The Cyber Codebreakers

BBC podcast is supported by ads outside the UK.

Hello, I'm Greg Jenner, host of You're Dead to Me, the comedy podcast from the BBC that takes history seriously.

Each week, I'm joined by a comedian and an expert historian to learn and laugh about the past.

In our all-new season, we cover unique areas of history that your school lessons may have missed, from getting ready in the Renaissance era to the Kellogg Brothers.

Listen to You're Dead to Me Now, wherever you get your podcasts.

Want to stop engine problems before they start?

Pick up a can of C Foam Motor Treatment.

C-Foam helps engines start easier, run smoother, and last longer.

Trusted by millions every day, C-Foam is safe and easy to use in any engine.

Just pour it in your fuel tank.

Make the proven choice with C-Foam.

Available everywhere.

Automotive products are sold.

Seafoam!

home!

You're about to listen to the Infinite Monkey Cage.

Episodes will be released on Wednesdays, wherever you get your podcasts.

But if you're in the UK, the full series is available right now, first on BBC Sounds.

Hello, I'm Robin Inks.

And I'm Brian Cox, and this is the Infinite Monkey Cage.

Today, we're at a location of great historical and mathematical importance, Bletchley Park.

Or are we?

The work done here is estimated to have shortened the Second World War by between two and four years.

Or did it?

And after decades of secrecy in the last 20 years, we've learned of the remarkable minds that made this possible.

Or have we?

What are you doing?

I'm being an Enigma machine.

So, yeah, the idea was, because Enigma, as well as being the name of the machine, also can mean being enigmatic.

And look, it doesn't matter.

He was unable to write a funny joke for the introduction.

That's a bit of a button.

Anyway, today we're not looking at the past, but towards the future.

The information technologies of the 21st century have created immense opportunities, but there's also a darker side.

How can these ubiquitous technologies be manipulated to influence us?

What is cyber warfare?

And how can we prevent malevolent forces turning our everyday devices against us?

To help us understand what we know we know, what we know we could know, what we can't know, that we don't know, we're joined by two leading authorities on cyber security and a former sleuth conjurer.

My name is Professor Richard Benham, and best known for being patron of the National Museum of Computing just up the road.

I'm also known for being a best-selling spy novelist, which was something that came to me later on in life, with a cyber twist.

So that was where my cyber bit came in.

And I'm Victoria Baines.

I'm professor of information technology at Gresham College.

I am also an erstwhile cybercrime investigator.

And the most surprising thing that people don't know about cyber technology is the money that some countries make from cyber attacks.

One of whom reportedly gets half of their GDP from cybercrime.

Ah, man.

I'm Alan Davis.

I'm a comedian and former sleuth conjurer.

And the most surprising fact I know about cybercrime is, and I know this because I know someone who's in the Royal Signals who are at the forefront of cyber warfare, and the rest of the army refer to them as chair force.

And this is our panel.

Now, Victoria, so this this term cybercrime, cyber warfare, we probably I think most of us think of teenagers probably in their bedrooms trying to hack computers.

But you alluded to it in your introduction that now it can be states as well.

So, can you give us an overview of who is conducting cybercrime and cyber warfare?

What is it today?

Well, I think the term cyber is really unhelpful.

It's a made-up word.

It comes from ancient Greek.

It's what a helmsman does when he's piloting a boat.

And all of a sudden, through science fiction,

all the folks who work in what we used to call information security, computer security, go, no, I'm a cyber warrior now.

I'm defending the galactic universe against all these different cyber threats.

Through Radio 4, the origin of the word, it's a helmsman.

Yeah, so I'm a recovering classicist, and so I'm really interested in the origins of how it comes about.

It's Norbert Wiener's 1948 definition of cybernetics, regulatory systems, mechanisms to regulate animals and machines.

And through that, that cyber prefix then gets stuck on everything.

But to your question about what actually is it, it's really a spectrum of activity.

And at one end, we have nation-states engaged in cyber warfare and old-school espionage as well.

So, you know, if we're thinking about War Games, another movie that lots of us watched in the early 80s, the idea that you could hack into the Pentagon and say, Do you want to play a game of thermonuclear war?

You know, it's that kind of attack, attacks on critical infrastructure, the things that keep the country running.

And at the other end, we have that profit-driven cybercrime, which is just making a fast buck out of other people.

