Hollywood Hacks & Hackers

Hollywood’s depiction of hacking, on the big screen and in TV dramas or on Netflix, isn’t always accurate, to put it mildly. A closer look.

*

Flashy pop-ups and green-on-black text screens, with the occasional cat GIF thrown in for good measure, cannot gloss it over: When scriptwriters and directors want to show us what hackers (blackhat, whitehat, and everybody in between - character development!) actually do when plying their trade, reality is relegated to the backseat.

If you spend your days glued to your terminal, compiling piles of code or debugging software, you know first-hand how wrong they have it. Glamour? Suspension? The thrill of the hunt? Let’s get real.

Mr. Robot hides data in CD

Source: Mr. Robot

There are exceptions, though. Many readers are probably familiar with this picture. If you're not, it’s taken from the award-winning TV series Mr. Robot (USA Network). Mr. Robot deserves mentioning in this context as one of the few shows that gets it right (most of the time). It just ended with Season 4, so if you haven’t seen it already, I highly recommend it.

Elliot Alderson, the main character, burns the data he collects about his victims on disks labeled as music CDs.

That's because they are music CDs. Elliot actually hides the digital profiles of his victims in original audio files, and yes, this is a real tactic. In Mr. Robot, Elliot uses a real-life steganography program called “DeepSound”, which encrypts data and stores it within real audio files. It amazes me to which technical depth the writer Sam Esmail took this show.

biggercheese

Source: Bigger Than Cheeses

I'm mentioning Mr. Robot because the show proves that getting the details about hacking right doesn't need to get in the way of (visual) storytelling.

Let's hope it raises the bar going forward, because that bar needs serious raising. For example, did it ever occur to you that 90% of the hacking scenarios spun for the movies or TV could have been solved by simply cutting power to the affected device?

"Rerouting the Encryption"

Instead, you’ll get a crash course in tech jargon straight from the 1990s, like the classic “he’s breaching our firewall” or “I’ll reroute the encryption.” Come again?

On second thought, given the cybersecurity talent crunch, Hollywood may have an important role to play. Movies make hacking look so easy, you want to enlist on the spot in the cyber armies of the night.

Just imagine being able to button-smash commands into your terminal at nearly 500 words per minute, or to get your hands on the almighty Cyber Nuke. No, I’m not kidding:

Castle

Source: Castle (Season 8, Episode 8)

This is from ABC's TV series Castle (Season 8, Episode 8). Characters go back and forth with random “hacker popups”, the classic “%0-------50-60-70-80-90-100 FIREWALL BREACHED - OH NO HE’S IN”. Pretty legit, until...

...they come across the ultimate weapon to end all cyber conflicts. Dubbed the “Cyber Nuke”, a payload that when “dropped” obliterates any device that receives it. EMP effect? Perhaps. But not in the technical sense, more as in “Entertainment Must Prevail.”

Terminator 2

Source: Terminator 2: Judgment Day

Everybody (okay, give or take a few people) remembers the classic scene from Terminator 2, where little John Connor hacks the ATM for money. Inserts a stolen card, has a microcontroller hooked up to the card that reads him the pin number, bada bing, bada boom - jackpot. If only it were that easy.

Sign Me Up for NCIS School Already

The next scene comes courtesy of NCIS. In this episode of the CBS show, the Naval Criminal Investigative Service team discovers it's under online attack while the system intrusion is underway. Full-on IT nightmare:

NCIS

Source: NCIS

The part that really had me go “huh?” is how the girl in the scene is hammering the keyboard, and then the guy next to her joins to stop the attack.

Get this - two people, ONE keyboard. How does that work, exactly? Are their minds telepathically connected or something? Could I learn this at NCIS School?

If you think that was unusual, you’ll be in for a bonus surprise at the very end, when the NCIS boss pulls the plug to stop the attack.

Wait a minute. Did he just unplug the - monitor?

The Visual Basics of Tracking Killer IPs

The next nugget left me wondering: Is this how it sounds when scriptwriters just phone it in? The scene is taken from CSI. The story was humming along well enough - until, wait for it...

CSI: NY

Source: CSI: NY

So they’re apparently trying to track a killer’s location via his IP address. She goes forth, announcing, “I’ll create a GUI interface using visual basic, see if I can track down an IP address.”

For starters, the “GUI interface” may work as a tautology example - “interface” is what the “I” stands for in “GUI”. But how would it work to track an IP? Let’s better move on.

Under Siege 2: Dark Territory, 1995

Source: Under Siege 2: Dark Territory (1995)

This snippet was taken from Under Siege 2: Dark Territory from 1995. The main villain, Eric Bogosian’s character Travis Dane, has hacked into a satellite superweapon that can evaporate anything on earth with a laser beam.

So far, so Hollywood. In this particular scene, the villain’s evil efforts have hit a speed bump - until the resourceful Travis pulls a RAM rabbit out of the proverbial black hat.

