200 --> 0:08:37.840 years because of this vulnerability. But that particular vulnerability meant 0:08:37.840 --> 0:08:41.040 that you could use a regular plastic pen, remove the 0:08:41.080 --> 0:08:44.240 pen part of the pen, use the casing, and jam 0:08:44.320 --> 0:08:46.840 that into the lock and pop the lock open. Oh 0:08:46.880 --> 0:08:50.720 that's horrible, right, And so people were complaining in the comments, 0:08:50.720 --> 0:08:54.800 they were saying, you're you're, you're publicizing this vulnerability, And 0:08:54.840 --> 0:08:57.959 I said, guess what, the bad guys already know about 0:08:58.000 --> 0:09:01.160 this vulnerability. What they're doing is publicizing it to a 0:09:01.200 --> 0:09:03.840 public that might be still vulnerable to it so that 0:09:03.920 --> 0:09:07.520 they don't fall victim. And that, to me is a 0:09:07.679 --> 0:09:11.280 very important part of hackers across the board. They serve 0:09:11.520 --> 0:09:16.840 very important purpose to alert folks to potential dangers before 0:09:17.120 --> 0:09:21.520 it gets too late. Yeah. Absolutely, And you're those hackers 0:09:21.559 --> 0:09:25.200 are the people that are generally working to make a 0:09:25.240 --> 0:09:29.200 better world for consumers at about a private and secure 0:09:29.280 --> 0:09:32.440 world for consumers. But then, of course, on the other hand, 0:09:32.520 --> 0:09:35.360 are the batties. Yeah, let's talk about some of them. 0:09:35.440 --> 0:09:38.840 So I kind of gave some weird little titles for 0:09:38.880 --> 0:09:41.400 this when I was typing it up, because in the 0:09:41.400 --> 0:09:43.640 middle of the week. I get bored, Shannon. Let's to 0:09:43.679 --> 0:09:45.960 be honest, and so when I was making an outline 0:09:46.040 --> 0:09:47.960 kind of for us to work from, I started coming 0:09:48.000 --> 0:09:51.600 up with goofy subtitles. So this whole section is titled 0:09:51.800 --> 0:09:55.040 the Naughty Bits in our Notes, and the first one 0:09:55.120 --> 0:09:59.600 is malware moolaw as in people who make money through 0:10:00.080 --> 0:10:03.959 the development or distribution of malware. And malware, as I've 0:10:04.000 --> 0:10:06.760 said on this show many times in order to define it, 0:10:06.760 --> 0:10:09.760 it's really software that is intended to do something that 0:10:09.880 --> 0:10:12.760 is ultimately harmful to the person who runs that software 0:10:12.800 --> 0:10:19.679 on their machine. It covers a wide array of different subcategories, like, uh, 0:10:19.920 --> 0:10:21.840 you know, this is the sort of term that we 0:10:21.960 --> 0:10:23.679 normally would have in the old days just called a 0:10:23.720 --> 0:10:27.240 computer virus, But computer virus is a very specific thing, 0:10:27.320 --> 0:10:31.760 and malware covers more stuff than just viruses, also worms 0:10:31.800 --> 0:10:34.760 and all sorts of stuff. Yeah, there's there's malware for 0:10:34.880 --> 0:10:37.560 Java and Flash. If you still have Flash, install it, 0:10:37.600 --> 0:10:39.760 I highly recommend that you uninstall it if you don't 0:10:39.800 --> 0:10:43.679 need it. There's malware for browsers. There's malware for advertisements 0:10:43.720 --> 0:10:47.320 online for sponsors that you'll see like on different websites 0:10:47.720 --> 0:10:49.720 that was a very recent problem that a lot of 0:10:49.760 --> 0:10:53.800 news publications had with yeah, big name news publication, but yeah, 0:10:53.840 --> 0:10:56.160 so that was a big one. But you'll see malware 0:10:56.360 --> 0:10:59.640 all over the place, and luckily we do have anti 0:10:59.720 --> 0:11:02.000 mal where software that we can use to protect our 0:11:02.040 --> 0:11:04.800 computers from it, and we can also block certain ports 0:11:04.800 --> 0:11:07.240 on or routers that can hopefully protect you from MAUER. 