I find it funny how this myth of an all powerful “hackers” that can break into any computer anywhere at any time is about as prevalent as the myth of super-spy. Most of us has really no idea of how average CIA agents workday looks like. Few of us actually know undercover agents, or much less know details of their work. So our image of a spy is almost entirely based on Ian Fleming’s or David Morell’s idea of what it means to be a spy.
You have to agree that James Bond, Jack Bauer, Sydney Bristow, and La Femme Nikita are not your ordinary, run of the mill spies. After all, you wouldn’t really think that Die Hard, Dirty Harry or Leathal Weapon are accurate depictions of police work. So why would we assume this for spies?
Same goes for the so called “hackers”. People who have no clue about computer security assume that some people possess mysterious magical skills that let them gain access to any computer in the world by just furiously typing on the keyboard for few minutes. People mistake their own stupidity for awesome hacker skills these days. After all, it does not matter that your OS is unpatched, that you have no firewall, that you have open wifi, that your passwords are weak and that you run easily exploitable services… Nope – it’s that the attacker has awesome 1337 skillz!
But it’s worst when these two myths come together, and you get techno-neophytes claiming that CIA has “hackers” that can do things “I can’t even imagine”. After all, I’m obviously not a “hacker”, and even if I was, I’m not a pro like those people at CIA. Besides – the government does not show their high technology to mere mortals anyway.
How do you argue with that logic? I tried explaining that all the technology we have right now works on pretty much the same basis. I tried to explain that the software written for CIA and Military is not developed by Techno Priests from Mars, or some top secret organization of super-coders but by normal software developers who went to the same schools and took the same classes as us mere mortals. All the software they have is the same type of shitty garbage we deal with on daily basis. Half of it is written by incompetent idiots who got the governmental contract cause their uncle is best buddies with a Senator. The other half is kludgey, buggy shit written in C or C++ ridden by the same buffer overflow issues that plagues most of modern software.
But somehow that just doesn’t register – I’m suspecting it’s because of Clarke’s third law…
Btw, I totally expect you guys to know what movie is that image from. 5 geek points for the first person to name it in the comments. Additional 5 points to anyone who will name a movie which depicts realistic security exploit (the movie that goes with this pic, is obviously not one of them).
Also, before you say something about 1337 “hackers” please see this post.
[tags]hackers, hacking, spies, spy, cia, software, technology[/tags]
I think I can accurately say what hacking consists of. I worked at NASA for seven years in IT Security guarding against vile creatures.
Most of the hacking attempts I saw were actually script kiddies, those people that find scripts that can get use a particular exploit and and then send it out to attack every machine they can on the internet. Yep, most of them just ride on other’s shoulders.
These hackers never really bothered me too much. They mostly use Windows exploits. Every now and then I see and Apache buffer overflow attack hit my server at home, but still, I don’t shudder. First, if the attacker was smart, they would have first fingerprinted my system and discovered it was running on a Sun Enterprise system, which uses a totally different processor and requires a different buffer-overflow “slide”. Also, most Solaris admins activate the noexec_user_stack option to prevent buffer overflows to begin with!
The hackers that bother me are the ones you never see. The professional will come and go without being detected. I know this is possible from doing forensics on a few systems and founds evidence of a file transfered with nothing showing in the firewall logs. Scary! Too bad it takes months of analysis to determine what happened in a few seconds.
BTW- The image is from “Hackers”. Crappy movie, but it did have a few good shots of Ms. Jolie! :-D
Yup! 5 geek points to you sir. I think Hackers is one of those movies that are likable despite being horribly cheesy and laughable at times. :P
But this kinda what I’m getting at. If someone actually made a true-to-life movie about people really trying to break into various systems it would probably be inexplicably boring for the average viewer. So Hollywood ends up sexing it up till it looks like magic. And for some reason, people wholeheartedly buy into that movie magic…
Still – what movie shows a realistic depiction of hacking? Hint: in that movie you can see an nmap scan being performed, and then the unpatched ssh server on the target machine is attacked with the old SSH1 CRC32 exploit.
