Raytheon has published a remarkable article about cybersecurity and Hollywood tales:
Real-life cyber experts review the best and worst movie hackers.
If life were only like movies, the world’s computer networks would be safe from cyber criminals.
Cybersecurity professionals are often dismayed and amused at Hollywood’s version of their work.Unfortunately for movie makers looking to dramatize cyber crime, computer hacking isn’t a very good spectator sport. To be honest, even Tom Cruise is pretty boring if he’s just pecking at a keyboard.
What Hollywood does best is to manufacture clichés, and hacker movies have plenty of them:
- Those beautiful, visually stunning computer display screens, and hackers who speak technobabble: “Sir, somebody is stealing the internet!”
- Characters reading a stream of binary code in real time (we’re looking at you, Matrix)
- High-school brainiacs in hoodies and high tops, invariably trouble-making underachievers, who hack their school’s “mainframe” to change grades
So which movies portray hackers the most accurately and which ones are bogus? Students and coaches competing in this year’s National Collegiate Cyber Defense Competition have selected their movie hacker heroes and losers.
1983 (United Artists)
Storyline: Using his home computer modem, a teen hacker in Seattle (Matthew Broderick) stumbles upon what he thinks is a videogame company’s network. Score! He’s actually accessed a back door into the W.O.P.R. — a top-secret NORAD computer that autonomously controls the U.S. nuclear arsenal. While the whiz kid believes he’s only playing the harmless game “Global Thermonuclear War,” he’s unwittingly started the countdown to World War III. To save the world, he must sneak into Cheyenne Mountain to warn the Air Force’s top brass of the impending Armageddon.
Cyber Critique: “Very cool and a true old-school hacker,” said Sarah Cunha, a Brigham Young University NCCDC team member and firewall lead. “It opened people’s eyes to what was possible.”
“Back in the ‘80s, it’s plausible that you could gain access to a system with a password like ‘Joshua,’” said Paul Krier, mentor to the Southern Methodist University NCCDC team and a Raytheon cybersecurity analyst. “But today, if you don’t have two-factor authentication, then you’re an easy target and behind the times. I wouldn’t expect there to be a W.O.P.R. with single-factor access on any of the DoD networks.”
1982 (Walt Disney Productions)
Storyline: A computer programmer turned arcade owner (Jeff Bridges) must hack into a corporate mainframe to prove one of the company’s executives (David Warner) pirated his code for a half-dozen videogames. In the process, he gets “digitized” and sucked into a virtual, computer world, where he must compete in gladiatorial games. He teams up with the security program Tron (Bruce Boxleitner) to battle the evil Master Control Program, also played by Warner.
Cyber critique: “It’s more of a ‘hack-the-game’ story than a hacker story,” said Dale Rowe, Brigham Young University assistant professor of information technology and NCCDC coach. “Regardless, it was groundbreaking, and I really liked it.”
“It’s definitely science fiction, because we’re a long way off from inserting your consciousness into a computer environment…but we’re headed in that direction,” Krier said. “Oculus Rift just released their first version of their visor that let’s you walk around and interact with a digital world, similar to Tron.”
1999 (Warner Bros.)
Storyline: Thomas A. Anderson (Keanu Reeves) is a legit computer programmer by day who, by night, transforms into his hacker alter-ego, Neo. His world is suddenly turned upside down when he meets the mysterious cyber legend Morpheus (Laurence Fishburne) and his protégé Trinity (Carrie-Anne Moss). Morpheus reveals that his reality is nothing but an illusion, and then offers him a magical red pill that will unmask the truth. Neo awakens into the real world, where machines rule by harvesting the energy of humans imprisoned in embryonic-like stasis. Neo joins forces with Morpheus and his band of rebels to fight the forces of the Matrix and free humanity.
Cyber critique: “What I like about the Matrix is that the best hackers and cybersecurity professionals immerse themselves into programming,” said Laura Wilkinson, BYU captain of the NCCDC team. “The best soak up everything they can, which Neo literally does in The Matrix.”
“In one of the Matrix sequels, The Matrix Reloaded, there’s a scene where Trinity takes down the city’s power grid using an Nmap scan to find a vulnerable SSH service to use a bona fide SSH1 CRC-32 exploit from 2001,” said Mirek Bartik, University of Texas-San Antonio NCCDC coach and a Raytheon cybersecurity engineer. “It’s very realistic; however, that bug wouldn’t exist today because it’s been patched.”
“I use that clip in my class, because it’s a legit exploit,” Rowe said. “Although it’s sped up, it looks exactly like what you’d see a pen (penetration) tester or hacker do. However, you have to wonder why they’re using SSH1 in the future.”
1995 (United Artists)
Storyline: Acid Burn (Angelina Jolie) and Zero Cool, a.k.a. Crash Override (Jonny Lee Miller) and their high-school hacking pals Phantom Phreak, Cereal Killer and Lord Nikon use their cyber skills to thwart evil computer genius The Plague (Fisher Stevens), who plans to release the “Da Vinci” virus on an oil company. While the government thinks the virus is meant to capsize the company’s oil tanker fleet, the teenage techies uncover the true motives of the malicious code—to skim or “salami slice” $25 million from the corporation. There are some memorable lines, including “Hack the planet!”
