In the aftermath, when everything had been started to recover and people had more or less tidied up and the stock markets had started to recover from the trillions of dollars wiped off them, Google's network engineers said that were only five people in the world who are able to approve changes to their most critical code. And each one of those five was entirely trusted. July 4th. In Western Europe, it is Friday afternoon, and office workers are looking at their clocks and trying to work out if it's okay to leave work early. In America, they are gearing up for a three-day Independence Day weekend. Over at Google's headquarters in Mountain View, most of the building is deserted; on-call engineers are either at home, their phones ready to buzz if anything goes wrong, or they're pulling late-night shifts in datacentres located around the world. There is one well-lit office, though, hidden away in a quiet corner of the building. In it is Maria Christensen, one of Google's most senior engineers and one of the Trusted Five. She is, against all corporate procedure, rolling out a change to Google's core infrastructure code. She's changed only one section: and it's the very first part of the login code for Google Apps. This should be an incredibly complicated function that spins off more functions to deal with checking passwords, two-factor authentication, third-party password checks, suspicious activity, hackers, phreakers, fraudsters, and all manner of disaster prevention. She's changed just one line of code, she's put it at the top, and it says... Return true. She bypasses all the red flags from the software that say this won't work, this is dangerous, this is broken, and instead she marks it for immediate rollout and commits it. So Google's systems promptly roll it out across their datacentres. From coast to coast in North America; over to Dublin and over to Europe; to the Far East and down to South America. It takes about three minutes. And what it means is this: No matter what you enter as a Google password, it will be treated as correct. There are no password checks any more. If you type in the username, you will get in. And if this seems implausible, if this seems like something that wouldn't happen, remember Dropbox, the file hosting service used by 175 million people including, I'm fairly sure, pretty much everyone in this room. In 2011, they had exactly that security bug for three hours. Now fortunately, the person who discovered it -- who wasn't a Dropbox employee -- disclosed it responsibly to them instead of telling the world, so the damage was limited. Maria has no intention of responsibly disclosing anything. Most of the engineers that would get notified of a code change like that aren't on call. And those that are have somewhere between about one and three minutes before Maria gets around to logging into their now open Google accounts -- never mind the email notification, they've got about three minutes to, read it, understand it, and grasp exactly what the change means before Maria logs in and remotely wipes their Android phone by reporting it as stolen. None of the engineers work it out in time. The rest of Google's Trusted Five are still asleep as their phones quietly erase themselves. So then Maria emails her manifesto to dozens of news sites, posts messages on a few high-traffic tech forums, then logs out -- which is ironic, given that logging out doesn't actually mean anything any more -- gets into her car, and goes to catch a flight. As soon as the first journalist tests it successfully, the news goes ballistic. The first place to break it of all the web, was oddly the Drudge Report: and they said later that it was because they didn't use Gmail themselves, and didn't really get it, and just went with the story rather than immediately going to protect themselves. 'Cos that's what most people did. In the hours that followed, people tended to fall into one of three groups: First of all, the defenders. Desperately trying to lock down their accounts, desperately trying to delete anything that might be incriminating, and to stop all their other accounts getting compromised. Because, remember, if you have access to someone's email address, then you have access to every web service they use -- because they can request a password reset sent straight to your inbox. How good you were at being a defender generally depended on how good you were at getting all your other accounts moved away from that compromised address. Of course, even the folks who were initially smug that they didn't use Gmail realised that other people they emailed did. Facebook was the first big web service to react, quickly enough that most commentators suggested they actually had a plan in place for this years before. Within a few minutes of the story breaking, Facebook turned off not just password resets but the ability to log in at all, on the assumption that most people would have their accounts compromised, so they just turned it off. And since nearly everyone was already logged in on their phone and their computer, Facebook rapidly became *the* trusted method to contacting anyone -- and that was a new level of trust that stuck around afterwards as folks looked warily at email. Then there were the amateur detectives. Those that suspected that their partner was cheating on them. Those that were desperate to find out what their colleagues were earning, or what their boss really thought of them. It wasn't restricted to email, of course; because if you have access to someone's Google account, in most cases you have access to their full search history and all the web sites they've clicked on. For years, and years, and years. Have you turned it off? Most people in this room haven't. It was described by one writer as "like looking into my wife's soul". And the divorce rate had a notable uptick a few months later. Meanwhile, companies using Gmail, or companies working with companies that used Gmail, just had to assume that all their trade secrets had been stolen: in the years to come, patent and trademark lawyers would make an enormous amount of money as allegations flew back and forth between corporations. Now the