If you google it, you may find it. :P
about computers in movies :d :
1. Any PERMISSION DENIED has an OVERRIDE function.
2. Complex calculations and loading of huge amounts of data will be
accomplished in under three seconds. In the movies, modems transmit
data at two gigabytes per second.
3. When the power plant/missile site/whatever overheats, all the
control panels will explode, as will the entire building.
4. If you display a file on the screen and someone deletes the file,
it also disappears from the screen. There are no ways to copy a
backup file — and there are no undelete utilities.
5. If a disk has got encrypted files, you are automatically asked for
a password when you try to access it.
6. No matter what kind of computer disk it is, it’ll be readable by
any system you put it into. All application software is usable by all
computer platforms.
7. The more high-tech the equipment, the more buttons it has. However,
everyone must have been highly trained, because the buttons aren’t labeled.
8. Most computers, no matter how small, have reality-defying three-dimensional,
real-time, photo-realistic animated graphics capability.
9. Laptops, for some strange reason, always seem to have amazing real-time
video phone capabilities and the performance of a CRAY.
10. Whenever a character looks at a terminal, the image is so bright that it
projects itself onto his/her face.
11. Computers never crash during key, high-intensity activities. Humans
operating computers never make mistakes under stress.
12. (From Independence Day) No matter what kind of virus it is, any computer
can be infected with it — even an alien spaceship’s computer — simply by
running a virus upload program on a laptop.
13. (From Jurassic Park) A custom system with millions of lines of code
controlling a multimillion dollar theme park can be operated by a 13 year
old who has seen a Unix system before. Seeing an operating system means you
know how to run any application on that system, even custom apps.
Note: What OS was it really running?
(1) “These are super computers”. A CrayOS?
(2) “Quicktime movie, Apple logo, trash can.” MacOS?
(3) “Reboot. System ready. C:\” DOS?
(4) “Hey, this is Unix. I know this” Unix?
The computers in Jurassic Park were Cray supercomputers running the MacOS
as a graphical shell of DOS all layered on top of a Unix base.
14. You cannot stop a destructive program or virus by unplugging the computer.
Presumably the virus has it’s own built-in power supply.
15. You cannot stop a destructive program downloading onto your system by
unplugging the phone line. You must figure out the mandatory “back door”
all evil virus programmers put in.
16. Computers only crash if a virus or a hacker is involved.
17. All text must be at least 72 point.
18. Word processors do not have an insert point.
19. The only way to reboot is to shut off the main power to the building.
20. Passwords can be guessed in three and exactly three tries. If you cannot
guess the password in three tries, you must give up immediately.
21. Any task or program can be executed by simply pressing Enter, no matter
which program or window is in the foreground.
22. All scanners, video cameras and digital cameras have a resolution of
approximately 500 megapixels. Any image can be infinitely magnified with
no pixelization.
23. Security will not improve over time. Nonaffialiated personnel can take
over a space ship without needing an account or access control.
Corollary: Anyone can override access control lists in the future.
24. All hackers wear black T-shirts or Hawaiian shirts.
25. Incoming messages are displayed letter by letter. Email over the Internet
works like telegraphs.
26. Microsoft Windows doesn’t exist. Macintosh has a 75% market share.
27. GUI operations, such as image selection and manipulation, can be handled
easily and quickly via the keyboard.
28. When someone is hacking a computer, he is typing his way through a dozen of different colored boxes with some weird text in it
29. Every execution of a command or listing of found entries in a database is done with a high frequency tone
Ah yes, the second Matrix movie and the ssh attack. Very nice!
The one movie I thought that got close was Antitrust. Okay, it was a little over the top for the plot (Evil Bill kills OSS advocates), but the code actually looked like real code.
Even War Games did pretty good with the old IMSAI system. Then again, who can forget the KeyPerfect output used in The Terminator (KeyPerfect was a program used to check your typing when entering Apple ][ programs from Nibble Magazine . . . am I showing my age now?).
