 All right, I'm surprised so many people are here. Thanks for coming guys. Congratulations on making this far. I'm Justin Morehouse. This is Tony Flick. And we're doing Getting Social with the Smart Grid. We're going to go pretty fast, because in all of our times, we were over 50 minutes. So we're going to go through the useless stuff really quick. For the short, I lead the assessment team at a large retailer. I enjoy collecting a Hawaiian named Basenjis. That's my guy, Kiyoki. And the World Cup really made me angry. All right, I'm Tony Flick. I'm a principal firm associates, a security services company. Some people know me by the baby face of InfoSuck. And if you couldn't tell by the picture, I'm a huge Maryland fan. I am not a fan of Duke. Or maybe I just like to make little kids cry. So why are we presenting? That's a phrase I always use a lot, is just because you can doesn't mean you should. We think that this may be a case of that. Basically, the potential benefits of the social networking and smart grid are pretty cool. But like almost anything and everything related to tech these days, we got to think about it before we start tweeting our energy usage and whatever you call it when you update MySpace and stuff like that. So about the presentation, it's somewhat technical. It's somewhat theoretical. If you're here to see some awesome tech stuff, you're probably going to be disappointed. But it's some pretty obvious stuff I think is pretty relevant. It's an exercise in evangelizing common sense. And we have two main goals, really. To raise the awareness where social networking and smart grid are going and where they are and why they're going and where they're going. And to hopefully get everyone here involved to get the decision makers involved, so they can build in security before this thing gets too big, too quick. All right, so everything that we say, show, imply, it's not the opinion of our employers, friends, dogs, singrass, DEFCON, et cetera. We're going to be showing you some tools later on in the presentation. Our intended use for them is to audit your own energy usage, not illegal behavior. And this disclaimer was not approved by Lionel Hutz. All right, so how do we actually get involved? So I tend to mooch off of Justin for his NFL Sunday ticket. He doesn't know I didn't get it this year, so. But basically, we had a lot of conversations about the smart grid, just due to the fact that how much press it was getting. And that kind of led to my talk last year at Black Hat and DEFCON, which then led to a book called Securing the Smart Grid. Thank you. She's in the float. She only won. And basically, there's a chapter in the book that's on social networking in the smart grid. And basically, that's the basis for this presentation. All right, so let's start talking about it. Let's actually start doing the presentations talking about it. For the three people in the room, I don't know what the smart grid is. According to Wikipedia, which is an awesome resource, and it sucks when you can't use it when you're writing a book. But it delivers electricity from suppliers to consumers. Sounds kind of like the current grid. But the big deal is bidirectional communication. Two goals, save energy, reduce cost to produce energy. There's also some other goals of increasing reliability and transparency, kind of afterthoughts. So kind of what got Tony and I interested in the smart grid and what we're hearing in the media is stuff to the effect of my dishwasher. We'll talk to the energy company and decide when it's best or cheapest for me to run. Or you can get a lower energy bill if you allow the utility company to turn up the temperature in your house during peak load times. Kind of what I'm envisioning is I'm walking out of work. And the GPS on my phone tells my architecture home to crank up the AC so I can get home and have some makers and enjoy in 76 to be weather. There we go, there we go. And finally, my neighbor down the street, he's gonna get busted for his growing operation based on his relatively large energy consumption when compared to his neighbors. They don't really say that, but that's gonna happen. So big deal, smart grid deployments, I'll let Tony talk about them. Trying to steal my slides. All right, so all the talk about the smart grid, smart meters, it's kind of useless unless it's actually getting deployed. Just to kind of give you some background information. In Austin, about 160,000 smart meters were deployed by 2009. Are they? We'll get through the slide first. So there's about 2.3 million in California by the end of 2011 and one million in Miami-Dade County, Florida by 2011. Basically, the point is from this slide is either you already have a smart meter in your house or you're eventually gonna get one. Basically, it's coming. All right, so bear with me here. This is gonna end really bad, I can tell. Yeah, thanks. This sucks. That's really lame. All right, I mean, I got nothing better. I guess I can keep going with it, but it's gonna suck. Yeah, because it was totally different than what we did the first