SecureState Blog

Read SecureState's award winning blog.

Relatively Realistic and Completely Unrealistic Hackers in Fictional Media

With our recent pleasant surprise at the realistic nature of hacking in the movie Blackhat, we decided to find a few other realistic depictions of hacking in fictional media. While everyone has seen ridiculous hacking examples in movies (think of Michael Douglas strapping on VR goggles in Disclosure, or almost anything inLawnmower Man), realistic depictions of hacking are not so easy to come by. Some of the SecureState team got together and found their favorite examples of realistic and not-so-realistic hacking in movies and TV shows.

 

Realistic

Felicity Smoak, from the TV show Arrow

felicity_smoak

On the show Arrow, Felicity Smoak becomes the main character’s hacker ally, providing him with a variety of information and hacks, all from a relatively practical viewpoint. While of course various liberties are taken with the sheer amount of information and access she gains (this is a TV show, after all), the overall scope of her activities remains relatively bound to reality. She gains access to various records and systems in a somewhat realistic way, and even occasionally runs into other security experts and issues of older, non-digitized records. For being a character on a superhero TV show, Smoak and her abilities remain relatively grounded in reality.
Humorously, the pilot episode for the show did feature an arrow that magically allowed the protagonist to hack into a bank system by remaining wedged in a wall. So perhaps the writers saw how ridiculous this was, and decided to err on the side of realism in developing Smoak.

Lisbeth Salander, from the books and movies in the The Girl Who… series

lisbeth_salander

Lisbeth Salander is one of the more popular recent examples of fictional hackers that is, for the most part, relatively accurate. Though some of the specifics of her methods have been criticized as being a bit nonsense (see here), the general overall depiction of her goals and overall methods is incredibly accurate. In particular, the amount of time and effort she needs to perform any of her attacks, often for relatively minimal payoff, is incredibly accurate. While many fictional hackers are shown pulling money out of random bank accounts with a few strokes of a keyboard, Salander puts in hours of work.

Interestingly, a few of Salander’s hacks in Larsson’s original books have become common techniques currently. While the details of stealing someone’s computer to install keylogging software on it are a bit far-fetched, keyloggers are a common attack method, thought usually they are installed using malware that the attacker gets the victim to run unknowingly. Similarly, one attack in the novel talks about setting up a false website on a bank account to show the victim that nothing is occurring, while on the real website, money is being withdrawn constantly, a method that is becoming a common issue.

Lyle, from the 2003 version of The Italian Job

lyle

In the 2003 remake of The Italian Job, the critical traffic light hacking is done by Lyle, a disgruntled hacker who claims to have invented Napster. While the methods he uses to do this are fairly accurate (within the confines of a Hollywood movie), what most sticks out about this particular hacker is how his hack highlights some of the major problems facing modern utility companies. By hacking into the traffic systems of Los Angeles, Lyle is able to set up a route for his team, and cause major havoc with the traffic flow in the city. While this is a bit far-fetched, it does highlight how much control one attacker could have if able to gain access to a utility or other municipal system in a highly populated area.

Unrealistic

Stanley Jobson, from the movie Swordfish

stanley_jobson

Where to start with this one, maybe one of the worst examples of fictional hackers ever. What’s weird about Stanley Jobson is the he was clearly written by someone who had at least sort of heard of hacking, but then everyone else involved in the movie didn’t really bother to do much research when filming. Sure, there is the gratuitous use of 3d file systems that was so common in 90s movies involving anything high tech (as seen in Hackers, Disclosure, etc.), but then there are even weirder things, such as a worm that is apparently coded in AutoCAD, a program designed for creating 3d designs/prints for actual objects, not computer viruses. Stanley makes specific reference to using an old PDP-10 mainframe to get into the government, which would be fine if any of the computers he was then supposed to use to do this showed a PDP-10 interface, which none of them do. Of course, this goes without even mentioning the ridiculous interview sequence in which Stanley manages to hack into the Department of Defense by basically mashing random buttons on a keyboard.

Q, from the movie Skyfall

Q

There’s plenty of hacking going on in this movie, but one scene in particular sticks out as a particularly egregious example of completely fake hacking. When MI6 finally gets ahold of the villainous Silva’s laptop, they bring it to Q to hack into, which some pretty obviously hilariously fake results. Right away, q makes a basic mistake that no forensic investigator would make: he plugs the laptop directly into the MI6 network. This turns out to only be a minor detail compared to what follows, as the tools Q uses to hack into the system look a lot more like something from a strange videogame than the command line prompts that would be most familiar to anyone who has done this line of work. On top of this, Bond himself manages to recognize some plaintext just lingering in the various bits of theoretically encrypted code scrolling by on the right of this interface, which turns out to be the “key” to the villain’s plans conveniently stored on this laptop. This key then magically runs the weird wireframe interface into a map of London. Oh, and then the laptop that Q stupidly hooked into the MI6 network? Of course it is used as an easy attack vector into the MI6 network, as if we couldn’t see that coming. Well, OK, somehow Q couldn’t.

Honorable Mention for Not Being Realistic, but We Still Like Her Anyway

Penelope Garcia, from the TV show Criminal Minds

penelope_garcia

Sure, some of the hacks she does border on ridiculous/impossible, and the timeframe she usually can get them finished in is not at all close to realistic, but that’s OK. We are still pretty happy she is a decent character on a well-known TV show who hopefully teaches people that hackers aren’t something to be completely afraid of at all times.

Why Is It So Easy To Go Wrong?

Depicting hacking in a movie and making it entertaining is clearly not an easy task, which leads many filmmakers to using silly interfaces to spice things up visually while often just ignoring basic facts and techniques of the trade. This is pretty understandable, as actually watching someone hack is not particularly visually interesting, but doing this poses some big problems for security experts, as it convinces people that hackers can do things they can’t, or can work in strange mysterious ways that non-hackers can never understand. While there are certainly many advanced techniques and technologies used by hackers and security experts alike, turning these techniques into virtual magic only makes the entire idea of security seem completely outside of the abilities of a normal person. In reality, most hacking relies on simple social engineering that people can often avoid by being a bit more aware. By making hacking efforts in movies and TV shows more realistic, filmmakers and TV showrunners could make people more aware of how these things work, debunking their fears while also helping them make themselves a bit more secure.