Hollywood's 7 Dumbest Hacking Depictions
Movies and TV shows too often use hacking as a <i>deus ex machina</i> device to resolve an impossible plot, but real hacking takes time, effort and lots of testing.
August 29, 2016
![A person in a black hoodie typing on a laptop with bunch of text overlaid over the image. A person in a black hoodie typing on a laptop with bunch of text overlaid over the image.](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt7992adc3ddbb07c4/64f0da643d73a3be84614ef5/01-hollywood-hack.jpg?width=700&auto=webp&quality=80&disable=upscale)
Source: Wikimedia Commons
It's not hard to energize the whitehat community – ask about their most ingenious hack or the time they foiled that really insidious attack. But their eyes really light up when asked about the dumbest hacking they've ever seen on television or in a movie.
Their most frequent complaint: Producers treat hacking as a deus ex machina device, using an impossible hack to resolve a plot point or push the story forward. Hence, the heaps of hacker praise for shows that work hard to get it right, like Mr. Robot.
None of the experts we contacted for this slideshow hesitated when asked for an example of a bad hacking depiction, in fact, most cited multiple examples. They were so forthcoming, you might almost conclude there's a lot of hate-watching among infosec professionals – that guilty pleasure derived from viewing supremely bad video and film content.
First, a little pity for Hollywood. Let's acknowledge that showing people typing at a keyboard – or watching code appear on a display -- isn't visually exciting ("We just paid $15 to watch people do stuff we can do at home for free.") We all know coding is painstaking and time-consuming, but that's a reality that producers and directors skip over in favor of a narrative that moves -- mustn't bore the audience!
In cutting those corners, Hollywood gets an awful lot wrong. Rather than pile on here and trash the content producers for the heck of it, we bring you this list of non-credible hacking portrayals to help dispel any remaining illusions among business leaders or consumers that computers can magically resolve problems. Really fast! And it always works the first time!
So unlike real life.
Here's to a clearer view of what hacking can and can't do for business users, and here's to a few laughs, which are always good for morale, productivity and better security.
"Thematically timely but dramatically inert," was how Rotten Tomatoes succinctly characterized 2015's non-thriller Blackhat. Fresh from playing Norse god Thor, chesty Chris Hemsworth gets tasked with hacking into the National Security Agency. Viola Davis, showing a range of emotion that would dumbfound a real FBI agent, hands him a laptop and mumbles a vague warning about avoiding detection. Cut away to some fast typing (a recurring bad hacker meme), then to Hemsworth's tense brow, and boom, he puts the hammer down on the NSA server and gathers all its secrets about you, me and everyone we know.
Of course, this was all before Shadow Brokers made hacking the NSA look as easy as Blackhat. But there are still questions about whether they hacked an actual NSA server or some proxy with NSA files on it. Regardless, Blackhat still makes real infosec professionals pelt their screens with popcorn.
The pilot episode of CBS drama Scorpion contains a scene that's ridiculous and clumsily executed. "An Ethernet cable is lowered from an airborne plane to a sports car in order to download a backup file that will fix a software bug and save 200 planes from crashing," said Kevin Haley, director, Symantec Security Response, in an email to Dark Reading.
Apart from the good fortune of a plane equipped with an extra 1,000 yards of Ethernet cable onboard, no commands are typed in to the laptop to start the downloading. "This leads me to believe this program must have some sort of magical protocol which just allows computers to sense the desires of each other," Haley added.
"Overall, if this ever happens again, I’d recommend using Wi-Fi."
The CSI franchise evokes plenty of Bronx cheers from hackers for the artistic license it's taken with technology, security and hacking. The CSI: Cyber spinoff (mercifully cancelled this year after two seasons) was never a hit. First, there's that word cyber, widely disliked by tech types and used by no one outside the Beltway. But the show bungled other details consistently, said Cris Thomas, strategist, for Tenable Network Security, also known by the hacker name Space Rogue.
"Hollywood has had a long history of doing tech wrong and CSI: Cyber is just one example of a TV show that focuses more on the flashy conceptualizations of cybersecurity and less on the actual feasibility and accuracy of hacking," Thomas told Dark Reading, in an email. "You don’t need wall-sized monitors to catch bad guys and you can’t use lead to block radio signals or analyze camera source code and uncover malware with the blink of a red light."
Thomas noted that the series also skips over the difficulty and complexity of reverse engineering and threat detection. "Identifying and responding to a critical cyber threat doesn’t happen overnight — it takes time, talent and technique," he said, a point that can't be reinforced too often.
Bob Diachenko of MacKeeper Security Research Center is a big fan of Marvel's Iron Man franchise and its re-purposing of all kinds of technology. But he blew the whistle on a particularly sloppy scene in Iron Man 2, where they got a little sloppy. "A Russian hacker coordinates a drone's activities with HTML code (!) and uses some completely unrelated Russian words and parameters," Diachenko told Dark Reading. "I speak Russian, so I can easily tell you that this snippet of code was just simply cut-and-paste from a random Russian online AC shop."