time. Max are awesome. Yeah, so Friendface, that's my favorite site. It says in case you never heard of social networking, 500 million users on Facebook. Is anybody here still use MySpace? I've got some alcohol if you do. All right, good call. Well, apparently, 57 million people in the US still use it and we actually, like, we cited our stuff, which is really weird, but that's, we're not making that up. And a really surprisingly low number, I thought, was only 600 tweets every second. So why the smart grid and social networking? Why are they gonna hook up anybody? What is, what's advertising lead to? Come on. People's, blow anyone? There we go. Money, it's money, knock up, well, maybe cocaine, but it's money. Money leads to cocaine. Money leads to cocaine. It's a new man. So how are they gonna make money? By then, I mean, not us. Smart grid market in 2010, $23 billion. Little chunk of change. You guys, you know, this is kind of what got us involved, $3.4 billion in grants from the federal government last year. Unfortunately, I haven't seen any of that money and I'm still working for a grocery store, so. Private industry matched that with 4.7 billion. So what does that mean? There's a lot of money in the smart grid. Facebook worth 11 billion. IPO, I just saw today, got pushed to 2012 because they wanna make more money. 2.2 billion spent on social networking, advertising alone in 2009. What does that mean? Lots of money in social networking. Put the two together. So how are we as consumers gonna save more money? Well, how are we theoretically gonna save more money? So social networking for smart grids, you know, leverage platforms we're already familiar with, like Twitter and Facebook and Android and iOS if you can get to work on your 3GS fast enough. It doesn't supposedly cost us anything monetarily. It might very much so in the privacy, which we'll get to. But again, the theory there is the more we use social networks to monitor and share our energy, the more we're gonna do to minimize our energy usage because our friends use less than we do when we want that social guilt in theory, of course. So why are we really gonna use social networking in this market? I don't know if you can see there, but Leo's actually wearing a shirt that says Leo on it. I couldn't find a shirt that had my name on it, but I tried to. But we really think so, why are people gonna use it? It's gonna be kind of like, look how green I am. That really is gonna be like, look how cool I am, that social guilt aspect that everyone else has going on. And I actually wanna save some money. So why are the companies actually gonna do, actually support this? I mean, look at this stuff. I mean, I'm sure you guys have seen these bags. I'm sure you own a bunch of them. But they basically gonna say, hey, look how green we are, which means we have a conscious, which means we care coming by our stuff. All right, so how are they actually gonna do it? So this is pretty much my favorite smart meter company, Yellowstone. They're located over in Germany. And they decided that they didn't like any of the smart meters on the market. And so what they did was they designed their own and it actually rides on the back of the consumer's home broadband connection. So when the utility company is, Germany likes to ride on the back of their consumers. So basically they do like to use the home broadband connection because it's already there. And they can remotely manage the smart meter, all your energy usage information, really turning on, turning off, smart meter over the home broadband connection. So internet accessible, anyone? So I'm not even gonna try to pronounce it, but each one of their smart meters, also has the ability to communicate with Google Power Meter and Twitter. So basically every one of their smart meters has a Twitter account for it. So has anyone out here actually played with one of those yet? Anyone from Germany? For real? No, he just wants more alcohol. All right, so the thought process is to be commended, but implementation needs to be secured. All right, so social smart devices. So not everyone has a smart meter yet. So what are we to do? Well, we have commercially available products already. The PicoWatt, which granted, isn't actually available yet, but will be soon. The Energy Detective, which actually is available, and the do-it-yourself hack-it-together type, the Tweet-A-Watt. So the PicoWatt, this is kind of an irrelevant slide if you read the bottom. It's not available yet. But so here's where it's going, right? So you plug this thing into your favorite device, your computer, your fridge, whatever, and via Wi-Fi, it sends your energy usage to your PC, which then sends it via tweets to Twitter or via status updates to Facebook. It's getting a lot of press because it won the CES Green Tech Award for this year. So there's a lot of buzz about this in the industry, apparently, and it's not all yet. I just spoke with the president of the company a couple of weeks ago, and she said they're waiting on FCC approval. So they hope to get out there by the end of the