The Top Five Most Fun Cybersecurity Mistakes in TV and Movies



[ This article was originally published here ]

By Dave Cartwright, CISSP 

The mysterious world of cybersecurity can sometimes be wildly misrepresented on-screen, causing challenges for professionals charged with educating colleagues and other users. 

Movie and TV screenwriters have been known to play fast and loose with the facts. Any car involved in an accident, no matter how minor, explodes in a hideous fireball. Everyone can find an on-street parking space right outside their house. Whenever text appears on a computer screen there’s a clicky-beepy sound for each letter that appears. 

No wonder, then, that the role and actions of cybersecurity can sometimes be even more wildly misrepresented and exaggerated on-screen. Today we are taking a look at our favorite five examples of where cybersecurity was misrepresented in the name of entertainment.

1. “Greetings, Professor Falken”

Let’s start with one for the less youthful readership. Back in 1983, writers Lawrence Lasker and Walter Parkes came up with the most high-tech film in years: WarGames. The US military gurus decided they couldn’t rely on humans to launch nuclear weapons, so they configured a computer to do it instead. Matthew Broderick, then a typical-looking youth playing a stereotypcial geeky youth, broke into the computer and inadvertently set a nuclear attack in train. How did he manage this? Well, it kind of helped that the defence bods put a modem connection on their most dangerous computer, and the bonus was a back-door password that was the six-letter name of the creator’s dead son. All in upper case. And of course, as part of the adventure he breaks out of NORAD HQ, one of the most secure military bases in the US, if not the world.  

But does this class as a cyber “mistake”? After all, it’s inconceivable these days that anyone would ever skip security checking program code and would then connect a super-sensitive military server to the internet (or in this case the public telephone network), with a simple password and no multi-factor authentication, isn’t it?  

 2. Let me just plug this in, 007 …

The James Bond franchise is, as I’m sure anyone reading this is aware, rife with amazing – and occasionally technologically possible – gadgets and equipment. Bond’s is provided by “Q Branch” of MI6, frequently to the delight of the marketing department of Aston Martin. Magnetic watches, cigarettes that fire darts and Lotus Esprits that blow up when broken into are all just part of the day job for “Q”, the head of the branch. And some technology keeps reappearing thanks to its usefulness – not least handprint/fingerprint-recognizing guns that have appeared several times in movies like Casino Royale (the Daniel Craig one) and the movie we’re thinking of here: Skyfall. 

In which Q is given the bad guy’s laptop, plugs it into the MI6 LAN, and with a single cable insertion opens the scriptwriters up to a vast opportunity for “Someone just hacked MI6 via their best spy and top technical guru” creativity.  

3. Who needs to declare a war?

This is one for readers on the eastern side of the Atlantic. In 2022, U.K. TV company Channel 4 launched an exciting new series, “”, featuring a cyber-oriented misinformation attack on the UK by Russia.  

It’s full of entirely believable activity, particularly in GCHQ, the UK’s main tech/intelligence agency. In a single episode we see a student on a one-year placement analysing the code of a key piece of malware, copying it onto a USB stick (GHCQ is clearly too secure to have to worry about locking down USB ports), passing the stick to a crypto specialist by leaving it on a lunch table (from where he picks it up, hiding it in a cloth), tailgating a veteran through a secure door, and then joining said veteran for a picnic in a disused, closed down intelligence establishment. Oh, and then meeting a shady-looking stereotypical hacker-type in a hoodie at a trade show. 

All entirely plausible, clearly. 

4. Terrible Lizards*

Pausing just for a moment to reflect on the fact that the cry of the Velociraptors is actually based on a recording of tortoises mating, we move on to recall that John Hammond – the fictional creator of the fictional Jurassic Park in the 1993 blockbuster of the same name – was focused more on frog DNA than on the principle of Least Privilege. The IT bad guy of the movie – Dennis Nedry, played by Wayne Knight – is able single-handedly to disable the security systems of the park, along with the power to the tourist-carrying pickups, in order that he can steal dinosaur embryos for a competitor in exchange for a tasty bribe. We should have seen this coming given that at one point a “video call” (a concept not widespread in those days) is clearly just a QuickTime movie playing on a Mac, complete with the “thumb” steadily moving from the far left of the window (at the start of the “call”) to the far right (at the end). And lo and behold, Nedry can kill all these important systems and safety defences with no “second pair of eyes” and completely undetectably (at least until big lizards start eating people, that is). 

* The word “dinosaur” derives from the Greek for “terrible/monstrous lizard”. 

5. Independence Day

We’ll finish with another action movie blockbuster. Will Smith is clearly a man determined to interact with CGI-based extra-terrestrial life at every opportunity (think Tommy Lee Jones: “Congratulations, Reg, it’s a … squid”). In Independence Day, Will is at the forefront of dealing with an alien attack. The aliens’ spacecraft are clearly protected by some funky defense technology, and no amount of bows, arrows, BB guns or nuclear armaments will do any good against them. Jeff Goldblum – playing the stereotypical role of “handsome geek” realises that by infecting the mothership’s systems with a computer virus, they can cause the ships’ shields to fail, making them susceptible to Earth’s weapons. So, Will flies them in a crashed-and-captured alien ship (which takes zero training to fly, and the script doesn’t allow him time to read the manual) up to the mothership, whose commander is dumb enough to think: “Ah, that’s clearly one of ours, we’ll let it in”. Jeff plugs in, uploads the virus and hands out the cigars, and Will flies them home. Either they had a really poor Wi-Fi password or Jeff had precisely the right cable to connect into the ship’s computer. That bit is never explained, even in the director’s cut! 

The thing is, though, as someone pointed out to me when I was chatting about writing this article, it shouldn’t be all that surprising that Jeff was able to plug into the alien mothership’s systems.  

After all, USB is the Universal Serial Bus … 

Ad





Source link