The trouble is that 10 years ago, it was a lot easier to distinguish the guys who were the nation-state actors and the guys who were trying to make a fast buck.

But now, when a company or a person even or a country experiences a cyber attack, they don't actually know the intent of that attack.

Is it to steal trade secrets is it to take down their hospitals or is it to get some money out of them and that's really challenging for those of us who are responding to it because we actually don't know whether it needs to be the army sometimes or a cyber security center or the intelligence services or plain old coppers and we should try do you want to try and guess which nation state it is what is it 50 not the isle of man i should say which nation state is it

i think it's going to be some small remote island.

It might be in the Caribbean, could be in the Indian Ocean, could be the Seychelles.

I think it's quite a good guess because what we do see is we see kind of dastardly cyber criminals using small island web domains to launch their attacks from.

So, you know, you might be an attacker from France, but you'll use Vanuatu or Togo's web domain just to obscure where you're really from.

And you park your billion-dollar yacht at the end of the jetty, so then you can be a mobile state when everyone's off yeah and that's not obvious at all no um

this is how we investigate cyber crime we look for the yachts um

with a helmsman obviously

ideally with a cyber helmsman yeah um in this case it's north korea

and you could say well you make that noise but did any of you guess it

three hands up three north koreans here and you could say well they probably don't have a very large gdp so we're talking proportions rather than absolute amounts.

But the United Nations last year, they launched an investigation into North Korea because in the years 2017 to 2020, they amassed 3 billion US dollars just from 58 cyber attacks.

Wow.

And is that ransom stuff?

Are they getting into companies and getting paid off for pinching data?

Ransomware, quite often.

You know, again, we like to make up words in cyber security.

So it's malicious software that locks your files and says, right, if you don't pay the ransom, you're not going to get your files back.

Actually, what tends to happen is that you pay the ransom and you don't get your files back, strangely enough.

And just to go on Vic's point as well about crime, cyber warfare is something else, and it seems to have materialised.

And I am a military officer

as a part-time role.

And one of the things we look at is obviously the threat landscape posed by other state nations.

And it's increasing.

And the simple reason it's increasing is cyber warfare is really cost-effective to do, far more cost-effective than having lots and lots of nuclear weapons.

And again, one of the good bits of news that I always like to share is I think that the world that we will go into will actually become safer because of cyber warfare.

We just need to negotiate our way there before anybody does anything silly.

Richard, if we look at the history, because we're here at Bletchley Park, so would it be right to characterize the Enigma machine, the use of codes, code breaking?

Is that really the first historic instance of what we might call cyber warfare?

I think it's the best known.

I think there are arguments before that people have used technology, used coding.

Certainly, ciphers,

even in Greek times, people were using ciphers to transfer messages.

So, wasn't there something where they tattooed the head, let their hair grow, and then when they went, they ran to the other person, shaved their head off, and then the the message would be on the top.

So, I think this whole spit about

Jeff, this is

I thought that was passed over with too much ease.

Right, run me through this story, right?

So, so, so, I need to get a message.

How long go?

It only has to be there in about three months, but it is quite important, and it's very secret.

So, shave the head, yeah, tattoo the message on the head, let the hair grow.

Obviously, there's an assumption there that the hair is going to grow fast enough, and that they're not challenged.

Secondly,

and secondly, that there's a period of time before hats, yeah?

Yeah, right, okay.

So there's also the challenge of the time, the time taken to get from one place to the other so that the hair grows, and then at that point gets shaved off, and then they can read the message because it takes a lot of sense.

So you don't wait until your hair is grown and then get on the ship.

You get on the ship under the assumption that it's going to take two months to get to the

hair on your head grow faster than the hair on your chin.

I suppose you could do it on your chin.

I think to do it.

You've got to have it tattooed on your chin.

You could do.

I now regret that question about this.

How has this never been in any films?

Do you know what I'm?

I'd have shaved the side of a dog and put the message on the dog and then the dog's hair grows back and then you send the dog.

You don't need to have anyone interfering with your head.

You can do feathers grow because you could do it on pigeons.

A pigeon, you could do a pigeon.

Small message.

Do you know what you can do with a pigeon?

And I believe some people have.

They put a little message in a little ring now on a bit of paper and they let it fly.

Don't start plucking.

I've got another pigeon.

Just put the message.

I've got a thing on the floor.

There you go.