year. But here's where it's coming for people like Tony and I who don't have a smart meter yet, but want to jump on the green bandwagon. Something that is available, the Ted 5000. It's like a hacker's wet dream because it's got PLC communication, it's got ethernet communication, it's got a web server on it, and it's got ZigBee. So when I got this thing, I was like, this thing is gonna be awesome to have fun with. So many attack vectors. The damn thing doesn't work. Like for real, like I have a little, let me Google that for you in there. Oh, that's on the next page. Anyway, I'm driven ahead. But it doesn't work. But according to Nessus, thank you guys, and that couldn't even fingerprint this thing because an IMF scan wouldn't finish. But it's running AIX, which is pretty cool. But long story short, it hooks up to your panels and via PLC, it sends the information to this little gateway box there, which has the web server running on it, which they tout in their user manual, hey, you can make this accessible via the internet with some port forwarding. So security of this thing. Our real quick analysis, the good. I don't have two ports open on it. If I could eventually complete, or when I eventually completed a scan, using Nessus, not end map, but 80 and 443. Google Power Meter, which it supports. The setup there is pretty simple and relatively secure. I think that's all things to Google though. There is some input validation, like for real, and the thing, like it wouldn't, like some of my garbage name, we just named it sample two or sample one instead of what I put in there. And it's pretty much a read-only device. There's very limited space except for the config where you can actually interact with the device. So the fail, like I said, this thing doesn't work. You can Google it, and there's people who are returning this. There's stores who stopped stocking it. I doused it like a lot of the time with end map. It would just flicker these lights and become unresponsive, and then it would look for DHCP addresses that it had like 10 weeks ago. It was just really weird. And there is some input validation fail, but like I said, there's not a huge tax surface on it, so. Oh, and that's the bad picture. Oh. Hey, at least it wasn't me up there in that thing. So the next thing, the Tweet-A-Wot, this is my favorite, why? Because it's a do-it-yourself. So how do you make a Tweet-A-Wot? You take a P3 kilowatt, you take an XB kit from adafruit.com, and you take some mad soldering skills. And it's not really mad soldering skills because I did it the last time I soldered was when I hacked my Xbox version one. So it's not that hard. But how this thing works. Basically, you have as many Tweet-A-Wots as you want, and they have the XB chip in them, and they send your usage to the receiver, which is hooked up via USB to computer. Then you have a couple of different ways you can Tweet that information. You can use some Python scripts from adafruit, or you can download a Windows program called energy logger and run that. So the analysis of that, the good, is relatively inexpensive. It's about a hundred bucks if you wanna have a single sender and receiver. It's easy to develop for, like I said, they're written in Python. So what does that mean? That means you can fix the problems that we saw like basic off. And it shows this on your console too, every time it runs. It's like, hey, here's your username and password you just Tweeted your information with. That's pretty cool. And there's no encryption on the XB link. Not a big deal, but again, the whole point we're trying to make here is like, these are minor little problems. And these are DIY stuff, but if you look at YellowStrom, you know what's happening over in Europe is gonna happen here. Our utility companies here are gonna start pushing this stuff out, and they need to see that stupid little stuff like this needs to be fixed before they roll it out to the masses. So where's all the data going? I mean, we said Twitter, we said Facebook before, and I don't know what that was. I just went by the screen for that one. But it could be going on one of those. Google Power Meter, anybody here use this? Okay, what? Alcohol is yes, okay, nice. So there's a lot of here about Google Power Meter. They want you to join the community so you can share your energy usage and share how to save energy and stuff like that. Not quite as egregious as the next slide, Microsoft's product or solution or something, but still there's a community feature here and just like iGoogle, and you'll see later in our slides, people share this information with you, not necessarily understanding the consequences. All right, so like you said, well Google does, Microsoft does, right? So, easy. All right, so as you see up there, this is Microsoft Home, this is their power monitoring usage website. Important thing to note here, what does that say? How's your energy usage compared to others in your area? Are you using more energy than your neighbors? Who would be interested in that? Do you remember a slide about 10 slides ago basically said about someone's neighbor, maybe this guy's neighbor, who was growing something, using a little bit more energy usage? So can the Feds, can the police, use Microsoft Home or Google Power Meter to identify who's growing weed in that neighborhood? Can they, can they not? Is this something that the courts may have to decide later on? Like one more thing before you change the slide, if any of you guys have your computer fired up, literally go to Microsoft Home site and it'll say, what's your address? And you just key that stuff in and be like, all right, here's what your neighbors or their average use is for this. Here's what it is for this. It's just, that's Microsoft, Google's making their own, this stuff is gonna become, I mean we already have this opinions now for IP information, for everything under the sun that people are violating, right? So it's just another mechanism in which that people might have their privacy violated. So where this presentation actually becomes relevant. Thank you for sitting with us so far, we appreciate it. Getting back to what I said before, just cause you can doesn't mean you should. The inverse of that really is, because you can means people will. So here's some examples of people who have posted their energy usage and I don't know if you guys can read that. But if you want, if you're on Twitter now, go ahead and search the hashtag Tweet-A-Wat. So by default when you use the scripts for the Tweet-A-Wat, you go ahead and it throws that hashtag on the end of your tweets. So if you don't know how to modify Python script or delete that really hard and clear text thing, it'll show up by default. So like you can see here at KJ, this is his closet Tweet-A-Wat. So apparently he has much of them more to come on him. And Chris Tweet-A-Wat, apparently he is like dominating Twitter and then hashtag because he posts all the time. But so KJ, right? We see his closet Twitter, Tweet-A-Wat. So if you click on his profile, he shows you his Google Power Meter info and it has like his today's usage, this week's usage and this month's usage. And it's all like Google-fied. So you can use a slider and see his peaks and valleys and all that good fun stuff. And it's just like, right there, hey, come check it out. Here's, you know, I don't think he thought he would end up on a DEF CON slide, but. So if that's not enough, how about our buddy Andy in his house? I don't think you're definitely gonna be able to read that. But so here, let me read you the first one. Lights turned off three minutes ago. The one below that says, the phone is ringing. And then in parentheses, it has aisle of right, which means he's tweeting his caller ID. That could be real bad, like if you're having something on the side and she keeps calling the house, say again. So the next one, you can have a Facebook app that shows your energy usage. This one, it's called the what's up. I don't know if like he just stopped using it. When I took this screenshot, this was taking a while ago, like in February. But on the right side there, it says his current energy usage as of the date is 458 watts. But then it has like all the breakdown information that's zero. So either his what's up or what's up, sorry, app is broken or he's not home. I don't get it. But some other examples. Universities love Facebook too, and why would you not wanna post the information about your building, the energy usage? Not as juicy or fun I would say as a person doing it, but still interesting and you definitely can't read it, but it says like in three in a row, it's like, oh, we had a bad day today. Oh, we had a bad day today. So it's like, you think it might be somebody actually posting this, but it's obviously a script. And then when you go over to Twitter, and you see the University of Mississippi, like hang back the third one down here, it says the same thing, oh good, we had a bad day today, which makes me think they may be using the same scripts. So what's the big deal? Besides me taking Tony's slide. All right, anybody have a guess of what the big deal is yet? Anyone see that site before? Anyone ever use it? Please rob me, love the site. For those of you that aren't familiar with it, it basically grabs messages from Twitter, Facebook, whatever, and basically shows when people are not at home. What's cool about pleaserobme.com is like, people who used Foursquare but didn't get it, like they actually got it when they saw Please Rob Me, like, oh, maybe I shouldn't be telling people where I am all the time. And this is, and I'm gonna be like, I don't know, for the security people who use Tripit all the time, don't throw stuff at me, but seriously, stop using Tripit. I don't wanna get my LinkedIn status updates telling me that you're about to leave for seven days to go someplace, and I know you're a single dude. So, whiskey business, what does this mean? Like, it kinda teed it up before, but the more data we provide, the, that's interesting, the more data we provide, the more others are able to profile our behavior, like Tony and his tool in a minute. Simple profiling, what