Cyber critique: “Twenty years ago, if you were too cool for school, then you weren’t into computers,” said Derek Brodeur, Northeastern University NCCDC coach. “However, the lines have blurred between nerd and normal.”
“There’s a whole generation who have grown up with this technology,” Krier said. “Everybody has an awareness of computing, and a lot of kids have programming skills, but back then it was brand new. Now, it’s mainstream and it’s the baseline for interacting with the world.”
2001 (Warner Bros.)
Storyline: After serving time at Fort Leavenworth for hacking the FBI, Stanley Jobson (Hugh Jackman) gets an offer he can’t refuse from suave, shady spy Gabriel Shear (John Travolta) — $10 million and a chance to get custody of his daughter in exchange for breaking into a top-secret government computer. Gabriel wants Stanley to siphon off $10 billion from a secret slush fund to finance an undercover war against terror; however, Stanley suspects his new employer is motivated by greed.
Cyber critique: “The idea of malware attacking banks is very common,” Bartik said. “However, today a hacker wouldn’t go after a single bank. There’s not much reward. Instead, they’d go after hundreds of thousands of people’s credit cards.”
“What I found realistic is that the hacker uses a worm that he created back in his college days,” Brodeur said. “He just updates it, and it still works. That is so true, because we continue to use old software that are full of vulnerabilities and exploits. It’s almost impossible to find all of these and patch them, so instead we have to fight them once they’re found.”
2015 (Legendary Pictures)
Storyline: The feds furlough imprisoned computer genius and martial artist Nick Hathaway (Chris Hemsworth of “Thor” fame) to track down a terrorist blackhat hacker, who has just triggered a meltdown at a Chinese nuclear power plant. Nick tag-teams with a Chinese network engineer to trek around the world, cracking servers and skulls along the way. The buff Nick shatters the myth that hackers are reclusive nerds who can’t bench press their own body weight.
Cyber critique: “Thor is ridiculous as a hacker,” Bartik said. “He spends more time fighting and jet-setting than using computers.”
1995 (Columbia Pictures)
Storyline: Angela Bennett (Sandra Bullock) is a programmer who telecommutes using her trusty dialup modem. Because of her isolation, her co-workers and few friends have never met her in the flesh. While surfing the net, she spies a small “pi” symbol in the corner of her monitor, and, of course, does the worst thing you can do — she clicks on it. She then stumbles upon a conspiracy regarding the universally used “Gatekeeper” security program, which has a built-in back door that the evil inventor is using to blackmail influential users. To discredit her, they erase her identity and assign her a new one with a police record.
Cyber critique: “The Net is one of the first movies that illustrates that your data is everywhere,” Bartik said. “There’s a scene where a government official gets his medical records released to the public, which really foreshadows the privacy issues we face today.”
“I found it kind of far-fetched that you could delete a person ‘s whole life in a couple of keystrokes,” Krier said. “In fact, it’s impossible, and exactly the opposite. Your online identity is impossible to delete. That’s a tough thing to tell a high school or college student—that they could be jeopardizing job opportunities ten years from now because of photos they’re posting today.”
DIE HARD 4.0: LIVE FREE OR DIE HARD
2007 (20th Century Fox)
Storyline: John McClane (Bruce Willis) has battled baddies, both foreign and domestic, ducking punches and dodging bullets. But now the old school cop must face a new school nemesis — a cyber terrorist who is systemically shutting down America’s infrastructure, switching off the power grid, crashing the stock market and crippling the country. John pals up with Matt Farrell (Justin Long), a young computer expert who was duped into helping the terrorist. John must save the world, rescue his daughter and ensure America doesn’t lose its wifi.
Cyber critique: “Die Hard revealed the vulnerability of systems that remotely monitor and control power, water, and oil and gas pipeline,” Bartik said. “Often, these systems are designed by electrical engineers, who don’t necessarily know anything about cybersecurity. I am surprised that we haven’t seen these attacks more often.”
“It did a good job of showing us what cyber warfare might look like if we got to a point to where it’s no-holds barred, open warfare,” Krier said.
2015 (USA Network)
Storyline: While not a movie, the TV series Mr. Robot deserves recognition because of its technical accuracy. Rami Malek stars as Elliot Alderson, an introverted ubergeek who works for the cybersecurity firm Allsafe. Alderson is a cyber-vigilante of sorts who helps bust bad guys. He’s then recruited by “Mr. Robot” (Christian Slater) to join a group of hacktivists. Thank the show’s technical consultant, who worked on the FBI’s cyber crime task force, as he gives precedence to realism over drama. For example, Elliot and the rest of the characters use Linux/Unix, and his hacks and exploits are done using the Python programming language.
Cyber Critique: “Mr. Robot is one of the most accurate representations of hackers, and the tools they use are totally legit,” Cunha said. “Most depictions of hacking show somebody pounding away on a keyboard in a dark room and then boom, they’re suddenly in. Totally fake. Real hacking is running a script or typing in a command prompt, which doesn’t make for great visuals.”
This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-T22N.
Photo and text source: www.raytheon.com