Hollywood Hackers Vs. Reality

from the CIP-#1,831-for-why-the-internet-is-scary dept

Perhaps no single “demographic” is more misunderstood (and feared — especially post-SOPA debacle) by Hollywood than “The Hacker.” In the hands of the movie machine, hackers are portrayed as fast-talking (and fast-typing) young men (and very occasionally, women) with unfortunate hairdos, huddled around multiple screens making use of thoroughly impractical GUIs, all the while spouting a confounding mixture of instantly-outdated slang and acronyms.

Saturday Morning Breakfast Cereal breaks this down in an incredibly concise and incredibly awesome two-panel comic:

Maybe Hollywood uses this creative license to keep its fears at bay. It’s got IT departments full of young men (and women) with unfortunate hairdos to handle anyone trying to DDOS its kilobytes, allowing it to breathe easy and sleep the deep sleep of the blissfully unaware. To confront the fact that anyone with half-decent social engineering skills could talk them and their underlings out of sensitive information is probably way too alarming.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Hollywood Hackers Vs. Reality”

Subscribe: RSS Leave a comment
50 Comments
MrWilson says:

“huddled around multiple screens making use of thoroughly impractical GUIs”

I love those thoroughly impractical GUIs. They’re awesome. But they also point out that the hacker characters in movies are not only good at every type of hacking, cracking, and phreaking (which is unlikely), but they’re also so talented in multimedia design that they could probably get better paying jobs doing freelance design while still able to choose their clients ethically and tell off corporate would-be clients.

At least the movie Hackers did show Johnny Lee Miller’s character using social engineering to get access to the television station’s network.

Machin Shin (profile) says:

Tim, you forgot something...

Is it just me that just finds this kind of thing very sad now?

The early hacker movies it was ok. I mean the 80s and early 90s so few people had computers that you could make up just about anything and someone would believe it. There was even a certain charm to the sillyness of it.

Now it just comes across as being very sad that anyone is so computer illiterate.

Ninja (profile) says:

It’s amusing how computers are either something alien or something that only contains the GUI for what the person is doing atm (ie: when lovers chat online their computers only have some alien messenger on it).

Reminds me of the last time I watched Independence Day (was like 2 months ago in a tedious day I watched like 25 mins of it): the spaceship had seats that were ergonomically designed for humans and came with seatbelts. Convenient. Computer has exactly the software required for the activity and nothing else. Convenient. Thousands of terabytes are transferred in a very short time despite physical limitations but when there’s 1% left and the bad guys come in it slows down insanely. Convenient.

At least the hacking/technological movies provide us some quality comdedy ๐Ÿ˜‰

Rich Kulawiec (profile) says:

Why bother hacking code...

…when hacking users is SO much easier?

One of the fundamental principles of best security practice is that you must always assume that your users are lazy, stupid, hostile or insane — and design accordingly. Unfortunately, many operations omit this either because they don’t want to face this unfortunate reality, or because they don’t find it politically correct, or because they want to pretend that their users are magically different from everyone else’s users. We see the results of this on a daily basis via forums like DataLoss, yet few modify their procedures as a result.

Anonymous Coward says:

Pro hint: To hack Facebook first determine the email used to create the account and try to use the same service used to create one, if all goes well the person who created the Facebook account created the account with an email address that he never uses and so it gets thrown out after 6 months, after which you can just create the same account again and ask to be sent the password by the Facebook’s recovery system.

It also worked for Twitter, Orkut and any other service that uses emails for the creation of accounts.

You wouldn’t believe how many people let those email accounts expire by not logging into them ๐Ÿ™‚

Anonymous Coward says:

Honestly a movie about what real hackers do would be boring as hell. No one would want to see it. It would be like Ishtar, Waterworld, etc… It’s just like cop movies, do you really think cops are constantly undercover or busting international drug rings? Movies are fiction, and even when they are based on real events, you don’t get to see the boring day to day stuff.

Anonymous Coward says:

Re:

How to foil that vector of attack:

User:
– Use email managers that logs into it automatically.

Company:
– Send users an email every 3 months and only let them login after they click on the email sent, so the account is never expired. With an explanation of why that happens and encourage users to use some sort of email manager with a full tutorial on how to set up one.

Baldaur Regis (profile) says:

Re:

Are you kidding? Hacking is GREAT!! One time me and this girl hacked into a military computer over a dial-up modem…oh wait, that was “War Games”. Well, I knew a girl whose identity was stolen online and…oh yeah, “The Net”. Ooooh, there was a time I hacked satellites using just a cell phone…you’re right, that was “Die Hard And Eat Helicopters” or whatever the fuck it was called.

Well, shit. The reality I’ve been fed is far better than the reality I’ve led.

