Hacking in Hollywood

I said this before, and I’ll say it again – I can’t stand Hollywood movies about hackers or hacking. I just can’t deal with that shit. The classic Hackers is possibly the single notable exception to this rule. And that’s because this movie is actually a clever satire – it takes the popular culture image of a hacker, and the average Joes concept of what hacking is, turns it up to 11 and then ads a dash or realistic jargon, or real references here and there. It is a ruthless caricature poking fun at the hipster image of a hacker existing in the media and the so called “hacker culture” perpetuated by script kiddies who think they are 1337. I have no clue whether or not this satirical layer was added intentionally, or whether it simply emerged because later Hollywood productions tried to imitate it. In ether case the sheer badness of the film caused an integer overflow and as a result it became good again. And I guess it’s all that matters.

Of course a if you manage miss the joke completely you can still enjoy the movie as a campy, off-beat fun ride. Everyone wins. End result is a cult classic loved by computer professionals and clueless people alike – often for very different reasons. Few others have ever accomplished anything similar. In most cases any attempt to portray “hacking” on the silver screen ends up in a massive load of epic fail. As an example I give you a scene from the movie Swordfish:

Can anyone explain to me what is going on in here? Cause to me it kinda looks like this guy is playing some sort of 3d puzzle game. He is typing on the keyboard like a madman, cursing, jumping around and etc… In the meantime his (obligatory) multiple screen rig is showing some funky animation depicting cubes of shimmering code falling into place, scrolling text and lots of blinking lights. It’s silly!

Most Hollywood movies depict hacking this way. Some sort of abstract, incomprehensible activity that apparently involves a lot of frantic typing without using a space bar. But it doesn’t need to be this way. Here is a hacking scene from the matrix. Watch closely on what shows up on Trinity’s monitor:

Did you catch it? You can clearly see the characteristic output of Nmap (a very popular port scanning tool), and then exploits the very real, but also very old ssh vulnerability to take control of the remote system. This depiction was so realistic, that the British Computer Society felt compelled to release a joint statement at the time, urging movie goers not to attempt to emulate it.

To a lay person both scenes would look equally incomprehensible and cryptic right? In both cases we see characters type stuff on the keyboards, and see some scrolling commands and text output that is really not essential to the story. The Hollywood produces usually assume that since an average person doesn’t know the first thing about hacking they might as well make the activity visually pleasing.

The thing is that people do know how hacking looks like. Anyone who uses their computer for more than browsing Myspace and chatting on AIM knows that what you see in the Swordfish scene (or the scenes from the Hackers movie for that matter) are totally fictitious. Unless you are a lumberjack and live in a log cabin in a middle of a forest with no electricity you probably know a programmer, sysadmin, or an IT guy of some sort. Or at the very least you may know that computer whiz kid from the neighborhood who fixes your laptop whenever you infect it with to much spyware.

There is a certain way computer interfaces look, and there is a certain flow to a typical computer operation. I think that most movie goers these days realize that “hacking” into a computer system involves activities such as running programs, typing in commands, and for example looking stuff up on the internet. Most people realize that this whole “typing really fast, to control some 3d animation on the screen” thing is incredibly silly. In fact I have seen it parodied, joked about and made fun of in mainstream media well outside the usual geek circles.

So why does Hollywood insist on insulting our intelligence this way? Why do they show us shiny animation assuming that we wouldn’t understand what was going on in the first place. Some people will probably argue that showing “real hacking” would be irresponsible. I would naturally laugh, and explain the concept of full disclosure to these people. Think about this logically:

  1. No one says that Hollywood needs to show new, cutting edge zero day vulnerabilities
  2. Besides, a zero day vulnerabilities would be old news long before the official move premiere
  3. Including an old vulnerability in a blockbuster movie would possibly make people nervous and force them to finally patch their systems – so it would be a benefit for everyone
  4. No one says you need to show a step by step tutorial – what Matrix did was perfect – they made up a script with a made up name, and then stated it is exploiting the ssh crc32 vulnerability

Showing just glimpses of real exploits, or inessential bits of code is not irresponsible, or dangerous. It is no more dangerous than showing your average episode of Myth Busters on TV. After all, Myth Busters use real physics and chemistry principles to make things blow up like every week. You know – the stuff you could look up in your high school physics/chemistry book – they use that stuff. How is using basic, common knowledge computer science and computer security principles to do privilege elevation or remote exploits any different?

