Return to Transcripts main page
CNN LIVE EVENT/SPECIAL
The Secret Lives Of Super Hero Hackers. Aired 2:30-3p ET
Aired December 12, 2015 - 14:30 ET
THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
[14:30:00] LAURIE SEGALL, CNN ANCHOR: There are good guys, there are the bad guys. Then there are people who live in the gray area. Their weapons -- ones and zeroes, vulnerabilities and exploits. Behind the computer, superpowers that can be used for good or evil, to secure your bank account or take it down. They are the influencers, the troublemakers, the gatekeepers of our virtual life. You haven't met them, but they're in your computers, your credit cards, your retail stores. It's time to introduce yourself.
(BEGIN VIDEO CLIP)
UNIDENTIFIED MALE: You go ahead and you find any kind of information that you can leak.
SHYAMA ROSE, HACKER: I have every right to be a coked up prostitute, but I would rather be a nerd.
ANONYMOUS: This is Anonymous, a legion of people who want freedom.
JOSH CORMAN, HACKER: I'm a fan of Stan Lee. With great power comes great responsibility.
(END VIDEO CLIP)
SEGALL: Vegas. I've always found it strangely fascinating. You've got gamblers, adrenaline junkies, Darth Vader, Chewbacca. Everyone's looking for a dollar. From this standpoint Vegas is about the show, the promise of something better. But on this particular week there's a different type of show. You might not even realize it's happening. But I suggest you turn off your Wi-Fi, because during this week this strange little mecca fills with what's becoming one of the most influential groups in the world -- hackers.
Thousands and thousands of hackers descend on Vegas to party and hack. If Vegas is a gigantic party, every year at cyber security conferences, Black Hat and DEFCON, the best hackers in the world gather to show off their party tricks. It's not what are you drinking. It's more like what are you hacking.
Think about hacking as a modern day super power that can be used for good or evil. Josh Corman is a hacker who uses his power for good.
CORMAN: Mistake number one is thinking that hacking is bad. It's a form of power. And power can be used for all sorts of reasons. I'm a big fan of Stan Lee and the whole "Spiderman" thing, with great power comes great responsibility. SEGALL: What divides the people who use their powers for good and the
people who use their powers for bad?
CORMAN: It all comes down to motivation. Technology is used by different people for different things. Take a hammer. A hammer can build a home or crack a skull.
SEGALL: Here's why this group matters. These days everything from planes and even coffeemakers have computers inside. More and more, hackers are finding ways to control them from afar. One hacker who uses her power for good found a flaw with a Wi-Fi connected gun.
This gun has kind of Wi-Fi attached to it. The first thing most people will say is, awesome, it will help you shoot and aim better. The first thing you say is I can't wait to tear this apart and show how vulnerable this is.
RUNA SANDVIK, GUN MAKER: You can just connect to the wireless network and you can talk directly into the back end of the system. What we tested specifically was to change the weight of the bullets. And that made the shot go 2.5 feet to the left instead of the target they were aiming at.
SEGALL: She told the gun maker. They say it's safe to use is and have updated the rifle since the version she tested. It's that step, telling the company, that divides the hacking community. A good hacker, a white hat, reports the problems they find so other users aren't at risk. A bad hacker or black hat takes advantage of the problem, usually to make money for gain power. Exploits can sell for thousands online on the black market.
But it's not that cut and dry. In this community there's a lot of gray area. The white hat by day could be a black hat by night. And for those who use the skill for good, there's always the "what if?"
Do you ever struggle with it? Do you ever think about, well, what if I went the other way?
JEAN TAGGART, MALWARE BYTES: Yes. I mean, there's always the fleeting thought I could be on a beach drinking out of a gold encrusted goblet. But I always keep in mind that like for any hack, especially one that would result in financial gain, there is a victim.
SEGALL: And here's what you realize when you handing out with hackers at DEFCON. This strange cyber event is a microcosm for the real world. Browse the web on an insecure browser and these guys can see what you're looking at.
SEGALL: So this is what people are looking at right now.
UNIDENTIFIED MALE: Abercrombie and Fitch right there.
[14:35:08] SEGALL: Connect to insecure Wi-Fi in a room full of hackers, chances are you'll end up on what they call the "wall of sheep," stolen passwords and emails displayed for everyone to see.
Now, this is meant to be a public service to remind you to only browse on trusted Wi-Fi networks. But if it happens to you, kind of embarrassing. Hackers at DEFCON are pretty secretive. CNN only gained access only by adhering to very strict secrecy rules.
