Press "Enter" to skip to content

Skills for the Cyber Age | Jennifer Arcuri | TEDxManchester

hey what’s up Manchester how are you

guys doing who’s hungry yeah I am so

last time when I did a TED talk with

these guys I broke my foot like

literally right before the event started

and now today I come before you having

swallowed a beach ball being five months

pregnant and it’s been interesting as

when any new parent comes into this

realization that there’s a human growing

inside you that you want to start

thinking about what you can possibly do

to give your kid the best right the best

skills the best knowledge whatever you

can do to basically make them a better

human and so you can like all parents

you start thinking about what kind of

person am I going to be creating and if

she’s anything like me she’ll be a lover

of storytelling and will pick up a

camera and follow it around and shoot

everybody around her she’s anything like

her father she will take apart computers

and I thought about if she’s really

anything like her father she’ll be more

like this and then I think about you

know not just my baby but how many other

babies are out there that are all being

born that looked like this and we stick

an iPad or an iPhone in front of them

and we pat ourselves back on the back

because they can you know unlock our

phones and start playing with games the

problem is these little babies turn into

these little toddlers who turn into

these little people and then you turn

into these things and they just walk

around staring at a screen and then you

know we’ve now become into this world of

you know consumption and consuming and

doing whatever you can to just absorb as

much information and as I was preparing

for this talk I found this guy and I

love what he says in this because

basically everyone’s trying to figure

out what to do about education by doing

what we did in the past and in the past

we used to go to college or uni and get

a degree and then you’d go get a job

except for that doesn’t work anymore in

fact I was told I’d be a great truck

driver weird anyway here’s the big

problem one of the one of the things is

that we’ve just become addicted we look

at our screens and we have to keep

checking them over and over again and I

looked at my co-founder who’s also my


say and the father of my child and I

said listen what are we gonna do about

this you know what are we gonna do with

our daughter is we just gonna shove her

an iPad in front of her and he says my

daughter can have an iPad when she puts

it together herself so something like

this perhaps and I you know that made me

think and I was like well what are we

gonna do with the work that we do

because actually there’s something to

this that you know we we we teach kids

by enabling them with this amazing

knowledge transfer

but then there’s it’s also big problem

and this skills problem and everybody’s

freaking out because there’s like this

shortage of cyber skills you guys heard

about this and now government after two

years of me banging on their door to

finally get them to take this seriously

we’re finally throwing money at this big

skills problem yeah but here’s the thing

I’ve only worked at one company in my

life the Walt Disney World company and

if anything I learned that kids do not

like to be patronized and they will see

right through when you tell them to when

you sell them something versus something

they buy into themselves right

authenticity being genuine these are

things that kids innately understand

maybe not ethics right off the bat

because that’s a learned skill but one

thing that we have to do is turn these

little Tecna dicted minions into cyber

warfare you know our our armies for

cyber warfare because the future will

not look like the big guy with the guns

right the future will be the guy in the

back with the computer and so looking at

things differently has to change and so

my answer to how we look at this was

hacking right I’ve got really into cyber

security and I wasn’t gonna call it some

polished security company I wanted to

call it exactly as it was

hacker house of the hackers by the

hackers so when I say hacking what do

you guys think of creepy crawlers yeah

guys with hoodies sit in the basement

don’t talk to each other eat pizza

pockets right something like this and

when I ask people what do you think of

hackers like at every single one of my

talks I always get this like yeah

hackers are cool and then I get this

whoa welcome to the party

and then we all look at them and then we

all think about the movies we’ve seen

and we’re like yeah that was a cool

movie Angelina Jolie’s totally hot and

then we think about the scary mask that

gets associated with this and the

demonization of this you know guy in the

hoodie right cuz all good superpowers

come to those who wear hoodies and I sit

there and I’m like wait a minute huh

let’s go one step further what’s the

stereotype that you think hackers are

hmm no we don’t hack Instagram and no

we’re not gonna get hack your games and

I’m definitely not interested in hacking

your snapchat but poor Facebook like on

a daily basis I get emails can you

please hack my boyfriend’s Facebook and

I mean their security team must be off

the charts like swamped with

vulnerabilities because this happens on

a daily basis cracks me up and no I’m

not gonna teach a black hat services not

interested and I’m not gonna teach you

how to steal credit cards because that’s

just well not cool right you know even

if I did teach at a steal a credit card

that dudes just gonna call up the

company have it cancelled and there you

go that’s a waste of time now we’re all

human right so we all have our

idiosyncrasies and we all have problems

like this and this cracks me up too

because everybody always asks me to be

able to hack their boyfriend’s email now

what this one cracks me up is because

they wanted it for free and I thought no

not only is it criminal I’m definitely

gonna charge you for that and then the

other thing the other thing that happens

is they always you know cuz it’s

boyfriend’s cheat girlfriend’s sheets

part of life we’re all get insecure at a

time this girl sent me an email and

quickly followed up with and can you

teach me how to learn which I thought

was funny and I was like wait a minute

no message we got to change this around

listen hacking is not a bad word right

you got to turn this upside down think

of it differently hackers to the very

root of what this means means pursuit of


hackers are stealthy they are data focus

they are driven oh my gosh put some of

the craziest minds together and see what

they come up with we also have cool

offices but the big part of our culture

is to break things apart is to

understand how they work so I’m not

gonna just stick an iPad in front of

your face and tell you oh wow isn’t

she’s so tickled the reality is I want

you to understand how that computer

works go build one yourself go write

your own code

right your exploits don’t how to do it

we’ll show you you know so this is what

we do we analyze signal frequency

analysis we take apart

car alarm systems home alarm systems we

try to teach you how to send packets to

space you think everyone’s excited about

cyber just wait till they jump on that

space train that’s coming you know this

is the future of jobs I know it was all

doom and gloom you know from the very