What we have to do.

How are we going to get these boats?

Do you remember what the question was?

Yeah, I thought I'd asked a very, you know, a simple question to connect the location of this recording to the history of cyber warfare.

And we've ended up with something to do with plucking dogs.

Wow.

Coming back to cyber warfare.

Yes, you want.

Yeah, yeah, yeah.

So, what we're seeing is that cyber warfare is getting a bit woolly now.

So, whilst that's state against state, and as Victoria said, a lot of criminals are involved, you get the state sponsoring criminals.

So,

terrorism is another word that's banded around with the word cyber cyber terrorism, which is effectively using cyber machines to damage your enemy.

So, to cause mayhem to break systems, to break their infrastructure.

And then that's almost gone one step further, and North Korea being a good example, where you get economic cyber terrorism, which is effectively terrorizing the system, but doing it to either economic advantage or economic disadvantage.

So the city of London suffers from this a lot because there are many, many foreign countries, particularly the Chinas, the Russians, North Korea, Iran, who would like to bring the City of London down.

The only thing that currently stops that from happening to a large degree is a lot of them have got their money deposited there.

So it sort of self-regulates itself.

But if it wasn't, it would come under a lot more sustained attack.

So, this idea that someone, a state or an individual, can hack into the computer system essentially.

So, what are the most common failures in security?

Well, we quite often in cybersecurity to talk about the holy trinity, which is people, process, and technology.

And a vulnerability in any one of those three means that you're not 100% secure.

Now, spoiler alert, nobody is 100% secure.

What we do is we try and put in enough measures in place that we reduce the risk of some of the most common and hopefully some of the most sophisticated attacks.

But if someone is really persistent and they put a ton of money behind it, say with state backing and they've got an entire army unit working on this stuff, they'll get in.

It could be things like identity management.

It's making sure that the only people who can have access to your systems are the ones that should have.

That you haven't given it to somebody's sister because you used their tablet in COVID.

You can have a failure in the technology because new types of malicious software are being developed all the time, and that's where all those antivirus companies are racing to develop the antidotes to that.

You also have kind of technical vulnerabilities in operating software.

People make mistakes when they're writing code, and companies have to race to patch those.

But then, of course, you have the vulnerability and the people, and that's the social engineering part.

And that's why things like phishing still work because we fall for stuff.

Kevin, can you just define phishing then?

I hope I'm not going to trigger PTSD because

we've all suffered this stuff, right?

It can be things that are based on something that you really want.

You know, so your boss sends you an email and says, hey, you're employee of the month, just click on this link.

You have won a massive yacht.

It does tend to be a massive yacht in very many cases.

Or it could be romance, of course.

And people quite often say, well, why are people so stupid as to fall for the hot girl that says, hey, you look nice.

Do you want to get on webcam?

Well, because they might have just split up with their partner.

They might have had a few beers.

We're all vulnerable at certain times in our lives.

But also, fear.

Fear is a really big tactic.

The scam of people ringing up and saying, hi, we're Microsoft Help Desk.

We can see your computer is vulnerable.

Well, yeah, we want to fix that.

Of course, we're vulnerable.

And of course, we will then be driven to do something in a panic.

We're quite often told that it's time-limited.

You need to do it right now, otherwise, something terrible is going to happen.

It's human manipulation tactics.

You do get trends, don't you?

I mean, there was a time when everybody's bank was ringing them up and telling them that their bank account was compromised, and what were their last few transactions, and then keep you on the phone for ages until you give away you give away your sort code and then you start to think, Hang on a minute.

Have you ever been scammed?

Oh, you got relentlessly.

At Christmas, I had three Christmas lists for my three children and I found a website that had every single gift on the site from all three lists.

This was heaven, including a Lego set that's no longer made.

And I nearly gave them four hundred and fifty-seven quid, and then I thought, this is unlikely.

I had one scammed on a PS5 about two years ago, that was 400 quid down this morning.

And artificial intelligence is changing all of this because we used to say to people, you can spot a phishing email because the grammar's not quite right or it's got some funny type funny spelling in it.

Well, of course, scammers are using ChatGPT now to write their phishing emails, which look perfect.

So we're having to find different ways to show people how to spot that something might be a scam.

Richard, when we talk about really big cyber attacks, so it be infrastructure attacks, or as you said, attacks on state security infrastructure, for example,

do we know what the proportion is that are successful?

