Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/20/2017
04:30 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail

6 Times Hollywood Got Security Right

Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.
2 of 7

Sneakers (1992)
One of the first films to include hackers in its plotline, Sneakers was referenced by both experts as an instance where cybersecurity was both accessible and realistic to viewers. The heart of the story -- that technology could decrypt everything -- made people think about a question we still face: What if there were no digital secrets?
Sneakers highlights the multi-disciplinary approach someone could take to exploit a bank, Devost explains. It walks viewers through a hacker's steps of breaking into alarm systems and testing system security. It shows how calls can be rerouted to different locations around the world.
Commercial encryption algorithms also play a role, albeit in a dramatized way. Viewers learn about the concept of a 'master key' and the realistic implication of that key being used to steal money and sensitive information. The film also sheds light on social engineering.
'It gave us a lot of examples back in the '90s when we were trying to explain social engineering,' says Cobb. 'We could explain it with Sneakers.'
(Image: Iunewind via Shutterstock)

Sneakers (1992)

One of the first films to include hackers in its plotline, Sneakers was referenced by both experts as an instance where cybersecurity was both accessible and realistic to viewers. The heart of the story -- that technology could decrypt everything -- made people think about a question we still face: What if there were no digital secrets?

Sneakers highlights the multi-disciplinary approach someone could take to exploit a bank, Devost explains. It walks viewers through a hacker's steps of breaking into alarm systems and testing system security. It shows how calls can be rerouted to different locations around the world.

Commercial encryption algorithms also play a role, albeit in a dramatized way. Viewers learn about the concept of a "master key" and the realistic implication of that key being used to steal money and sensitive information. The film also sheds light on social engineering.

"It gave us a lot of examples back in the '90s when we were trying to explain social engineering," says Cobb. "We could explain it with Sneakers."

(Image: Iunewind via Shutterstock)

2 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
4/26/2017 | 7:05:29 PM
Re: You missed one.
I agree!! The Millenium series has the best representation of the hacking techniques!  But maybe it was not included in this article as not initially created by Hollywood...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
4/25/2017 | 1:30:29 PM
Sneakers, Hackers
It's been quite some time since I've seen Sneakers, but I definitely remember it as being among the less sensationalized and more "accurate" depictions of hacking.

Incidentally, I seem to recall the movie Hackers having some ridiculousness in it -- but it did offer one cool trick: That you can turn any (landline) phone into a rotary phone -- if, for some reason, dialing directly isn't a feasible or desirable option -- by simply tapping the hang-up clicker X number of times for each number.
SecretSquirrel96
50%
50%
SecretSquirrel96,
User Rank: Apprentice
4/24/2017 | 12:54:37 PM
Enemy of the State
Going to have to disagree on enemy of the State having anything realistic about it at all, let alone anything to do with Cyber Security. The only thing close to getting it right in that movie, was the fact the NSA exists.

Beyond that it was a typical Hollywood version of reality.

When you start of the movie with the murder of a politician by an NSA director, you lose all credibility in the realism category.

NSA doesn't, task or control imagery satelittes, nor are they re-tasked in real time or streaming live video, that's just completely ridiculous

 

 
Shantaram
50%
50%
Shantaram,
User Rank: Ninja
4/24/2017 | 2:56:32 AM
Re: 192.168.0.1
Excatly! Nice post, i really enjoyed to rea it. THanks
ANON1248385514336
100%
0%
ANON1248385514336,
User Rank: Strategist
4/21/2017 | 11:29:49 AM
You missed one.

This article for me was kind of a "Duh" moment. There's no major epiphanies here. What about "Girl with the Dragon Tattoo". For me, the brief glimpse of a SQL injection attack elevated the proficiency of the character way more than any portrayed hacker before that movie.

Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11500
PUBLISHED: 2020-04-03
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
CVE-2020-11501
PUBLISHED: 2020-04-03
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks ...
CVE-2020-4273
PUBLISHED: 2020-04-03
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.
CVE-2019-18905
PUBLISHED: 2020-04-03
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux En...
CVE-2018-17954
PUBLISHED: 2020-04-03
A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUS...