The Infinite Monkey Cage - The Cyber Codebreakers
Episode Date: November 13, 2024Brian Cox and Robin Ince head to Bletchley Park with comedian Alan Davies, and cyber experts Victoria Baines and Richard Benham to decode cyberwarfare and discuss its future.As computers have shrunk f...rom the size of rooms to fitting in our jacket pockets, our cyber sleuths explore the changing nature of cyber-attacks and defence. They decipher the fancy jargon abounding in cyber land, from trojan horses to phishing scams and reveal how prolific these attacks are on nation states, businesses and the public. From digital army battalions to teenage freelance hackers, the cyber-villains are multiple and varied. Our panel discusses the aims of these malevolent forces; from extorting money and holding valuable commercial data hostage to influencing people’s electoral intent.The panel explores how AI and quantum computing are supercharging cyberwarfare – but in good news, also cyber-defence. Alan Davies shares his susceptibility to being tricked online whilst our experts give some tips for staying safe online, and finally, Alan comes up with his surprising alter-ego hacking name.Producer: Melanie Brown Executive Producer: Alexandra Feachem Researcher: Olivia JaniBBC Studios Audio production
Transcript
Discussion (0)
BBC Sounds music radio podcasts.
You're about to listen to the Infinite Monkey Cage episodes will be released on
Wednesdays wherever you get your podcasts.
But if you're in the UK, the full series is available right now.
First on BBC sound.
Hello, I'm Robin Ince.
And I'm Brian Cox.
And this is the Infinite Monkey Cage.
Today we're at a location of great historical and mathematical
importance, Bletchley Park.
Or are we?
The work done here is estimated to have shortened the Second World War by between two and four years.
Or did it?
And after decades of secrecy in the last 20 years we've learned of the remarkable minds that made this possible.
Or have we?
What are you doing?
I'm being an enigma machine. So yeah, the idea was, because enigma, as well as being the name of the machine, also
can mean being enigmatic.
Look, I don't know, madam.
He was unable to write a funny joke for the introduction.
That's amazing.
Anyway, today we're not looking at the past, but towards the future.
The information technology of the 21st century have created immense opportunities, but there's
also a darker side.
How can these ubiquitous technologies be manipulated to influence us?
What is cyber warfare? And how can we prevent malevolent forces turning our everyday devices against us?
To help us understand what we know we know, what we know we could know, what we can't know that we don't know,
we're joined by two leading authorities on cyber security and a former
sleuth conjurer.
My name is Professor Richard Burnham and best known for being patron of the National Museum
of Computing just up the road.
I'm also known for being a best-selling spy novelist, which was something that came to
me later on in life, with a cyber twist.
So that was where my
Cyber bit came in and I'm Victoria Baines. I'm professor of information technology at Gresham College
I am also an erstwhile cybercrime
investigator and the most
surprising thing that people don't know about cyber technology is
The money that some countries make from cyber attacks, one of whom reportedly gets half of their GDP from cyber crime.
I'm a man.
I'm Alan Davies, I'm a comedian and former sleuth-cundra.
I'm Alan Davis, I'm a comedian and former sleuth conjurer. And most surprising fact I know about cybercrime is,
and I know this because I know someone who's in the Royal Signals
who are at the forefront of cyber warfare
and the rest of the army refer to them as chair force.
And this is our panel.
APPLAUSE Now Victoria, so this term cybercrime, cyber warfare, we probably think most of us think
of teenagers probably in their bedrooms trying to hack computers, but you alluded to it in
your introduction that now it can be states as well.
So can you give us an overview of who is conducting cybercrime and
cyber warfare? What is it today? Well I think the term cyber is really
unhelpful. It's a made-up word. It comes from ancient Greek. It's what a helmsman
does when he's piloting a boat and all of a sudden through science fiction all
the folks who work in what we used to call information security, computer security, go,
no, I'm a cyber warrior now. I'm defending the galactic universe against all these different cyber threats.
Very Radio 4, the origin of the word. It's a helmsman.
Yeah, so I'm a recovering classicist and so I'm really interested in the origins of how it comes about. It's Norbert Wiener's 1948 definition
of cybernetics, regulatory systems, mechanisms
to regulate animals and machines.