So, do we know where the biggest vulnerability is?

Yeah, so it always used to be in the systems itself, and a lot of it, particularly

like NHS, government departments, banks in particular, have a large number of what's called legacy systems, so old systems.

And when they were merging, growing, nobody used to spend on the IT, they just used to bash the two together, connect them with a wire, put something over the top, and then carried on.

And as long as it worked, it was fine.

And there was always a day of reckoning for that, and we sort of saw that in the last 10 years when most of the attacks were directed at the computer itself.

But that's changed.

And I think the big thing that caused the change was the introduction of the iPhone and also 4G.

So when those two things came together, I think it was 2007, 2009,

it changed the the whole idea of what an IT attack, what a cyber attack was.

It was no longer attacking IT, it was attacking the individual using the IT.

The whole nature of attacks changed.

And so, what we see today is not so much attacks on these big systems, but what we see are individual attacks now because it's easier, it's more profitable.

And the human vulnerability just means that it's just an easy target for cyber criminals.

Put on top of that, social media manipulation of people as well, And the whole thing is turning into not a nice place

at the moment because it's not just about money, it's also about manipulating people.

We're seeing it manipulating outcomes of elections.

So that's broadening the definition of cyber criminal.

It is, and it does, and that's what's happened to cyber.

As a definition, it's gone from being IT security now to almost a human-based threat that encompasses everybody.

We are now all on the front line for nation-state attacks.

If you're

the Russian internet research agency and you want to manipulate the results of an election, you do it on social media.

You say, oh, the Pope is voting for Trump, etc.,

which they did in 2016.

And those are the places where all of a sudden we become the attack vectors for attacks on other people.

Alan, we've seen that people can be manipulated into some very eccentric ways of thinking.

Do you think that's because this speed of delivering information seems to have made people tremendously susceptible and I'm sure part of their brain is going, this can't be true, but this cognitive dissonance just seems so vibrant.

I think what's coming to my mind now is it's now become almost impossible to contact an actual human being with any company that you're dealing with.

My Twitter account was hacked by a Bitcoin scammer.

And I couldn't do anything about it.

And they hacked into my email and I lost my, I had about 800,000 followers or something.

I wasn't one of the big fish in the ocean, but quite a lot of people, and it was very helpful for me if I was doing a tour or something.

So I lost them all.

And then I couldn't get back into the account.

And then they said, we suspect you are

a bot or something else.

And we don't know who you are.

And I responded, Google me.

I mean, I'm not hard to come by.

But at no point in that process could I ever communicate with a human being.

And you can't communicate with a human being with almost any company that you're dealing with.

I don't know what the long-term effect of all this will be on people as humans.

I really start to think if you sit at home and you rely on this machine so much and it does so much for you, does all your shopping for you, does everything for you know, all your kids' appointments, everything to do with school, everything is in this thing.

And you start to think, hang on a minute, it used to ring up, didn't you?

Does that, Victoria, make us far more vulnerable to cyber attack?

The fact that we're becoming ever more reliant on machines, machines, be it the phone or whatever it is, that is

possible to hack these things.

It's possible to hack your fridge, I guess, or your toaster or anything, anything that's connected to the internet.

We're absolutely so reliant on digital technology for everything, you know, how we get about how we do our work.

But what I would say is that we're probably better prepared to defend against cyber attacks than we are to defend against mistakes.

And we saw a really good example of this over the summer when CrowdStrike had a bug in a piece of its software that was used to secure many millions of machines all over the world.

It was, ironically, it was cyber security software.

When this was initially reported, when everybody got the blue screen of death, when airports couldn't function anymore, everyone said, oh, it's a cyber attack.

It wasn't a cyber attack, it was a mistake in a piece of code that took down all of these millions of machines that had to be manually rebooted.

So, in many respects, the most dangerous person in the world is the software engineer that hasn't checked his code.

Here at Bletchley Bar, and they suddenly you can crack the code, the Enigma machines.

And one of the problems then is: what do you do with that knowledge?

You don't want the other side to know that you've cracked it.

So, then you have to be very careful.

Does that still apply for the military now?

Can we keep it a secret that we found it out?

Yeah, no, absolutely.

A misinformation is as important as information.

So sometimes you'll allow an attack to carry on on the basis that you can twist it round and ping it straight back.