To hack into a fax machine (don’t ask) that somehow got in the way of his machinations, he proclaims, “a gigabyte of RAM should do the trick.”

Of course, why didn’t we think of that? When in doubt, add a bit of RAM. I wonder what the team behind this movie thought the acronym RAM is standing for.

Lesson for Hacking Fax Machines in 2020

“Gigabyte” must have sounded like science fiction in 1995. Thankfully, not anymore.

So be sure to heed this wisdom from our forebears and program in those two gigabytes of RAM next time you’re trying to hack into a fax machine. In 2020, finding one will be the hardest part.

Hackers, 1995

Source: Hackers (1995)

This one's a classic. Hackers (1995) will always have a special place in my heart for being the cringiest Hollywood hacker experience.

Is it only me, or do almost all movies from the Eighties and Nineties that depict hackers feature random glowing cubes and enormous geometric bodies strewn all over the place?

In this particular scene, Eugene Belford (a.k.a. “The Plague”) is scanning the network for an intruder overusing one of the servers. The actual search taking place is visualized as a dynamic 3D geometric mapping of all the nodes on the net.

If you’re an IT admin, you know that this glowing depiction is as far from the real thing as you can get. But it’s been a convenient reference for a generation of geeks to point to when asked by Grandma or Uncle Albert what they do for a living.

There's Money in Them Glowing Cubes

Who doesn’t want to have a career in an exciting place like that? The movie Hackers drives that glowing cubes nonsense to an extreme.

To be fair, I cannot help thinking over-the-top cringe-worthiness is what the makers of this movie were shooting for. Just look at the all the shiny-leather-cum-gang-chain-cyberpunk costumes, 3D computer animations filled with glowing cubes, and jargon-heavy hacker group gatherings throughout the movie.

Johnny Mnemonic

Source: Johnny Mnemonic

Next on my list is Johnny Mnemonic. It takes geometry to the next dimension.

There is a scene where Johnny is trying to exfiltrate the data out of his brain implant (long story...), so he puts on two power gloves and virtual reality headgear and begins interacting with the computer. This scene, in which he takes over a Beijing hotel server, features (yup) flashy cubes, 3D vaults that look similar to those in video games, and other classic Hollywood hacking accessories.

Numb3rs

Source: Numb3rs

When IRC's Ship Comes In

Meet the crime drama show Numb3rs (CBS). In this scene (yes, that's a magical glowing cube in the picture), the protagonists are trying to pinpoint a hacker’s next moves. Get ready for “decode the backdoor” talk and other nonsense.

One of the characters, Amita, mentions the possibility of the attackers using IRC, and then launches into an explanation of how IRC works: “Think of it like shipping channels in the ocean, you can’t see them until a boat cuts through the water leaving a wave. Two boats meet in the middle of the ocean to swap a load of illegal drugs, you have to catch them in real-time!” Hm, thanks. No more questions.

Scorpion

Source: Scorpion

Okay, I call BS on this scene from a CBS TV series titled Scorpion. Walter O’Brien needs access to some airport software to prevent a bunch of planes from crashing due to a system bug.

Instead of just downloading the data the conventional way, he decides it would be a brilliant idea to drive underneath the plane and connect the server through an ethernet cable to a laptop, as the plane travels down the runway.

Jason Bourne, 2016

Source: Jason Bourne (2016)

The screenshot above is from Jason Bourne (2016). An old device called “DUBNA 48K” (a real Soviet computer from 1991) for whatever reason seems to have access to the CIA's new internal servers.

In the movie, the spooks know that this device is connected. They do nothing. We see that they see the device name and everything. They do nothing. More than 20 agents in that room are blankly staring at an old device taking data directly from their servers.

They use a “reverse shell” to trace the IP. You know, the internet address of where the attack originates. Instead of just blacklisting the IP or terminating its session, the agents gain access to the hacker’s regional power grid, cut power to the entire area from which the device is operating, so that the download sequence stops and the hacker disconnects.

Welcome to Hollywood.

*

As we can see, scriptwriters and directors have struggled with depicting cybersecurity or hacking for decades. Real-world sysadmins, incident response teams, and security specialists may get a call when things go wrong, but they still don't seem to have much input when such movies and TV shows come together on the set.

InfoSec insiders can still enjoy the comedic value of these productions, it certainly beats auditing code inside a cubicle for hours on end or scheduling overdue browser patches.

What do you think of my list of cringeworthy Hollywood hacking scenes? Did I miss any hidden gems? If so, tag us on Twitter @Authentic8 with your own findings. Happy Holidays - and take enough RAM into 2020, just in case you come across a fax machine!

Amir Khashayar Mohammadi - Amir Khashayar Mohammadi is a Computer Science and Engineering major who focuses on malware analysis, cryptanalysis, web exploitation, and other cyber attack vectors.