So would you call yourselves hackers?
UNIDENTIFIED FEMALE: White hat hackers. We only hack for good purposes.
SEGALL: Most of the people I met here started hacking as kids. They broke things. They wanted to see how things worked. Of course the best you can hope for is that they continue to hack for good, because, as they say, with great power comes great responsibility.
Coming up, you've heard of the girl with the dragon tattoo. Meet the real life version.
ROSE: Based on where I came from, I have every right to be a coked up prostitute. But I would rather be a nerd.
SEGALL: The amazing story of how hacking broke her free from abuse.
And check out CNN's first digital comic book at CNNMoney.com.
ROSE: I have been all around the world doing security. I've worked for the top companies in the world. Based on where I came I have every right to be a coked up prostitute. But I would rather be a nerd.
SEGALL: Meet Shyama. She's kind of like a real life version of the girl with the dragon tattoo. Just like the fictional character she faced cruelty and fought back with this incredible ability to tack. Unlike the fictional character, her story is real.
[14:40:00] ROSE: This is before all the books came out. It was my first tattoo ever and I was proud of it. And I'm not so proud of it now. But I think the story of me and the girl with the dragon tattoo are fairly similar. She certainly hacks people, both socially and technology-wise. Then she has a hell of a pass.
SEGALL: At three her mom joined a religious group outside of Austin, Texas. There was beauty, belief, devotion to a religious leader named Swami Ji. It was all a cover for horrific abuse.
ROSE: He began sexually abusing me and several other girls.
SEGALL: Do you remember the first time it happened?
ROSE: I was standing in the kitchen and I was 11-years-old and wearing this gigantic sari which a long girl shouldn't be wearing, and he was trying to adjust around me, and he just started touching. And you're just confused, what was that? SEGALL: But the adults in the community didn't protect her.
ROSE: Not only did they not stop it, they would send us into this guy's hands on a regular basis and told us to enjoy it. The only outlets that I had were books or computers. And when I got the computer, it was like lightning in my life. It was a total savior. And I got one with a modem, plugged it in, and then heard that famous. And then it was game over from there.
SEGALL: It was her growing ability to hack, to speak another language, that opened doors outside of the ashram.
ROSE: Hacking and computers to me became such an incredible outlet to me. But there is definitely a conception in people's mind that hacking can be very bad. But it's also good in a way too, like sometimes you have to break things down to figure out how to make them better.
SEGALL: Hacking was her ticket to freedom. Outside the closed bubble of the consult, she used those skills to become what you would call a professional protector. At NASDAQ her job was to actually think like a bad hacker. While hostile governments were on the offense trying to steal sensitive stock information, she played defense, finding weak links before they could get to them.
ROSE: I want to help people feel better and want them to feel protected. Maybe that's where it came from.
SEGALL: She's taken on hackers from all over the world. And as an adult she was able to take on the first person who exposed her to injustice, Swami Ji. The story was featured here on CNN's "The Hunt." it was her testimony that helped lead to his conviction. He was sentenced to 280 years in prison, but disappeared after posting bail.
ROSE: I think growing up with such an impressive life as a child, freedom to me is very important.
SEGALL: To show me where she finds freedom, she asked me to come here, where she spends quite a bit of time.
ROSE: I need to be able to do what I want, when I want, how I want. And skydiving allows me to do that. It takes you through the rollercoaster of what is life. We see beauty. We see sunsets that no one else would see. And hacking is like this too, but the people you do it with, you create a deep bond with because it's something that you share with those people that no one else does. So it's such a unique skill, an edge of life kind of moment, both hacking and skydiving.
SEGALL: Coming up, going face to mask with anonymous. We have no idea where they are or even their names. But if they don't agree with you, they can do major damage.
And check out CNN's first digital comic book at CNNMoney.com.
(COMMERCIAL BREAK) [14:46:49] SEGALL: Hamster. Egypt. Virus. No, not random words. They're actually code names for hackers I met as I delved deeper into hacker culture. The farther you go, the weirder it gets. And here's what you begin to pick up on. There's no one size fits all definition of the word "hacker." Everyone hacks for a different reason. Some act for a cause. It's called "hack-tivism." Here we have three hackers from three different stories. You might have already heard of Anonymous, a loosely connected group of hackers all over the world. Under the mask varying ideas, countries, enemies. Their targets range from government agencies to terrorist group ISIS. One common method they use to hack, denial of service attacks, essentially overloading a website with traffic until it crashes. Think of it as a virtual picket sign. Sometimes people applaud their work, other times, quite the opposite. I spoke to a member. I knew he was legit based on conversations we've had during prior attacks.
