[camera shutter clicks]- i'm matpat. and this is "game lab." [static] [typing, clicking] for the last five years, i've made a name for myself overanalyzing video games using real-world science and math, but now i'm taking it to the next level by throwing some ofthe world's most popular gamers
into the scenarios we play through every day. will the games stack up to reality? and are gamers as good in real life as they are on-screen? welcome to "game lab." [rock music] ♪ ♪ this is insane! today, i'm doing reconnaissanceon our gamers
because, well,they don't know it yet, they're about to get hacked,"watch dog" style. - the "watch dog" series-- sorry, "watch_dogs" series-- is one i've covered pretty extensively on my other show, "game theory," because it illustrates how practically everything in the world around us is vulnerable to hacking. in the first game, you played as aiden pearce, using your cell phone to hack into everything
around you, from traffic lights, to atms, to security cameras. you were the ultimate puppet master, hitting your enemies where it hurt most: their text messages. and other stuff, too, like their criminal records, i suppose, but hey, those emoji were private. with "watch_dogs 2" on the horizon, trailers have revealed that players will be
a member of an anonymous-style group called dedsec, working to take down an evil corporate overlord, while hacking their way through smart homes, smart cars, and other generally smart things. so the big question is: just how vulnerable are we? on this episode, we're learning from the people who know firsthand
just what's possible in the world of hacking. and i have a feeling, that after today's over, we're never going to feel safe again. [electronic music] ♪ ♪ [several voices talking at once] - well, well, well. - and just like that,they arrive. who says i'm notgood at my job?
joven, very sweet entrance,there. - hey!- [laughs] - hey, matt, come on!- hey! oh! - we're group hugging!- yay! - i hate hugs.- oh, don't everyone... - i amthe group hug enforcer! - someone once told methat friendship is magic. so thank you allfor joining me today. - yes, thank you.- i know that there is a lot
of mystery around whyi called you here. - yes.both: a little creepy. - a little creepy.- you can't tell a girl that you're watching her. - that--that's how macewill get in your face. [laughter]- so here's why all the secrecy,all right? i needed you guyshere today because we're going to hack intothe youtube space.
[all exclaim] - no.- no, for reals, what's up? - yeah, by the endof the day, we'll be hacking intothe youtube space. i brought intwo hacking experts who are going toteach us everything from breaking in doors, to hackinginto security cameras, encrypted files--all that so that by the end of the day,all of us working together
going to get into this building.- what? - you're going to trust us with that kindof information? - uh, yeah.- i'm gonna hack your brains out.- so you guys ready? both: yes!- no! [laughter]yes! - okay, let's go!- whoo! - i'm going to getarrested today, sweet.
- oh, my god. - so i'd liketo introduce you to our hacking expertsfor the day. we have snubs from hak5 and johnny xmasfrom redlegg. - hey how's it going?- thank you guys so much. - great to meet you guys. - sir, nice to meet you.- you guys need to pee? - so before we gettoo far into this,
i have to ask,and this is probably the most embarrassing questioni could ask, is it okay if we call youl33t haxx0rs? would you qualify?- uh... - really?- well...i would call myself a penetration testerextraordinaire. - extraordinaire.- can i call myself that? - extraordinaire.- that's what she said. - i'll take l33t haxx0r.[laughter]
- i also noticeyour cat ears. just for the heck of it, or...?- those are for special engagements.- oh. - that's when he's actually doing the penetrationtesting. [laughter] - you guys do you.you guys do you, whatever. [laughing]so what do you guys got planned for us today?
- we have tonsplanned for you, so i hope thatyou're taking notes during this entire thing.- i'm really intimidated right now.- we only have a few hours to train you,so what do you say? we should take you intothe training facility, right?- yeah, let's get started. - the whole facility?- you guys ready for some l33t hax?both: yes.