So the route coming into you also becomes the route back into the enemy.

That's quite common.

So you'll get a Trojan, then you'll ping a Trojan back on the information going back.

It gets quite complicated, but absolutely, basic warfare stays the same.

Could you define that word, by the way?

There's a lot of jargon in this area.

So Trojan.

Trojan, yes, sorry.

So So, if you go back to Greek times, I'm seeing in your classics here.

A Trojan horse was where the Persians or the Greeks were attaching Troy.

And the idea was to present a gift of a nice big wooden horse, and inside it were hidden a load of soldiers.

Obviously, seeing it as a gift, the fort opened up, took it in, and then all the soldiers came out in the middle of the night and killed them all.

And that analogy is used quite often in cyber security, where we'll send something to someone that looks innocuous.

So, it may be a nice photo, it might be a nice little program that does something, it can be anything at all.

The important thing is that the person receiving it sees it as a gift.

No sooner do they download it and put it on their machine than we can open it up from afar and see what they're up to.

And certainly, when I worked in the intelligence services, there was a lot of that going on in the early days.

And even today, I can't speak for GCHQ or any of the agencies because I'm sure that's what I'm saying.

Well, that's what you say.

Of course, you'd say that, wouldn't you?

Many of them are here tonight, I suspect.

But certainly, as a tool in the armoury,

that's always a good one, Atroja.

And we do the same with profit-driven cybercrimes.

As soon as you arrest someone who's in, say, a forum on the dart web, you can take on their persona and then you can catch what everybody else is up to.

And there are quite a few operations over the last few years where folks like Interpol and Europol have cooperated with, say, the National Crime Agency here in the UK to take down those forums, but only after they've got all the data from them.

You know, in terms of security threats,

we hear about the big high-profile failures, but it sounds as if you're both saying that there's an awful lot going on and we're reasonably very successful at preventing most of it.

And part of the reason for that is that quite a lot of the time when a cyber attack happens, we just don't know.

So it's not like a murder where you have a body and you can immediately go around and interview the immediate family, who might have had a grudge against the deceased, etc.

And it's not like a burglary where you, you know, you know what's missing and you have the traces.

Sometimes, all you have is the logs that show that something suspicious has happened.

And it can take several years to find out who the people are

behind a cyber attack.

And even then, if they happen to be

a member of the Russian army or a member of the Chinese army, they're not going to be brought to justice.

So, we have this dark space a lot of the time around what's actually going on.

It can take time to work out.

And I suppose, Richard, if you're successful as a state, let's say, of hacking into or accessing the computers in another state and it's working, you'll just keep going, right?

So you do.

And actually, the word Trojan is very appropriate again because it can stay there for a long, long time.

You know, there are cases where a Trojan has stayed in military systems for up to 10 years before it's been activated.

And sometimes they're they're so clever that you're never going to find them either.

That's one of the other challenges we face: it's become so, so sophisticated now that even to defend and come up with these programmes that defend us against it is really challenging.

And the fact that we don't know who these people are a lot of the time means that we come up with some really strange naming conventions.

One set of researchers has come up with names based on animals and their national affiliations.

So APT 28, the folks folks who in Russia hacked into the Democratic National Committee in the US, are also known as fancy bear

because they're from Russia.

In China, we have aquatic panda.

What are you having, Alan, when you start to do all this stuff then?

Have you got a nice

lower back pain?

Thinking of the fact that, you know, there are many pictures of Alan Turing around the site that we're on now, obviously in Bletchley Park, and that that idea of the Turing test of the ability to see that you are not actually communicating with another human being and some of the scams that you were talking about.

Do you think that that's one of the things that we're just not able now to see that something is algorithmic programmed?

It's not a human being that you're communicating, that that's a skill we've lost.

The only skill we appear to have acquired is now to not trust any communication at all from anyone and never to click on any link, on any text message, or any email ever.

And I imagine that eventually, again, 10 years, everyone will be writing letters again.

I'd like to find out that in years to come, you've stopped using computers, and every time you get ramped, can you send that script now?

And suddenly, 40 men with razors arrive and go, Alan's written it all on us.

There we go.

There's the whole, hang on, we have to get in the right order as well.

I think I'm act one, I can't remember.

It's almost paradoxical, isn't it?

So, as we move into this future, I've been far more integrated, everything's online.

