and free cash! vegas — home to casinos. elvis, sort of. uh-huh. super—fast knot tying. wide, open spaces. limos. the strip. and this week, the largest hackfest on the planet. if there's one week of stuff in vegas that isn't staying in vegas, it's this week's bsides, black hat and notorious def con gatherings. this is the week where hackers rub up against law enforcers and everyone peeks over each other‘s shoulders and networks. so, let's get straight into the action. and for our first act of the show, daniel here has got an extra piece of software running, allowing him to hear what's being typed on the other end of a skype call. so how does it work? the software during a skype call learns how your keyboard sounds like and if you later during the call type something sensitive, like a password or e—mail, we can understand what you've typed using machine—learning algorithms. this is because each key has a unique fingerprint based on the position of the key on the keyboard. the suggested results from what our victim might be typing are listed on the screen. as you can see, it's spotted every word except one, but when asked to choose the words to make the most likely sentence, it's not so on the money. so, this is scott helme. he is notjust our victim, he's also a security researcher who is here to keep click on track with a hacker‘s view of the conferences for the next couple of episodes. hello, scott. hello. what do you think? so, the technology is still quite young. it took a bit of set—up to make this work but technology advances quite quickly and things that are difficult today will probably be easy tomorrow. we have seen some things like this before as well. i looked at a hack recently where they could measure the vibrations in a crisp packet to record my voice. so i think in the future, things and technologies like this could be quite bad because it's going to allow people to extract a lot more information from our devices. wow, sobering thoughts. it seems like the hackers are always going to find new and interesting ways to get inside our computers and, of course, the weapon of choice so far this year has been ransomware, in part because it is so easy to set up. here's spencer with more. i'd kind of assumed that getting hold of a piece of ransomware wouldn't be as easy as searching for it on google and then just downloading it. this man hasjust informed me that i was wrong. so, here is one which is very popular. this one. if i type it into google... then we can just download it straightaway. so this is the code. this is free. that's it? you don't have to go on to the darknet or anything to get hold of it? no. this is the easy way. 0k, right! so, the code is actually really tiny, it's less than 200 lines of code, and that's for a full piece of ra nsomwa re. i could then change some of that code to specify how much money the malware asks for and the bitcoin address it needs to be delivered to. and sure enough, the programme turns all of our sample documents into illegible garbage, which can only be retrieved if the creators — in this case, us — provide the unlock code. ok, i'm slightly depressed at how easy it was to find some ransomware to unleash onto the world. it's going to get easier in a minute. oh, good! right! next, we hop onto a site that will connect me to people who will set up and run when somewhere for me. so, this guy here will charge you $125. these guys, they'll give you lots of customer support. they also offer you some advice on how to deliver it to people. it's a full—on service, this? yeah, yeah, and by your phone, you can talk to this guy over telegram or instant messenger chat. and if you're too lazy to send this to people, there is another guy who, for a cut, will then e—mail this to your victims as well. "are you a criminal but too lazy to do any work? don't worry, we'll do it for you!" there are some video adverts like that as well. seriously?! oh, my goodness! surely you can engage this person in chat and go and get them, arrest them. these people are quite hard to find. they use software to make sure you can't find where on the internet they are. itjust depresses me so much. doesn't it you? i'm going to unplug the internet! i'm leaving! actually, before you do, spen, there is hope. there are professionals looking out for us, and lara has been to meet the good guys who are at the top of their game. wannacry was a wake—up call. one report suggests that one in six businesses in europe and the us were affected. some of them, of course, providing critical care. i'm in newport, wales, at airbus cybersecurity. this is probably not the first thing you would associate with the company name but here, some top—tier network monitoring is taking place. their clients include the ministry of defence, as well as large airports and power companies, plus many others who can't be