And through that, that cyber prefix
then gets stuck on everything.
But to your question about what actually is it,
it's really a spectrum of activity.
And at one end, we have nation-states
engaged in cyber warfare and old-school espionage as well. So you know if we're
thinking about war games, another movie that lots of us watched in the early
80s, the idea that you could hack into the Pentagon and say do you want to play
a game of thermonuclear war? It's that kind of attack, attacks
on critical infrastructure, the things that
keep the country running.
And at the other end, we have that profit-driven cybercrime,
which is just making a fast buck out of other people.
The trouble is that 10 years ago,
it was a lot easier to distinguish the guys who
were the nation state actors and the guys who were trying to make a fast buck but now
when a company or a person even or a country experiences a cyber attack they
don't actually know the intent of that attack is it to steal trade secrets is
it to take down their hospitals or is it to get some money out of them and
that's really challenging for those of us who were responding to it because
We actually don't know whether it needs to be the army
Sometimes or a cyber security center or the intelligence services or plain old coppers
And we should try do you want to try and guess which nation state it is was it 50% not the Isle of Man?
I should say which nation state is it I?
50% not the Isle of Man I should say. Which nation state is it?
I think it's going to be some small remote island. It might be in the Caribbean, could be in the Indian Ocean, could be the Seychelles. I think it's quite a good guess because what we do see is we see kind of dastardly cyber criminals using small island web domains to launch their attacks from so you know you might be an attacker from France
But you'll use Vanuatu or Togo's web domain just to obscure where you're really from and you park your billion dollar yacht
At the end of the jetty so then you can be a mobile state when everyone's off. Yeah, and that's not obvious at all no
This is how we investigate cybercrime, we look for the yachts.
With a helmsman obviously.
Ideally with a cyber helmsman, yeah.
In this case it's North Korea.
And you could say well...
You make that noise but did any of you guess it?
Three hands up, three North Koreans here.
And you could say well they probably don't have a very large GDP, so we're talking proportions
rather than absolute amounts.
But the United Nations last year, they launched an investigation into North Korea because
in the years 2017 to 2020, they amassed three billion US dollars just from 58 cyber attacks. Wow and there's that ransom
stuff are they getting into companies and getting paid off and pinching data?
Ransomware quite often you know again we like to make up words in cyber security
so it's malicious software that locks your files and says right if you don't
pay the ransom you're not going to get your files back.
Actually, what tends to happen is that you pay the ransom
and you don't get your files back, strangely enough.
And just to go on Vic's point as well about crime,
cyber warfare is something else and it seems to have materialised.
And I am a military officer in my, as a part-time role.
And one of the things we look at is obviously
the threat landscape posed by other state nations.
And it's increasing.
And the simple reason it's increasing
is cyber warfare is really cost effective to do,
far more cost effective than having lots and lots
of nuclear weapons.
And again, one of the good bits of news
that I always like to share is I think that the world
that we will go into will actually become safer because of cyber warfare
we just need to negotiate our way there before anybody does anything silly
richie we look at the history because we're here at Bletchley Park so would
it be right to characterize you know the enigma machine the use of code code
breaking is that really the first historic instance of what we might call
cyber warfare.
I think it's the the best known.
I think there are arguments before that people have used technology use coding, certainly
ciphers in even in Greek times, you know, people using ciphers to transfer messages.
So wasn't there something where they tattooed the head let their hair grow and then when
they went they ran to the other person, shaved their head off,
and then the message would be on the top.
So I think this whole feature...
Sorry, remember...
This is...
I felt that was passed over with too much ease.
The... Right, run me through this story, right?
So I need to get a message. How long do you...