Is it going to be the case that we just become completely reliant, or is it the case that we're going to step back because of fear?

So, I wrote a paper on this back in 2015.

Nobody read it, but yeah, but I wrote it and it was called the cyber paradox.

And it was exactly that.

As we become so dependent, as the data becomes so critical and so vulnerable, we'd actually revert back to carrier pidgin or even manually carrying

data written down

between two points.

And I know that in some security agencies, for instance, information is so vital that they actually write it down, put it in a locked box, drive it with a guard, and then they open it at the other end, rather than relying on, say, Wi-Fi or the internet.

The vulnerabilities are just too big for that type of data.

Is this part of the behavioural change then, Victoria, that we will have to accept that there is no such thing as secure electronic communication?

The good news, I think, is that the technology keeps up with that.

The security technology keeps up with that.

So all of us who have junk email folders know that there are technical signals that our email providers are looking for, where they can say, well, that looks a bit dodgy.

I'm going to stick that in a folder so that you don't inadvertently click on it.

AI is doing something smarter than that now, which is automated cyber defense, looking at the patterns in the text that's being sent, looking at the clusters of where some of this badness is coming from, and reacting to it, taking it down before humans even need to be manipulated.

So, are we essentially just sitting back and letting different AI systems fight against each other in some kind of arms race?

I mean, that's both the concern and the aspiration, I think.

More and more, we're seeing automation being used both in attack and defence.

But as we saw with the recent glitch in CrowdStrike cybersecurity software, we also need human eyeballs on this to make sure it's being checked before it goes live.

If you fire a missile,

is there a risk halfway on its journey that the enemy could hack it and send it back to you?

Yes.

Is this going to put people off firing missiles?

Yes, and that's

the point I alluded to earlier.

You know, the cyber warfare will overtake conventional warfare.

Once you control the systems, you can use someone's weapon against them even before it's launched or whilst it's being launched.

And that's been worked on hugely at the moment.

And that's good news, in my view, because it is taking away a level of risk.

It's like I said before, we've just got to get to that point before anybody does anything stupid.

Remember, in war, if someone attacks another country and you destroy that other country, all you've inherited is a barren piece of land with no value.

So, the art of warfare is quite often to invade without huge cost, but to then take control.

And cyber warfare is very, very good at that.

And quite a lot of the time, that work is outsourced to jobbing cyber criminals.

So there was a famous story a few years ago where journalists went to the source of a lot of the misinformation that was being spread on social media during times of elections in particular.

And what they found was that a lot of this was being put on social media by teenagers in North Macedonia who didn't know who they were being paid by, and they were doing it to buy trainers and to go away for the weekend.

So it's that idea of: we think these are, you know, nation-state masterminds, but actually, there's a whole cyber-criminal underground economy where you can say, well, I can write this bit of code and I can leverage this set of people, manipulate them.

It sounds to me that the answer is something that we've established in our house, which is for teenagers, there are no screens in the bedroom.

And if they just had that in North Macedonia, none of this would have happened.

Absolutely.

It does sound that it's an almost futile arms race.

Ultimately, between AI, it's just we can always sit back, presumably, and let them get on with trying to hack each other.

But so, where is the future if you look into five years' time, ten years' time?

So, if I was being pessimistic, I think 60% of the world's population have access to a mobile phone.

Perhaps that 60% is the ones that will end up demising because we effectively then almost end up destroying ourselves.

And the 40% that have lived almost primitive, basic lives almost inherit the earth there afterwards.

That is a pessimistic look at it.

That is pessimistic.

But yeah,

especially because you were talking about, oh, there's a new phone that's come out today, was exactly what you're doing.

But that is one way it could seriously go.

And the point I was making is those without it are probably better off because they have more stable systems, they have things in place.

Whereas we're so dependent on it for our whole every way of living, the technology, that if it fails us in any way, we're almost doomed, I would suggest.

I would frame this slightly differently.

I just thought I would cheer up.

We're almost doomed, I would suggest.

And with that, thank you for listening.

And that's terrifying because it's gardener's question time.

But it gave me this image of Elon Musk as Colonel Kurtz in Apocalypse Now or Heart of Darkness, this kind of ugh.

Sorry if it wasn't.

So I would argue that because we're so reliant on technology, because there are going to be more people walking around who are physically, bodily, physiologically connected to the internet,

because we're going to have, we already have to a certain extent, the massive internet of things, because

we are so dependent, critical thinking in humans has never been more important.