Anonymous Coward says:

Re:

…thus training them to read email with an HTML interpreter enabled (which is very stupid) and training them to reflexively click on the “keep my account alive link”, which will make them excellent phish victims when someone decides to forge those keepalive notices.

Oh, and using a mail client that logs in automatically? Thanks. That’ll make it much easier to grab user/password pairs from their (probably) unencrypted POP and IMAP sessions.

Gwiz (profile) says:

Re:

I have more than once thought that “fuckyou” would be a good password for that reason.

Heh. Back in the day I was co-admin for a Novell 3.12 corporate network and we did a password security check. “fuckyou” was the forth most used password, after “password”, “123456” and “letmein”. We quickly instituted monthly password changes with no repeats, but that really didn’t make the network much more secure since 90% of the users wrote their passwords on Post-Its on their cubicle walls or top desk drawer.

Rekrul says:

Re:

Reminds me of the last time I watched Independence Day (was like 2 months ago in a tedious day I watched like 25 mins of it): the spaceship had seats that were ergonomically designed for humans and came with seatbelts. Convenient. Computer has exactly the software required for the activity and nothing else. Convenient. Thousands of terabytes are transferred in a very short time despite physical limitations but when there’s 1% left and the bad guys come in it slows down insanely. Convenient.

Not that I think Independence Day is an especially intelligent movie, but I don’t think it should be criticized unfairly.

The fighter that Will flew was the one that crashed many years and which the scientists had been rebuilding. It would make sense that they would install seats designed for humans so that when they figured out how to make it go, a human could pilot it. We’re never shown the interior of an untouched alien fighter. For all we know, it might not have even had seats originally.

As for the amount of information transferred; I forget, does it ever explicitly mention/show how much data is being transferred? I only remember seeing a progress bar. If the amount wasn’t stated, it’s possible that they were only transferring a few megs.

Rekrul says:

"War Games"

The movie “War Games” is what got me interested in computers. It remains one of my favorite movies to this day.

I still like this movie, but even when I watched it, I knew how unrealistic it was. An acoustical modem might be able to dial the phone using touch-tone, but it can’t hang up. There was no standard that would allow a terminal program to display hi-res graphics sent from a computer mainframe. No computer simply uses a password to login, without also needing a user name. Two different computer system wouldn’t have exactly the same speech synthesizer. No code can be cracked one digit at at time, if it could, any code could be cracked in a matter of seconds. Even using random characters as opposed to cycling through the entire ASCII character set in sequence, it would only take the average computer of the time less than 30 seconds to crack the code. No computer accepts a numeric argument by spelling out the word.

I’m letting the AI of the computer slide, because that was the main plot device of the movie.

Anonymous Coward says:

Re:

The company can also send an encrypted key that must be remailed to them by that account, copy and paste.

POP and IMAP today are almost all encrypted by SSL, so how exactly somebody would sniff out those user/passwords?

Unless people are using their own email servers that are configured not to use any form off secure channel.

Rekrul says:

It’s not just hackers/hacking that Hollywood can’t get right, it’s pretty much all computer use…

Computers beep as they print inch-tall letters to the screen.

All error messages flash in giant letters, locking the entire computer.

Any GUI operation can be accomplished by simply typing furiously on the keyboard.

You can plug in a USB flash drive and it will instantly take over the entire computer without ever running any software and can download gigabytes of data in seconds.

Any photo, no matter how low the resolution, can be “cleaned up” into a crystal clear, 10-megapixel image.

Any password can be “hacked” by simply typing furiously on the keyboard.

Computers can be set to erase the hard drive if you don’t enter the right password and there is absolutely no way to prevent this, even if the hard drive is hooked to another computer system as a slave drive.

Any data on a hard drive can be undeleted, even to the point where a decade worth of use can be recovered despite being overwritten dozens of times.

Hard drives are like the warehouse at the end of Raiders of the Lost Ark, where files can be hidden away and it can take days or even weeks of digging to uncover them.

Clear panes of glass make great monitors and it’s not all distracting to be able to see through them to everything that’s happening in the distance.

Any computer system can instantly overlay any image or window on top of any other window, and it will be perfectly positioned without the user ever having to manually reposition it.

All video chat systems are capable of sending full-screen video at 30 FPS, even over a WiFi connection.

All software works on all computers regardless of the age or model of the computer.

All third person video games allow you to control every individual muscle on your character, making it possible to perform any movement that you can do in real life.

TtfnJohn (profile) says:

Re:

But why bother with any of that when it’s usually so easy. The password to my church’s computer was “church”, the email account was “church”, the each users password was “church” and user names at various sites were “anglican” and password “church”.

Then three of the users wondered how they had their identities stolen and why the computer got cracked into and the main hard drive thrashed a month after they got it!