Is there a unifying principle to Anonymous?
ANONYMOUS: This is Anonymous, a legion of people who want freedom.
SEGALL: What do you say to the folks who say Anonymous breaks the law?
ANONYMOUS: If freedom is breaking the law, there is something wrong with the law.
SEGALL: In the hacking community people play by their own rules, like this guy. He'll hack your website if he doesn't like what you stand for. One example, a Nazi sympathizer forum. I was connected to him by a respected security consultant.
ANONYMOUS: We had a vulnerability firewall, and actually at that time it allowed us to gain privileges and find out where they were holding a meeting, call people in on the meetings or call the cops on the meets, things like that, just trying to cause as much disruption and chaos as possible.
SEGALL: While he says he's hacking for justice, he also might be helping people steal your credit card. To make money he writes software to find security flaws and then sells those flaws online.
UNIDENTIFIED MALE: I don't really ask questions about what they do with it. They could be using it for horrible purposes or they could be using it for good purposes.
SEGALL: He says he got into this after he became unpopular with the community of good hackers.
UNIDENTIFIED MALE: It's come to a point where I had to make some choices to either do what I do or live on the streets, I guess.
SEGALL: And then there are those who use hack-tivism to protect. Morgan isn't hiding behind a mask or a phone line, but that doesn't mean his work isn't risky.
MORGAN MARQUIS-BOIRE, HACKER: I've analyzed hard drives that revealed that the people working in Syria, aid workers, had actually been compromised by pro-state actors that leak out these e-mails that contained malicious documents. The malicious document purported to be a list of Syrian opposition insurgents.
So this basically sells itself, right, because you receive this list and you want to open it to see if you're on it. Like wildfire, everyone is opening these malicious documents, which caused, you know, the implantation of spyware on their computers.
SEGALL: He's helped uncover digital spying in China, Syria, Morocco.
MARQUIS-BOIRE: I was coming out here for this interview with you, a joke that far too many people made for my comfort, they're like, it's not actually going to turn out to be one of the groups of people you're pissed off and they're going to bury you in the desert.
[14:50:02] SEGALL: For Morgan, this work isn't his day job. But he says he has a responsibility.
MARQUIS-BOIRE: I think I have a fairly fundamental belief in the value of privacy and free expression as human rights.
SEGALL: Coming up, meet the hacker Moxie Marlinspike. He's got a made-up name and the attention of everyone from the FBI to Edward Snowden.
And check out CNN's first digital comic book at CNNMoney.com.
SEGALL: Throughout history, coding and decoding messages has fueled wars. Take World War II. Mathematicians cracked German codes created by machines called Enigma.
UNIDENTIFIED MALE: It's the greatest encryption device in history and the Germans use it for all major communications.
SEGALL: Fast forward to Arab spring. How did protestors organize safely? Many used something called encryption. But that's also the same way terrorists might work together to plan a major attack.
The whole idea is to make your messages secret. Encryption jumbles words into random numbers, letters, characters. The words only decode for the person who is meant to read them. It's a technique that's sparked a debate at the highest levels of government because the same tech that helps the good guys also shields the bad. And that tech is going mainstream. At the center of it all, this guy.
MOXIE MARLINSPIKE, HACKER: We're out of food.
UNIDENTIFIED FEMALE: And the means to cook it?
MARLINSPIKE: We're out of fuel.
SEGALL: His name is Moxie Marlinspike. It sounds made up because, well, it is. He's a world renowned hacker and he's obsessed with your privacy. He won't tell you where he's from or really anything about his past. But everyone from secret agents to whistleblower Edward Snowden looks to what he has to say on one topic -- encryption.
MARLINSPIKE: If I share photos online with friends, my intention is to share with those friends. It's not to share with Twitter the company or Facebook the company, or the government.
SEGALL: Moxie builds an app called signal that makes encryption easy to use. It's also used by WhatsApp, the messaging service owned by Facebook.
[14:55:05] MARLINSPIKE: It's actually the most popular messenger in the world. Now when people communicate with each other, those messages that they send are encrypted all the way from their device to the recipient's device. So nobody in between can see what they're saying.
SEGALL: It's making it easier than ever to protect yourself and harder for law enforcement to crack down, spurring conversations like these.
JAMES COMEY, FBI DIRECTOR: All of our papers, in effect, all of our information will at some point have strong encryption. That will have profound consequences for law enforcement.