- yeah, let's do it.- all right, let's get to it. - all right, guys, ready? one, two, three penetration. all:one, two, three penetration! - to the training room![laughter] - super serious work,we're doing. all right.this is a pretty cool setup you guys have here. - are you ready?- your--your hacker den,
i guess?- hacking is far more than just stealing and doing thingsyou're not supposed to do. hacking, primarily, is aboutuncovering unknown knowledge, and then spreadingthat knowledge. - since i got into this,almost a decade ago, i've always been very adamantabout introducing new generations to hackingand to penetration testing. - penetration testersare hackers. people who simulatethe bad guys.
and companies hire usto come in, use these attacksagainst them, and that's because you canbuild up your walls and your towers all day,but until an enemy comes in and bombards you,you don't know what you forgot. - that segues nicely to"watch_dogs." this device right here becomeslike a magic wand and i'm able to hack into, like,
boom, i'm hacking intotraffic lights. - [laughs]- and boom, i'm hacking into your phone.both: yeah. - true, false, no? - you can hack from your phone.- ooh. - definitely a possibility.- is that an app? - there is an app for that.it's free. [laughs] - oh, okay.- yes, even better. - the problem that we run intoin real world scenarios
is that people depend onconvenience over security. - what can you guystrain us with? - what we've gotin our spread here is, uh, it's a combinationof some tools of the trade, and some things that you willoften come across in the field.- tell me what this is. - flash drive.- it's a flash drive. - it's a usb drive, yeah. - there's a microsd in there.- oh.
- okay.- oh, my gosh, there it is! - flash drives. it's calledthe usb rubber ducky. so your computerthinks that it's a keyboard. these scripts on heretype anything that you want to type on a keyboardinto your computer, and much, much fasterthan the human eye can see. - let's take it toits logical conclusion then. i plug this into my computer.- and you get owned.
- and you, and you p0wn me!- yes. - besides physicallytaking it apart, is there a way to know ifit's a malicious drive or not? - not really.- no, that's-- - they all look the same.[laughter] - in "watch_dogs," one of the big mechanics is the ability to,if i am able to hack into, like, one system,i'm able to attack a lot of different thingsall at the same time.
- sure.- oh, yeah. that's called pivoting.pivoting is when you gain access to a networkthrough, like, one centralized computer. that machine hassome kind of vulnerability, some kind of open port that allows you to gain access to another machine on that network. - mm-hmm. - and from there, you keep on branching out.
you create this tree.- you're hopping, you're connect dots.- you are, you're hopping. both: yeah.- and then once you're in there, what can this device see that device a could not see? - this sounds so exciting![laughter] - so it sounds like step oneis getting access to the wi-fi networks.- yes. get on the network so thatyou can talk to things.
- how do we do that? - this is calledthe wi-fi pineapple. i just hadthis little guy running. and who isjacob's apple watch? - that is me.[laughter] i am, my apple watchis in my pocket. - so you thought you wereconnected to the local wi-fi. - you get the slow clap.- once i turned it on, it allowed it toconnect to me.
so you--you usually havea wi-fi network at home. can you automaticallyconnect it--to it when you walk within range?- yeah. - since your phoneautomatically connects, we take thatas a vulnerability, and use it to our advantage. so instead of you connectingto what you think is matpat's home wi-fi,if i'm in better range than your router is,i'm going to change my name
on this little deviceand say "i'm actually matpat's home wi-fi."- yeah. - so connect to me,and then if i want to, i'll let you go outinto the internet, or i'll redirect youto a website of my choosing. or i could install a keylogger--- oh, no. - with direct access on http,or whatever i want. - so how do you protectyourself? - turn off your wi-fi.- yeah.
- really?- just-- if you're at a certain coffee shop, don't use theiropen wireless network. that's a really, really easy wayto get owned. - but i need my wi-fi.[laughter] - convenience over security,again. - the--the elephant in the room.[laughter] uh, opening doors.it's exactly what this is for. because sometimesit's necessary to get access to the technologyyou need to hack.
you snake the long endunder the door. - yeah.- and then you kind of grab this endand pop it up. you loop thisaround the handle. you give the string a tugand it pulls the handle down. - is this a keythat opens door number one? - the key openstsa lock number one. - what?- oh, no! - so, uh, as you may know
the tsa requires a specific, uh,type of authorized lock to be used on your luggage. a few enterprising hackershad gotten their hands on some very high resolutionimages of the master keys that the tsa hasfor opening all of those locks. the other lesson to learnfrom this is don't put picturesof your keys on instagram. google is by farthe most heavily used tool in a penetration tester'sarmament.