named. wannacry was quite unique by way of ransomware in that once it infected a single host, it actually wanted to go out and look for other hosts that are similar to it within its own network. that's why it spread notjust within the nhs but globally, across many other companies and many other individuals as well. but how about an attack that exploits a vulnerability we've never heard about before? a zero—day attack? typically, the scramble around that is actually obtaining some code and then almost putting it in a sandbox. a sandbox being a place to isolate the issue so it can be played with, understood, and tackled. large organisations may employ companies like airbus to keep the water flowing and the lights on, but what advice would they give to us as individuals? well, we use cyber threat indicators on our network and this is something that is freely available to the general user. so if you are more tech—savvy, you can utilise this threat intelligence to explain more about current malware threats and trends and understand if you are susceptible to this malware, and particularly vulnerable or running a vulnerable version of a particular software. so that information is out there and i would encourage everyone to use it. but what does all this mean for the future? does cyber security get better at the rate hackers do? there's always an arms race. we get better and then they will follow. and itjust moves further and further into complex areas but rest assured that we're working very hard to keep on top of those. so the advice on how to avoid a cyber attack may not have changed in years — make sure you always do your software update, back everything up, and generally be sensible online, but wannacry may have just frightened more of us into taking action. lara lewington battling the bad guys, which is exactly what this conference, black hat, is all about. the corporate side of this cyber security conference is here in las vegas. but what happens when you've caught a cyber criminal? what if it is a first—time hacker who probably didn't even realise they were breaking the law? well, dan has been to the uk's first—ever rehab for hackers. it was me and two other friends, just a bit of fun. i manipulate people's feelings, thoughts. i started getting bullied. we tried to break into our school's network. we could control people's screens, change passwords. i got arrested for misuse of computer act, 1990, section 3. i can't name the company but they lost a lot of money. this is definitely a way to get ahead of the curve and to stop anyone from possibly taking a misinformed choice as to the direction of their life. this is the uk's first reboot camp for hackers. the first seven through the doors, aged 16—20, all intend to change their ways, so we've agreed to keep their identities secret. rehab includes spotting moments when they might be tempted to cross the line of what's legal and what's not. god, that looks tasty. that looks like i could get everyone‘s details. your parents will not have any idea how you do what you do. it will be like magic. solomon gilbert was caught as a teenage offender. now he's the one giving the lectures, in between tackling cyber crime himself. i was 17 years old. so i was getting drawn into making my own malicious code, making my own exploits, stealing things like credit card information, data base information. i wouldn't do anything with them but it ended up with me getting kicked out of school and arrested and looked into by the counter—terrorism intelligence unit. what were the key moments that changed your path? everyone in the cyber security industry has one person that they've met that's gone, "well, you're very talented at this, let's move you to do it as a job." cyber security challenge uk has set up a capture the flag competition so that teenagers can show off their skills. several large companies are here to talk future job opportunities. the uk hasn't got enough people to protect itself. you know, businesses, the nation, businesses, individual accounts, we all need protecting, and that's why we exist. we need to find these people. they're there. we know they're there. we need to find them. these offenders know this is a second chance — one they didn't realise they were so well qualified for. i was more interested in the dark side back when i was young. i wasn't really looking at the good side. the dark side was mainly just attacks, attacks, attacks, not thinking about defending. well, now i know that it exists, it sounds like something that i'd really, really like to go into because you get the same, like, rush, the same excitement, but you're doing it for fun still, but it's legal and you get paid. so it's like every kind of benefit. did you know you can get money out of an atm even if you don't have a card or pin? what you'll need instead is a drill, a usb keyboard, some