I can’t wait until data centers look like the computer room HAL was in 2001:A Space Oddyssy.
Thanks for that Wikke :) +5 points
Craig gets +5 for identifying matrix, and cumulative +5 for Antitrust, War Games and Terminator.
Oh, and btw – I’m gonna track these points here. This is really crude for now – I will make something nicer later on and link it from the sidebar.
Not sure what I will do with this point system yet, but I’ll figure something out. :P
Craig – I liked Antitrust but yeah, it was a little over the top. Plus they kinda lost me when they did that whole hidden camera network, spying on independent programmers thing. :P
I need to watch War Games again – I have seen it so long ago I can hardly remember anything from it.
To add to the list of movie-hacking stuff:
GUIs are never used for anything to do with hacking, coding or programming. All a ‘real’ computer user needs is a command line
Despite the above, all hacking programs have large loading bars and flash “Complete” in red text when finished
Code scrolls across the screen automatically and is written in a single large block with no formatting (other than being green) or line breaks. Hackers can watch this for a few seconds and determine the purpose of the program and how to break into it
Everything is arranged into at least half a dozen columns, all moving at different speeds.
When typing, no-one ever needs to stop to think, or hit the space bar
Hackers can change which window is active without using the mouse – just carry on typing and the computer will figure out which command to send where
The command “upload virus” is universal to all systems and automatically bypasses all the security and inserts the specific piece of malicious code you were thinking of
Okay, Matt is reaching a little bit . . .
Just about anything can be done on a computer via command line. Most hackers actually do use command line. Even Windows and MacOS can be easily manipulated via CLI.
I hardly ever touch my mouse. Yes, you can manipulate windows without the mouse. [alt][tab] is one of the simpler combos that can be used. Some OSs have the equivalent to the Sun [front] key. For a while, I was even using RatPoison, a mouseless window manager for UNIX.
I will now jump off my soap box . . .
Partially true. Lion share of the most popular and reliable security tools are actually CLI only (eg. nmap, netcat, tcpdump, john the ripper, nikto, etc…) But yeah – in the movies everything seems to be possible by rapidly taping on the keyboard without pressing the space bar. hehe
Re: scrolling code – it always killed me when the dudes in Matrix pretended they can actually “read” the infamous scrolling green code. :P
Ok fine, by my own definition I’m not a ‘real’ computer user, I’m hopelessly dependent on menus and buttons and so on
but also, I basically copied these from somewhere else, I forget where but what I posted was the ones that stuck in my head
and in the original I think the focus was more on how they can just frenetically type without pausing and have stuff happen. Moreover, have it happen at the speed that they can type more commands – nothing ever takes a second or two to do (and they never need to stop and think for a second about what to type)
Yes, and no one ever looks at the output of commands they type. Somehow all the movie hackers can read at the speed of light or something.
Also this is relevant to our discussions: http://www.biggercheese.com/index.php?comic=332
First:
Hacker is a person looking for holes in a network for security purposes a *CRACKER* is a malicious hacker and the two shouldn’t be used interchangably (from leo laportes technology almanac 2000)
Secondly from the picture:
If a file was so important why would they keep it in the garbage?
Actually, I subscribe to little different meaning – a hacker is someone who is enthusiastic about programming, groks the technology he works with, and finds innovative or elegant ways to solve problems. I posted about it a while ago. In my mind the term hacker is only loosely associated with security.
For example you can be a perl hacker, or lisp hacker, or emacs hacker. It does not mean you are a security expert. Just an expert at what you do.
You didn’t watch that movie, did you? The files pictured contain a virus that can be used to sink oil tankers :roll: and it’s in the garbage, because it’s “hidden”. Yes, the movie is lame, but it has some good bits and young Angelina Jolie. :)
I watched them but I was really young when the 1st one came out… and fairly young when the second two came out.
Yeah well Leo Laporte wins because hes like my geek idol.
Second one? There was no second one.