It only has to be there in about three months,
but it is quite important, and it's very's very secret so shave the head yeah tattoo the message
on the head let the hair grow obviously there's an assumption there that the
hair is going to grow fast enough and that they're not challenged secondly and
secondly that there's this is a period of time before hats yeah yeah right okay
so there's also the challenge of the time the time taken to get from one place to the other so that the hair grows
And then at that point gets shaved off and then they can read the message
Because it takes a long so you don't wait and so your hair is grown then get on the ship
You get on the ship under the assumption that it's going to take two months to get to the
On your head grow faster than the hair on your chin I suppose you could do
it on your chin I think I know regret that question about this this never
been in any films I've shaved a side of a dog and put the message on the dog and
then the dog's hair grows back and then you send the dog
You don't need to come anyone interfering with your head do feathers great because you could do it on pigeons
I'm thinking you could do a page small message
Joe you can do with the pigeon
I believe some people have they put a little message in a little ring down a bit safer and they let it fly
I don't stop like I'm gonna pigeon just put the miss- I've got a thing on me!
Oh, there! No!
What we have to do!
How are we going to get these bags?
Do you remember what the question was?
Yeah, I thought I'd asked a very, you know,
a simple question to connect the location of this recording to the history of cyber warfare.
And we've ended up with something to do with plucking dogs.
Wow. the history of cyber warfare and we've ended up with something to do with plucking dogs.
So what we're seeing is that cyber warfare is getting a bit woolly now so
whilst that's state against state and as Victoria said a lot of criminals are
involved you get the state sponsoring criminals. So terrorism is another word
that's that's banded around with the word cyber,
cyber terrorism, which is effectively using cyber machines to damage your enemy, so to cause mayhem,
to break systems, to break their infrastructure. And then that's almost gone one step further,
and North Korea being a good example where you get economic cyber terrorism, which is effectively
terrorizing the system, but doing it to either economic advantage or economic
disadvantage. So the city of London suffers from this a lot because there are
many many foreign countries particularly the Chinese, the Russians, North
Koreas, Iran's who would like to bring the city of London down. The only thing
that currently stops that from happening to a large degree is a lot of them have
got their money deposited there so it sort of self regulates itself but if it
wasn't it would come under a lot more sustained attack so this idea that
someone a state or an individual can hack into the computer system
essentially so what are the most common failures in security well we quite often
in cyber security to talk about the holy trinity, which is people,
process and technology.
And a vulnerability in any one of those three means that you're not 100% secure.
Now spoiler alert, nobody is 100% secure.
What we do is we try and put in enough measures in place that we reduce the risk of some of
the most common and hopefully some of the most sophisticated attacks
But if someone is really persistent and they put a ton of money behind it say with state backing and they've got it
You know an entire army unit working on this stuff. They'll get in it could be things like
Identity management is making sure that the only people who can have access to
your systems are the ones that should have, that you haven't given it to
somebody's sister because you use their tablet in COVID. You can have a failure
in the technology because new types of malicious software are being developed
all the time and that's where all those antivirus companies, they're racing to
develop the antidotes to that.
You also have kind of technical vulnerabilities in operating software. People make mistakes when
they're writing code and companies have to race to patch those. But then of course you have the
vulnerability in the people and that's the social engineering part and that's why things like fishing
still work because we fall for stuff. Kevin, can you just define fishing then?
I hope I'm not going to trigger PTSD because we've all suffered this stuff, right?
It can be things that are based on something that you really want.
You know, so your boss sends you an email and says, hey,
your employer for the month, just click on this link.
You have won
a massive yacht it does tend to be a massive yacht in very many cases or it
could be romance of course and people quite often say well why are people so
stupid as to fall for the hot girl that says hey you look nice do you want to
get on webcam well because they might have just split up with their partner
they might have had a few with their partner, they might have
had a few beers. We're all vulnerable at certain times in our lives. But also fear. Fear is
a really big tactic. The scam of people ringing up and saying, hi, we're Microsoft Help Desk.
We can see your computer is vulnerable. Well, yeah, we want to fix that. Of course we're
vulnerable and of course we will then be driven
to do something in a panic.
We're quite often told that it's time limited.
You need to do it right now.
Otherwise something terrible is going to happen.
It's human manipulation tactics.
Do get trends, don't you?
I mean, there was a time when everybody's bank
was ringing them up and telling them
that their bank account was compromised
and what were the last few transactions. and then keep you on the phone for ages until
you give away your sort code and then you start to think, hang on a minute.
Have you ever been scammed?
Oh god, relentlessly.
