Security at the movies: The Hollywood hacker reborn?
Does the way security and hacking is portrayed on the silver screen drive you mad? You aren't alone. We take a look at how filmmakers get tech and security right in the TV and the movies and how they get it very, very wrong.
How risks are depicted in pop culture art forms such as TV and film aren’t just important for authenticity’s sake – they also affect how we behave in real life. Crashed cars rarely explode but many a bystander – thinking one will go up in a ball of flames, from watching too much TV – has removed an injured driver with spinal injuries, risking their future health.
In terms of security and social engineering, things are looking up. Hacking in movies has an awful reputation among anyone who really knows about computer security. Arguably the 1990s marked a nadir, as this hilarious compilation makes clear (NSFW for some bad language):
Partly this is down to showing hacking. As Gizmodo put it a few years ago: “Trying to film hacking as high-tension is like trying to film a stakeout as an action scene.”
(This writer’s fascination with this whole conundrum started years ago with young Dakota Fanning’s laughable line in Jurassic Park (1993): “It’s a Unix system. I know this!”)
But how about social engineering? As we talked about last time [https://threatmanagement.info/social_engineerings_...], social engineering doesn’t have to involve technology. In that respect, films such as Catch Me If You Can (2002), the true story of the exploits of Frank Abagnale Jr, is a period piece that shows the many ways people can be conned. Similar hits such as The Sting (book title: The Big Con) and Paper Moon – both out in 1973, both set in the Depression-era US – reinforce that this kind of thing has probably always been around.
But it’s Sneakers (1992), despite being made a quarter of a century ago, that stands out as holding up well, for both its use of social engineering and use of technology – albeit technology that was pre-mass use of the internet, mobile telephony and more.
As well as being a charming, funny, all-star-cast effort, it showed smart portrayals of social engineering and technology were possible. But as stated earlier, then the rest of the nineties happened.
Many will agree it hasn’t been until the last few years that tech experts have been won over with two series (so far) of TV’s Mr. Robot. The award-winning show gets both the technology largely right and the life of hackers. Blogger Cory Doctorow even titled a recent piece in MIT Technology Review: Mr. Robot Killed the Hollywood Hacker.
It’s the baby of writer/director Sam Esmail (we recommend his recent interview with Kara Swisher), with the technical savvy of ex-hacker Kor Adana. Fastidious fans are known to freeze frames that show on-screen code to check its legitimacy. But it mostly wins by getting the culture, characters and scenarios spot on.
In one scene, a character scatters USB sticks loaded with malware in the car park of a company she’s targeting. This kind of ‘baiting’, as it’s known, rings true. A report from the US Department of Homeland Security (DHS) a few years ago shows someone is likely to pick up and try one of the drives.
This is a known tactic for gaining access to systems – like industrial control systems – that aren’t connected to the internet. Even more worrying in that DHS study: The number of people who tried a found USB drive went up from 60 to 90 per cent when the drive carried their organisation’s logo, which is as easy to do through any number of online suppliers.
In another sequence, Mr. Robot’s lead character uses a Raspberry Pi credit card-sized computer to hack a thermostat in a secure facility. Other featured tactics include steganography, RFID scanning and hacking email and social media.
In short, this show has raised the bar and showed credibility can lead to better drama. There are other bright spots out there – Black Mirror is more in the ‘dystopian near future’ category, though equally tech-literate, given it was created by tech and media writer Charlie Brooker – and literature has long shown tech smarts through novelists such as Neal Stephenson.
What drives you mad on screen?