The pic was from Hackers (1995) [imdb]. There was no sequel to that movie.
:)
I thought we were talking about the matrix >.
Hehe… Come on, the comments about Angelina Jolie should have been a dead giveaway.
Matrix actually did some pretty realistic stuff in addition to the crazy cgi stuff. When Trinity breaks into the power plant’s system you can see nmap output on her screen, and then catch a glimpse of her running an old ssh exploit to root the system.
Half my post got cut off because I like to use the anime face…
I was 5 when Hackers came out.
The most recent hacking movie i saw (that wasnt swordfish because i only watch that to see the scene with hallie barrie topless) is FireWall Which wasn’t half bad…
Okay, y’all. Other “hacker” movies:
Sneakers (1992)
The Conversation (1974)
Real Genius (1985)
Enemy of the State (1998)
Tron (1982)
Revolution OS (2001)
Depends on what you term “hacking”. The Conversation is about electronic surveillance, so it’s definitely hardware intensive.
Sneakers deals with theives and spies, but it’s a good flick.
Real Genius is just an awesome geek movie, again hardware intensive.
And, of course, Tron is a classic. And just so you can make fun of me, I waited in line at the theater all day to see that movie when I was a kid. (Saw Star Wars in the theater when it was first released, too!).
Revolution OS is, of course, a documentary, and is definitely the most true to life.
Best “hacker” book of all time: The Cuckoo’s Egg by Cliff Stoll.
– krf
I saw Tron – not in a movie theater though. I was 1 year old when it came out. LOL
I haven’t seen the rest. I probably should. I’m putting them on my “movies to see” list. Especially Sneakers – everyone keeps asking me if I saw that movie.
Now I feel old . . .
Tron will always have a special place in my heart. I saw it in the theater and used to watch it on an almost weekly basis with my best friend all through our school years. I have it on just about every form of media it was released on including VHS (three versions plus 20th anny), Betamax, Video Disc (the original one where you slid the entire sleeve into the machine), later video disc, DVD (original and 20th anny).
I even got to meet Steven Lisberger, Richard Taylor and Frank Serafine at Video Games Live last September. LINKY
An ex-hacker myself. Over time the term hacker changes due to the public and the media. Why? The answer to this can be very complicated and hard to understand. But one thing is for sure the gov. and media always has an answer for everything which they do. I think that they have changed the worlds opinion about hackers. I will see you all soon, as hack-the-world is coming “SOON”!HARD TO UNDERSTAND it will come to you all soon,
Nah. I doubt that the government had anything to do with bastardization of a jargon term that initially had positive connotation along the lines of “someone incredibly good with computers” into “someone who breaks into your computer”.
Btw, I love how you commented on a post alluding to the movie “Hackers” with your email being zerocool but your display name says Crash. LOL
For those who don’t get the joke – these are two h4x0r nicknames used by the protagonist in the movie.
I think the new Transformers and new Die Hard both have some terribly laughable “hacker” parts. The very thought that there are these phenomenally talented “hackers,” that can break anything, just sitting around in poverty and obscurity is ridiculous. Never mind Transformers was only a good movie if you cut out the people and muted the dialog, the whole “Kevin Mitnick can launch nuclear warheads by getting his hands on a phone” needs to go. Hackers are not all powerful. The talented ones have decent paying jobs (in security if they have ethics, elsewhere if not). If you want to find a hacker, read nmap (or equivalent) lists, and those contributing to things like metasploit.
Yeah, transformers also had that “staring at code streaming across the screen faster than you could read while randomly typing at the keyboard”, the 3 dimensional floating code and super ultra graphical effects for hacking :P
Didn’t watch the newest DieHard though.
It’s funny how they all want to have some cool technology shit in their movies to pretend they are all cool, modern and hip, but no one ever bothers to hire a consultant or do the research into these things. Sigh…
Pingback: Terminally Incoherent » Blog Archive » Live Free or Die Stupid (aka Die Hard 4)
What about Freedom Downtime, and Takedown for serious hacker movies?