At Christmas I had three Christmas lists for my three children and I found a website that
had every single gift on the site from all three lists. This was heaven
Including a Lego set that's no longer made and I nearly gave them
457 quid and then I thought this is unlikely
I was scammed on the ps5 about two years ago. That was 400 quid down this morning. And artificial intelligence is changing all of this because we used to say to people you
can spot a phishing email because the grammar is not quite right or it's got some funny
typing, funny spelling in it.
Well of course scammers are using chat GPT now to write their phishing emails which look
perfect, so we're having to find different ways to show people how to spot
that something might be a scam. Richard when we talk about a really big cyber
attack so it'd be infrastructure attacks or as you said attacks on state security
infrastructure for example do we do we know what the proportion is that is
successful so do we know where the biggest vulnerability is? Yeah so it
always used to be in the systems itself and a lot of it,
particularly like NHS government departments, banks in particular,
have a large number of what's called legacy systems, so old systems.
And when they were merging, growing, nobody used to spend on the IT,
they just used to bash the two together, connect them with a wire,
put something over the top and then carried on.
And as long as it worked, it was fine. and there was always a day of reckoning for that
and we sort of saw that in the last 10 years when most of the attacks were
directed at the computer itself. But that's changed and I think the the big
thing that caused the change was the introduction of the iPhone and also 4G
so when those two things came together, I think 2007, 2009,
it changed the whole idea of what an IT attack, what a cyber attack was.
It was no longer attacking IT, it was attacking
the individual using the IT. The whole nature
of attacks changed and so what we see today is not so much attacks on these
on these big systems, but what we see are individual attacks now,
because it's easier, it's more profitable. And the human vulnerability just means that it's just
an easy target for cyber criminals. Put on top of that social media, manipulation of people as well,
and the whole thing is turning into not a nice place at the moment, because it's not just about
money, it's also about manipulating people
We're seeing it manipulating outcomes of elections
So that's broadening the definition of side it is and it does and that's what's happened to cyber as a definition
It's gone from being IT security now to almost a human based threat that encompasses everybody
We are now all on the front line for nation-state attacks.
If you're the Russian Internet Research Agency and you want to manipulate the results of
an election, you do it on social media.
You say, oh, the Pope is voting for Trump, etc.
Which they did in 2016.
And those are the places where all of a sudden we become the attack vectors for attacks on other people
Alan we've seen that people can be manipulated into some very
Eccentric ways of thinking do you think that's because this speed of delivering information
Seems to have made people tremendously susceptible and I'm sure part of their brain is going this can't be true
But this cognitive dissonance just seems so vibrant. I think what's come into my mind
now is it's now become almost impossible to contact an actual human being with
any company that you're dealing with. My Twitter account was hacked by a
Bitcoin scammer and I couldn't do anything about it and they hacked into
my email and I lost my I had about
800,000 followers or something
I wasn't one of the big fish in the ocean but quite a lot of people and it was very helpful for me
If I was doing a tour or something
So I lost them all and then I couldn't get back into the account and then they said we suspect you are a
Bot or something else and we don't know who you are and I responded
Google me I mean I'm not hard to come by but at no point in that process could I
ever communicate with a human being and you can't communicate with a human being
on almost with almost any company that you're dealing with I don't know what
the long-term effect of all this will be on people as humans I really start to
think if you sit at home and you rely on this machine so much and it does so much for you
Does all your shopping for you does everything for you know all your kids appointments everything to do with school
Everything is in this thing and you start to think hang on a minute you still ring up didn't you?
Does that Victoria make us far more?
vulnerable to cyber attack the fact that we become an ever more reliant on machines,
be it the phone or whatever it is,
that it is possible to hack these things.
It's possible to hack your fridge,
I guess, or your toaster or anything.
Anything that's connected to the internet, I suppose.
We're absolutely so reliant on digital technology
for everything, you know, how we get about,
how we do our work.
But what I would say is that we're probably better prepared to defend against cyber attacks
than we are to defend against mistakes.
