Hollywood Hackers Vs. Reality

from the CIP-#1,831-for-why-the-internet-is-scary dept

Perhaps no single "demographic" is more misunderstood (and feared -- especially post-SOPA debacle) by Hollywood than "The Hacker." In the hands of the movie machine, hackers are portrayed as fast-talking (and fast-typing) young men (and very occasionally, women) with unfortunate hairdos, huddled around multiple screens making use of thoroughly impractical GUIs, all the while spouting a confounding mixture of instantly-outdated slang and acronyms.

Saturday Morning Breakfast Cereal breaks this down in an incredibly concise and incredibly awesome two-panel comic:
Maybe Hollywood uses this creative license to keep its fears at bay. It's got IT departments full of young men (and women) with unfortunate hairdos to handle anyone trying to DDOS its kilobytes, allowing it to breathe easy and sleep the deep sleep of the blissfully unaware. To confront the fact that anyone with half-decent social engineering skills could talk them and their underlings out of sensitive information is probably way too alarming.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Mar 8th, 2012 @ 10:27am

    That Bob Hackerman sure gets around, he's the inspector for my county too!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    MrWilson, Mar 8th, 2012 @ 10:30am

    "huddled around multiple screens making use of thoroughly impractical GUIs"

    I love those thoroughly impractical GUIs. They're awesome. But they also point out that the hacker characters in movies are not only good at every type of hacking, cracking, and phreaking (which is unlikely), but they're also so talented in multimedia design that they could probably get better paying jobs doing freelance design while still able to choose their clients ethically and tell off corporate would-be clients.

    At least the movie Hackers did show Johnny Lee Miller's character using social engineering to get access to the television station's network.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Machin Shin (profile), Mar 8th, 2012 @ 10:33am

    Awww man, so your telling me that hacking into a mainframe won't really be like a sorry flight sim flying through a city? But, But what about hackers? You saying that movie was all just lies? Nooo!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 8th, 2012 @ 10:35am

    XKCD already went there:

    http://xkcd.com/538/

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      :Lobo Santo (profile), Mar 8th, 2012 @ 10:52am

      Re:

      And that's why you pick an innocuous password like "please don't hit me anymore"--so even when drugged & beaten, they'll have your password and keep beating... you.

      Hmm, maybe I didn't think that one all the way thru.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Machin Shin (profile), Mar 8th, 2012 @ 11:04am

        Re: Re:

        I have more than once thought that "fuckyou" would be a good password for that reason. Then when FBI, ICE, DHS or whoever tries to get you to tell them the password you can gladly tell it right to their face.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Gwiz (profile), Mar 8th, 2012 @ 2:10pm

          Re: Re: Re:

          I have more than once thought that "fuckyou" would be a good password for that reason.

          Heh. Back in the day I was co-admin for a Novell 3.12 corporate network and we did a password security check. "fuckyou" was the forth most used password, after "password", "123456" and "letmein". We quickly instituted monthly password changes with no repeats, but that really didn't make the network much more secure since 90% of the users wrote their passwords on Post-Its on their cubicle walls or top desk drawer.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            eclecticdave (profile), Mar 9th, 2012 @ 2:02am

            Re: Re: Re: Re:

            You know what you get with "monthly password changes with no repeats"?

            password1
            password2
            password3
            password4
            ...

            So then you really ramp up the security and insist on mixed case with mandatory punctuation characters ...

            %Password1
            %Password2
            %Password3
            %Password4
            ...

             

            reply to this | link to this | view in chronology ]

      •  
        icon
        another mike (profile), Mar 8th, 2012 @ 12:17pm

        Re: Re:

        "What's your password?"
        "Password."
        "Yes, tell us your password!"
        "Password."
        Continue until you determine Who's on first.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 8th, 2012 @ 10:56am

    Tim, you forgot something...

    Hackers are inevitably better with more people at the keyboard: http://www.youtube.com/watch?v=u8qgehH3kEQ

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 8th, 2012 @ 10:59am

      Re: Tim, you forgot something...

