Spies and Hackers

I find it funny how this myth of an all powerful “hackers” that can break into any computer anywhere at any time is about as prevalent as the myth of super-spy. Most of us has really no idea of how average CIA agents workday looks like. Few of us actually know undercover agents, or much less know details of their work. So our image of a spy is almost entirely based on Ian Fleming’s or David Morell’s idea of what it means to be a spy.

You have to agree that James Bond, Jack Bauer, Sydney Bristow, and La Femme Nikita are not your ordinary, run of the mill spies. After all, you wouldn’t really think that Die Hard, Dirty Harry or Leathal Weapon are accurate depictions of police work. So why would we assume this for spies?

Same goes for the so called “hackers”. People who have no clue about computer security assume that some people possess mysterious magical skills that let them gain access to any computer in the world by just furiously typing on the keyboard for few minutes. People mistake their own stupidity for awesome hacker skills these days. After all, it does not matter that your OS is unpatched, that you have no firewall, that you have open wifi, that your passwords are weak and that you run easily exploitable services… Nope – it’s that the attacker has awesome 1337 skillz!

But it’s worst when these two myths come together, and you get techno-neophytes claiming that CIA has “hackers” that can do things “I can’t even imagine”. After all, I’m obviously not a “hacker”, and even if I was, I’m not a pro like those people at CIA. Besides – the government does not show their high technology to mere mortals anyway.

Garbage File

How do you argue with that logic? I tried explaining that all the technology we have right now works on pretty much the same basis. I tried to explain that the software written for CIA and Military is not developed by Techno Priests from Mars, or some top secret organization of super-coders but by normal software developers who went to the same schools and took the same classes as us mere mortals. All the software they have is the same type of shitty garbage we deal with on daily basis. Half of it is written by incompetent idiots who got the governmental contract cause their uncle is best buddies with a Senator. The other half is kludgey, buggy shit written in C or C++ ridden by the same buffer overflow issues that plagues most of modern software.

But somehow that just doesn’t register – I’m suspecting it’s because of Clarke’s third law…

Btw, I totally expect you guys to know what movie is that image from. 5 geek points for the first person to name it in the comments. Additional 5 points to anyone who will name a movie which depicts realistic security exploit (the movie that goes with this pic, is obviously not one of them).

Also, before you say something about 1337 “hackers” please see this post.

[tags]hackers, hacking, spies, spy, cia, software, technology[/tags]

This entry was posted in technology and tagged , . Bookmark the permalink.



27 Responses to Spies and Hackers

  1. Craig Betts UNITED STATES Mozilla Firefox Solaris Terminalist says:

    I think I can accurately say what hacking consists of. I worked at NASA for seven years in IT Security guarding against vile creatures.

    Most of the hacking attempts I saw were actually script kiddies, those people that find scripts that can get use a particular exploit and and then send it out to attack every machine they can on the internet. Yep, most of them just ride on other’s shoulders.

    These hackers never really bothered me too much. They mostly use Windows exploits. Every now and then I see and Apache buffer overflow attack hit my server at home, but still, I don’t shudder. First, if the attacker was smart, they would have first fingerprinted my system and discovered it was running on a Sun Enterprise system, which uses a totally different processor and requires a different buffer-overflow “slide”. Also, most Solaris admins activate the noexec_user_stack option to prevent buffer overflows to begin with!

    The hackers that bother me are the ones you never see. The professional will come and go without being detected. I know this is possible from doing forensics on a few systems and founds evidence of a file transfered with nothing showing in the firewall logs. Scary! Too bad it takes months of analysis to determine what happened in a few seconds.