And we saw a really good example of this over the summer when CrowdStrike had a bug
in a piece of its software that was used to secure many millions of machines all
over the world. Ironically it was cyber security software. When this was
initially reported, when everybody got the blue screen of death, when airports
couldn't function anymore, everyone said oh it's a cyber attack. It wasn't a cyber
attack, it was a mistake in a piece of code that took down all of these millions of machines that had to be
manually rebooted. So in many respects, the most dangerous person in the world is the
software engineer that hasn't checked his code.
When they, here at Bletchley Park, suddenly you can crack the code, the Enigma machine,
and one of the problems then is what do you do with that knowledge? You don't want the other side to know that you've cracked it so
then you have to be very careful. Does that still apply for the military now?
Can we keep it a secret that we found it out? Yeah no absolutely a misinformation
is as important as information so sometimes you'll allow a tact to carry
on on the basis that you
can twist it around and ping it straight back so the roots coming into you also
becomes the root back into the enemy that's quite common so you'll get a
Trojan then you'll ping a Trojan back on the information going back gets quite
complicated but absolutely basic warfare stays the same could you define that
word by there was a lot of jargon in this area, so Trojan.
Trojan, yes, sorry. So if you go back to Greek times, I've seen in your classics here,
a Trojan horse was where the Persians or the Greeks were attaching Troy,
and the idea was to present a gift of a nice big wooden horse and inside it were hidden a load of soldiers.
Obviously, seeing it as a gift, the fort opened up, took took it in and then all the soldiers came out in the middle of night
and killed them all. And that analogy is used quite often in cyber security where
we'll send something to someone that looks innocuous so it may be a nice
photo, it might be a nice little program that does something, it can be anything
at all. The important thing is the person receiving it sees it as a gift. No sooner than do they download it and
put it on their machine, then we can open it up from afar and see what they're up
to. And certainly when I worked in the intelligence services there was a lot of
that going on in the early days and even today I can't speak for GCHQ or any of
the agencies because I'm sure that's what you say many
of them are here tonight I suspect but but certainly as a tool in the armory
that's that's always a good one atroge and we do the same with profit driven
cyber crimes as soon as you arrest someone who's in say a forum on the dark
web you can take on their persona and then you
can catch what everybody else is up to.
And there are quite a few operations over the last few years where folks like Interpol
and Europol have cooperated with say the National Crime Agency here in the UK to take down
those forums, but only after they've got all the data from them.
You know, in terms of security threats, we hear about the big high profile failures,
but it sounds as if you're both saying that there's an awful lot going on and we're
reasonable, very successful at preventing most of it.
And part of the reason for that is that quite a lot of the time when a cyber attack happens
we just don't know.
So it's not like a murder where you have a body and you can immediately go around and
interview the immediate family, who might have had a grudge against the deceased, etc.
And it's not like a burglary where you know what's missing and you have the traces.
Sometimes all you have is the logs that show that something suspicious has happened.
And it can take several years to find out who the people are
behind a cyber attack and even then if they happen to be you know a member of
the Russian army or a member of the Chinese army they're not going to be
brought to justice so we have this dark space a lot of the time around what's
actually going on it can take time to work out. I suppose Richard if you're
successful as a state let's say of hacking into or accessing the computers in another state,
and it's working, you'll just keep going, right?
Yes, you do. And actually the word Trojan is very appropriate, again, because it can stay there for a long, long time.
You know, there are cases where Trojan has stayed in military systems for up to 10 years before it's been activated.
And sometimes they're so clever that you're never going to find them either. That's one of the other
challenges we face is it's become so, so sophisticated now that even to defend and come up with these
programs that defend us against it is really challenging. And the fact that we don't know who
these people are a lot of the time means that we come up with some really strange naming
conventions. One set of researchers has come up with names based on animals and their national affiliations.
So APT 28, the folks who in Russia hacked into the Democratic National Committee in the US,
are also known as fancy bear because they're
from Russia. In China we have aquatic panda.
What are you having Alan when you start to do all this stuff then?
If you've got a nice name.
Lower back pain.