      The hackers better hope they don't know visual basic: http://www.youtube.com/watch?v=hkDD03yeLnU

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Machin Shin (profile), Mar 8th, 2012 @ 11:13am

        Re: Re: Tim, you forgot something...

        Is it just me that just finds this kind of thing very sad now?

        The early hacker movies it was ok. I mean the 80s and early 90s so few people had computers that you could make up just about anything and someone would believe it. There was even a certain charm to the sillyness of it.

        Now it just comes across as being very sad that anyone is so computer illiterate.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        TtfnJohn (profile), Mar 8th, 2012 @ 6:02pm

        Re: Re: Tim, you forgot something...

        Who'd a thunk that you could do serious cracking or even white hat hacking with VB. Wow! Learn something new every day!

        And here I was wasting my time with C++, Perl, Python, Assembler, Ruby and all those other allegedly real computer languages. I feel soooooooooo depressed!

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Mar 8th, 2012 @ 11:21am

    It's amusing how computers are either something alien or something that only contains the GUI for what the person is doing atm (ie: when lovers chat online their computers only have some alien messenger on it).

    Reminds me of the last time I watched Independence Day (was like 2 months ago in a tedious day I watched like 25 mins of it): the spaceship had seats that were ergonomically designed for humans and came with seatbelts. Convenient. Computer has exactly the software required for the activity and nothing else. Convenient. Thousands of terabytes are transferred in a very short time despite physical limitations but when there's 1% left and the bad guys come in it slows down insanely. Convenient.

    At least the hacking/technological movies provide us some quality comdedy ;)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      FormerAC (profile), Mar 8th, 2012 @ 11:31am

      Re:

      At least the hacking/technological movies provide us some quality comdedy ;)


      I call them unintentionally funny movies. Mission Impossible 2 comes to mind. Watched that on a flight from US to UK ... people around me were really confused why I was laughing so much.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael Cruse, Mar 8th, 2012 @ 11:39am

      Re:

      Great example and too funny.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Rekrul, Mar 8th, 2012 @ 4:35pm

      Re:

      Reminds me of the last time I watched Independence Day (was like 2 months ago in a tedious day I watched like 25 mins of it): the spaceship had seats that were ergonomically designed for humans and came with seatbelts. Convenient. Computer has exactly the software required for the activity and nothing else. Convenient. Thousands of terabytes are transferred in a very short time despite physical limitations but when there's 1% left and the bad guys come in it slows down insanely. Convenient.

      Not that I think Independence Day is an especially intelligent movie, but I don't think it should be criticized unfairly.

      The fighter that Will flew was the one that crashed many years and which the scientists had been rebuilding. It would make sense that they would install seats designed for humans so that when they figured out how to make it go, a human could pilot it. We're never shown the interior of an untouched alien fighter. For all we know, it might not have even had seats originally.

      As for the amount of information transferred; I forget, does it ever explicitly mention/show how much data is being transferred? I only remember seeing a progress bar. If the amount wasn't stated, it's possible that they were only transferring a few megs.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        PaulT (profile), Mar 9th, 2012 @ 1:48am

        Re: Re:

        "Not that I think Independence Day is an especially intelligent movie, but I don't think it should be criticized unfairly."

        I criticise it as being a naked rip-off of V (by way of Childhood's End) and War Of The Worlds, with illogical plot points shoehorned in for no real reason (the "virus" angle only being there to homage Wells, for example, even though there's no logical reason it should work).

        It's a brain-dead special effects movie that's only there to show some spectacular footage of things being blown up. A highly entertaining one, admittedly, but still...

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 8th, 2012 @ 10:50pm

      Re:

      "when there's 1% left and the bad guys come in it slows down insanely. Convenient."

      Actually I always thought that was realistic. After all, they're using Windows aren't they?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Rich Kulawiec, Mar 8th, 2012 @ 12:47pm

    Why bother hacking code...

    ...when hacking users is SO much easier?

