Hollywood Hackers Vs. Reality

from the CIP-#1,831-for-why-the-internet-is-scary dept

Thu, Mar 8th 2012 10:11am — Tim Cushing

Perhaps no single "demographic" is more misunderstood (and feared -- especially post-SOPA debacle) by Hollywood than "The Hacker." In the hands of the movie machine, hackers are portrayed as fast-talking (and fast-typing) young men (and very occasionally, women) with unfortunate hairdos, huddled around multiple screens making use of thoroughly impractical GUIs, all the while spouting a confounding mixture of instantly-outdated slang and acronyms.

Saturday Morning Breakfast Cereal breaks this down in an incredibly concise and incredibly awesome two-panel comic:

Maybe Hollywood uses this creative license to keep its fears at bay. It's got IT departments full of young men (and women) with unfortunate hairdos to handle anyone trying to DDOS its kilobytes, allowing it to breathe easy and sleep the deep sleep of the blissfully unaware. To confront the fact that anyone with half-decent social engineering skills could talk them and their underlings out of sensitive information is probably way too alarming.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hackers, hollywood

50 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 8 Mar 2012 @ 10:27am

That Bob Hackerman sure gets around, he's the inspector for my county too!
[ link to this | view in thread ]
MrWilson, 8 Mar 2012 @ 10:30am

"huddled around multiple screens making use of thoroughly impractical GUIs"

I love those thoroughly impractical GUIs. They're awesome. But they also point out that the hacker characters in movies are not only good at every type of hacking, cracking, and phreaking (which is unlikely), but they're also so talented in multimedia design that they could probably get better paying jobs doing freelance design while still able to choose their clients ethically and tell off corporate would-be clients.

At least the movie Hackers did show Johnny Lee Miller's character using social engineering to get access to the television station's network.
[ link to this | view in thread ]
Machin Shin (profile), 8 Mar 2012 @ 10:33am

Awww man, so your telling me that hacking into a mainframe won't really be like a sorry flight sim flying through a city? But, But what about hackers? You saying that movie was all just lies? Nooo!
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 10:35am

XKCD already went there:

http://xkcd.com/538/
[ link to this | view in thread ]
:Lobo Santo (profile), 8 Mar 2012 @ 10:52am

Re:
And that's why you pick an innocuous password like "please don't hit me anymore"--so even when drugged & beaten, they'll have your password and keep beating... you.

Hmm, maybe I didn't think that one all the way thru.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 10:56am

Tim, you forgot something...
Hackers are inevitably better with more people at the keyboard: http://www.youtube.com/watch?v=u8qgehH3kEQ
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 10:59am

Re: Tim, you forgot something...
The hackers better hope they don't know visual basic: http://www.youtube.com/watch?v=hkDD03yeLnU
[ link to this | view in thread ]
Machin Shin (profile), 8 Mar 2012 @ 11:04am

Re: Re:
I have more than once thought that "fuckyou" would be a good password for that reason. Then when FBI, ICE, DHS or whoever tries to get you to tell them the password you can gladly tell it right to their face.
[ link to this | view in thread ]
Machin Shin (profile), 8 Mar 2012 @ 11:13am

Re: Re: Tim, you forgot something...
Is it just me that just finds this kind of thing very sad now?

The early hacker movies it was ok. I mean the 80s and early 90s so few people had computers that you could make up just about anything and someone would believe it. There was even a certain charm to the sillyness of it.

Now it just comes across as being very sad that anyone is so computer illiterate.
[ link to this | view in thread ]
Ninja (profile), 8 Mar 2012 @ 11:21am

It's amusing how computers are either something alien or something that only contains the GUI for what the person is doing atm (ie: when lovers chat online their computers only have some alien messenger on it).

Reminds me of the last time I watched Independence Day (was like 2 months ago in a tedious day I watched like 25 mins of it): the spaceship had seats that were ergonomically designed for humans and came with seatbelts. Convenient. Computer has exactly the software required for the activity and nothing else. Convenient. Thousands of terabytes are transferred in a very short time despite physical limitations but when there's 1% left and the bad guys come in it slows down insanely. Convenient.