Excuse? “Easy to remember” of course and being a church just who would want to crack it?

When I recovered the drive it had been acting as a seed for porn, and various forms of “piracy” which might explain the calls from the ISP about using way, way too much bandwidth.

Some of them hate me now because they’re now restricted to passwords of 10 characters that have to use numbers, mixed case, special characters AND can survive a basic dictionary attack.

It’s not that they’re nitwits, it’s just that their naieve and can’t imagine why anyone would do THAT to a church computer.

PaulT (profile) says:

Re:

“Not that I think Independence Day is an especially intelligent movie, but I don’t think it should be criticized unfairly.”

I criticise it as being a naked rip-off of V (by way of Childhood’s End) and War Of The Worlds, with illogical plot points shoehorned in for no real reason (the “virus” angle only being there to homage Wells, for example, even though there’s no logical reason it should work).

It’s a brain-dead special effects movie that’s only there to show some spectacular footage of things being blown up. A highly entertaining one, admittedly, but still…

Anonymous Coward says:

Re:

HA! Excellent, thank you.

I’m not anything like an expert at coding nor a particularly adept computer user and your list of movie liberties is spot on even for me. Heck, my standards for reality are so low I appreciate shows where a someone uses a mouse or a window opens with no audible fanfare whatsoever.

Love the exciting music montages of people searching the internet…cause that is some heart-pounding stuff! The intense faces bathed in electric glow and suspenseful music tells me so!

Sit still, Imagunna hack you:

*types furiously*
*punches ENTER*
*winds up with paragraph of incomprehensible text*

“His IP has him at Lexington and First! Go, go, go!”

Nacimota (profile) says:

I actually thought that scene from the Matrix Reloaded where Trinity is hacking the local network of a power station to be pretty damn realistic especially compared to most other depictions of hacking (or just general computer use >_>) in film and television.

And what I really like about it is not just that it makes sense, but that she just does it; she doesn’t sit around spewing unecessary (and poorly written) exposition for the audience’s sake.

Anonymous Coward says:

"War Games"

I don’t know about you, but I had the exact same ‘speech synthesizer’ in my Commodore 64 as every other Commodore 64…
the SID chip…

Yes it could produce the exact same voice as wargames (within reason, some words had to be typed different for the ‘text to speech’ to make the right sounds).

The sound capabilites of that machine were way beyond it’s time…

Ben S (profile) says:

I got one too

I got one of those Robert Hackerman calls once at my job. I deal with government benefits debit cards, things like food stamps, social security, unimployment, etc. Had some one call up, telling me he was with some IT firm, and wanted me to go to some website to test my encryption. Then paused to yell at his barking dog in the backyard, and came back to me. He hung up once I explained the internet is heavily filtered (can’t access anything except the sites used to do my job, and official government websites such as NASA’s site).

We have our own IT department, there’s no need to outsource to some other company when we have our own department. Even if we did, such a thing would go through our IT department, not through the agents. Barking dog in the back yard kind of gave away he’s not really at an IT place, he’s at his house. Encryption can be tested just fine with out needing to access a special website for the purpose. So many problems with his claim, and that’s just off the top of my head. It’s a good thing the internet is indeed filtered, or some one with Hollywood knowledge of computing might have fallen for it.

Not an Electronic Rodent says:

Why bother hacking code...

Once the software and hardware become too difficult to hack, that leaves the people, and you can’t always secure them…

Even basic hardware/encryption is usually more secure than the average user and it’s often cultural for the organisation to some extent. The same organisation that will lay out 10,000’s of dollars/pounds on cool security gizmos/ IPS / Secure ID tokens etc are all too often the same ones where you can’t get anyone senior outside of IT itself to care that users write their passwords on paper and stick them to the monitor.
Can remember running a standard off the shelf password cracker on the user database a number of years ago for an organisation I worked for. Within 10 minutes it had 80% of the passwords (~200 users) and less than 3% lasted the 12 hour run (unsuprisingly mostly the IT dept passwords). On the strength of that I managed to insist on password strength limitations being implemented, but even then it took serious arguing to not have that rolled back when the users started complaining.

alex t says:

actually

i have family high up in politics and law enforcement. ive met the head of narcotics investigation and one of the most honored undercover agents in california. i saw two books about four inches thick of him with the dirtiest darkest grimeyiest people around. and he was not any different. my aunt is the ambassador to Hungary and a few other people are well informed and involved first hand. the computer world may not reflect the hollywood world but the undercovers, the busts, the lies and craziness… all real, just not youre common everyday situation for most people in law enforcement. dont believe me, look up the tsakopoulos family, angelo and eleni, then find me (less accomplished in the political world) alexandros tsakopoulos. peace

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...