0:11:07.400 --> 0:11:10.560 But there's also a lot of cases where Mauer is 0:11:11.200 --> 0:11:15.560 distributed and built so quickly that a lot of those 0:11:15.600 --> 0:11:19.360 anti Mauer software are not updated quick enough. So in 0:11:19.360 --> 0:11:20.760 that case, we need to do the best that we 0:11:20.800 --> 0:11:24.160 can to protect ourselves and keep MAUER from getting out 0:11:24.440 --> 0:11:26.960 from the deep web. Yeah, you know, it used to 0:11:26.960 --> 0:11:31.200 be that you really all you needed to worry about 0:11:31.320 --> 0:11:34.120 was just don't go to the more seedy elements of 0:11:34.160 --> 0:11:36.920 the web, and you were generally all right, right, Yeah, 0:11:36.920 --> 0:11:40.640 It's kind of like avoiding a bad neighborhood, Like, yeah, obviously, 0:11:40.800 --> 0:11:43.040 if you don't want to get robbed, there are certain 0:11:43.040 --> 0:11:45.679 neighborhoods that you should probably shouldn't walk around in by 0:11:45.679 --> 0:11:48.880 yourself at night, right, And this is kind of similar 0:11:48.920 --> 0:11:51.680 in that case where you avoid the deep web unless 0:11:51.679 --> 0:11:54.040 you really want to be on somebody's like hit list 0:11:54.120 --> 0:11:57.160 or something like that. Yeah. Yeah, if you suddenly think 0:11:57.160 --> 0:11:58.880 that you want to come across as a big shot, 0:11:59.000 --> 0:12:01.360 look if you're not a big shot, don't do that. 0:12:02.080 --> 0:12:03.800 It's kind of like, kind of like walking up to 0:12:03.840 --> 0:12:06.400 someone who works in a carnival and claiming that you're 0:12:06.440 --> 0:12:07.840 with it and for it. If you don't know what 0:12:07.920 --> 0:12:10.959 that means, you do not say that. Okay, I think 0:12:11.000 --> 0:12:16.319 I just gave terrible advice to an entire population of listeners. Yeah, don't, don't. 0:12:16.400 --> 0:12:19.360 Don't talk to Carney's unless you are one, all right, so, 0:12:19.600 --> 0:12:22.880 uh and I love you Carney's, I love you all So. 0:12:23.120 --> 0:12:26.280 The the thing that we're getting across, though, is that 0:12:26.440 --> 0:12:29.559 today that's not as big a guarantee as it used 0:12:29.559 --> 0:12:32.520 to be. Right like ten years ago, you'd say, look, 0:12:32.600 --> 0:12:36.640 just be careful. Don't download unusual files. Don't don't run 0:12:36.800 --> 0:12:41.160 a file that's linked in your email without checking it 0:12:41.200 --> 0:12:44.199 out first, don't. Don't, you know, be careful opening up 0:12:44.240 --> 0:12:47.360 emails from things that you don't recognize. Be careful with 0:12:47.400 --> 0:12:52.439 PDF files, Be careful with stuff, especially unsolicited stuff that 0:12:52.480 --> 0:12:56.280 has come to you, because that raises the chances that 0:12:56.400 --> 0:12:59.280 something hinky is going on. It doesn't necessarily mean it's 0:12:59.320 --> 0:13:03.840 definitely a problem, but it's potentially a problem, and it's 0:13:03.880 --> 0:13:06.520 better to be safe than sorry. Make sure you have 0:13:06.640 --> 0:13:10.280 good antivirus software on your computer, make sure you have 0:13:10.280 --> 0:13:12.560 a nice strong firewall. All of these kind of things. 0:13:12.559 --> 0:13:17.320 Those used to be pretty good at keeping nine of 0:13:17.360 --> 0:13:20.200 the malware away from you if you were being a 0:13:20.240 --> 0:13:25.440 fairly responsible Netaicin these days, they definitely help. These days, 0:13:25.600 --> 0:13:28.400 these days, the attacks are sometimes getting like in the 0:13:28.400 --> 0:13:32.600 case of the advertisements on news sites. These are attacks 0:13:32.640 --> 0:13:36.079 that are going through avenues that you want at one 0:13:36.120 --> 0:13:39.240 point would have considered perfectly safe. Right, Not that it's 0:13:39.280 --> 0:13:41.640 happening all the time, but the fact that it can 0:13:41.760 --> 0:13:46.280 happen tells you that it requires an extra level of 0:13:46.360 --> 0:13:51.160 vigilance beyond what we used to say was sufficient. Yeah. Absolutely, 0:13:51.320 --> 0:13:53.960 A data collection for a lot of this malware is 0:13:54.040 --> 0:13:59.720 extremely It's high sensitive in the fact that a user's 0:14:00.120 --> 0:14:03.480 data can get so much money on the on the 0:14:03.520 --> 0:14:08.120 deep web, so much money, really, particularly a collection of 0:14:08.240 --> 0:14:10.959 user data, that's where the big money is, right. I 0:14:11.000 --> 0:14:14.080 did an episode once where we tried to break down 0:14:14.120 --> 0:14:18.280 how much is your personal information worth? It? Really