SEN. RON WYDEN, (D) OREGON: Where this is headed is towards proposal for some kind of stockpile of encryption keys. I think this proposal is a big time loser.
BARACK OBAMA, (D) PRESIDENT OF THE UNITED STATES: I lean probably further in the direction of strong encryption than some do. But I am sympathetic to law enforcement because I know the kind of pressure they're under to keep us safe.
SEGALL: Chris Inglis spent decades fighting terrorists. He was the deputy director of the NSA.
CHRIS INGLIS, FORMER NSA DEPUTY DIRECTOR: Encryption is one of many ways that an adversary, whether that's a criminal, a terrorist, a rogue nation, one of many ways that they might use to hide their activities.
SEGALL: Some in Washington want the ability to access encrypted conversations if there's reason to think there's a threat. Think of it as asking for a key to a locked door.
INGLIS: The question is, do we then try to provide some exceptional access to technologies of that sort by building in a front door under the bright light of the rule of law?
SEGALL: For Inglis, the answer is yes. But to Moxie, that's not possible.
MARLINSPIKE: They're not capable of managing those secrets. They're getting hacked every day. SEGALL: Some folks in Washington want Silicon Valley to build
solutions. It doesn't look like Moxie is going to be the guy for that. He plays by his own rules in a new era where tech drives the good, the bad, and, in this case, the policy.
MARLINSPIKE: We're at a moment in history where it's mostly possible for us to ignore policy discussions that are happening. Instead of asking people to change the law or to change their surveillance practices or whatever, we can just do it ourselves.
SEGALL: While Moxie is obsessed with your privacy, there's a different type of hacker that specializes in getting you to overshare. What if I told you there's a class of hackers who don't just have social skills, they have more social intelligence than anyone you'll ever meet? David Kennedy is one of them. He's what's known as a social engineer or a people hacker. His craft is to dupe you into doing things and sharing information you probably shouldn't.
DAVID KENNEDY, HACKER: Can I just get your credit card number?
SEGALL: Some use it for illegal activity. In David's case, companies pay him to find out if employees are leaving the company vulnerable. He and his team show us how it's done. Step one, spoof his number so it looks like he's calling from inside the company. And then call tech support.
KENNEDY: Hello, are you there? Hello.
UNIDENTIFIED MALE: Hi, can I help you?
KENNEDY: I was wondering if you can take a look at a website I'm trying to get to. It's for a big customer thing I'm working on for Monday, and I can't seem to get to the Web site from my computer.
UNIDENTIFIED MALE: Sure, what's the website? I'll see if I can get your through.
KENNEDY: Thanks, man. It could be a stupid thing. I really suck with computers. So it's www.survey-pro.com.
UNIDENTIFIED MALE: Yes, I got a prompt to open. I clicked open. And I'm at the site now.
SEGALL: Here's what the I.T. guy doesn't realize. By clicking that link, he's just given David full access to his computer.
KENNEDY: Whoa, OK, that's weird. This is working find now. Awesome. I don't know what you did, man, but I really appreciate the help.
SEGALL: That was it?
KENNEDY: We're on his computer right now.
SEGALL: You were able to take over this guy's computer within I would say like under two minutes. KENNEDY: Under two minutes, took over his entire computer. Think of
it as not just his computer but it's pretty much the downfall of the entire company.
SEGALL: In this case the company was paying David to hack them to see if their employees would fall for it. They did. To show you this demo we agreed not to use the company's name.
Kennedy hacks to protect. He's part of a growing number of hackers using the skill for good. Josh Corman is one of them, too. He started a group to help bridge the gap between hackers and big companies.
CORMAN: Hacking is a form of power, not surprisingly, as you walked into my house and saw all the "Spiderman" stuff, I'm a Stan Lee line of "With great power comes great responsibility." We're coming to the point where the outside world, a breach a week, a breach a day affecting people's personal lives and national security, we've got to grow up a bit, and we have to be very deliberate about how people use that power.
SEGALL: Corman formed the group after his mom passed away.
CORMAN: She was my science teacher. She taught me darkness is the absence of light. If you see something missing in the world, maybe it's our job to put it there. There are very, very bad people, which means it falls to the good people to try to fight it.
SEGALL: You feel like you have a very personal responsibility?
CORMAN: We have so much potential to shape our culture, our values, our safety. If not us, then who?
SEGALL: It's that potential that could hurt or help in a world where these guys are the new superheroes and hacking is the ultimate power.
[15:00:01] I'm Laurie Segall.