- oh, yeah.- google-- - so even though there's allthese fun little tools on the table herethat we're going to play with... - yeah.- google is the hacker's best tool.- absolutely. - it's our best friend. [laughs]- convenience. - thanks, google![laughter] so that's a little bitabout the tech that we'll be using, right?
so let's put some of theseto practice, yeah? [all agree] we just got to find a doorout here in the black void. - let's find a dooroutside this hole. - i think it's this way.- this way? - hello?- this way. follow me up intothe black hole! - mom? - [mumbling]okay.
- all right, so, uh,there's a couple of tools that are going tocome in handy here in this, uh, challenge. by far, the most common network reconnaissancetool out there is a utility called nmap. pretty much lets you talk toyour own computer as if it was a different deviceon the network. - ooh.- i just did.
- go for it, man.- okay, go for it. - so, ah, so we're connected toa wireless network now. - so first thing... got to do pseudo, right?- yeah. - nice.- and then, oh, gosh, what was it?- oh, i think i know i think i know.- 'cause it's not-- it's not nmap yet, right?we want to get-- - right, 'cause we have to findout the network information.
- you want to do, uh--it was like-- - okay, so let's startwith the tsa lock picks. - i can do this.i can-- - so this one is locked.you can't get into it unless you know the code. so you simply slide this in,and then turn it one way or anotherto try to open it. you got it.- oh. - yeah.- okay.
- so you justpicked that lock. - that's--wow.- [laughs] - it was, like, config,ipconfig, what was it? - [whispering] ifconfig.- ifconfig, thank you. - yes. yeah.- oops, maybe. [both laugh]- whoo, we did it! - there you go.- all right, yeah. - yeah! teamwork!- yeah. - the next thingwe'll move onto
is the usb rubber ducky. i'm going to createthis little file. it's called a batch file. on this batch file,you get to write out whatever you wantyour script to do through a keyboard.- so you could use the usb flash driveto prompt a browser open? - yeah.- and then download something from the browserso the meat of what you're doing
isn't actuallyon the hard drive, that's just the key to unlockthe door? - right, yeah.- okay, okay. - that's a great wayto look at it, exactly. if you can from a keyboard,you can do it with a ducky. - tah!- there it is! - oh, good, i was like, i didn't know if that was likea scared yelp or an, "oh, no!"- everything's broken.
- so i'll also let you bothuse the wi-fi pineapple. so first i'm gonna just runa little recon scan. take about 30 seconds. while this is happening,it's collecting all the data around it that'sbeing transferred. so we have the mac address.- mm-hmm. - you know what that is.the security. so security's interestingbecause you can see whether the routeris secure or not.
so you noticed all those ssidswe were collecting? - mm-hmm.- all those different names? i'm collecting thoseinto a big pool, and then i can rebroadcastthem out to everybody else. - gotcha.who's everyone else? - every--it's the--- oh, all those wi-- okay, gotcha, gotcha,gotcha, gotcha. - it's pam, it's matt,like, everybody who has their wi-fi onon their device,
i'll be rebroadcasting thisout to them. - matpat, uh, thank youfor your social security number. i appreciate it.- [laughs] - what? how did you getmy social security number of...oh![laughter] - your social security numberis 12? [laughter]- you are old! - i'm one of the originals. don't let thisbaby face fool you.
yeah, now that we are clearlythe l33test of haxx0rs, what do you guys havein store for us to test our newfound skills? - a certain companyhas hired you fine people to help them with a severeproblem that they have going on. - good job.- already got a job. - they believe that somebodywho might possibly even be a higher-up executivehas been trying to siphon informationfrom the company
that he shouldn't necessarily besharing with the public. - mm.- is it matpat? - [laughs] it's matpat.- oh, you found me out! no!- they've hired us to come in and see if we can findsome evidence they're trying to avoidthe political mess that might be createdif they outright confronted him. you think you guysare up to that? - yeah, it's easy.- i think so, yeah.