bucks? Yeah, 0:14:18.320 --> 0:14:21.520 it really depends. It depends upon what information you're talking about, 0:14:21.520 --> 0:14:25.240 Like how extensive is that profile on a person? But yeah, 0:14:25.280 --> 0:14:27.680 it's not much in the grand scheme of things. Like 0:14:27.720 --> 0:14:30.880 to you, it's worth a lot, right you as a person, Shannon, Right, 0:14:30.960 --> 0:14:33.320 you as a person, that information is worth a lot 0:14:33.400 --> 0:14:36.160 of money to you, Yeah, because it's who you are. 0:14:36.880 --> 0:14:39.920 To someone else, it's worth pennies on the dollar, really 0:14:39.960 --> 0:14:43.640 depending up, depending upon the amount of information. But the 0:14:43.840 --> 0:14:49.040 malware often is giving hackers access to massive amounts of 0:14:49.080 --> 0:14:53.040 info about a huge number of people, and in numbers 0:14:53.400 --> 0:14:56.280 there is more value, and that's where they will sell that. 0:14:56.720 --> 0:15:00.000 Sometimes they sell it to companies that are just interested 0:15:00.160 --> 0:15:03.440 and getting information so that they can do targeted advertising. 0:15:03.880 --> 0:15:07.880 So it might be that the ultimate use of your 0:15:07.920 --> 0:15:11.240 information isn't as bad as it could be. It just 0:15:11.280 --> 0:15:14.320 means you're going to get some ads, but still not 0:15:14.600 --> 0:15:17.000 fun to think about and to think that you know, 0:15:17.080 --> 0:15:19.760 now these companies have access to information about you that 0:15:19.840 --> 0:15:24.560 you probably would rather they not have, particularly in targeted advertising. 0:15:24.840 --> 0:15:28.760 The famous story about target when they started sending ads 0:15:28.800 --> 0:15:31.760 to a young lady that were related to pregnancy yep, 0:15:32.000 --> 0:15:34.800 and then her dad got really really ticked off. About it. 0:15:34.800 --> 0:15:37.720 But it turned out that little girl was pregnant, yeah, 0:15:37.760 --> 0:15:40.920 and that it was because the algorithms had picked up 0:15:41.120 --> 0:15:44.200 through her search habits that she was pregnant based upon 0:15:44.320 --> 0:15:46.800 the search terms she was putting in, and so they 0:15:46.840 --> 0:15:51.080 proactively sent her some coupons for pregnancy related items. The 0:15:51.160 --> 0:15:53.600 dad got very upset. Then the dad ended up apologizing 0:15:53.600 --> 0:15:56.040 to Target, saying that he was unaware at the time 0:15:56.120 --> 0:15:58.800 of the full situation. Well, in that case, it was 0:15:59.240 --> 0:16:03.040 search algorithm, wasn't a hacker who had gained access to 0:16:03.040 --> 0:16:05.600 stuff and then sold it. But there are other cases 0:16:05.640 --> 0:16:08.600 where that does happen, Yeah, where you know, just a 0:16:08.680 --> 0:16:11.560 database of info and a lot of times they will 0:16:11.600 --> 0:16:14.920 release this malware in something that's called an exploit kit. 0:16:15.360 --> 0:16:18.480 So generally, these exploit kits are like a batch of 0:16:18.840 --> 0:16:22.440 similar malware that will work across several different platforms, So 0:16:22.480 --> 0:16:25.440 that whether that's several different types of software like job 0:16:25.480 --> 0:16:28.480 and flash, or several different browsers. It could be several 0:16:28.480 --> 0:16:31.800 different operating systems too, So you might see an exploit 0:16:31.840 --> 0:16:36.200 kit that works on Linux fourteen O four but also 0:16:36.240 --> 0:16:40.960 works on Windows XP up through eight or something like that. Right, 0:16:41.400 --> 0:16:43.560 And what's crazy is that when you start looking at 0:16:44.280 --> 0:16:46.040 I mean, this is one of the things that hackers do, right, 0:16:46.040 --> 0:16:48.520 They'll look at operating systems and what the market penetration 0:16:48.600 --> 0:16:51.200 is for those systems, because that's that shows you where 0:16:51.200 --> 0:16:53.640 your target rich environment is. Right. So if you have 0:16:53.680 --> 0:16:59.720 Windows seven, guess what you are prime target for malware 0:16:59.760 --> 0:17:04.760 because that is by far the largest that has the 0:17:04.800 --> 0:17:07.600 greatest market share of any