Gaffes like that are still surprising in an age of globalism, and content that's almost always geared to attract audiences all over the world.
More hands on deck means increased efficiency and less work, right? That's probably true in the Navy or on big construction projects, but it gets a little awkward in the data center when servers are under attack.
And not to pick on CBS, but its crime drama series NCIS tipped over into the comical when two security professionals, faced with a persistent server attack, start banging on the same keyboard in an infamous four-handed hacking scene. It's the server room equivalent of too many cooks spoiling the broth. Mark Harmon (also an NCIS producer) circumvents the bad guys and frenzied typists by yanking the plug on the server.
"Fast typing on the keyboard and a lot of pop-up windows makes the show and doesn't match reality," noted Yogev Mizrahi, a researcher with Hacked-DB. "Fast typing means you're a good hacker?"
Maybe. Or slamming those lattés a little too hard.
Another example of bad Hollywood hacking takes place in Firewall, a 2006 movie about a security expert (Harrison Ford) who designs systems for banks, til his family is kidnapped. The film can't decide whether it wants to be a hacking movie or something closer to The Fugitive, according to James Plouffe, lead solutions architect for MobileIron and a consultant to Mr. Robot.
"It has a number of terrible moments, but one occurs very early in the film with a pretty glaringly incorrect depiction of creating an IDS signature which is, in fact, just creating an access control list (ACL) blocking a network address, followed by some clumsy dialog from the junior member of the security team about how blown his mind is," Plouffe said, in an email to Dark Reading.
"Ford's character Jack is supposed to be one of the brightest security minds in the world," Plouffe added. "But given the chops he exhibited in the film, it's no wonder it feels like the bad guys are winning sometimes."
Bruce Willis is usually terrific at getting us to suspend our disbelief, but neither he nor the writers and producers can sell the tech fantasy they've cooked up in Live Free Or Die Hard. The franchise's fourth installment features villains who are able to hack every single computer in the US, noted Greg Bell, KPMG's cyber US leader. Though filmed in 2007, "it seemed to predict the connectedness of the Internet of Things, years before this was a common discussion," Bell said in an email to Dark Reading.
He also got a kick out of the "the combination of angry keystrokes, lack of mouse usage, and bright red warning graphics that pop up just to show the watcher that the hackers are being denied and have to find another route."
All that doesn't strain credulity so much as smash it to bits. But as several popular authors have noted, never let the facts get in the way of a good story.
Bruce Willis is usually terrific at getting us to suspend our disbelief, but neither he nor the writers and producers can sell the tech fantasy they've cooked up in Live Free Or Die Hard. The franchise's fourth installment features villains who are able to hack every single computer in the US, noted Greg Bell, KPMG's cyber US leader. Though filmed in 2007, "it seemed to predict the connectedness of the Internet of Things, years before this was a common discussion," Bell said in an email to Dark Reading.
He also got a kick out of the "the combination of angry keystrokes, lack of mouse usage, and bright red warning graphics that pop up just to show the watcher that the hackers are being denied and have to find another route."
All that doesn't strain credulity so much as smash it to bits. But as several popular authors have noted, never let the facts get in the way of a good story.
It's not hard to energize the whitehat community – ask about their most ingenious hack or the time they foiled that really insidious attack. But their eyes really light up when asked about the dumbest hacking they've ever seen on television or in a movie.
Their most frequent complaint: Producers treat hacking as a deus ex machina device, using an impossible hack to resolve a plot point or push the story forward. Hence, the heaps of hacker praise for shows that work hard to get it right, like Mr. Robot.
None of the experts we contacted for this slideshow hesitated when asked for an example of a bad hacking depiction, in fact, most cited multiple examples. They were so forthcoming, you might almost conclude there's a lot of hate-watching among infosec professionals – that guilty pleasure derived from viewing supremely bad video and film content.
First, a little pity for Hollywood. Let's acknowledge that showing people typing at a keyboard – or watching code appear on a display -- isn't visually exciting ("We just paid $15 to watch people do stuff we can do at home for free.") We all know coding is painstaking and time-consuming, but that's a reality that producers and directors skip over in favor of a narrative that moves -- mustn't bore the audience!
In cutting those corners, Hollywood gets an awful lot wrong. Rather than pile on here and trash the content producers for the heck of it, we bring you this list of non-credible hacking portrayals to help dispel any remaining illusions among business leaders or consumers that computers can magically resolve problems. Really fast! And it always works the first time!
So unlike real life.
Here's to a clearer view of what hacking can and can't do for business users, and here's to a few laughs, which are always good for morale, productivity and better security.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024