    One of the fundamental principles of best security practice is that you must always assume that your users are lazy, stupid, hostile or insane -- and design accordingly. Unfortunately, many operations omit this either because they don't want to face this unfortunate reality, or because they don't find it politically correct, or because they want to pretend that their users are magically different from everyone else's users. We see the results of this on a daily basis via forums like DataLoss, yet few modify their procedures as a result.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Lawrence D'Oliveiro, Mar 8th, 2012 @ 4:01pm

      Re: Why bother hacking code...

      I don’t know why this is considered so new. Kevin Mitnick wrote a book about this, “The Art Of Deception”, years ago.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      PaulT (profile), Mar 9th, 2012 @ 1:49am

      Re: Why bother hacking code...

      The rule of thumb is that your systems are only as secure as their weakest point. Once the software and hardware become too difficult to hack, that leaves the people, and you can't always secure them...

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Not an Electronic Rodent (profile), Mar 10th, 2012 @ 10:43am

        Re: Re: Why bother hacking code...

        Once the software and hardware become too difficult to hack, that leaves the people, and you can't always secure them...
        Even basic hardware/encryption is usually more secure than the average user and it's often cultural for the organisation to some extent. The same organisation that will lay out 10,000's of dollars/pounds on cool security gizmos/ IPS / Secure ID tokens etc are all too often the same ones where you can't get anyone senior outside of IT itself to care that users write their passwords on paper and stick them to the monitor.
        Can remember running a standard off the shelf password cracker on the user database a number of years ago for an organisation I worked for. Within 10 minutes it had 80% of the passwords (~200 users) and less than 3% lasted the 12 hour run (unsuprisingly mostly the IT dept passwords). On the strength of that I managed to insist on password strength limitations being implemented, but even then it took serious arguing to not have that rolled back when the users started complaining.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 8th, 2012 @ 12:51pm

    Pro hint: To hack Facebook first determine the email used to create the account and try to use the same service used to create one, if all goes well the person who created the Facebook account created the account with an email address that he never uses and so it gets thrown out after 6 months, after which you can just create the same account again and ask to be sent the password by the Facebook's recovery system.

    It also worked for Twitter, Orkut and any other service that uses emails for the creation of accounts.

    You wouldn't believe how many people let those email accounts expire by not logging into them :)

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 8th, 2012 @ 1:13pm

      Re:

      How to foil that vector of attack:

      User:
      - Use email managers that logs into it automatically.

      Company:
      - Send users an email every 3 months and only let them login after they click on the email sent, so the account is never expired. With an explanation of why that happens and encourage users to use some sort of email manager with a full tutorial on how to set up one.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 8th, 2012 @ 1:31pm

        Re: Re:

        ...thus training them to read email with an HTML interpreter enabled (which is very stupid) and training them to reflexively click on the "keep my account alive link", which will make them excellent phish victims when someone decides to forge those keepalive notices.

        Oh, and using a mail client that logs in automatically? Thanks. That'll make it much easier to grab user/password pairs from their (probably) unencrypted POP and IMAP sessions.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Mar 8th, 2012 @ 3:11pm

          Re: Re: Re:

          Now you have 2 problems.....

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            TtfnJohn (profile), Mar 8th, 2012 @ 6:16pm

            Re: Re: Re: Re:

            But why bother with any of that when it's usually so easy. The password to my church's computer was "church", the email account was "church", the each users password was "church" and user names at various sites were "anglican" and password "church".

            Then three of the users wondered how they had their identities stolen and why the computer got cracked into and the main hard drive thrashed a month after they got it!

            Excuse? "Easy to remember" of course and being a church just who would want to crack it?

            When I recovered the drive it had been acting as a seed for porn, and various forms of "piracy" which might explain the calls from the ISP about using way, way too much bandwidth.

            Some of them hate me now because they're now restricted to passwords of 10 characters that have to use numbers, mixed case, special characters AND can survive a basic dictionary attack.

            It's not that they're nitwits, it's just that their naieve and can't imagine why anyone would do THAT to a church computer.

             

            reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Mar 8th, 2012 @ 5:43pm

          Re: Re: Re:

          The company can also send an encrypted key that must be remailed to them by that account, copy and paste.