    BTW- The image is from “Hackers”. Crappy movie, but it did have a few good shots of Ms. Jolie! :-D

    Reply  |  Quote
  2. Luke UNITED STATES Mozilla Firefox Ubuntu Linux says:

    Yup! 5 geek points to you sir. I think Hackers is one of those movies that are likable despite being horribly cheesy and laughable at times. :P

    But this kinda what I’m getting at. If someone actually made a true-to-life movie about people really trying to break into various systems it would probably be inexplicably boring for the average viewer. So Hollywood ends up sexing it up till it looks like magic. And for some reason, people wholeheartedly buy into that movie magic…

    Still – what movie shows a realistic depiction of hacking? Hint: in that movie you can see an nmap scan being performed, and then the unpatched ssh server on the target machine is attacked with the old SSH1 CRC32 exploit.

    If you google it, you may find it. :P

    Reply  |  Quote
  3. Wikke BELGIUM Mozilla Firefox Windows says:

    about computers in movies :d :
    1. Any PERMISSION DENIED has an OVERRIDE function.

    2. Complex calculations and loading of huge amounts of data will be
    accomplished in under three seconds. In the movies, modems transmit
    data at two gigabytes per second.

    3. When the power plant/missile site/whatever overheats, all the
    control panels will explode, as will the entire building.

    4. If you display a file on the screen and someone deletes the file,
    it also disappears from the screen. There are no ways to copy a
    backup file — and there are no undelete utilities.

    5. If a disk has got encrypted files, you are automatically asked for
    a password when you try to access it.

    6. No matter what kind of computer disk it is, it’ll be readable by
    any system you put it into. All application software is usable by all
    computer platforms.

    7. The more high-tech the equipment, the more buttons it has. However,
    everyone must have been highly trained, because the buttons aren’t labeled.

    8. Most computers, no matter how small, have reality-defying three-dimensional,
    real-time, photo-realistic animated graphics capability.

    9. Laptops, for some strange reason, always seem to have amazing real-time
    video phone capabilities and the performance of a CRAY.

    10. Whenever a character looks at a terminal, the image is so bright that it
    projects itself onto his/her face.

    11. Computers never crash during key, high-intensity activities. Humans
    operating computers never make mistakes under stress.

    12. (From Independence Day) No matter what kind of virus it is, any computer
    can be infected with it — even an alien spaceship’s computer — simply by
    running a virus upload program on a laptop.

    13. (From Jurassic Park) A custom system with millions of lines of code
    controlling a multimillion dollar theme park can be operated by a 13 year
    old who has seen a Unix system before. Seeing an operating system means you
    know how to run any application on that system, even custom apps.
    Note: What OS was it really running?
    (1) “These are super computers”. A CrayOS?
    (2) “Quicktime movie, Apple logo, trash can.” MacOS?
    (3) “Reboot. System ready. C:\” DOS?
    (4) “Hey, this is Unix. I know this” Unix?
    The computers in Jurassic Park were Cray supercomputers running the MacOS
    as a graphical shell of DOS all layered on top of a Unix base.

    14. You cannot stop a destructive program or virus by unplugging the computer.
    Presumably the virus has it’s own built-in power supply.

    15. You cannot stop a destructive program downloading onto your system by
    unplugging the phone line. You must figure out the mandatory “back door”
    all evil virus programmers put in.

    16. Computers only crash if a virus or a hacker is involved.

    17. All text must be at least 72 point.

    18. Word processors do not have an insert point.

    19. The only way to reboot is to shut off the main power to the building.

    20. Passwords can be guessed in three and exactly three tries. If you cannot
    guess the password in three tries, you must give up immediately.

    21. Any task or program can be executed by simply pressing Enter, no matter
    which program or window is in the foreground.

    22. All scanners, video cameras and digital cameras have a resolution of
    approximately 500 megapixels. Any image can be infinitely magnified with
    no pixelization.

    23. Security will not improve over time. Nonaffialiated personnel can take
    over a space ship without needing an account or access control.
    Corollary: Anyone can override access control lists in the future.