operating system right now. Ye, 0:17:07.840 --> 0:17:13.919 Windows XP Still it's number three, number three, and it 0:17:14.000 --> 0:17:16.600 has not been supported by wind formed by Microsoft for 0:17:16.680 --> 0:17:21.000 two years. This, by the way, bad thing. If you 0:17:21.040 --> 0:17:23.960 want to be really secure with your your computer information, 0:17:24.000 --> 0:17:25.760 you don't want to be using an operating system that 0:17:25.800 --> 0:17:28.199 no longer gets support from the company that made it, 0:17:29.560 --> 0:17:32.440 because because that means no vulnerabilities will be patched. From 0:17:32.440 --> 0:17:34.439 that moment forward, you're pretty much on your own. You 0:17:34.480 --> 0:17:37.240 have gone into the dark forest, and you forgot to 0:17:37.240 --> 0:17:41.800 bring your flashlight. It's pretty dangerous. One of the things 0:17:41.800 --> 0:17:45.439 that you kind of I think leads in from what 0:17:45.480 --> 0:17:48.280 you were saying before with these exploit kits. One of 0:17:48.320 --> 0:17:52.480 the most terrifying aspects of this type of malware and 0:17:52.480 --> 0:17:54.920 and the fact that that people can use it for 0:17:55.400 --> 0:17:59.760 nefarious purposes and monetary gain. Is that you also have 0:17:59.800 --> 0:18:02.399 a population of people who don't even understand how the 0:18:02.400 --> 0:18:05.880 malware works. They don't even Script kitties is what I'm 0:18:05.880 --> 0:18:09.000 getting at. Script kitties, that's the term we use for 0:18:09.040 --> 0:18:16.000 people who are they're benefiting from the work that hackers 0:18:16.040 --> 0:18:18.399 have done. Hackers are the ones who are actually putting 0:18:18.440 --> 0:18:21.280 together the software. They're the ones who have identified the 0:18:21.320 --> 0:18:25.119 vulnerability and then exploited it in some way. Script kitties 0:18:25.119 --> 0:18:27.600 are the ones who essentially they're given a set of 0:18:27.600 --> 0:18:31.000 skeleton keys, and they didn't make the skeleton keys, they're 0:18:31.000 --> 0:18:35.560 just using them. And it's scary because you don't need 0:18:35.600 --> 0:18:38.480 a level of expertise. You might think, oh, well, I'm 0:18:38.520 --> 0:18:40.760 kind of safe from hackers because how many people are 0:18:40.800 --> 0:18:45.000 actually hackers? How many people really know how this system works. Well, 0:18:45.560 --> 0:18:47.600 you don't have to really know how the system works. 0:18:47.640 --> 0:18:50.719 If you have a tool that exploits a vulnerability, oh absolutely. 0:18:50.760 --> 0:18:53.720 Although I really hate the word script kitty, I will 0:18:53.720 --> 0:18:56.240 put it out there because I feel like if you're 0:18:56.320 --> 0:19:00.560 interested in information security, and if you're interested in becoming 0:19:00.720 --> 0:19:04.680 a good hacker, then you do start somewhere and everybody 0:19:04.760 --> 0:19:06.760 is going to start with the easy tools that are 0:19:06.760 --> 0:19:09.560 out there and that are available for free. For example, 0:19:09.680 --> 0:19:11.960 one thing that I learned how to use a couple 0:19:12.080 --> 0:19:15.120 years back was this tool called wire shark. It easily 0:19:15.200 --> 0:19:18.320 lets you see everything that's happening on your wireless network, 0:19:18.400 --> 0:19:22.560 or you can use it for any computers that are 0:19:21.960 --> 0:19:24.840 on your network, like behind your router, so you can 0:19:24.840 --> 0:19:27.520 see everything that's going on and you don't necessarily have 0:19:27.600 --> 0:19:32.000 to learn or understand what's going on behind it to 0:19:32.080 --> 0:19:35.479 be able to read what's on your screen happening right 0:19:35.520 --> 0:19:38.639 in front of you. I think it's really important though, 0:19:38.720 --> 0:19:43.240 for people who might be called script kitties to look 0:19:43.280 --> 0:19:46.719 at as being beneficial and that they can grow from 0:19:46.800 --> 0:19:50.680 that process. They can start from being a beginner and say, okay, 0:19:50.760 --> 0:19:52.840 well I need to understand the theory. Now I can 0:19:52.880 --> 0:19:55.879 move on from being a script kittie quote unquote to 0:19:56.000 --> 