          POP and IMAP today are almost all encrypted by SSL, so how exactly somebody would sniff out those user/passwords?

          Unless people are using their own email servers that are configured not to use any form off secure channel.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 8th, 2012 @ 12:52pm

    Honestly a movie about what real hackers do would be boring as hell. No one would want to see it. It would be like Ishtar, Waterworld, etc... It's just like cop movies, do you really think cops are constantly undercover or busting international drug rings? Movies are fiction, and even when they are based on real events, you don't get to see the boring day to day stuff.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 8th, 2012 @ 1:02pm

      Re:

      Not necessarily, IT Guy was funny.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Baldaur Regis (profile), Mar 8th, 2012 @ 1:26pm

      Re:

      Are you kidding? Hacking is GREAT!! One time me and this girl hacked into a military computer over a dial-up modem...oh wait, that was "War Games". Well, I knew a girl whose identity was stolen online and...oh yeah, "The Net". Ooooh, there was a time I hacked satellites using just a cell phone...you're right, that was "Die Hard And Eat Helicopters" or whatever the fuck it was called.

      Well, shit. The reality I've been fed is far better than the reality I've led.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 8th, 2012 @ 2:15pm

        Re: "War Games"

        The movie "War Games" is what got me interested in computers. It remains one of my favorite movies to this day.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Rekrul, Mar 8th, 2012 @ 4:49pm

          Re: Re: "War Games"

          The movie "War Games" is what got me interested in computers. It remains one of my favorite movies to this day.

          I still like this movie, but even when I watched it, I knew how unrealistic it was. An acoustical modem might be able to dial the phone using touch-tone, but it can't hang up. There was no standard that would allow a terminal program to display hi-res graphics sent from a computer mainframe. No computer simply uses a password to login, without also needing a user name. Two different computer system wouldn't have exactly the same speech synthesizer. No code can be cracked one digit at at time, if it could, any code could be cracked in a matter of seconds. Even using random characters as opposed to cycling through the entire ASCII character set in sequence, it would only take the average computer of the time less than 30 seconds to crack the code. No computer accepts a numeric argument by spelling out the word.

          I'm letting the AI of the computer slide, because that was the main plot device of the movie.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Mar 9th, 2012 @ 12:56pm

            Re: Re: Re: "War Games"

            I don't know about you, but I had the exact same 'speech synthesizer' in my Commodore 64 as every other Commodore 64...
            the SID chip...

            Yes it could produce the exact same voice as wargames (within reason, some words had to be typed different for the 'text to speech' to make the right sounds).

            The sound capabilites of that machine were way beyond it's time...

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Mar 10th, 2012 @ 10:17am

            What I didn't get

            I didn't get the part where McKittrick asked David who he was going to Paris with. Hmmm, you'd think the fact that the reservation was made under the name MACK, JENNIFER K. would have given him a clue. (And given that, why wasn't the government after her as well?)

             

            reply to this | link to this | view in chronology ]

    •  
      identicon
      alex t, Oct 17th, 2012 @ 12:07pm

      Re: actually

      i have family high up in politics and law enforcement. ive met the head of narcotics investigation and one of the most honored undercover agents in california. i saw two books about four inches thick of him with the dirtiest darkest grimeyiest people around. and he was not any different. my aunt is the ambassador to Hungary and a few other people are well informed and involved first hand. the computer world may not reflect the hollywood world but the undercovers, the busts, the lies and craziness... all real, just not youre common everyday situation for most people in law enforcement. dont believe me, look up the tsakopoulos family, angelo and eleni, then find me (less accomplished in the political world) alexandros tsakopoulos. peace

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 8th, 2012 @ 1:21pm

    That comic is so (probably) true. I dunno, I'm not a hacker :)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mike @ Toy Hauler, Mar 8th, 2012 @ 4:20pm

    That is funny take on the two.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Rekrul, Mar 8th, 2012 @ 6:07pm

    It's not just hackers/hacking that Hollywood can't get right, it's pretty much all computer use...