malware on a usb stick, and an intention to break the law. so, in this specific example that we've got set up here, so an attacker has come to the front of the atm, they've drilled a hole in the front. and what we can do now, is, you can see we can access this usb cable. right, so, inside here is something that has a usb port. what's inside here? this isjust a normal computer. according to positive technologies‘ research, more than half of atms still run windows xp. and although the usb port will rarely be this easy to access inside the atm, recent cash machine hacks in taiwan and thailand showed that it can be done. i'm sure not many people would expect this to just be a normal windows xp machine. perhaps not, but it's just a safe with a computer on top. which means that with a keyboard plugged in, it's pretty simple to download and run the malware to, well, show me the money. actual money. actual real money. your malicious software basically says "dispense cash." exactly. 0k. shouldn't the atms be slightly more protected and locked down? you would think that, but it's how you would configure those computers? but we found they are not particularly secure, so you could put malware on a system that could collect data from cards as well. so that would be information that's held on our cards. so i, as a consumer, if i'm using this machine, it could collect my card data, and that could spread around a whole network of atms. so, you could use one atm to infect a whole network? that's correct, yeah. one way to protect yourself is to use atms inside bank branches or which are watched over by security cameras. we spoke to ncr, one of the leading manufacturers and the maker of the atm that we hacked. they agree that security threats are becoming more complex and sophisticated and told us, "ncr provides its customers with comprehensive recommendations and security defences to address these challenges and help them to assess and improve their security infrastructure." welcome to the week in tech. it was the week that google unveiled its sos alerts feature, which will show where a crisis is taking place. adobe announced plans to kill off flash player from 2020. and a company in wisconsin are microchip being their employees. and the boring company is firmly going against its name, as elon musk posted a video to instagram of a car going underground on an elevator in los angeles. the tesla ceo's side project proposes building a network of tunnels under the city, which will drag cars, passengers and cargo in super fast moving sleds. and it was a busy week for musk, as he clashed with mark zuckerberg over their views on al. during an informal facebook live, mark zuckerberg said musk‘s claims that al poses a fundamental risk to human civilisation were irresponsible. but musk took to twitter to respond, writing zuckerberg's knowledge of the issue is limited. touche! first it was gone and then it wasn't, as microsoft puts to bed reports that it was getting rid of its graphic programme, paint. people rushed to social media to show their love for the programme, which won't remain on microsoft 10 by default in the future but will be available on the windows store for free. yes, i'm taking commissions! and now you can live out your pop dreams in ar. not shying away, a chicago—based studio have recreated the classic a—ha take on me video using the ios 11 ar kit. recently, there seems to have been an increase in the number of brute force password attacks. this is where the hacker uses a programme to constantly trying new passwords until they hit the jackpot. in the past, security services have recommended creating as long and complex passwords as possible, never writing them down and changing them often. however, we're only human and we don't have the time or patience to remember multiple strings of letters and digits. to combat this, the national cyber security centre has updated its password guidelines. firstly, don't change your password constantly because this encourages us to use simpler passwords and maybejust add a different number on the end. and besides, it only protects you from someone who steals your password and then waits three months to use it. you should, however, update your password if you have any reason to suspect a breach. keep your passwords complex, but not too complex. for example, three random words stuck together. this means instead of trying every one of the 200,000 or so words in the english dictionary, hackers have to try every combination of every word, and that is a massively harder task. set up two step authentication for any accounts that you particularly care about. this means the hacker needs to not only have your password but also your phone to break in. and store your passwords, either on a piece of paper in a safe place or by using a password manager. now, this is either hardware