We might need to develop new skills.

So, thinking about trust and authenticity, we need some other means to identify things that don't smell or feel quite right.

So, it is that kind of you know, that Chomskyan thing about, you know, how have they got power?

You know, who is it who, you know, where does their wealth come?

All of those things, that critical questioning.

Trust no one.

It's almost as if Alan Wish had developed something like a sort of an education system.

Yeah, it's a good idea when everyone from a young age would attend institutions that were organised to improve their knowledge and understanding of the world

in a community.

So they've

been secure and they could share the knowledge, speak, use pay for

we've had a, we're all doomed from Richard.

What was your

I think I've just got more of the Terminator 2 blade runner scenario going, which is humans will save mankind.

What was your message to the listeners and their children?

Yes, Skynet is not real.

It's a fiction.

It's ten years away.

Well, but we could pick up on that because Rich is nodding

at your joke.

It's 10 years away.

I'm actually taking it seriously.

I'm thinking, does he know something I don't?

But

I'm with you on it.

Even as a science fiction writer, I'm really struggling to anticipate what the next 10 years

is going to give us.

I mean, I find it equally difficult when we're thinking about something like quantum and how quantum computing is going to impact on cyber security.

There's this fabulous thing called Y2Q.

If you remember Y2K and the millennium bug, Y2Q or Q Day is the date on which quantum computing will decrypt current encryption standards.

So all of our messages will suddenly become no longer secure, no longer encrypted.

We initially said, oh, that'll be around about 2040, 2050.

The greatest minds now say that's going to be about 2030.

So we believe that what nation states and some cyber criminal groups are doing is they're harvesting all the encrypted data right now because in 2030 they'll be able to read it all in the clear and get all our bank details.

The final question then is, are we in control of this situation in any sense?

And by that I mean the potential, the power of AI, as you said, the power of quantum computing.

Are we in control?

And if not, then what do we need to do as a civilization to regain control?

For me, we are, there is a control.

Are we totally in control?

It doesn't feel like it, you know, and that's a feeling.

It almost feels to me that this is running away from us rather than us running towards it.

And the follow-up question is: who is in control?

Whereas before,

it would be countries negotiating with each other about where jurisdiction was.

You know, this is my territory, This is your territory.

The internet puts paid to all of that.

And actually, a lot of the power lies in the hands of the big tech companies.

Whether we like it or not, they're the people that make the products that everybody uses and misuses.

We can regulate them as much as possible, but more and more we're seeing companies like Microsoft, like Meta, like Google, asking to sit at the table when the UN is deliberating on how cyberspace should be governed, recognizing that they have the power as well.

Individually, just I'd like to ask all of you, what are the little bits and pieces you say?

Do you know what, just to protect yourself a little bit more, here is something that when you log in is a good thing to do when you're interacting with the internet, etc.

Yeah, so as I've got older, the two things I must earn up to is I use the same pin number for all my cards because I can't remember all the pin numbers all the time.

And I've also been guilty in the past, and I'm being very honest here, of using the same password on multiple accounts.

So, my bit of advice is don't.

If you can, somehow use a phrase, bespoke it with an extra word for each of your passwords.

That's the way I now remember it.

As for pin numbers on all my cards, I don't know what the answer is to that, but try not to use the same one or write it on the back of a card.

Well, I know your debit card's 5672, isn't it?

So, yeah, that's the we've been doing a lot of work while the show's been on.

Victoria.

Yeah, and definitely not the name of your first pet and the year you were born, particularly if you do those social media quizzes where they ask you the name of your first pet and the year that you were born.

Also, keep your software up to date.

I know it's annoying, but those folks that you know whose job it is to make sure that you can defend yourself technically against these threats, they are updating that software all the time.

Please update it.

And also, just take a second.

I know it's really difficult.

Take a second to think, where is that link really trying to send me?

And when you do a test that says you've got an IQ of 190, don't then order the certificate that costs 200 quid.

Alan, what about you?

What would your advice be?

Well, I don't have much advice, but what I do when I get the email that I'm suspicious of,

I have a look at the email address that it's come from, and it's normally Jeremy68QZY Namibia and I think hang on a minute that isn't Carphone warehouse

so I just I don't you know trust no one but I've been saying that for years something I just have to pick you up Brian at one point you said anything connected to the internet and you included your toaster is your toaster connected to the internet no my toaster isn't my dishwasher is oh okay my dishwasher has the capacity but I don't trust it so I haven't connected it to the Wi-Fi

I don't have a dishwasher so there we are.