All I’m asking is this: if your movie revolves around hackers, hacking, security exploits or programming, please, please, please hire a technology consultant and for god’s sake listen to him. Ask him to write down a list of technical jargon terms the characters should know, and pointers on their usage. Have him write sample lines the characters could say while hacking/programming. Have him work with the post-production team to create appropriate visuals. That’s it! One guy, few hours of work. Whatever you will need to pay this dude is probably insignificant to the amount of money you spend for the CGI, pyrotechnics and the stunt work.

Seriously, if you know nothing about computers why do you think you can write and/or direct a good movie about hackers and/or programmers? When you are making a movie about police men, soldiers, firemen, lawyers or salesmen you probably bring in a specialist who explains to you and the actors how the things are done in his profession, makes sure you use an appropriate lingo, and don’t make huge blunders. No one seems to be doing that for computer related stuff though. It seems that it is easier to just make stuff up instead.

This entry was posted in entertainment and tagged . Bookmark the permalink.

16 Responses to Hacking in Hollywood

  1. Allan Viz PHILIPPINES Mozilla Firefox Windows says:

    I remember a comic strip about a topic like this.. better look for it again

    Reply  |  Quote
  2. Craig Betts UNITED STATES Mozilla Firefox Solaris Terminalist says:

    My favorite clip is from Jurassic Park when 3DFM is ran from a C: prompt and the girl says,”I know this . . . this is UNIX!”. Pure classic.

    Antitrust got pretty much everything right. All the code looked legit. Even real IP address space. No wonder it didn’t last at the box office . . . too realistic.

    Reply  |  Quote
  3. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux Terminalist says:

    @Allan Viz: Was it the “Bigger than Cheeses” one where he just pulls out the ethernet cable out of the wall?

    @Craig Betts: Was Antitrust the movie in which the big bad Microsoft like company installs cameras in the basements of Open Source developers to steal their code instead of just downloading it from their repository?

    Yeah, it was good until it turned into science fiction/conspiracy theory thing totally missing the point I thought it was trying to make. I thought it was about a big company profiting from ripping off GPL code. Instead we had the pseudo-bill-gates jumping out yelling “All your codes are belong to us”. Wasted potential. :(

    Reply  |  Quote
  4. ZeWrestler UNITED STATES Mozilla Firefox Windows says:

    You know, neglecting the cheesy graphics and lack of a space bar, the swordfish scene could be in while doing a coding marathon.

    Reply  |  Quote
  5. astine UNITED STATES Mozilla Firefox Linux says:

    I can explain the Swordfish thing. It’s really simple. The government decided ‘move beyond’ the basic password and encryption paradigm in securing it’s data and moved into the ‘tetris security’ paradigm. That is, all secure data is protected by a video game interface and only those dedicated enough to ‘beat the cube’ will gain access to the data.

    It’s worked flawlessly so far. There have been no exploits of which anyone knows. This may change of course when somebody decided to read the manual and figure out how to use ‘cat log.’

    Reply  |  Quote
  6. jambarama UNITED STATES K-Meleon Windows Terminalist says:

    Most of my favorites have got to be from TV. Everyone knows this one, but enjoythis one too. Sometimes words fail me.

    Reply  |  Quote
  7. jambarama UNITED STATES K-Meleon Windows Terminalist says:

    [I]f you know nothing about computers why do you think you can write and/or direct a good movie about hackers and/or programmers? When you are making a movie about police men, soldiers, firemen, lawyers or salesmen you probably bring in a specialist who explains to you and the actors how the things are done in his profession, makes sure you use an appropriate lingo, and don’t make huge blunders. No one seems to be doing that for computer related stuff though. It seems that it is easier to just make stuff up instead.

    I can answer this one. Because the people writing these crap movies are crap writers & don’t do enough research. Jurassic Park surprises me a bit – Newman has some embarassing lines too – but it should be no suprise a movie banking on Hallie Berry’s rack for an audience didn’t do due diligence.

    I think on another level, no one but techies care. I have a journalist friend who is always upset about the way real journalists are portrayed in movies. My chemist friend hates movies invovling any type of chemistry. My physicist uncles won’t see summer blockbusters anymore, they’re too painful. You don’t have to be a physicist to appreciate this either – speaking of bad tech, you saw Die Hard 4. I know people who thought the fighter jet hovering in a stationary position was *cool.*

    So I don’t think tech is mistreated any more by careless writers than any other profession you can think of. You and I just notice more.

    Reply  |  Quote
  8. Luke Maciak UNITED STATES Mozilla Firefox Windows Terminalist says:

    @ZeWrestler: Yeah, that’s true. It was just the first silly hacking video I stumbled upon. I probably should have dug deeper for something more ridiculous. But I’m pretty sure everyone here got my point. :)

    @astine: OMG! That is brilliant! I’m totally migrating my data to Tetris encryption like tomorrow!