Thinking of the fact that you know there are many pictures of Alan Turing around the site
that we're on now obviously in Bletchley Park and that idea of the Turing test of the fact that you know there are many pictures of Alan Turing around the site that we're on now obviously in Bletchley Park
and that idea of the Turing test of the ability to see that you are not actually
communicating with another human being and some of the scams that you were to wear
Do you think that that's one of the things that we just we're not able now to see that something is algorithmic program
It's it's not a human being that you'll communicate that that's a skill we've we've lost the only skill we appear to have acquired is now
to not trust any communication at all from anyone and never to click on any
link on any text message or any email ever and I imagine that eventually in
ten years everyone will be writing letters again I'd like to find find out that in years to come, you've stopped using computers,
and every time you get wrong, can you send that script now?
And suddenly, 40 men with razors arrive and go,
Alan's written it all on us.
There we go.
Hang on, we have to get in the right order as well.
I think I'm Act One. I can't remember.
It's almost paradoxical, isn't it?
It's as we move into this future of being far more integrated?
Everything's online is it going to be the case that we just become completely reliant
Or is it the case that we're going to step back because of fear. So I wrote a paper on this back in
2015 nobody read it but here but I wrote it and it was called the cyber paradox and it was exactly that as
We become so dependent as the data becomes so
critical and so vulnerable we'd actually revert back to carrier pigeon or even
manually carrying data written down between two points and and I know that
in some security agencies for instance information is so vital that they
actually write it down put it in the lockbox, drive it with a guard,
and then they open it at the other end, rather than relying on, say, Wi-Fi or the internet.
The vulnerabilities are just too big for that type of data.
Part of the behavioural change then, Victoria, that we will have to accept that there is no such thing as secure electronic communication.
The good news, I think, is that the technology keeps up with that.
The security technology keeps up with that.
So all of us who have junk email folders
know that there are technical signals that our email providers are looking
for, where they can say, well, that looks a bit dodgy.
I'm going to stick that in a folder so that you don't inadvertently click on it.
AI is
doing something smarter than that now which is automated cyber defense,
looking at the patterns in the text that's being sent, looking at the
clusters of where some of this badness is coming from and reacting to it, taking
it down before humans even need to be manipulated. So are we essentially just
sitting back and letting different AI systems
fight against each other in some kind of arms race?
I mean that's both the concern and the aspiration I think.
More and more we're seeing automation being used both in attack and defence
but as we saw with the recent glitch in CrowdStrike cyber security software, we also need human
eyeballs on this to make sure it's being checked before it goes live.
If you fire a missile, is there a risk halfway on its journey that the enemy could hack it
and send it back to you?
Is this going to put people off firing missiles?
Yes, and that was the point I alluded to earlier,
you know the cyber warfare will overtake conventional warfare. Once you control the systems, you
can use someone's weapon against them even before it's launched or whilst it's being
launched and that's been worked on hugely at the moment and that's good news in my view
because it is taking away a level of risk. It's like I said before, we just got to get to that point before anybody does anything
stupid.
Remember in war, if someone attacks another country and you destroy that other country,
all you've inherited is a barren piece of land with no value.
So the art of warfare is quite often to invade without huge cost, but to then take control.
And cyber warfare is very, very good at that.
Quite a lot of the time, that work is outsourced
to jobbing cyber criminals.
So there was a famous story a few years ago
where journalists went to the source
of a lot of the misinformation
that was being spread on social media
during times of elections in particular.
And what they found was that a lot of this
was being put on social media by teenagers in North Macedonia who didn't
know who they were being paid by and they were doing it to buy trainers and
to go away for the weekend. So it's that idea of we think these are you know
nation-state masterminds but actually there's a whole cyber criminal
underground economy where
you can say, well I can write this bit of code and I can leverage this set of people, manipulate them.
It sounds to me like the answer is something that we've established in our house, which is
for teenagers there are no screens in the bedroom and if they just had that in North Macedonia,
none of this would have happened. Absolutely.
It does sound that it's an almost futile arms race.
Ultimately between AIs, we can almost sit back presumably and let them get on with trying
to hack each other.
So where is the future if you look into five years' time, ten years' time?
So if I was being pessimistic, I think 60% of the world's population
have access to a mobile phone, perhaps that 60% is the ones that will end up
demising because we effectively then almost end up destroying ourselves and
the 40% that have lived almost primitive basic lives almost inherit the earth
there afterwards. That is a pessimistic look at it. That is pessimistic.