- yeah, we can do that.- with the right help. - i kind of snoozed offhalfway through, but i believe i can do it. - what do you think?we got all suited up in our hacker attire. - you guys look awesome.- thank you! - you look--you look great.- why are you shaking your head? - i thought that'swhat you came in. - why are youshaking your head?
do--do you see this?do you see this? - johnny xmas is unconvinced.- i look good. - it's like you got lostin a tj maxx. - for a man with the last nameof xmas, i don't know ifyou're able to judge. - i don't have my last name inneon green across my chest. [all exclaiming] - so explain to uswhat's going on. - we've got to dosome reconnaissance first,
and figure out how we're goingto be able to get in on what this guy is up towith out him knowing. - okay.- i'm pretty sure we should start withthe wi-fi pineapple. she's run thisapn client scan. she ran itfor only 30 seconds. and you pulled up severaldifferent ssids. so are there anyweird ones on there? - there's six total wi-fis,but there's one
that isn't googleor youtube. - okay.then that's probably him. - we--we know how to hack intowireless routers. - yes, we do!- yes we do! - i'm going to ifconfigthe hell out of this thing. - [laughs]- don't forget to pseudo that. - okay.- oh, i'm going to pseudo it, and then i'm going toifconfig it. - this is what we learnedin training.
- yeah, that's it, right there.- okay. we got a password. - this goes backto what we learned. what if we google search[bleep] full passwords for [bleep] spot?- there you go. - all right, all right, guys.- yeah, there you go. - see if that's right. - give it a bit,and you'll see it pop up in the corner if it worked.- yep.
[gasping]- wait. - we got it![all exclaim] - okay, so we haveour ip address right there. so we need the--the--thethe new lan. - the lan, yep.- ip addresses, yeah. - and then we do nmap.- okay, now comes the exciting part of waiting.- right, now everybody get ready to wait. - cue the waiting montage.
[upbeat electronic music] - so we can see fromour nmap scan of the network herethat there's definitely a wireless security camerain there, and it's gota password on it. uh, so i've got a really greatrussian exploit site here that is nice enough to give youthe exact string that you need to use in order to changethe password on that camera. so we're simply goingto copy that out
and we're going to paste itinto our terminal window here. change the information thatwe need to be specific to our camera,such as give it the ip so it knows where to sendthe information to. uh, and then we just needto give it the new passwordthat we want to use. uh, the username, of course,is going to be admin. and the passwordis the one we typed in. and we've got a video feed.
and we're able to watchwhat he's doing. he's on the laptopthat we're trying to gain access to. we need to get him out of there.- there, it looks like he has luggage.- yeah. - so we might needthese tsa locks. - oh.- you're going to be on that. got it?- all right. - all right, cool.- okay.
- matt?- yes. - that door over there,it's locked. - i'm ready to go fishing. with a "ph".- but also, if we're looking for specific documentson that computer, you're going to have touse this, the rubber ducky. - awesome.- ooh, that's the ducky. - i've already got a scriptready on there to steal anything out ofhis "my documents" folder.
- so wait, all i need to dois just plug this in. - you got it.- it sucks everything off. - yep.- but somehow you have to get him out of the room.- great, that's what she said. - how are we goingto do that? - i saw, like,a pizza box in the trash. i can grabthe pizza box and... - yes.- cause a distraction. - perfect.- but it was in the trash.
- drop the pizza.- i think the box is empty. if he grabs it,we might be doomed, so you got to work fast.- stain him, and then take himto the bathroom - gotcha.- there you go. - then seduce himin the bathroom. - i can seduce.- [laughs] - great.- that i can do. - ready?- all right.