does that lead to? Potentially criminal behavior, like Please Rob Me, or law enforcement, like we talked about with the grow houses, and, you know, so comparative profiling, I'm using a lot more, why am I using a lot more? Now, does that become a probable cause? Or what? Some of the future implications, right? So right now, this is pretty elementary stuff, right? So basically consumer grade, you know, half of what we showed you is you doing it yourself, so very few people are doing it, but really showed you some examples, right? So as the technology matures, we're looking at potentially remote controlling of devices, like I said, air conditioning, lights, power during the Super Bowl, that would suck if Tony lost my television, or trigger-based events, like I said, turning down the AC, you could have a lot of fun with that, like my buddy. It may seem like, not that big of a deal right now, this, like I said, may seem all elementary, but Tony had a little fun with Pearl? Yeah, I think Pearl, not Python, sorry Nathan. All right, so now we get into the actual tool. So we call it energy. I don't really remember why we call it energy, but it is called energy. The point of it is that it's gonna download the energy usage tweets. So you give it a Twitter profile that you found, and it actually goes out there, and it'll start caching all those energy usage tweets that people are posting up there. Now, it's also gonna profile their energy usage to determine when they're home, when they're not. And I'm sure you guys can figure out where we're going with this. Now, there's one minor kink in our problem, and Justin and I get rich quick scheme. If we're gonna rob someone, which we are not advocating doing, what do we need in addition to when they're home, when they're not? Street address, we need to know where they are, right? So, Twitter profile. Twitter's API allows you to download a lot of detailed information about that actual Twitter account. Now, if you notice the arrows, the yellowed out parts, you'll see location. This normally includes New York City, New York, but then down below, you'll actually see coordinates. Location aware devices, posting their GPS coordinates. This is definitely possible. Now, you see that we actually put, we hard-coded in the GPS coordinates of a certain location because frankly, we didn't wanna tell you people where we live. I'm sure you guys probably figured it out in about five minutes, but hey, at least we're not gonna post our information. All right, so what else? What if the Twitter profile does not contain GPS coordinates, location? Any thoughts of how to actually find this person? Google it, Facebook, all valid options. How about something even easier? What is it? Tagged images, I like that. I didn't think of that. Future enhancements. Version 2.0. All right, how about this? Who's following that Tweet-A-Wat? Four people. Do you think it's option number one? If the account on the Tweet-A-Wat is Chris Tweet-A-Wat and number four of the person who's following is named ChrisJX, I'm gonna guess that's the person who actually owns the Tweet-A-Wat. So why don't we click over onto his profile? And I believe there is Chris Tweet-A-Wat. And if you notice, one of the top posts from it is Tendrel's Hybrid Hand, or Home Area Network, which is a pretty big acronym in the smart grid industry. So I basically just got confirmation that this guy owns the Tweet-A-Wat. And if you notice, location, San Francisco Bay Area, which was not provided on his Tweet-A-Wat page, so now we have full name and location, and then it becomes pretty trivial to actually find his physical address. All right, energy profiling. You guys probably can't see this. You probably see the horizontal bar going across. But basically, when we get onto the next slide, we'll show actually a more zoomed in picture, but basically we should be able to see here, this is a four days energy usage that was just plotted out, I guess a little poorly. But from here, you'll actually be able to see peaks and valleys. When are they home, when are they not? Are they sleeping, or are they active? So here's a better picture, you guys may be able to see. So, home and awake, away or asleep. If there's low energy usage, then most likely they're either not at home or they're sleeping. If there's high energy usage, they're either home or they're most like a home and awake. Can you guys actually see that? Well, I mean, this is basically just a screenshot taken from the tool that we're about to demo. All right, so now that we know when they're home, when they're awake or when they're away or when they're asleep, what else are we gonna do? All right, first of the tools, in-rob. Predict the best time to rob the owner based on historical average energy usage. Predicts when they're not home or sleeping. Allows Darth Vader to rob your house or a bank. In-stock. Maybe you're not a thief, maybe you have someone that you like and they don't actually like you back. What do you, what do you to do? Stalk them, of course. All right, so this one will actually predict best time to find someone when they're in their home, when the person is either home and awake or when they're sleeping. I either best time to stalk them, apparently. All right, and time for the, to actually try out the demo. Any questions? Are we waiting anybody? Anything? Demo it is? You're gonna have to leave there, show them. You can check the information for as long as they've had it, but what's the rate with Twitter? Is it 100 messages? Yeah, so one of the issues with, sorry, one of the issues with Twitter is that their API limits you to, restricts you to basically 100 pages per hour. And I'll show you something in a little bit that actually tends to compensate for that, basically the way that I got around it. It's not a very technical way to do it, but it is what it is. So anyways, so anyways, yeah, basically this tool just archives all the tweets and then does some very simple math to actually figure out if they're home or they're not. All right, so the actual tool. Oh yeah, so actually see some pretty familiar faces here. So if you actually saw our Shmucon talk, you'll know that we had a physical network layer problem during our demo. And so this time we're actually gonna exclude all network issues. So basically before the presentation I already went through and I downloaded all of our Tweet-A-Watts energy usage. But basically if you're looking at the tool you'll see you basically have one, the first field is a Twitter account. So you put in the name, ours was called Sokawat, and Timezone Offset, because frankly I spent an entire night trying to figure out how Twitter uses their UTC offset to calculate the, what time the message or the tweet is posted. For some reason I just couldn't figure it out. It wasn't as easy as just doing an addition or subtraction. So basically force the user to actually put in the UTC offset, which for like the east coast is like minus four, minus five, whatever. So that's for the new user. The second one is for if you wanna keep actually tracking their usage. So like we were talking about before there's that restriction of 100 pages per hour. Well I'll say this person's been tweeting for several years. They're gonna have a lot of messages that you need to archive. So what you can do is you can come back up to this home page and then just click submit once an hour until you actually download all that. Now having said that, are you actually gonna do that? No, probably not. You're just gonna write a little cron job that just keeps pounding Twitter server once an hour until you actually get all the messages. So let's give it a shot. Since we already did that we're actually gonna show you how to actually do that, but. Oh sorry. So we're actually, since we already downloaded all the messages we're not gonna actually go through that process but it's pretty simple. So here's the actual profiler and this is from the screenshots. All right so the profiler. You have a Twitter account that you're already following and then you also give it a date. So you can give it, you know I wanna know what my average energy usage is on a Thursday. Or I wanna know what my energy usage specifically was last Friday or something. I don't know if you guys can actually see that, but I don't know if you guys can actually see that. But basically it actually plots what they're looking at, what their energy usage is. So visually you can already see they're asleep for a bit, then it peaked. So basically if we start from the beginning they're awake like after midnight then they went to sleep like around one. Woke up around eight o'clock, got ready for work, left for work, then got home from work. All right, so going back to this page so basically what I wanted you guys to see from there is that visually you can actually inspect the peaks and the valleys if you wanna see what they're doing. Pretty simple, pretty straightforward. So let's actually go into the, hopefully I can actually click on this. Did I get that right? That's iStock. Let's do iStock first. All right, Twitter account. Soak a lot. Date. I wanna know what they're going to be doing on Friday. All right, can you guys see that? No? How about that? All right, so now we know since this is stock we wanna know when they are here and when they're awake. So we got these times. And then also this is when they are sleeping. They're sleeping from, if I can read that correctly, 2 a.m. to about 8.15. Now in the happy hunting section we got location and directions. What do you guys think this does? Location. Now like I said before, we didn't wanna risk the demo on a bad network connection, so I just took a screenshot. But when we do release the tool in two days, basically the code is in there and it can actually take the location and plot it based on GPS coordinates or some location. How about directions? So you guys can probably guess where I was actually staying in my hotel this weekend. So basically we plotted the directions from my hotel to basically this hotel, the Riviera. And like I said before, we're not trying to give away our own street address, but if you do actually look