Especially because you were talking about, oh there's a new phone that's come out today.
But that is one way it could seriously go. And the point I was making is those without it are probably
better off because they have more stable systems, they have things in place. Whereas we're so dependent
on it for our whole every way of living, the technology, that if it fails us in any
way we're almost doomed I would suggest. I would frame this slightly differently.
We're almost doomed I would suggest. Thank you for listening.
Now it's terrifying because it... Gardener's question time.
But it gave me this image of Elon Musk as Colonel Kurtz in Apocalypse Now or Heart of Darkness, this kind of...
Sorry, Victoria.
So I would argue that because we're so reliant on technology, because there are going to be more people walking around who are physically, bodily, physiologically connected to the internet
because we're going to have, we already have to a certain extent, the massive internet of things.
Because we are so dependent, critical thinking in humans has never been more important.
We might need to develop new skills, so thinking about trust and authenticity we need some
other means to identify things that don't smell or feel quite right so is
that kind of you know that chompskin thing about you know how have they got
power you know who is it who you know where does their wealth cut all of those
things that like critical questioning trust no one so much as if Alan we
should develop something like it's sort of an education system
Yeah, it's a good idea where everyone from a young age would attend institutions that were
Organized to improve their knowledge and understanding of the world. Yeah in the community
Secure and they could share the noise speak use paper
We've had a we're all doomed from Richard.
I think I've just got more of the Terminator 2
Blade Runner scenario going, which is humans will save mankind.
What was your message to the listeners and their children?
Yes, Skynet is not real.
It's a fiction. It's ten years away. Well, but we could pick up on that
because Ridge is nodding at your joke. It's ten years away. I'm actually taking it
seriously. I'm thinking does he know something I don't? But I'm with you on it.
Even as a science fiction writer I'm really struggling
to anticipate what the next 10 years is going to give us.
I mean I find it equally difficult when we're thinking about something like quantum and
how quantum computing is going to impact on cyber security. There's this fabulous thing
called Y2Q. If you remember Y2K and the Millennium Bug,
Y2Q or Q Day is the date on which quantum computing
will decrypt current encryption standards.
So all of our messages will suddenly
become no longer secured, no longer encrypted.
We initially said, oh, there'll be around about 2040, 2050.
The greatest minds now say that's going to be about 2030.
So we believe that what nation states
and some cyber criminal groups are doing
is they're harvesting all the encrypted data right now,
because in 2030, they'll be able to read it all in the clear
and get all our bank details.
To read it all in the clear and get all our bank details
Is that the final question then is are we in control of this
Situation in any sense and by that I mean the potential the power of AI as you said the power of quantum computing
Are we in control and if not?
Then what do we need to do as a civilization to regain control? For me, we are, there is a control.
Are we totally in control?
It doesn't feel like it, you know, and that's a feeling.
It almost feels to me that this is running away from us, rather than us running towards
it.
And the follow-up question is, who is in control?
Whereas before, it would be countries negotiating with each other about where jurisdiction was.
You know, this is my territory, this is your territory.
The internet puts paid to all of that.
And actually a lot of the power lies in the hands of the big tech companies.
Whether we like it or not, they're the people that make the products that everybody uses and misuses.
We can regulate them as much as possible but more and more
we're seeing companies like Microsoft, like Meta, like Google asking to sit at
the table when the UN is deliberating on how cyberspace should be governed
recognizing that they have the power as well.
Individually, just I'd like to ask all of you, what are the little bits and
pieces you say, do you know what, just to protect yourself a little bit more, here is something that
when you log in is a good thing to do, when you're interacting with the internet etc. Yeah, so as
I've got older, the two things I'm stood up to is I use the same PIN number for all my cards,
because I can't remember all the PIN numbers all the time and I've also been guilty in the past and I'm being very honest
here of using the same password on multiple accounts. So my bit of advice is don't. If
you can somehow use a phrase, bespoke it with an extra word for each of your passwords,
that's the way I now remember it. As for pin numbers on all my cards,
I don't know what the answer is to that,
but try not to use the same one,
or write it on the back of a card.