    24. All hackers wear black T-shirts or Hawaiian shirts.

    25. Incoming messages are displayed letter by letter. Email over the Internet
    works like telegraphs.

    26. Microsoft Windows doesn’t exist. Macintosh has a 75% market share.

    27. GUI operations, such as image selection and manipulation, can be handled
    easily and quickly via the keyboard.

    28. When someone is hacking a computer, he is typing his way through a dozen of different colored boxes with some weird text in it

    29. Every execution of a command or listing of found entries in a database is done with a high frequency tone

    Reply  |  Quote
  4. Craig Betts UNITED STATES Mozilla Firefox Solaris Terminalist says:

    Ah yes, the second Matrix movie and the ssh attack. Very nice!

    The one movie I thought that got close was Antitrust. Okay, it was a little over the top for the plot (Evil Bill kills OSS advocates), but the code actually looked like real code.

    Even War Games did pretty good with the old IMSAI system. Then again, who can forget the KeyPerfect output used in The Terminator (KeyPerfect was a program used to check your typing when entering Apple ][ programs from Nibble Magazine . . . am I showing my age now?).

    I can’t wait until data centers look like the computer room HAL was in 2001:A Space Oddyssy.

    Reply  |  Quote
  5. Luke UNITED STATES Mozilla Firefox Ubuntu Linux says:

    Thanks for that Wikke :) +5 points

    Craig gets +5 for identifying matrix, and cumulative +5 for Antitrust, War Games and Terminator.

    Oh, and btw – I’m gonna track these points here. This is really crude for now – I will make something nicer later on and link it from the sidebar.

    Not sure what I will do with this point system yet, but I’ll figure something out. :P

    Reply  |  Quote
  6. Luke UNITED STATES Mozilla Firefox Windows says:

    Craig – I liked Antitrust but yeah, it was a little over the top. Plus they kinda lost me when they did that whole hidden camera network, spying on independent programmers thing. :P

    I need to watch War Games again – I have seen it so long ago I can hardly remember anything from it.

    Reply  |  Quote
  7. Matt` UNITED KINGDOM Mozilla Firefox Windows Terminalist says:

    To add to the list of movie-hacking stuff:

    GUIs are never used for anything to do with hacking, coding or programming. All a ‘real’ computer user needs is a command line

    Despite the above, all hacking programs have large loading bars and flash “Complete” in red text when finished

    Code scrolls across the screen automatically and is written in a single large block with no formatting (other than being green) or line breaks. Hackers can watch this for a few seconds and determine the purpose of the program and how to break into it

    Everything is arranged into at least half a dozen columns, all moving at different speeds.

    When typing, no-one ever needs to stop to think, or hit the space bar

    Hackers can change which window is active without using the mouse – just carry on typing and the computer will figure out which command to send where

    The command “upload virus” is universal to all systems and automatically bypasses all the security and inserts the specific piece of malicious code you were thinking of

    Reply  |  Quote
  8. Craig Betts UNITED STATES Mozilla Firefox Solaris Terminalist says:

    Okay, Matt is reaching a little bit . . .

    GUIs are never used for anything to do with hacking, coding or programming. All a ‘real’ computer user needs is a command line

    Just about anything can be done on a computer via command line. Most hackers actually do use command line. Even Windows and MacOS can be easily manipulated via CLI.

    Hackers can change which window is active without using the mouse – just carry on typing and the computer will figure out which command to send where

    I hardly ever touch my mouse. Yes, you can manipulate windows without the mouse. [alt][tab] is one of the simpler combos that can be used. Some OSs have the equivalent to the Sun [front] key. For a while, I was even using RatPoison, a mouseless window manager for UNIX.

    I will now jump off my soap box . . .