    @jambarama: Heh! The GUI using Visual Basic to get an IP is actually plausible. That is to say I actually knew people like that. Seriously, I can totally picture that happening and then the girl spending next 3 weeks coding it, delivering half assed, buggy app and getting a raise and becoming the talk of the department.

    Then they finally the director summons the sysadmin and tells him to deploy this ground breaking VB app on all the machines. The sysadmin tries to explain but the director insists that the VB app is better because it has a GUI and awesome splash screen and a cute 3D animation of a running dog that is displayed during the 5 minutes the app takes to “initialize”.

    Yep, yep, yep. I have seen it before!

    The other one is just pathetic though. I wonder if Ubisoft got paid for the product placement. :P

    As for the professional people hating on movies that talk about their profession – I think you are onto something. This seems to be universal!

    I recall reading Matthew Baldwin’s blog (defective yeti ) where he mentioned that his wife (a botanist by trade) totally hates Lost because the tropical island where the action takes place for some reason has a temperate zone vegetation all over it. :P Although that one I guess could be explained by hand waving and saying that the out-of-place vegetation is there because a) the island moves in time and space (and thus could have started in a different climate) and b) it could have been brought there by dharma people or something like that.

    But yeah, I guess Hollywood people just don’t do research into any area as rule. :P

    Reply  |  Quote
  9. Mats Rauhala FINLAND Mozilla Firefox Linux says:

    It’s been ages since I read Michael Crichtons Jurassic Park book, but he does write sufficiently good scifi books, so the unix-jargon might have been taken from the book.

    Crichton collects a fair amount of background information before writing a book, even though he then exaggerates certain points which then make the plot.

    If my memory serves me correctly, in the book Prey, the protagonists friend has a shirt that reads something along the lines: “Beware, as I am the root”.

    Reply  |  Quote
  10. Steve CANADA Mozilla Firefox Windows Terminalist says:

    It’s not only hacking that Hollywood gets totally wrong…look at guns. First of all, there’s no such thing as a silencer that makes a gun go “pzzzzt”, second, there’s no way a guy is going to fly back and smash through a window after getting shot. Maybe if he got hit by a canonball, but a bullet does not have enough mass to do that.

    Then there’s cars that explode for no reason (well, Pintos did, but they were another thing all together).

    Reply  |  Quote
  11. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux Terminalist says:

    @Mats Rauhala: Actually I think there might have been a reference to unix in the book but Crichton probably got away with just by avoiding most of the technical detail altogether.

    I also remember there were many completely arbitrary departures from the book in there that made no sense. The most jarring was probably swapping kids around. I think that in the book the girl was younger and the boy was the computer geek who “knew unix”. In the movie they swapped them around having an older girl and a younger boy. Why? My guess is nepothism. Someone’s daughter/son needed a role in that picture. :P

    @Steve: Not to mention that an average pistol can usually fit 50+ rounds in it’s magazine. Or, you know – whatever number is dramatically appropriate. It may be a 100 sometimes.

    I especially like when the hero loads his revolver with 8 rounds, and then shoots 16 times in a row. Fun!

    I also love how in the movies you can just turn over a table and use it as cover. Somehow the 1/4″ of plywood becomes bullet proof when you hide behind it. The bullets may be smashing through door, walls and other furniture but that crappy IKEA table – perfect cover!

    Reply  |  Quote
  12. hrvojeah CROATIA Mozilla Firefox Windows says:

    In the last Bourne film you can see Zenmap when they hacking/scannig something. It was a pleasant surprise.

    Reply  |  Quote
  13. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux Terminalist says:

    @hrvojeah: Wow, people actually use a GUI for nmap? Jesus, there is a gui for everything. :P

    What next? A GUI version of Ping? Oh wait… Never mind

    Reply  |  Quote
  14. Jacqueline UNITED STATES Mozilla Firefox Linux says:

    Aw, c’mon, the Swordfish scene is totally believable – he’s just playing that cube game as a “break,” you know, just for a minute or two while this or that script is running, or while “compiling.”

    Reply  |  Quote
  15. Pingback: How to portray hackers in the media « Terminally Incoherent WordPress

  16. Electronic Rogue Internet Explorer Windows says:

    I hate Die Hard 4. Makes me jump out the window.

    I watched it with my 5 yr old bro. Now everytime the elevator stops working he tells me to start it up by hacking into it with my computer….

    Hollywood…R u kidding me?

    Reply  |  Quote

Leave a Reply

Your email address will not be published. Required fields are marked *