    Computers beep as they print inch-tall letters to the screen.

    All error messages flash in giant letters, locking the entire computer.

    Any GUI operation can be accomplished by simply typing furiously on the keyboard.

    You can plug in a USB flash drive and it will instantly take over the entire computer without ever running any software and can download gigabytes of data in seconds.

    Any photo, no matter how low the resolution, can be "cleaned up" into a crystal clear, 10-megapixel image.

    Any password can be "hacked" by simply typing furiously on the keyboard.

    Computers can be set to erase the hard drive if you don't enter the right password and there is absolutely no way to prevent this, even if the hard drive is hooked to another computer system as a slave drive.

    Any data on a hard drive can be undeleted, even to the point where a decade worth of use can be recovered despite being overwritten dozens of times.

    Hard drives are like the warehouse at the end of Raiders of the Lost Ark, where files can be hidden away and it can take days or even weeks of digging to uncover them.

    Clear panes of glass make great monitors and it's not all distracting to be able to see through them to everything that's happening in the distance.

    Any computer system can instantly overlay any image or window on top of any other window, and it will be perfectly positioned without the user ever having to manually reposition it.

    All video chat systems are capable of sending full-screen video at 30 FPS, even over a WiFi connection.

    All software works on all computers regardless of the age or model of the computer.

    All third person video games allow you to control every individual muscle on your character, making it possible to perform any movement that you can do in real life.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      TtfnJohn (profile), Mar 8th, 2012 @ 6:19pm

      Re:

      You forgot that old standard of movies and television that has this annoying female Clippy voice loudly announcing "You have mail" at exactly the right time and moment.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 9th, 2012 @ 5:17am

      Re:

      HA! Excellent, thank you.

      I'm not anything like an expert at coding nor a particularly adept computer user and your list of movie liberties is spot on even for me. Heck, my standards for reality are so low I appreciate shows where a someone uses a mouse or a window opens with no audible fanfare whatsoever.

      Love the exciting music montages of people searching the internet...cause that is some heart-pounding stuff! The intense faces bathed in electric glow and suspenseful music tells me so!

      Sit still, Imagunna hack you:

      *types furiously*
      *punches ENTER*
      *winds up with paragraph of incomprehensible text*

      "His IP has him at Lexington and First! Go, go, go!"

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Lawrence D'Oliveiro, Mar 10th, 2012 @ 4:39pm

      Re: Hollywood Computers

      Don’t forget the spinning tape reels. You could see those in film and TV right into the 1980s, over a decade after they had fallen out of routine use in the computer room.

      Oh, and flashing lights were very popular, too. Even though computers as early as the 1970s no longer had very many of them.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 9th, 2012 @ 3:34am

    I'm gonna ping Techdirt to death.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Nacimota, Mar 9th, 2012 @ 8:50am

    I actually thought that scene from the Matrix Reloaded where Trinity is hacking the local network of a power station to be pretty damn realistic especially compared to most other depictions of hacking (or just general computer use >_>) in film and television.

    And what I really like about it is not just that it makes sense, but that she just does it; she doesn't sit around spewing unecessary (and poorly written) exposition for the audience's sake.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ben S (profile), Mar 9th, 2012 @ 4:25pm

    I got one too

    I got one of those Robert Hackerman calls once at my job. I deal with government benefits debit cards, things like food stamps, social security, unimployment, etc. Had some one call up, telling me he was with some IT firm, and wanted me to go to some website to test my encryption. Then paused to yell at his barking dog in the backyard, and came back to me. He hung up once I explained the internet is heavily filtered (can't access anything except the sites used to do my job, and official government websites such as NASA's site).

    We have our own IT department, there's no need to outsource to some other company when we have our own department. Even if we did, such a thing would go through our IT department, not through the agents. Barking dog in the back yard kind of gave away he's not really at an IT place, he's at his house. Encryption can be tested just fine with out needing to access a special website for the purpose. So many problems with his claim, and that's just off the top of my head. It's a good thing the internet is indeed filtered, or some one with Hollywood knowledge of computing might have fallen for it.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This