software that generates and stores long, complex passwords for your different accounts. how can you remember 20 or 30 passwords that we frequently use that are highly secure? with a solution like lastpass, it will create 100 character passwords for every site, that is really, really hard to hack and then layer encryption across it. while security is a really daunting subject and the stakes are high, it can appear quite onerous, but these solutions are really easy to adopt. all you have to remember is one master password and the manager does the rest. just make sure that password is really hard! humans have been using handprints to identify themselves for a very long time. these ones here, the hands across time just outside las vegas, in red rock, are hundreds of years old. they're some of the earliest examples of native americans showing their identity. kind of like a signature. in recent years we've started to use our hands to identify us again and dan's been finding out how secure they might be. at bristol robotics lab, they're taking an interest in every detail. now, if you're sensitive to flashing lights, look away now. is that more secure, then, than just using your fingerprint? certainly. with a fingerprint, it's a small region of the hand. is that more secure, then, than just using your fingerprint? certainly. with a fingerprint, it's a small region of the hand. obviously with this system we're getting the whole surface and that, combined with the vein structure, just add an extra layer of security. do you think this could be spoofed? i think it's unlikely. research recently showed the ability to extract fingerprints or handprints off celebrities from a distance. from photos? from photos. so, you could use that to generate a 3—d surface but you still wouldn't have the vein structure on the back of the hand. that would be very difficult to hack. in chicago, some people are already using their palm and to pay for things. it's being called naked payment. no cards, cash or phones. palmsecure‘s touchless readers only use infrared lights to take a photo of your veins. iris scanners are also about to emerge from the lab and be used in the real world. from september, tsb will be the first bank in europe to adopt retina scan technology as a way of accessing online bank accounts, although initially customers will need a samsung galaxy s8 handset to use the technology. but is it secure? in may, the chaos computer club in germany posted this video, fooling the s8‘s iris scanner using a photograph and a contact lens. tsb and samsung are hoping that others won't go to that sort of trouble. at the cylab biometrics center in pittsburgh, they've developed a system that can identify the irises of people moving in a crowd from up to 12 metres away. but if the eyes don't have it, the face just might. back at bristol robotics lab, this 3—d face scanner is using a technique they've developed called photometric stereo. two invisible lights flash at high speed, allowing the camera to capture the orientation, shape and texture of what it sees. so far, it has a 95% accuracy rate but that's good enough to attract some major investment. they are working with cubic which develops the oyster card contactless payment system used in london's trains and buses. it's being part funded by the british government to innovate gateless technologies, allowing passengers to simply walk into a station and onto a train. you can imagine, if you can get rid of the gate line in a place like victoria station, there's a massive potential for increasing throughput. so we ran quite an interesting project for them, which they are now installing at their laboratory in salford and the aim is to move it on to the underground so that the system will recognise people and you get rid of the gates and it will allow people to go through without any impediments. now, this is a is a prototype but we have been told that the system will recognise even a pair of glasses. so, let's see if it knows who i am now. look at that, you can see my name come up right there. it could make your life so easy. just walk around, the face is the key to doing everything you want to do in the modern world. and just to double—check, i've tried to fool it with this guy. oh, look at that. it recognises me but this is very clearly an impostor. this face clearly isn't going to get me anywhere. dan simmons, being shredded. sorry, dan. so, that's it for another week. of course we'll be back with more next week from vegas including scott's hacker‘s guide to def con. until next week, then. hello there. with rain across the north and south for saturday, there was still some room for fine weather. for a while we had sunshine yesterday in lincolnshire but the rain did arrive and it was wet for much of the day in eastbourne in east sussex. some strong wind here as well continuing at