I said this before, and I’ll say it again – I can’t stand Hollywood movies about hackers or hacking. I just can’t deal with that shit. The classic Hackers is possibly the single notable exception to this rule. And that’s because this movie is actually a clever satire – it takes the popular culture image of a hacker, and the average Joes concept of what hacking is, turns it up to 11 and then ads a dash or realistic jargon, or real references here and there. It is a ruthless caricature poking fun at the hipster image of a hacker existing in the media and the so called “hacker culture” perpetuated by script kiddies who think they are 1337. I have no clue whether or not this satirical layer was added intentionally, or whether it simply emerged because later Hollywood productions tried to imitate it. In ether case the sheer badness of the film caused an integer overflow and as a result it became good again. And I guess it’s all that matters.
Of course a if you manage miss the joke completely you can still enjoy the movie as a campy, off-beat fun ride. Everyone wins. End result is a cult classic loved by computer professionals and clueless people alike – often for very different reasons. Few others have ever accomplished anything similar. In most cases any attempt to portray “hacking” on the silver screen ends up in a massive load of epic fail. As an example I give you a scene from the movie Swordfish:
Can anyone explain to me what is going on in here? Cause to me it kinda looks like this guy is playing some sort of 3d puzzle game. He is typing on the keyboard like a madman, cursing, jumping around and etc… In the meantime his (obligatory) multiple screen rig is showing some funky animation depicting cubes of shimmering code falling into place, scrolling text and lots of blinking lights. It’s silly!
Most Hollywood movies depict hacking this way. Some sort of abstract, incomprehensible activity that apparently involves a lot of frantic typing without using a space bar. But it doesn’t need to be this way. Here is a hacking scene from the matrix. Watch closely on what shows up on Trinity’s monitor:
Did you catch it? You can clearly see the characteristic output of Nmap (a very popular port scanning tool), and then exploits the very real, but also very old ssh vulnerability to take control of the remote system. This depiction was so realistic, that the British Computer Society felt compelled to release a joint statement at the time, urging movie goers not to attempt to emulate it.
To a lay person both scenes would look equally incomprehensible and cryptic right? In both cases we see characters type stuff on the keyboards, and see some scrolling commands and text output that is really not essential to the story. The Hollywood produces usually assume that since an average person doesn’t know the first thing about hacking they might as well make the activity visually pleasing.
The thing is that people do know how hacking looks like. Anyone who uses their computer for more than browsing Myspace and chatting on AIM knows that what you see in the Swordfish scene (or the scenes from the Hackers movie for that matter) are totally fictitious. Unless you are a lumberjack and live in a log cabin in a middle of a forest with no electricity you probably know a programmer, sysadmin, or an IT guy of some sort. Or at the very least you may know that computer whiz kid from the neighborhood who fixes your laptop whenever you infect it with to much spyware.
There is a certain way computer interfaces look, and there is a certain flow to a typical computer operation. I think that most movie goers these days realize that “hacking” into a computer system involves activities such as running programs, typing in commands, and for example looking stuff up on the internet. Most people realize that this whole “typing really fast, to control some 3d animation on the screen” thing is incredibly silly. In fact I have seen it parodied, joked about and made fun of in mainstream media well outside the usual geek circles.
So why does Hollywood insist on insulting our intelligence this way? Why do they show us shiny animation assuming that we wouldn’t understand what was going on in the first place. Some people will probably argue that showing “real hacking” would be irresponsible. I would naturally laugh, and explain the concept of full disclosure to these people. Think about this logically:
- No one says that Hollywood needs to show new, cutting edge zero day vulnerabilities
- Besides, a zero day vulnerabilities would be old news long before the official move premiere
- Including an old vulnerability in a blockbuster movie would possibly make people nervous and force them to finally patch their systems – so it would be a benefit for everyone
- No one says you need to show a step by step tutorial – what Matrix did was perfect – they made up a script with a made up name, and then stated it is exploiting the ssh crc32 vulnerability
Showing just glimpses of real exploits, or inessential bits of code is not irresponsible, or dangerous. It is no more dangerous than showing your average episode of Myth Busters on TV. After all, Myth Busters use real physics and chemistry principles to make things blow up like every week. You know – the stuff you could look up in your high school physics/chemistry book – they use that stuff. How is using basic, common knowledge computer science and computer security principles to do privilege elevation or remote exploits any different?
All I’m asking is this: if your movie revolves around hackers, hacking, security exploits or programming, please, please, please hire a technology consultant and for god’s sake listen to him. Ask him to write down a list of technical jargon terms the characters should know, and pointers on their usage. Have him write sample lines the characters could say while hacking/programming. Have him work with the post-production team to create appropriate visuals. That’s it! One guy, few hours of work. Whatever you will need to pay this dude is probably insignificant to the amount of money you spend for the CGI, pyrotechnics and the stunt work.
Seriously, if you know nothing about computers why do you think you can write and/or direct a good movie about hackers and/or programmers? When you are making a movie about police men, soldiers, firemen, lawyers or salesmen you probably bring in a specialist who explains to you and the actors how the things are done in his profession, makes sure you use an appropriate lingo, and don’t make huge blunders. No one seems to be doing that for computer related stuff though. It seems that it is easier to just make stuff up instead.