- one--- one, two, three, penetrate! - that's hilarious.- i know, right? - all right. - all right, here's hopingthis works. [cell phone ringing] - [whispering] it's ringing.- i hear it ring. - this is robert. - hey, this islittle rocco's pizzeria. i got your pie out front.- what pizza?
- oh, he's on the phone. - oh, no, no, dude, - get ready, guys. - i got it right here. i got it right here so ifyou just want to come out. - get ready.- okay, are you guys ready? - okay, i'm coming out todeal with this. - all right, all right, cool. thanks. - he's coming out.he's putting the laptop in the bag, though.- yeah, no, it's okay. we have the tsa keys. - all right, guys,
uh, he should be coming out. - we got to do this fast. - yeah, i mean if he's lockingit--he might not even lock it. - he's locking it.- he's locking the bag. - oh, crap--okay, that's okay.- those aren't secure. it's fine.- yeah, not an issue. don't worry.- hopefully your keys stay around that long.- what do you think of my scarf? - your scarf is awesome.- sir. - it's doing youreally well.
- [whispering]come on, let's go. - oh, snap.- oh, snap, did you see that? dude, as i was coming in here,i sw--i saw a guy that was beating on a mercedes,with, like, a-- with a bat or something.- is it going through? - holy--hey, uh,did you--did you-- - oh! there, i got them both.i'm through. - yeah, oh, yeah, it's left.- i'm sorry-- - to the left?- slowly to the left.
- do you--you don't have,like, a mercedes, right? - now turn it--not--- what do you mean turn it? - oh, no, no, no.you don't touch the pie until i get the money. - go, ah.- go, go, go, go. - yes.- go, go, go. - it's in, and if you makeme--oh! - i don't have time for this.- and--oh, that's--ah, but, hey! don't make me,oh, okay, he's coming back.
- they're in, they're in.go run interference. - excuse me?did you--is there a pizza guy that you were just talking to?- look for the tsa number. - could you--no,could you come with me? - no, i don't need to.- but i-- - hey, i got pizza,but he's the one that had the pizza.- okay, awesome. - you got your ducky ready?- i got it. - awesome.okay, open up the laptop.
- someone should look out- oh, my gosh. - is this your guy?you look like you're his boss. - what, dude's all up in there. - what is this?- much more modern. - okay.- there you go. - no, i didn't order pepperoni.- guys. - okay, so i just need toplug it in? oh, no! no!- how'd you get my name? - no usbs!- okay, now you just gotta wait.
- i got it through an app.you order through an app. - okay, it's running.- do i need to scan the drive? - no, you don't have todo anything. - just wait for it.okay, it's running the code. it's opening upthe administration. - following--oh, wow. - just don't eventouch the mouse. just let it do its--- wow. - okay, so it just copied
everything from documents. - maybe you guys can share it. - no--i--we can share it.- split it. - do you want to split it?- this is not my issue. i've got things to do,all right? - obviously, it's your issue now. - there's also a text filethat says "super secret docs". - "super secret docs."- is he coming? - that's it.- do you understand that?
- close it,put it back in the luggage. - do you got it?- where was the other one? - i know that he's justa delivery guy but also, he's got to make a living. - tsa keys.- i mean, i used to be a pizza delivery guy.- don't forget them. - oh, my gosh, pam, you've gotto make it look legit. - i'll give you $20just to get out of my sight. - god, go faster, go faster.shit.
- hey, how about this?wait, i made a mistake... - how did it--how did it look before? - it was just sitting out of itlike that. - okay, come on,come on, come on. you good?- no, uh, so this is, uh, little rocco's. - go sit back down,right where you were. - are you familiarwith little rocco's? - very familiar,down the street.
- okay.- here, take this. - do you mindif i call my manager, though? - you're fromlittle rocco's? - yeah, i'm from little rocco's.- oh, not my-- sorry about that.not mine at all. - hey, now--i'm going tocall my manager. - i don't have time for this.god damn it. - these kids, huh?- i've got an angry man. he's an angry man.