0:19:59.200 becoming somebody who is an expert in some kind of 0:19:59.280 --> 0:20:03.119 information security out there. Yeah. When I think of the 0:20:03.240 --> 0:20:05.879 term script kitty, in my mind, it's a it's a 0:20:05.920 --> 0:20:09.520 subset of the people that typically get labeled as such. Yeah, 0:20:09.640 --> 0:20:12.720 that subset being people who have little to no interest 0:20:12.760 --> 0:20:17.680 in actually learning how to hack or program people who 0:20:17.760 --> 0:20:22.000 want a very very fast track way to gain either 0:20:22.480 --> 0:20:26.080 a reputation by being the person who took down a 0:20:26.160 --> 0:20:30.320 system by whatever means, or by making a whole lot 0:20:30.320 --> 0:20:34.199 of money really fast for relatively little effort. Those are 0:20:34.200 --> 0:20:36.040 the ones I specifically think of when I think of 0:20:36.040 --> 0:20:38.679 script kitty. But you are absolutely right, you have to 0:20:38.720 --> 0:20:41.439 start somewhere if you're interesting it is. I'm kind of 0:20:41.480 --> 0:20:44.240 defensive with that because I was called a script kitty 0:20:44.280 --> 0:20:47.760 when I first started up started off learning about hacking 0:20:47.760 --> 0:20:51.320 and information security. People would be like, Osh, she's just 0:20:51.359 --> 0:20:53.439 a script kitty, and I'd be like, well, I actually 0:20:53.440 --> 0:20:55.159 want to understand the theory. I want to learn how 0:20:55.200 --> 0:20:57.160 to program. I want to learn how right code. I'm 0:20:57.200 --> 0:20:59.879 no longer called that because I have learned how to 0:21:00.280 --> 0:21:02.760 certain kinds of code. I have learned how to program. 0:21:02.800 --> 0:21:05.919 I can make my Arduino do whatever I want. So 0:21:05.960 --> 0:21:09.280 at this point in my stage, I've surpassed that moment 0:21:09.320 --> 0:21:13.000 of being a nube, and I've gone on to learning 0:21:13.040 --> 0:21:17.560 things and being able to understand specific tasks and get 0:21:17.600 --> 0:21:19.159 them to do what I want them to do without 0:21:19.200 --> 0:21:22.760 finding tutorials online. Yeah, so now I make my own tutorials. 0:21:23.000 --> 0:21:26.440 Seeing that's nice because when I started at How Stuff Works, 0:21:26.440 --> 0:21:29.240 they call me that weird bald guy, and today they 0:21:29.320 --> 0:21:32.440 still do. Shannon and I will be back to talk 0:21:32.520 --> 0:21:34.800 more about hacking for dollars in just a moment, but 0:21:34.880 --> 0:21:46.680 first let's take this quick break so that kind of 0:21:46.720 --> 0:21:50.800 covers the malware approach. People can make money through malware, 0:21:50.840 --> 0:21:55.120 either by selling your information, they might do so by 0:21:55.800 --> 0:22:00.320 another method, which kind of leads into this idea of ransomware. 0:22:00.440 --> 0:22:03.199 So this would be malware specific type of malware that 0:22:04.359 --> 0:22:07.280 locks down your machine in some way so that you 0:22:07.320 --> 0:22:09.679 can no longer access it, and then you essentially get 0:22:09.680 --> 0:22:11.520 a message saying, hey, if you want if you want 0:22:11.520 --> 0:22:13.840 your data back, if you want access to your data, 0:22:13.920 --> 0:22:16.359 if you want to be able to do all this stuff, 0:22:16.359 --> 0:22:18.879 and you want our hands out of your business, then 0:22:18.880 --> 0:22:22.600 you've got to pay us some mulah. Yeah. So basically 0:22:22.680 --> 0:22:26.520 what happens with ransomware is it is, just like you said, 0:22:26.520 --> 0:22:29.920 a type of malware that gets distributed in one way, 0:22:29.920 --> 0:22:32.919 shape or form onto somebody's computer and it ends up 0:22:33.040 --> 0:22:35.800 encrypting their data. It could be a whole hard drive, 0:22:35.840 --> 0:22:38.120 it could be a folder of data. It's some kind 0:22:38.160 --> 0:22:40.840 of important data that they have sitting on their computer. 0:22:41.640 --> 0:22:45.760 And in many cases, a thief the hacker will ask 0:22:45.800 --> 0:22:49.320 them in an email or maybe an unencrypted text document 0:22:49.359 --> 0:22:53.119 that's now surreptitiously on their computer out of nowhere, to 0:22:54.000 --> 0:22:56.400