beginning about AI but actually there’s

a lot of cool stuff that we are building

we fly and print our own drones we test

wireless communications we look at SDR

because guys the reality is commuter net

and the insanity is doing it over and

over again so what we’re trying to do is

actually empower organizations will

train you up inside we don’t want to be

another consulting firm we did it

because that’s what we what was the

easiest to route to market because when

you have a name like hacker house you’d

be surprised how many people get scared

so we we we sat there and we’re like all

right here we are we offer yourtears

testing services but what I’m really

interested in is helping you guys learn

how to do this yourselves because 90% of

this hacking stuff is easy you just have

to understand how it works

so and one of the best ways that I can

show you how to do this is think about

it like hacking pirate ships right

there’s all different kinds of ways to

an attack a ship there’s all kinds of

ways to get inside a computer and if you

think about these two ships being lined

up against each other there’s all

different ways to I don’t know attack

another from one ship to another you can

swing across the top mask you can

actually throw knives from one ship to

another although I wouldn’t recommend

that you can start shooting guns or

think of an exploit like firing a cannon

from one port into another port one port

on a ship could be the maids chambers

and that’s the file server another port

is the kitchen

that’s the mail server right so what we

do is we break down this hairy scary

do just break down some of the scary

stuff so when I say a terminal

my neck has green and black numbers you

aren’t sitting there freaking out

because it looks like computer jargon

that you’ve never seen right the

training courses we are endorsing

actually help empower you yourselves and

your organizations to understand so here

we are we start with an nmap scan and

map what the hell is that basically you

run a scan on your computer to look at

what ports are there some are open some

are listening some run from emails

summer file servers we run man and map

as a way to teach you how to look up

things inside your computer so it’s like

a Google for your hacking terminal right

it’s easy to look at what scripts are

being used how they’re used this crazy

word called brute force right how does

that mean brute force is like is a way

at attack it is an attack to enumerate

or to take out usernames and passwords

it’s very important that if you can run

in a brute force on your computer that

some other guy halfway across the world

can also run a brute force and they can

extrapolate your usernames and your

passwords so in this case we walk you

through how to do such that now everyone

thinks I’m teaching criminals teaching

you to be a criminal but actually it’s

really important that if you get a

computer an email that says default

passwords or web mail you learn how to

change them right and you have to see

where you are vulnerable

another huge vulnerability that happens

is when you is with this thing called

Berkeley it’s a vulnerability in an SSL

right so it’s another way to extract

usernames and passwords so let’s think

you let’s say you’re being all clever

and you you can change your password

from not a default but to something else

as we see right here with Jenny well we

can still run this attack and get in as

Jenny and steal her credentials now this

is something really important

organisations have to get in the

practice you have to get in a practice

of doing this because it is you

ultimately that are using devices and

connecting everything in your home

we are so keen to make sure you can feel


you make sure that you understand how oh

here we go again because the internet

gives you access to everything and it

also gives it access to you and everyone

is prone to human weakness so what is

smart some dude on Twitter gave me this

and I was like awesome I’m gonna give

you credit in my talk so anything that

is an attack or a potential in software

that could be a use it as a ransomware

attack so this is all the devices

essentially now you’ve got 65535 ports

per device you got smart cities smart

cars if I can change this thing and

smart homes and you live in this world

of the internet of vulnerabilities like

really we all are so vulnerable so if

you don’t know how to hack you should

absolutely learn and inside your system

attackers can stay for up to 200 days

weird ask the any of these guys so the

other thing is phishing everybody asks

me about how phishing sorry this

clickers not making it so easy to switch

through sometimes when you have attacks

you have to what they call a drive-by

attack and a drive-by attack if you want

to get to the next video is when we send

you to a site that everyone likes what

are some of your favorite sites Amazon

LinkedIn Facebook right and what you can

start it um when you are sent to these

sites what happens is a bad guy has sent

a link in an email for you to download

automatically starts on your computer so

this is when people say how the hell do

I get hacked all the time well 90% of it

is done by a phishing attack and it goes

something like this

and I’m showing you this because I all I

need you all to understand that this

happens to everyone not just a few few

guys right so this is our receptionist

desk here’s our attackers desk he’s

running an exploit he’s targeting this

person he’s he’s saying exactly who he

wants to send this email to in the

format that he wants to do so in this

case the receptionist in form of a

LinkedIn request so this is something

that happens on a daily basis and when

you were targeted there’s nothing really

you can do except for to protect

yourself in this case

she’s just sees a LinkedIn request like

we all do from an attacker she clicks on

it look she’s got an AV running isn’t

she protected not really look at the

Russian calculator gives it all away in

this case she wasn’t directed to the

actual profile she was given this blank

screen now we go back to our attackers

website and we actually see that he is

now inside this machine he has planted a

shell in her computer he has what we

call a wrapped a remote access tool that

is now accessible from her as the

receptionist and it goes back to this

computer so this is what we try to do we

walk through some of the scary bits

because if 90% of us click on links that

we’re not supposed to we’re all under

potential threat then there’s just no

way no government money no industry no

one’s going to be able to keep up with

the amount of people needing these

services so I leave you with this one

last note we can go back to the main

screen I guess um then I want you all to

go home try try this just try for a

second to download the training program

or learn some new skills go take a

course online come join us at hacker

house whatever it may be but don’t be a

victim because guys right now our skills

for the future will depend on your

ability to embrace as we’ve chosen to

this connected world and we really must

not see hacking as a bad thing in

hackers of the Internet’s immune system

and they’re one of the most fundamental

skills of the 21st century and so I

encourage all of you to have some fun

exploring thank you and happy hacking [Applause]

Please follow and like us: