Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/12/2016
12:10 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Snowden May Help Explain Your Job To Your Family

Hacking Oliver Stone's new film about whistleblower Edward Snowden.

Snowden is not "Mr. Robot." The new Oliver Stone biopic about whistleblower Edward Snowden, which opens Friday, is not peppered with inside jokes and perfect technical accuracy that only hackers will get (although the terms "SQL injection" and "zero-day" are appropriately tossed off without explanation). Rather, it's the sort of movie infosec pros should bring their family, friends, and non-geek dates to -- all those people who don't understand what you do for a living.

The Snowden film showed to a packed room and an overflow room during a pre-screening Sunday at the Central Library in Brooklyn, just across the river from downtown Manhattan on the 15th anniversary of 9/11. The pre-screening was followed by a short Q&A with director Oliver Stone and Ben Wizner, Snowden's attorney and director of the ACLU's speech, privacy and technology project. 

The film also will hold interest for some people inside the industry. And for those who have been teetering on the fence for years about their feelings about Edward Snowden's actions, it may sway their opinions in his favor; he is very indelibly portrayed as the hero. It's also entertaining.

"I was worried the whole time that this thing was going to be a bore," said Stone during the Q&A. He noted that there are no car chases or shoot-outs in Snowden (although the beginning of the film does include some very Stonesque screaming drill sergeants and muddy soldiers straining over obstacles). 

Stone is clear that Snowden is neither a documentary nor a spy movie. "It's a drama," he said.

It's a character-driven piece. Joseph Gordon-Levitt in the title role admirably shows Snowden progress from someone who encourages his new girlfriend to question "the liberal media" and criticizes people peacefully protesting the government to someone holed up in a Hong Kong hotel room with reporters planning to reveal the information that would make him an enemy of the state.  

The film follows Snowden's progression up the ranks through the CIA, a shifting relationship with a CIA recruiter (hauntingly, subtly played by Rhys Ifans) who shifts from mentor to Big Brother, and a growing understanding of the extent of amount of data being collected. It shows how the stress put strain on his relationship with his girlfriend (Shailene Woodley) and contributed to him developing epilepsy. Stone said he believes that developing epilepsy may have played a role in Snowden's actions because it made him more aware of his mortality, even at a young age.   

Although Snowden isn't stuffed with lingo and inside jokes, infosec pros may find other things to identify with: the moment when Edward first decides to tape over his laptop webcam; and the struggle of trying to urge loved ones to improve their cybersecurity without being able to disclose all the confidential details of why.

For the infosec uninitiated, one of the most important and educational scenes is a sequence where Snowden explains work he was doing for the CIA in Japan. It explains how collecting surveillance targets' metadata can ultimately lead to collecting bartenders' conversations with their mothers. Snowden describes a system of US intelligence implanting malware on the critical infrastructure of its allies -- from Japan to Austria -- so that in case they are ever not allies, the US is prepared to shut them down at any time.

Stone said that of course this was the scene was was most urged to cut. However, he said that the scene shows the dangers the world is facing, and left it in.

Wizner asked the audience if it made them "connect with the subject matter more viscerally," to which many hearty "yesses" and nodding heads.

The performances are strong throughout, and while a cameo by Nicolas Cage is particularly humorous, the largest chuckle might have been after a clip of Director of National Intelligence James Clapper giving testimony that the NSA does not collect any type of data at all on millions or hundreds of millions of Americans.

This week alongside the release of the film, Wizner said there will be renewed efforts to secure a presidential pardon for Snowden. A petition is available at PardonSnowden.org. 

"I hope this film is going to do a lot of good for [Edward Snowden, too]," said Wizner. Snowden is currently residing in Moscow, and would be tried under the Espionage Act if he were to return to the US now. Wizner said that in his opinion when Snowden returns there should be "not a conversation about what his punishment should be, but a conversation about whether we've thanked him sufficiently." 

Related Content:

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/20/2016 | 11:58:14 AM
Re: Black tape.
@Whoopty: Precisely why so many security professionals are actively advising people now to write their passwords down...provided that:

1) They keep the password writings in a truly safe location (e.g., NOT on the computer monitor, NOT on their desk or in their top desk drawer, NOT in a notebook that's labelled "Password Minder" in big letters, etc.), and

2) They use long, truly entropy-filled (esp. computer-generated, for maximum randomization) passwords.

If your password is going to be "password123!" then there's little utility in writing it down (and if you make that your password and still can't remember, then maybe you should be grounded from using your devices).  But if writing your password down is what it's going to take to make you pick truly long and complex passwords that are full of entropy, then maybe that's what you should do.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/15/2016 | 7:42:16 AM
Re: Black tape.
Oh I know that headache. So often when I help fix someone's system it's because they did something dumb security wise. 

It's just not possible to take on everyone's security responsibilities though. I can't remember all of your passwords and mine!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/14/2016 | 1:26:02 PM
Re: Black tape.
I get poked fun at a lot for my secure approach to passwords.  (One person I know once changed a (low-risk/low-exposure, albeit) password of theirs to "QWERTY" for a time just to try to annoy me.)
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/13/2016 | 7:52:35 AM
Re: Black tape.
Totally agree. I have the same reaction with my giant passwords and consistent changing, their uniqueness. It's something most just don't put the effort into.

However I am interested to watch Snowden. I like Joseph Gordon Levitt a lot, so am interested to see how he plays the 'character.' 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/13/2016 | 5:08:17 AM
Black tape.
My own loved ones have called me crazy to tape over and block my webcams.  I've called them crazy not to.
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3278
PUBLISHED: 2021-01-26
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVE-2021-3285
PUBLISHED: 2021-01-26
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
CVE-2021-3286
PUBLISHED: 2021-01-26
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
CVE-2021-3291
PUBLISHED: 2021-01-26
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
CVE-2021-3297
PUBLISHED: 2021-01-26
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.