at the code and you download it in a couple of days you'll actually see that the source code to actually grab the data from Twitter, plot the coordinates, give directions for how to actually get to that person's place is actually in there. All right, now what else? All right, so say you're a pretty active stalker and you're kind of losing track of our eight. Who am I stalking on Friday from eight o'clock to 12 o'clock? All right, well, why not have an iCal? If you guys can see this down below, this is an iCal. All right, adding new events. Are we gonna head it to our home calendar or our work calendar? Oh, shit. Sorry. So we're gonna add it to our calendar. There we go. So, so far it is home and active, times, location, direction. Now I know where to go next Friday. All right, even better, when do you wanna actually stalk them? Do you wanna stalk them when they're home active, they're cooking dinner or do you wanna stalk them when they're sleeping? All right, got work already set up. And there we go. Zocawat is sleeping. And we now know that on Fridays, she's probably gonna go to sleep around two a.m. Maybe she went out ladies night on Thursday night and then got home, or sorry, woke up like around 8.15, I believe. And location and directions to her place. And that is how you stalk someone on Twitter. All right. So anecdotally, I mean, this seems like a pretty obvious stuff. Something we did for the book that we didn't show here is when I used scripts just like this and he bet me 100 bucks that, you know, out of five tries, I wouldn't be able to get him, you know, when he was home or when he was not home, more than three. This stuff, it's not rocket science, obviously, but when you apply some common sense to it, like I know Tony's single and I know it's a Friday night and I have this information, or he uses Trippet and I look at it and he says he's not home. We're on five for five. So again, this isn't like earth shattering, but again, you profile it with other common sense information that you can find on MySpace or Facebook or even Twitter itself. So use that accordingly. All right, so the last part of the tool is, of course, in Rob. How are we actually gonna make our money in order to stalk our women, right? So, Sukawat, date. So let's give it a wait and we get about similar results. So, when are they not home? Or when are they sleeping? You guys can probably guess this. Again, location, direction, eye-cow. All this information, just download it, good to go. And that's it for the demo. Okay, wait, you gotta talk about what you're gonna do when you get home. So my plans for the future are plans for the future. Support for Facebook and MySpace. Like we showed earlier, you can send messages to Facebook, MySpace, all kinds of other social networking sites. Hopefully, what I would like to do is start linking the multiple social networking accounts together. So you saw earlier how we found Chris Tweedawat's actual Twitter profile. What I would like to do is be able to start linking that to the other social networking accounts. So, when we look at, all right, their energy usage has dropped on a Friday night at around 8 p.m. We automatically go over and check their Facebook account and see that they are going to some bar down the street. Stuff like that. And then on top of that, for the actual burglary part, location-based searches. So in Twitter, you can actually do searches based on location. So if I were a robber, then I wouldn't wanna go try to rob someone who's 3,000 miles away. What I wanna do is I wanna find people who are in my area. So, doing these location-based searches, so instead of putting in some Twitter user ID, I just put in an address and it automatically comes back with all the people who are tweeting their energy usage. And most importantly, version one, all the source code, everything you need to actually play around with this yourself will be available this week from my website. So what now? If you remember back to the goals of the presentation, it wasn't to have Rocket Science come on in to this presentation. It's more of to get the decision makers involved and make them understand where this thing's going and what needs to be done. So we came up with these five common sense control areas that I'm not gonna bore anyone who's at this conference with. You can read that and interpret yourself like account name, don't make it Jake's closet, Twitter water, wherever we saw. But so what else? We'd like everyone here to get involved. I mean, we're up here doing something, we think it's not something very high tech again, but it's something that we think needs to get out there before it hits mainstream, like the company in Germany that hits over here though. I want you to get involved by researching, tweeting, blogging or smoke signaling or whatever else. And as I'm sure, if like me, you went through a bunch of the other talks this week on the smart grid, there's a lot worse stuff out there in terms of security, this seems like a pretty easy one that we can avoid or at least do properly. So thanks, we're done.