[tense music] - all right.- [laughs] - what do we do? - connect to linux? connect-- - yeah, right. - did we find anything?- ducky? - there's a ducky.- okay. - what do we got on there? - "super underscore secretunderscore docs." - okay.- and cats.txt.
- we got a password.- password. - how do we get through this?- it's a .zip file? - yeah.- crack it. so we're going to usea program called fcrackzip. spelled like it sounds.go ahead and type it in, fcrackzip, all one word. what we're going to dois a dictionary attack. it uses, uh, some knowninformation within all .zip files to guess what'smost likely the password.
watch how fast this is.- all right. - got it.- i did something correctly? - [gasps]- oh, my-- - yes!- use it, use it, use it! - okay, i'm gonna use it.- make sure it's right. - let's find out.- open that file. - [gasps]- i did it! - good work!- there it is! - dude.- wait, wait, wait, wait.
- does it mention anythingabout the algorithms? - okay.- oh, my god, joven? - why didn't you tell methat guy was giant? - he was pretty scary looking.- does it look like i could have beat himin a fight? [laughing]- he looked like the-- he looked like a hit man.- that's what delivery guys have.- he's like, dressed like a hit man.[laughter]
i'm like, "oh, hey,do you need a pizza?" he's like, "no, i'm going toshoot you instead." like, that could have happened.[laughter] oh, we're laughing now.joven peed his pants. - [laughing]so what did we learn today about hacking?- oh, i learned that hacking is a lot easierthan i thought it was. i thought it tooka super genius. not saying that you guysaren't super geniuses.
- thanks.- um, it took a lot more practice than we had,but you guys are professionals. um, also, people don't likefree pizza. like, free pizza,free wi-fi-- if it's free in life, it's bad.- yeah. - free.- yeah, avoid free things at all costs.- nothing is actually free. - yeah.jake, what about you? - well, i learned that,yeah, wi-fi is terrifying.
unprotected wi-fiis not good. uh, even the cell networksare not good. pretty much everything's scary.- [laughs] okay, sounds good. pam?- well, um, i feel that i learned some valuableinformation that i can apply to my real lifebecause i have actually been hacked,so i'm going to guard myself against hacking in the future. - you are all actively targeted.you may not even know it.
- great.[all exclaiming] and with that uplifting note,let's wrap things up here real quick,with a quick summary of "watch_dogs" versusreal life hacking, all right? so in "watch_dogs,"yeah, the hacking might be a little bit easierthan it is in real life, but honestly,we're not that far off. a couple of google searches,a couple of button clicks, just the right use of tools,and bam!
you're getting penetratedwhether you want to or not. pun intended, yes. so the other big thingthat we take away today is connectedness. as our hacking expertsdemonstrated, if you get into one partof a system, you can pivot your way through to find other unprotected devices, work your way through different vulnerabilities, so very accurate to life,
for as fantastical as it mightseem in a video game. and i thinkat the end of the day, probably the biggestlesson of all, video game or no,taking protection against hacking is important,and so, like, hey, sometimes security does have tooutweigh convenience. so read the disclaimerson what you're doing. and you know what? use a vpn to protectyour information.
and just be awareof things going on inthe world around you, right? because without hacking expertslike these two lovely peoplestanding beside me... - we're lovely.- the world would be a much, much, moredangerous place. thank you so much for allthe work that you guys do. - thank you.- thank you guys. - and i'm going to buyall sorts of pineapples
and duckies.[laughter] just to trollall my friends. and you should keep that mohawk.- i will. - all right.and with that, we should close off withone more penetrate. - one more penetrate!- here we go. - yeah!- all right! [yelling]- joven, you know you want to. ready, one, two, three!all: penetrate!
- should we--what's this--what difference-- - i almost died out there.- we know, we got it. - oh, you got it?- get out of here. if he leaves and sees you, you are so busted.get out. do you guys want a pizza,though? go.- oh, we got a password.
No comments:
Post a Comment