Well, I know your debit card's 5672, isn't it?
So yeah, we've been doing a lot of work
while the show's been on.
Victoria.
Yeah, and definitely not the name of your first pet
and the year you were born,
particularly if you do those social media quizzes where they ask you the name of your first pet and the year you were born, particularly if you do those social media quizzes where they ask you the name of your first pet and the year that you were born.
Also keep your software up to date. I know it's annoying, but those folks whose job it
is to make sure that you can defend yourself technically against these threats, they are
updating that software all the time, please update and also just take a second I know it's really difficult take a second to think
where is that link really trying to send me when you do a test that says you've
got an IQ of 190 don't then order the certificate that costs 200 quid Alan what
about you what would your advice be I don't have much advice but what I do when I get the email that I'm suspicious of
I have a look at the email address that it's come from
and it's normally Jeremy68QZYNamibia
and I think, hang on a minute, that isn't Carphone Warehouse
so I just, you know, trust no one but I've been saying that for years.
Something I just have to pick up, Brian at one point you said anything
connected to the internet and you included your toaster. Is your toaster
connected to the internet? No my toaster is but dishwasher is. Okay, my dishwasher has the
capacity but I don't trust it so I haven't connected it to the Wi-Fi. I
don't have a dishwasher. So there we are. So thank you very much to our panel, Professor
Richard Benham, Professor Victoria Baines and Alan Davies. And do we do a round of applause there?
We'll have a little break. Yeah, let's do that.
Enthusiastic applause. It's been one of the most frightening in the monkey cages.
I think, yes, the conclusion is we're all doomed, I think.
Anyway, we always ask the audience a question, and this week we asked them, what's the password
for your online banking?
So it's the final episode in the series end up just being a two-part series
To be a helmsman for Brian in Rio
Really actually the question was what is the oddest breach of security you have ever experienced?
So this is cracking the code for Brian's face cream
It was an enigma. So there we are. are I like that yes my deteriorating pelvic floor that's a good password yeah this appears to be a true one I
think it's losing the keys to an armory and explosive store
Found in my daughter's toy car
I won't name. I won't give the name out
Professor Richard no, yeah Whenever my brother or I leave our PC unlocked the other will change the desktop
background to a picture of a
horse bum all fun and games for the work presentation later on
from Ross brackets 37 from Bletchley comma single
not otherwise come to me but they are He says he once had his bank account hacked
while he was on a Best Mate stag do
and he couldn't buy anything.
So that was good news.
Good time to have that.
This is another true one I think here.
Last minute confiscation of Polo mints
before entering high security prison.
For work, he says in brackets, just to be clear.
Polo mints are actually quite easy
to smuggle into prison due to, anyway, look, yeah, yeah.
Alan, you're next.
On a trip to Hawaii many years ago, every time we went through airport security, my husband...
Why would you keep going through airport security? It sounds like a habit, doesn't it?
Every time we went through airport security, my husband would tell them the man behind is a bit dodgy.
They stopped my dad and searched him seven times.
He just couldn't understand what was happening
that is an excellent trick so well next week we are discussing the science of
Pam Ayres with a hedgehog or the science of hedgehogs with Pam Ayres we
haven't decided yet one of the two So thank you very much for listening, bye bye.
APPLAUSE
In the infinite monkey cage, an ocean monkey, in the infinite monkey cage, without your trousers, in the infinite monkey cage. Turned out nice again.
Hello, I'm Greg Jenner.
I'm the host of You're Dead to Me, the Radio 4 comedy show that takes history seriously.
And we are back for Series 8, starting with a live episode recorded at the Hay Literary
Festival all about the history of the medieval printed book in England.
Our comedian there is Robin Ince.
And then we'll be moving on to the life of Mary Anning, the famous paleontologist of
the 19th century with Sarah Pascoe. Then it's off to Germany in the 1920s for an episode
on LGBTQ life in Weimar, Germany with Jordan Gray. And then we'll hop on a ship all the
way back to Bronze Age Crete to learn about the ancient Minoans with Josie Long. Plus, loads more.
So if that sounds like fun, listen and subscribe to Your Dead to Me on BBC Sounds.