Attacks/Breaches

8/29/2016
01:20 PM
Terry Sweeney
Terry Sweeney
Slideshows
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

Hollywood's 7 Dumbest Hacking Depictions

Movies and TV shows too often use hacking as a deus ex machina device to resolve an impossible plot, but real hacking takes time, effort and lots of testing.
Previous
1 of 8
Next

Image Source: Wikimedia Commons

Image Source: Wikimedia Commons

It's not hard to energize the whitehat community – ask about their most ingenious hack or the time they foiled that really insidious attack. But their eyes really light up when asked about the dumbest hacking they've ever seen on television or in a movie.

Their most frequent complaint: Producers treat hacking as a deus ex machina device, using an impossible hack to resolve a plot point or push the story forward. Hence, the heaps of hacker praise for shows that work hard to get it right, like Mr. Robot.

None of the experts we contacted for this slideshow hesitated when asked for an example of a bad hacking depiction, in fact, most cited multiple examples. They were so forthcoming, you might almost conclude there's a lot of hate-watching among infosec professionals – that guilty pleasure derived from viewing supremely bad video and film content.

First, a little pity for Hollywood. Let's acknowledge that showing people typing at a keyboard – or watching code appear on a display -- isn't visually exciting ("We just paid $15 to watch people do stuff we can do at home for free.") We all know coding is painstaking and time-consuming, but that's a reality that producers and directors skip over in favor of a narrative that moves -- mustn't bore the audience!

In cutting those corners, Hollywood gets an awful lot wrong. Rather than pile on here and trash the content producers for the heck of it, we bring you this list of non-credible hacking portrayals to help dispel any remaining illusions among business leaders or consumers that computers can magically resolve problems. Really fast! And it always works the first time!

So unlike real life.

Here's to a clearer view of what hacking can and can't do for business users, and here's to a few laughs, which are always good for morale, productivity and better security.

 

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/3/2016 | 5:02:00 PM
Re: The Net
@Terry: I feel like War Games gets a pass because it almost qualifies as a sort of semi-apocalyptic sci-fi.

But then, I've never actually seen it all the way through.
T Sweeney
50%
50%
T Sweeney,
User Rank: Moderator
9/2/2016 | 7:01:12 PM
Re: The Net
Hi Joe: Yeah, The Net popped up on some the contributions we got. War Games too.

Ahh, the '80s and '90s!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/2/2016 | 2:26:57 PM
The Net
Mid-90s Sandra Bullock vehicle The Net could have easily been on here too.

The funny thing is that, as utterly preposterous as that movie was at the time, today a lot of it is not so far-fetched at all.
RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security Auditor,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335
PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334
PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-10099
PUBLISHED: 2018-11-20
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-17906
PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.