So thank you very much to our panel, Professor Richard Benham, Professor Victoria Baines and Alan Davis.

And do we do a round of applause there?

We'll have a little break.

Yeah, let's do that.

Is it this enthusiastic?

Well, it's been one of the most frightening in the monkey cages.

I think the

conclusion is we're all doomed, I think, is it?

Anyway, we always ask the audience a question, and this week we asked them, what's the password for your online banking?

So, this is the final episode in the series, which ended up just being a two-part series.

And

I'm off to be a helmsman for Brian in Rio.

Actually, the question was: what is the oddest breach of security you have ever experienced?

So, this is cracking the code for Brian's face cream.

It was an enigma.

So, there we are.

I like that, yes.

My deteriorating pelvic floor.

No, no, no, Brian.

Just do the answer you want on the page.

That's a good password, I think.

Yeah.

This appears to be a true one, I think.

Losing the keys to an armoury and explosive store

found in my daughter's toy car.

I won't give the name out.

So Professor Richard notes.

Whenever my brother or I leave our PC unlocked, the other will change the desktop background to a picture of a horse bum.

All fun and games for the work presentation later on.

I've got one here from Ross, brackets 37 from Bletchley, comma,

single.

I don't know why it's come to me, but there you are.

He says he once had his bank account hat while he was on a bestmate stag do and he couldn't buy anything.

So that was good news.

Good time to.

Another true one, I think, here.

Last minute confiscation of polo mints before entering high-security prison for work, he says in brackets, just to be clear.

Polo mints are actually quite easy to smuggle into prison.

Anyway, look, yeah, yeah, Alan,

on a trip to Hawaii many years ago, every time we went through airport security, my husband.

Why would you keep going through airport?

That sounds like a habit, doesn't it?

Every time we went through airport security, my husband would tell them them the man behind is a bit dodgy.

They stopped my dad and searched him seven times.

He just couldn't understand what was happening.

That's that is an excellent trick.

So, well, next week we are discussing the science of Pam Airs with a hedgehog or the science of hedgehogs with Pam Airs.

We haven't decided yet.

One of the two.

So, thank you very much for listening.

Bye-bye.

In the infinite monkey cage.

Feeling that nice again.

Hello, I'm Greg Jenner.

I'm the host of Your Dead to Me, the Radio 4 comedy show that takes history seriously.

And we are back for series 8, starting with a live episode recorded at the Hay Literary Festival all about the history of the medieval printed book in England.

Our comedian there is Robin Ince.

And then we'll be moving on to the life of Mary Anning, the famous paleontologist of the 19th century, with Sarah Pascoe.

Then it's off to Germany in the 1920s for an episode on LGBTQ life in Weimar, Germany with Jordan Gray.

And then we'll hop on a ship all the way back to Bronze Age Crete to learn about the ancient Minoans with Josie Long.

Plus loads more.

So if that sounds like fun, listen and subscribe to You're Dead to Me on BBC Sounds.

Hello, I'm Greg Jenner, host of Your Dead to Me, the comedy podcast from the BBC that takes history seriously.

Each week, I'm joined by a comedian and an expert historian to learn and laugh about the past.

In our all-new season, we cover unique areas of history that your school lessons may have missed, from getting ready in the Renaissance era to the Kellogg Brothers.

Listen to You're Dead to Me Now, wherever you get your podcasts.

Suffs, the new musical has made Tony award-winning history on Broadway.

We demand to be hosted.

Winner, best score.

We demand to be seen.

Winner, best book.

We demand to be quality.

It's a theatrical masterpiece that's thrilling, inspiring, dazzlingly entertaining, and unquestionably the most emotionally stirring musical this season.

Suffs.

Playing the Orpheum Theater, October 22nd through November 9th.

Tickets at BroadwaySF.com.

Each week I'm joined by a comedian and an expert historian to learn and laugh about the past.

In our all-new season, we cover unique areas of history that your school lessons may have missed, from getting ready in the Renaissance era to the Kellogg Brothers.

Listen to Your Dead to Me Now, wherever you get your podcasts.