the moment. the thickest of the cloud here has been spilling in across much of england and wales to provide outbreaks of rain but by the morning the wettest conditions are heading eastwards and out into the north sea. things are beginning to dry off but only briefly. as we head towards the north—west we still have showers continuing into the morning across northern ireland, western fringes of scotland. the rest of scotland, a dry start but it will not stay that way. it should be drier across much of northern england, lincolnshire and east anglia, rain from overnight should be gone by nine a.m. most of england and wales, starting bright and sunny but the showers rattle in from the bristol channel. through the day as we head into the afternoon, possibly into the evening session for the cricket at the oval there is a chance of passing shower, it should be a much better day than it was on saturday. there will be lots of showers around on sunday, particularly towards the west. with the strong gusty winds will force showers eastwards and anywhere will catch a shower. heavy downpours with potentially hail and thunder. gusty wind as well. the south—east corner, possibly london, essex, kent, sussex missing most of the showers and seeing the best of temperature in the sunshine. still a few showers into the evening on sunday before they fade away from eastern areas and the breeze drops. the showers continue out to the west, particularly across northern ireland and western scotland. temperatures 12, 13 degrees — where they have been the last few nights. this map looks familiar as well. low pressure to the north—west of the uk for a good few days, still there for the start of the new week. nearer that low pressure there will be showers and with the wind lighter in scotland and northern ireland, the showers could be heavy and slow moving. stronger wind for england and wales, so passing showers again for many southern and eastern areas, it may well be dry. that trend continues with few and light showers, a bit more sunshine on tuesday. it should feel warmer. again, southern and eastern areas may well be dry. as we lose the showers from one area of low pressure we get another one coming in from the atlantic, keeping the unsettled weather going with wind and rain on the way in the middle of the week. this is bbc news. i'm gavin grey. our top stories: the australian prime minister says counter—terrorism police have foiled an attempt to blow up a plane. four people have been arrested. the threat of terrorism is very real. the disruption operation, the efforts overnight, have been very effective, but there is more work to do. tensions in venezuela ahead of a vote that could lead to a new constitution — a power grab, says the opposition. thousands of people are evacuated from a music festival in spain after a fire engulfed part of the main stage. a legacy of world war i— how unexploded shells are still being recovered from the fields of belgium a century after the conflict.

Related Keywords

Vote , Music Festival , Majorfire , Spain , People , Fire , Thousands , Part , Stage , Anyone , Dance Music Event , Bbc News , Flames , Point , Tomorrowland , Barcelona , Cash , Vegas , Hacking , Making , It S Time , Team , Vegas Home To Casinos , Knot Tying , The Strip , Elvis , Uh Huh , Wide , Open Spaces , Limos , Hackers , Hackfest , Black Hat , Planet , Gatherings , Stuff , Bsides , Law Enforcers , Def Con , Isn T Staying In Vegas , One , Daniel , Action , Piece , Networks , Shoulders , Everyone Peeks , First Act Of The Show , Call , Software , Keyboard , End , Software Running , Something , Key , Password , Fingerprint , Machine Learning Algorithms , E Mail , Type , Position , Results , Money , Victim , Words , Word , Screen , Typing , Sentence , Technology , Scott Helme , Hacker , Security Researcher , Conferences , View , Episodes , Track , Hello , Things , Work , Hack , Bit , Information , Technologies , Vibrations , Packet , Devices , Voice , Sobering Thoughts , Wow , Ra Nsomwa Re , Course , Computers , Weapon Of Choice , Hold , Ways , More , Ransomware Wouldn T , Google , Man Hasjust , Code , It , Anything , Darknet , It Straightaway , Way , Paint , Malware , Some , Bitcoin , Lines , , 0k , 200 , Wall , Us , Unlock Code , Garbage , Case , Sample Documents , Creators , Guy , Site , World , Somewhere , Guys , Advice , Phone , Chat , Customer Support , Service , 25 , 125 , Don T Worry , Cut , Victims , Who , Person , Goodness , Video Adverts , Itjust , Internet , Professionals , Where , Hope , Lara Lewington , Doesn T , Spen , Top , Businesses , Europe , Wannacry , Game , Wake Up Call , The Good Guys , Critical Care , Six , Place , Company , Name , Thing , Network Monitoring , Airbus Cybersecurity , Wales , Newport , Others , Airports , Power Companies , Clients , Ministry Of Defence , Network , Companies , Hosts , Host , Nhs , Attack , Individuals , Vulnerability , Scramble , Zero , Issue , Organisations , Sandbox , Sandbox Being A , Threat , Flights , Indicators , User , Water , Threats , Trends , Version , Tech Savvy , Everyone , Cyber Security , Rate Hackers , Mean , Arms Race , Areas , Cyber Attack , Back Everything Up , Software Update , Side , Conference , Cyber Security Conference , Las Vegas , Law , Fun , Dan Simmons , Uk , Cyber Criminal , Rehab , Friends , Two , Thoughts , Feelings , Passwords , School , Computer Act , Screens , Lot , Misuse , 3 , 1990 , Life , Choice , Direction , Curve , Reboot Camp , Seven , Doors , 20 , 16 , Line , Identities , Spotting , Looks , Tasty , God , Solomon Gilbert , Details , Offender , Crime , Magic , Lectures , Idea , Parents , Credit Card Information , Data Base Information , Exploits , Making My Own , 17 , Moments , Intelligence , Unit , Path , Cyber Security Industry , Cyber Security Challenge Uk , Competition , Job , Teenagers , Capture The Flag , Skills , Hasn T , Job Opportunities , Nation , Accounts , Offenders , Need Protecting , Attacks , In The Dark Side , The Dark Side , Kind , Excitement , Same , Benefit , Brush , Atm , Card , Usb Keyboard , Drill , Spin , Example , Intention , Usb Stick , Front , Attacker , Whole , Usb Cable , Atms , Computer , Usb Port , Research , Half , Windows Xp , Isjust , Thailand , Cash Machine , Windows Xp Machine , Taiwan , Safe , Show Me The Money , Plugged In , Malware To , System , Data , Shouldn T , 0k , Cards , Consumer , This Machine , Ncr , Security Cameras , Bank Branches , Maker , Manufacturers , Customers , Security Threats , Challenges , Security Defences , Recommendations , Crisis , Security Infrastructure , Sos Alerts Feature , Plans , Microchip , Employees , Flash Player , Wisconsin , Adobe , 2020 , Video , Elon Musk , Car , Elevator , Ceo , Tunnels , City , Side Project , Instagram , Los Angeles , Tesla , Passengers , Musk , Views , Sleds , Cars , Cargo , Risk , Claims , Mark Zuckerberg , Meal , Wasn T , Knowledge , Bed Reports , Touche , Microsoft , Writing Zuckerberg , Irresponsible , Human Civilisation , Won T , Windows , Social Media , Default , Commissions , Yes , Love , 10 , Number , Studio , Pop , A Ha , Brute Force , Increase , Ear , Ar Kit , Chicago , Ios , 11 , Jackpot , Security Services , Human , Patience , Cyber Security Centre , Password Guidelines , Don T , Letters , Digits , Add , Strings , Firstly , Maybejust , Someone , Breach , Reason , The End , Three , English , Combination , 200000 , Task , Step Authentication , Hardware Software , Password Manager , Paper , 30 , Character Passwords , Solution , Encryption , Lastpass , 100 , Security , Rest , Subject , Manager , Solutions , Stakes , Humans , Handprints , Hands , Hundreds , Red Rock , Robotics Lab , Native Americans , At Bristol , Examples , Signature , Identity , Hand , Region , Interest , Flashing Lights , Detail , Vein Structure , Surface , Player , Ability , Photos , Back , Celebrities , Distance , Fingerprints , Photo , Iris Scanners , Phones , Veins , Palm , Payment , Readers , Palmsecure , Tsb , Bank , Retina Scan Technology , Handset , Lab , September , Samsung Galaxy , Iris Scanner , Photograph , Contact Lens , May , Chaos Computer Club , S8 , Germany , Samsung , Sort , Trouble , Biometrics , Cylab , Pittsburgh , Face , Scanner , Technique , Irises , Crowd , Eyes , Photometric Stereo , 12 , Shape , Rate , Camera , High Speed , Texture , Orientation , 95 , Oyster Card , Contactless Payment System , Trains , Investment , Buses , Government , London , Gate , Potential , Station , Train , Innovate Gateless Technologies , Victoria Station , Project , Gates , Laboratory , Throughput , Aim , Underground , Salford , Let , Prototype , Impediments , Glasses , Pair , Everything , Impostor , Isn T , Vegas Including Scott S Hacker Guide To Def Con , Rain , Weather , Room , North And South , Lincolnshire , Wind , Much , Thickest , England , Spilling , Eastbourne , Outbreaks , East Sussex , The Cloud , Western Fringes , Western Scotland , Northern Ireland , Conditions , North Sea , Most , Northern England , East Anglia , Nine , Chance , Shower , West , Lots , Cricket , Oval , Afternoon , Bristol Channel , Sunshine , Showers , Winds , Evening , Anywhere , Temperature , Downpours , Thunder , Best , Kent , South East Corner , Essex , Breeze , Drops , Pressure , Start , Map , North West , 13 , Trend , Wind Lighter , Few , Area , Atlantic , Australian , Plane , Prime Minister , Middle , Stories , Police , Attempt , Four , Venezuela , Disruption Operation , Terrorism , Efforts , Tensions , Power Grab , World War I , Opposition , Legacy , Country , Nicholas Maduro , Malcolm Turnbull , Assembly , Key Vote , Aeroplane , Critics , Powers , Constitution , Supporters , Nothing , A Majorjoint Counter Terrorism Operation , Conflict , Shells , Fields , Belgium ,