European stock markets, the only ones open on July 4th at that time, went into freefall almost immediately; the Asian and American ones would do the same when they opened the next Monday. But the most obvious group, if not the largest, were the burners. Everyone who had any sort of prominent online presence got their account destroyed, utterly destroyed, within ten minutes. Any YouTube channel with any sort of audience found all its work deleted and vandalised, even worse than the new comment system that YouTube had brought in. Some burners attacked individual people thoroughly, hoping to wipe everything as part of a vendetta; but others... others just tried to destroy as much data as they could from as many people as they could as quickly as possible. Google, of course, had backups. They did roll everything back -- but a lot of third-party sites, vulnerable through password resets, weren't anywhere near so lucky. (LAUGHTER) Every blog with more than a few readers got crude messages added to it, or code that redirected to shock sites, or just torn apart and destroyed. A huge number had no usable backups. This was the final death knell for most third-party web message boards, the old ones which had been falling out of use for years and years. As soon as one administrator account fell, the whole site was quickly destroyed. And not many of those ever recovered because not many of them had backups. Some things did work in favour of the "good guys". First of all, the enormous rush of traffic -- of people trying to fix and break things meant that even Google couldn't quite cope with the load: a lot of folks were frustrated by slow loading times and falling servers. But thirty minutes in, at least some of Google's network engineers had worked out what was going on and pulled the plug -- in one case physically, literally pulling plug from data centres and uncontrollably shutting down everything they could. Someone finally managed to get an actual shutdown command into the systems that Maria had compromised about two hours afterwards, and three minutes later, Google fell off the internet for the first time in a very, very long while. In amongst this two hours of mess, this pandemonium, were the people that Maria Christensen was actually trying to reach. She was hoping to be the next Chelsea Manning, the next Julian Assange, the next Edward Snowden. More than that: she was hoping to create a hundred, a thousand, a million people taking that whistleblower role, using the brief hours of "freedom" she'd created to change the world for the better. That was her manifesto: Go out. Find the things that need to be leaked, go through the files of the corporations and governments that are destroying our world, and show them the light of day. Her view was woefully optimistic. And yes, some people did. There were thousands of leaks, some of international importance: a few people remembered the Obama transition team, after the 2008 election, used Gmail until they could get their official whitehouse.gov email addresses set up. And there were stories of billionaire fashion CEOs putting stories about sweatshops and burying them; stories of mining companies exploiting workers and exposing them to incredible danger; tale after tale after tale of people putting aside human concerns and -- this phrase got used a lot -- acting in the best interests of shareholders. But none of those stories made the news. Because what Maria Christensen hadn't done was manage the story. Wikileaks and its allies always had: they'd drip-fed the stories over months into a 24-hour news cycle that always wanted more, more, more, but instead... In this case, though, the story was about the process, not about the information. The angle that all the news took was that email was suddenly insecure, that you were at risk, that you should defend against it and this is how you do it, that web sites are being damaged, and that this is how you protect yourself, and watch us because we will help you. So there were no stunning revelations plastered on the front pages. There should have been, given an infinite number of front pages, but there were, simply, too many stories, and all of them were much less interesting to the public than the question of whether your partner has seen your browser history. And of course, for most people, there was no long-term damage, at least not to them personally. Statistically speaking, you'd get away with it. And sure, everyone knew someone who'd been affected, everyone knew someone who'd got in trouble, but chances are that you, yourself, had gotten away with it. And while a lot of high-profile companies suffered slightly, there were no world-changing moments. If dumping untold gallons of oil into the Gulf couldn't kill BP: what could? So most small businesses survived unscathed and the economy recovered, slowly, having been damaged no more than by any natural disaster. And Gmail, a year later, had just as many active users as before. Because, after all, what were the odds of that ever happening again? And it's not like the government couldn't read all your messages anyway. And no-one really got hurt in the long run, and maybe it was for the best that me and her broke up, y'know? It all works out in the end. And besides, it would be a real pain to try to switch my email account somewhere else. I'd have to change my email address! It's amazing how much we trust to single points of failure. And while this is a worst-case scenario -- very much so -- everyone here will have that one lynchpin on which everything, at least in your online life, hangs. That backup you haven't taken for a while. The email account that you forgot had access to everything. Or that password that your ex still knows. But my point is this: even in the face of seeming disaster, when the world is falling around you, you remember that eventually, this too shall pass. Because it takes more than just one single point of failure to change the world. Oh, and as for Maria Christensen? She got arrested at the airport, after her flight was delayed... because the airline ran on Google Apps. Thank you very much, I've been Tom Scott, enjoy the rest of the show.