At least the hacking/technological movies provide us some quality comdedy ;)
[ link to this | view in thread ]
FormerAC (profile), 8 Mar 2012 @ 11:31am

Re:
At least the hacking/technological movies provide us some quality comdedy ;)

I call them unintentionally funny movies. Mission Impossible 2 comes to mind. Watched that on a flight from US to UK ... people around me were really confused why I was laughing so much.
[ link to this | view in thread ]
Michael Cruse, 8 Mar 2012 @ 11:39am

Re:
Great example and too funny.
[ link to this | view in thread ]
Liz (profile), 8 Mar 2012 @ 11:47am

Re:
It wasn't all lies. Angelina did look good in a dress.
[ link to this | view in thread ]
Machin Shin (profile), 8 Mar 2012 @ 11:56am

Re: Re:
She looked good before she had 5 pounds of silicone injected into her lips....
[ link to this | view in thread ]
another mike (profile), 8 Mar 2012 @ 12:17pm

Re: Re:
"What's your password?"
"Password."
"Yes, tell us your password!"
"Password."
Continue until you determine Who's on first.
[ link to this | view in thread ]
Rich Kulawiec, 8 Mar 2012 @ 12:47pm

Why bother hacking code...
...when hacking users is SO much easier?

One of the fundamental principles of best security practice is that you must always assume that your users are lazy, stupid, hostile or insane -- and design accordingly. Unfortunately, many operations omit this either because they don't want to face this unfortunate reality, or because they don't find it politically correct, or because they want to pretend that their users are magically different from everyone else's users. We see the results of this on a daily basis via forums like DataLoss, yet few modify their procedures as a result.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 12:51pm

Pro hint: To hack Facebook first determine the email used to create the account and try to use the same service used to create one, if all goes well the person who created the Facebook account created the account with an email address that he never uses and so it gets thrown out after 6 months, after which you can just create the same account again and ask to be sent the password by the Facebook's recovery system.

It also worked for Twitter, Orkut and any other service that uses emails for the creation of accounts.

You wouldn't believe how many people let those email accounts expire by not logging into them :)
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 12:52pm

Honestly a movie about what real hackers do would be boring as hell. No one would want to see it. It would be like Ishtar, Waterworld, etc... It's just like cop movies, do you really think cops are constantly undercover or busting international drug rings? Movies are fiction, and even when they are based on real events, you don't get to see the boring day to day stuff.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 1:02pm

Re:
Not necessarily, IT Guy was funny.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 1:13pm

Re:
How to foil that vector of attack:

User:
- Use email managers that logs into it automatically.

Company:
- Send users an email every 3 months and only let them login after they click on the email sent, so the account is never expired. With an explanation of why that happens and encourage users to use some sort of email manager with a full tutorial on how to set up one.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 1:21pm

That comic is so (probably) true. I dunno, I'm not a hacker :)
[ link to this | view in thread ]
Baldaur Regis (profile), 8 Mar 2012 @ 1:26pm

Re:
Are you kidding? Hacking is GREAT!! One time me and this girl hacked into a military computer over a dial-up modem...oh wait, that was "War Games". Well, I knew a girl whose identity was stolen online and...oh yeah, "The Net". Ooooh, there was a time I hacked satellites using just a cell phone...you're right, that was "Die Hard And Eat Helicopters" or whatever the fuck it was called.

Well, shit. The reality I've been fed is far better than the reality I've led.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 1:31pm

Re: Re:
...thus training them to read email with an HTML interpreter enabled (which is very stupid) and training them to reflexively click on the "keep my account alive link", which will make them excellent phish victims when someone decides to forge those keepalive notices.

Oh, and using a mail client that logs in automatically? Thanks. That'll make it much easier to grab user/password pairs from their (probably) unencrypted POP and IMAP sessions.
[ link to this | view in thread ]
Gwiz (profile), 8 Mar 2012 @ 2:10pm

Re: Re: Re:
I have more than once thought that "fuckyou" would be a good password for that reason.

Heh. Back in the day I was co-admin for a Novell 3.12 corporate network and we did a password security check. "fuckyou" was the forth most used password, after "password", "123456" and "letmein". We quickly instituted monthly password changes with no repeats, but that really didn't make the network much more secure since 90% of the users wrote their passwords on Post-Its on their cubicle walls or top desk drawer.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 2:15pm

Re: "War Games"
The movie "War Games" is what got me interested in computers. It remains one of my favorite movies to this day.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 3:11pm

Re: Re: Re:
Now you have 2 problems.....
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 3:12pm

Re:
Ask HBGary
[ link to this | view in thread ]
Lawrence D'Oliveiro, 8 Mar 2012 @ 4:01pm

Re: Why bother hacking code...
I don�t know why this is considered so new. Kevin Mitnick wrote a book about this, �The Art Of Deception�, years ago.
[ link to this | view in thread ]
Mike @ Toy Hauler, 8 Mar 2012 @ 4:20pm

That is funny take on the two.
[ link to this | view in thread ]
Rekrul, 8 Mar 2012 @ 4:35pm

Re:
Reminds me of the last time I watched Independence Day (was like 2 months ago in a tedious day I watched like 25 mins of it): the spaceship had seats that were ergonomically designed for humans and came with seatbelts. Convenient. Computer has exactly the software required for the activity and nothing else. Convenient. Thousands of terabytes are transferred in a very short time despite physical limitations but when there's 1% left and the bad guys come in it slows down insanely. Convenient.

Not that I think Independence Day is an especially intelligent movie, but I don't think it should be criticized unfairly.

The fighter that Will flew was the one that crashed many years and which the scientists had been rebuilding. It would make sense that they would install seats designed for humans so that when they figured out how to make it go, a human could pilot it. We're never shown the interior of an untouched alien fighter. For all we know, it might not have even had seats originally.

As for the amount of information transferred; I forget, does it ever explicitly mention/show how much data is being transferred? I only remember seeing a progress bar. If the amount wasn't stated, it's possible that they were only transferring a few megs.
[ link to this | view in thread ]
Rekrul, 8 Mar 2012 @ 4:49pm

Re: Re: "War Games"
The movie "War Games" is what got me interested in computers. It remains one of my favorite movies to this day.

I still like this movie, but even when I watched it, I knew how unrealistic it was. An acoustical modem might be able to dial the phone using touch-tone, but it can't hang up. There was no standard that would allow a terminal program to display hi-res graphics sent from a computer mainframe. No computer simply uses a password to login, without also needing a user name. Two different computer system wouldn't have exactly the same speech synthesizer. No code can be cracked one digit at at time, if it could, any code could be cracked in a matter of seconds. Even using random characters as opposed to cycling through the entire ASCII character set in sequence, it would only take the average computer of the time less than 30 seconds to crack the code. No computer accepts a numeric argument by spelling out the word.

I'm letting the AI of the computer slide, because that was the main plot device of the movie.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 5:43pm

Re: Re: Re:
The company can also send an encrypted key that must be remailed to them by that account, copy and paste.

POP and IMAP today are almost all encrypted by SSL, so how exactly somebody would sniff out those user/passwords?

Unless people are using their own email servers that are configured not to use any form off secure channel.
[ link to this | view in thread ]
TtfnJohn (profile), 8 Mar 2012 @ 6:02pm

Re: Re: Tim, you forgot something...
Who'd a thunk that you could do serious cracking or even white hat hacking with VB. Wow! Learn something new every day!

And here I was wasting my time with C++, Perl, Python, Assembler, Ruby and all those other allegedly real computer languages. I feel soooooooooo depressed!
[ link to this | view in thread ]
Rekrul, 8 Mar 2012 @ 6:07pm

It's not just hackers/hacking that Hollywood can't get right, it's pretty much all computer use...

Computers beep as they print inch-tall letters to the screen.

All error messages flash in giant letters, locking the entire computer.

Any GUI operation can be accomplished by simply typing furiously on the keyboard.

You can plug in a USB flash drive and it will instantly take over the entire computer without ever running any software and can download gigabytes of data in seconds.

Any photo, no matter how low the resolution, can be "cleaned up" into a crystal clear, 10-megapixel image.

Any password can be "hacked" by simply typing furiously on the keyboard.

Computers can be set to erase the hard drive if you don't enter the right password and there is absolutely no way to prevent this, even if the hard drive is hooked to another computer system as a slave drive.

Any data on a hard drive can be undeleted, even to the point where a decade worth of use can be recovered despite being overwritten dozens of times.

Hard drives are like the warehouse at the end of Raiders of the Lost Ark, where files can be hidden away and it can take days or even weeks of digging to uncover them.

Clear panes of glass make great monitors and it's not all distracting to be able to see through them to everything that's happening in the distance.

Any computer system can instantly overlay any image or window on top of any other window, and it will be perfectly positioned without the user ever having to manually reposition it.

All video chat systems are capable of sending full-screen video at 30 FPS, even over a WiFi connection.

All software works on all computers regardless of the age or model of the computer.

All third person video games allow you to control every individual muscle on your character, making it possible to perform any movement that you can do in real life.
[ link to this | view in thread ]
TtfnJohn (profile), 8 Mar 2012 @ 6:16pm

Re: Re: Re: Re:
But why bother with any of that when it's usually so easy. The password to my church's computer was "church", the email account was "church", the each users password was "church" and user names at various sites were "anglican" and password "church".

Then three of the users wondered how they had their identities stolen and why the computer got cracked into and the main hard drive thrashed a month after they got it!

Excuse? "Easy to remember" of course and being a church just who would want to crack it?

When I recovered the drive it had been acting as a seed for porn, and various forms of "piracy" which might explain the calls from the ISP about using way, way too much bandwidth.

Some of them hate me now because they're now restricted to passwords of 10 characters that have to use numbers, mixed case, special characters AND can survive a basic dictionary attack.

It's not that they're nitwits, it's just that their naieve and can't imagine why anyone would do THAT to a church computer.
[ link to this | view in thread ]
TtfnJohn (profile), 8 Mar 2012 @ 6:19pm

Re:
You forgot that old standard of movies and television that has this annoying female Clippy voice loudly announcing "You have mail" at exactly the right time and moment.
[ link to this | view in thread ]
Anonymous Coward, 8 Mar 2012 @ 10:50pm

Re:
"when there's 1% left and the bad guys come in it slows down insanely. Convenient."

Actually I always thought that was realistic. After all, they're using Windows aren't they?
[ link to this | view in thread ]
PaulT (profile), 9 Mar 2012 @ 1:48am

Re: Re:
"Not that I think Independence Day is an especially intelligent movie, but I don't think it should be criticized unfairly."

I criticise it as being a naked rip-off of V (by way of Childhood's End) and War Of The Worlds, with illogical plot points shoehorned in for no real reason (the "virus" angle only being there to homage Wells, for example, even though there's no logical reason it should work).

It's a brain-dead special effects movie that's only there to show some spectacular footage of things being blown up. A highly entertaining one, admittedly, but still...
[ link to this | view in thread ]
PaulT (profile), 9 Mar 2012 @ 1:49am

Re: Why bother hacking code...
The rule of thumb is that your systems are only as secure as their weakest point. Once the software and hardware become too difficult to hack, that leaves the people, and you can't always secure them...
[ link to this | view in thread ]
eclecticdave (profile), 9 Mar 2012 @ 2:02am

Re: Re: Re: Re:
You know what you get with "monthly password changes with no repeats"?

password1
password2
password3
password4
...

So then you really ramp up the security and insist on mixed case with mandatory punctuation characters ...

%Password1
%Password2
%Password3
%Password4
...
[ link to this | view in thread ]
Anonymous Coward, 9 Mar 2012 @ 3:34am

I'm gonna ping Techdirt to death.
[ link to this | view in thread ]
Anonymous Coward, 9 Mar 2012 @ 5:17am

Re:
HA! Excellent, thank you.

I'm not anything like an expert at coding nor a particularly adept computer user and your list of movie liberties is spot on even for me. Heck, my standards for reality are so low I appreciate shows where a someone uses a mouse or a window opens with no audible fanfare whatsoever.

Love the exciting music montages of people searching the internet...cause that is some heart-pounding stuff! The intense faces bathed in electric glow and suspenseful music tells me so!

Sit still, Imagunna hack you:

*types furiously*
*punches ENTER*
*winds up with paragraph of incomprehensible text*

"His IP has him at Lexington and First! Go, go, go!"
[ link to this | view in thread ]
Nacimota, 9 Mar 2012 @ 8:50am

I actually thought that scene from the Matrix Reloaded where Trinity is hacking the local network of a power station to be pretty damn realistic especially compared to most other depictions of hacking (or just general computer use >_>) in film and television.