    Reply  |  Quote
  9. Luke UNITED STATES Mozilla Firefox Ubuntu Linux says:

    GUIs are never used for anything to do with hacking, coding or programming. All a ‘real’ computer user needs is a command line

    Partially true. Lion share of the most popular and reliable security tools are actually CLI only (eg. nmap, netcat, tcpdump, john the ripper, nikto, etc…) But yeah – in the movies everything seems to be possible by rapidly taping on the keyboard without pressing the space bar. hehe

    Re: scrolling code – it always killed me when the dudes in Matrix pretended they can actually “read” the infamous scrolling green code. :P

    Reply  |  Quote
  10. Matt` UNITED KINGDOM Mozilla Firefox Windows Terminalist says:

    Ok fine, by my own definition I’m not a ‘real’ computer user, I’m hopelessly dependent on menus and buttons and so on

    but also, I basically copied these from somewhere else, I forget where but what I posted was the ones that stuck in my head

    and in the original I think the focus was more on how they can just frenetically type without pausing and have stuff happen. Moreover, have it happen at the speed that they can type more commands – nothing ever takes a second or two to do (and they never need to stop and think for a second about what to type)

    Reply  |  Quote
  11. Luke UNITED STATES Mozilla Firefox Windows says:

    Yes, and no one ever looks at the output of commands they type. Somehow all the movie hackers can read at the speed of light or something.

    Also this is relevant to our discussions: http://www.biggercheese.com/index.php?comic=332

    Reply  |  Quote
  12. teamcoltra UNITED STATES Mozilla Firefox Windows says:

    First:
    Hacker is a person looking for holes in a network for security purposes a *CRACKER* is a malicious hacker and the two shouldn’t be used interchangably (from leo laportes technology almanac 2000)

    Secondly from the picture:
    If a file was so important why would they keep it in the garbage?

    Reply  |  Quote
  13. Luke UNITED STATES Mozilla Firefox Windows says:

    Hacker is a person looking for holes in a network for security purposes a *CRACKER* is a malicious hacker and the two shouldn’t be used interchangably (from leo laportes technology almanac 2000)

    Actually, I subscribe to little different meaning – a hacker is someone who is enthusiastic about programming, groks the technology he works with, and finds innovative or elegant ways to solve problems. I posted about it a while ago. In my mind the term hacker is only loosely associated with security.

    For example you can be a perl hacker, or lisp hacker, or emacs hacker. It does not mean you are a security expert. Just an expert at what you do.

    If a file was so important why would they keep it in the garbage

    You didn’t watch that movie, did you? The files pictured contain a virus that can be used to sink oil tankers :roll: and it’s in the garbage, because it’s “hidden”. Yes, the movie is lame, but it has some good bits and young Angelina Jolie. :)

    Reply  |  Quote
  14. I watched them but I was really young when the 1st one came out… and fairly young when the second two came out.

    Yeah well Leo Laporte wins because hes like my geek idol.

    Reply  |  Quote
  15. Luke UNITED STATES Mozilla Firefox Windows says:

    Second one? There was no second one.

    The pic was from Hackers (1995) [imdb]. There was no sequel to that movie.

    :)

    Reply  |  Quote
  16. I thought we were talking about the matrix >.

    Reply  |  Quote
  17. Luke UNITED STATES Mozilla Firefox Windows says:

    Hehe… Come on, the comments about Angelina Jolie should have been a dead giveaway.

    Matrix actually did some pretty realistic stuff in addition to the crazy cgi stuff. When Trinity breaks into the power plant’s system you can see nmap output on her screen, and then catch a glimpse of her running an old ssh exploit to root the system.

    Reply  |  Quote
  18. Half my post got cut off because I like to use the anime face…
    I was 5 when Hackers came out.

    The most recent hacking movie i saw (that wasnt swordfish because i only watch that to see the scene with hallie barrie topless) is FireWall Which wasn’t half bad…

    Reply  |  Quote
  19. karen UNITED STATES Internet Explorer Windows says:

    Okay, y’all. Other “hacker” movies:

    Sneakers (1992)

    The Conversation (1974)

    Real Genius (1985)

    Enemy of the State (1998)

    Tron (1982)

    Revolution OS (2001)

    Depends on what you term “hacking”. The Conversation is about electronic surveillance, so it’s definitely hardware intensive.