And what I really like about it is not just that it makes sense, but that she just does it; she doesn't sit around spewing unecessary (and poorly written) exposition for the audience's sake.
[ link to this | view in thread ]
PaulT (profile), 9 Mar 2012 @ 9:03am

Re:
"I actually thought that scene from the Matrix Reloaded where Trinity is hacking the local network of a power station to be pretty damn realistic"

There's a reason for that.... the hack is a real SSH exploit!

http://nmap.org/movies.html
[ link to this | view in thread ]
Anonymous Coward, 9 Mar 2012 @ 12:56pm

Re: Re: Re: "War Games"
I don't know about you, but I had the exact same 'speech synthesizer' in my Commodore 64 as every other Commodore 64...
the SID chip...

Yes it could produce the exact same voice as wargames (within reason, some words had to be typed different for the 'text to speech' to make the right sounds).

The sound capabilites of that machine were way beyond it's time...
[ link to this | view in thread ]
Ben S (profile), 9 Mar 2012 @ 4:25pm

I got one too
I got one of those Robert Hackerman calls once at my job. I deal with government benefits debit cards, things like food stamps, social security, unimployment, etc. Had some one call up, telling me he was with some IT firm, and wanted me to go to some website to test my encryption. Then paused to yell at his barking dog in the backyard, and came back to me. He hung up once I explained the internet is heavily filtered (can't access anything except the sites used to do my job, and official government websites such as NASA's site).

We have our own IT department, there's no need to outsource to some other company when we have our own department. Even if we did, such a thing would go through our IT department, not through the agents. Barking dog in the back yard kind of gave away he's not really at an IT place, he's at his house. Encryption can be tested just fine with out needing to access a special website for the purpose. So many problems with his claim, and that's just off the top of my head. It's a good thing the internet is indeed filtered, or some one with Hollywood knowledge of computing might have fallen for it.
[ link to this | view in thread ]
Anonymous Coward, 10 Mar 2012 @ 10:17am

What I didn't get
I didn't get the part where McKittrick asked David who he was going to Paris with. Hmmm, you'd think the fact that the reservation was made under the name MACK, JENNIFER K. would have given him a clue. (And given that, why wasn't the government after her as well?)
[ link to this | view in thread ]
Not an Electronic Rodent (profile), 10 Mar 2012 @ 10:43am

Re: Re: Why bother hacking code...
Once the software and hardware become too difficult to hack, that leaves the people, and you can't always secure them...
Even basic hardware/encryption is usually more secure than the average user and it's often cultural for the organisation to some extent. The same organisation that will lay out 10,000's of dollars/pounds on cool security gizmos/ IPS / Secure ID tokens etc are all too often the same ones where you can't get anyone senior outside of IT itself to care that users write their passwords on paper and stick them to the monitor.
Can remember running a standard off the shelf password cracker on the user database a number of years ago for an organisation I worked for. Within 10 minutes it had 80% of the passwords (~200 users) and less than 3% lasted the 12 hour run (unsuprisingly mostly the IT dept passwords). On the strength of that I managed to insist on password strength limitations being implemented, but even then it took serious arguing to not have that rolled back when the users started complaining.
[ link to this | view in thread ]
Lawrence D'Oliveiro, 10 Mar 2012 @ 4:39pm

Re: Hollywood Computers
Don�t forget the spinning tape reels. You could see those in film and TV right into the 1980s, over a decade after they had fallen out of routine use in the computer room.

Oh, and flashing lights were very popular, too. Even though computers as early as the 1970s no longer had very many of them.
[ link to this | view in thread ]
alex t, 17 Oct 2012 @ 12:07pm

Re: actually
i have family high up in politics and law enforcement. ive met the head of narcotics investigation and one of the most honored undercover agents in california. i saw two books about four inches thick of him with the dirtiest darkest grimeyiest people around. and he was not any different. my aunt is the ambassador to Hungary and a few other people are well informed and involved first hand. the computer world may not reflect the hollywood world but the undercovers, the busts, the lies and craziness... all real, just not youre common everyday situation for most people in law enforcement. dont believe me, look up the tsakopoulos family, angelo and eleni, then find me (less accomplished in the political world) alexandros tsakopoulos. peace
[ link to this | view in thread ]