    Sneakers deals with theives and spies, but it’s a good flick.

    Real Genius is just an awesome geek movie, again hardware intensive.

    And, of course, Tron is a classic. And just so you can make fun of me, I waited in line at the theater all day to see that movie when I was a kid. (Saw Star Wars in the theater when it was first released, too!).

    Revolution OS is, of course, a documentary, and is definitely the most true to life.

    Best “hacker” book of all time: The Cuckoo’s Egg by Cliff Stoll.

    – krf

    Reply  |  Quote
  20. Luke Maciak UNITED STATES Mozilla Firefox Windows says:

    I saw Tron – not in a movie theater though. I was 1 year old when it came out. LOL

    I haven’t seen the rest. I probably should. I’m putting them on my “movies to see” list. Especially Sneakers – everyone keeps asking me if I saw that movie.

    Reply  |  Quote
  21. Craig Betts UNITED STATES Mozilla Firefox Mac OS Terminalist says:

    I saw Tron – not in a movie theater though. I was 1 year old when it came out. LOL

    Now I feel old . . .

    Tron will always have a special place in my heart. I saw it in the theater and used to watch it on an almost weekly basis with my best friend all through our school years. I have it on just about every form of media it was released on including VHS (three versions plus 20th anny), Betamax, Video Disc (the original one where you slid the entire sleeve into the machine), later video disc, DVD (original and 20th anny).

    I even got to meet Steven Lisberger, Richard Taylor and Frank Serafine at Video Games Live last September. LINKY

    Reply  |  Quote
  22. Crrash UNITED STATES Internet Explorer Windows says:

    An ex-hacker myself. Over time the term hacker changes due to the public and the media. Why? The answer to this can be very complicated and hard to understand. But one thing is for sure the gov. and media always has an answer for everything which they do. I think that they have changed the worlds opinion about hackers. I will see you all soon, as hack-the-world is coming “SOON”!HARD TO UNDERSTAND it will come to you all soon,

    Reply  |  Quote
  23. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux says:

    Nah. I doubt that the government had anything to do with bastardization of a jargon term that initially had positive connotation along the lines of “someone incredibly good with computers” into “someone who breaks into your computer”.

    Btw, I love how you commented on a post alluding to the movie “Hackers” with your email being zerocool but your display name says Crash. LOL

    For those who don’t get the joke – these are two h4x0r nicknames used by the protagonist in the movie.

    Reply  |  Quote
  24. jambarama UNITED STATES Epiphany Ubuntu Linux Terminalist says:

    I think the new Transformers and new Die Hard both have some terribly laughable “hacker” parts. The very thought that there are these phenomenally talented “hackers,” that can break anything, just sitting around in poverty and obscurity is ridiculous. Never mind Transformers was only a good movie if you cut out the people and muted the dialog, the whole “Kevin Mitnick can launch nuclear warheads by getting his hands on a phone” needs to go. Hackers are not all powerful. The talented ones have decent paying jobs (in security if they have ethics, elsewhere if not). If you want to find a hacker, read nmap (or equivalent) lists, and those contributing to things like metasploit.

    Reply  |  Quote
  25. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux says:

    Yeah, transformers also had that “staring at code streaming across the screen faster than you could read while randomly typing at the keyboard”, the 3 dimensional floating code and super ultra graphical effects for hacking :P

    Didn’t watch the newest DieHard though.

    It’s funny how they all want to have some cool technology shit in their movies to pretend they are all cool, modern and hip, but no one ever bothers to hire a consultant or do the research into these things. Sigh…

    Reply  |  Quote
  26. Pingback: Terminally Incoherent » Blog Archive » Live Free or Die Stupid (aka Die Hard 4) UNITED STATES WordPress

  27. Adam UNITED STATES Mozilla Firefox Windows says:

    What about Freedom Downtime, and Takedown for serious hacker movies?

    Reply  |  Quote

Leave a Reply

Your email address will not be published. Required fields are marked *