In a world where data is involved in almost every element of our lives, cyber security couldn’t be more important. In fact, the Identity Theft Resource Center reported in August 2012 that since the beginning of this year there have already been nearly 10 million cases of exposed records—a key factor in cases of identity theft, just one of the many kinds of information breaches out there. This statistic helps illustrate why protecting information is both crucial and costly—and why there is such a huge demand for cyber security careers and experts with security know-how.
But when it comes to depicting information thieves and experts on film, whether they’re tapping into your personal data or hijacking government computers, sometimes Hollywood stretches the truth to spin a good tale. Here are a few big-screen examples, each with a “reality check” from two cyber security experts: Peter Holliday, senior adviser, Cyber Security and Defence at Cisco Systems, and Andy Dixon, principal network and security analyst at 7G Technologies.
The Girl with the Dragon Tattoo (starring Daniel Craig and Rooney Mara, 2011)
The scenario: Computer expert Lisbeth Salander is hired to create a background profile of disgraced journalist Mikael Blomkvist. She secretly taps into his computer’s desktop display so that she can read everything stored on his computer and review all of his incoming and outgoing e-mail. Later she does the same with a computer owned by Hans-Erik Wennerström, the industrialist who accused Blomkvist of libel, to view the contents of his e-mail account as well.
The reality check: “This is totally plausible!” was Holliday’s immediate reaction. In Blomkvist’s case, Salander could have installed the malware when she repaired Mikael’s computer earlier in the movie. As for Wennerström, he could have been targeted through a spear-phishing attack to install similar malware, typically via his opening any common e-mail attachment with the malware embedded (as a PDF or a Word document, for example). And taking photos of the physical network cable in the basement is a useful part of a hacker’s reconnaissance, Holliday adds. With that information, Lisbeth is able to bring the correct tapping device and have everything preconfigured for a quick insertion.
Eagle Eye (starring Shia LaBeouf, Michelle Monaghan and Rosario Dawson, 2008)
The scenario: Jerry Shaw becomes a pawn in a deadly game when a government defense program that can tap into every piece of technology connected to the Internet frames him for terrorism and then sends him on a dangerous mission. During one key scene, the program helps Jerry escape from a police station by directing a crane to smash through the closest window. He can get directions via the city’s computer-controlled billboards and various strangers’ cell phones. After Jerry attempts to defy the program by not leaving a train at the designated stop, the program stops the train and brings it back to the station, then calls all cell phones in the vicinity and tells their respective owners that Jerry is a terrorist—thereby forcing him to run for his life.
The reality check: It makes for a great conspiracy theory, but it is just not possible for a single program to have this much scope of influence over such a wide range of electronics, says Dixon. Just as there is no universal language that all humans can speak across hundreds of countries, there is no universal programming language that unifies the millions of different electronic devices and networks. Therefore, there is no master program that can control all of them. The security systems that protect mobile phone networks and mass-transit systems are not universal either.
The Departed (starring Leonardo DiCaprio, Matt Damon and Jack Nicholson, 2006)
The scenario: In order to bust a mobster in the middle of a major deal for stolen property, the police and federal agents attempt to track the activities of the thug’s gang by monitoring all cell phone signals in the vicinity of the deal. While their undercover agent’s phone is flipped open, the authorities can pinpoint the agent’s location. Their ability to monitor his whereabouts gives them enough time to confirm that he’s in the warehouse and that the deal is indeed going down.
The reality check: A mobile phone simply needs to be turned on to be tracked by the cell provider; it’s all part of the association and roaming protocol between the handset and the cell phone infrastructure, says Holliday. Under the FCC’s E911 rule, mobile phone operators must be able to track the position of mobile customers to within 300 meters.
There are, however, a number of implausible conditions in play here. First, there is some doubt you would actually get cell phone reception at the location in the film (inside an old abandoned warehouse). Second, the one-meter accuracy of the geo-location depicted in the movie is a little too good—not even a dedicated GPS can give you that, Holliday says.
Office Space (starring Ron Livingston and Jennifer Aniston, 1999)
The scenario: Programmers charged with updating banking software for the year 2000 create a computer virus that transfers the fractional leftovers of millions of bank transactions and deposits them in an account of their choice (much like the scenario in Superman III, as the characters point out). The embezzlers hope to hide the virus behind their clients’ Y2K software updates and then withdraw their ill-gotten gains over the course of several years.
The reality check: A computer virus could be written for just about anything, and this movie’s hacking scenes are the most plausible yet. Why? Because all the key ingredients are there: disgruntled employees who know the company’s processes inside and out, layoffs and other internal turmoil, skilled technical knowledge and, most important, physical access to company computers, says Dixon. There are even a few cases where this type of hack was successfully implemented, and it works because it’s hard to detect. This is why many accountants agree that there is no such thing as a “small discrepancy.”
Enemy of the State (starring Will Smith, Gene Hackman and Jon Voight, 1998)
The scenario: After the murder of a congressman who’d been opposed to a bill that would have dramatically expanded the surveillance powers of law enforcement agencies, a wildlife researcher who has caught the crime on tape must evade the agents tasked with keeping the circumstances of the assassination a secret. To help the agents pursue the researcher, technicians from the National Security Agency (NSA) tap into local news and security cameras, as well as satellites and other networked equipment in the surrounding area. After the researcher is killed and the tape doesn’t turn up, the NSA technicians access in-store surveillance cameras and even more localized video and imaging equipment to pinpoint the moment when the tape changed hands.
The reality check: Unlikely for 1998 but becoming more plausible for 2012 and beyond, says Holliday. Back in the 1990s, very few physical security systems were networked or indeed able to offer a real-time feed. Most systems were designed for local storage collection on a storage medium (including ATM), so the probability that a store would have its security camera online back in the ’90s is fairly remote.
But if we fast-forward to today, some of these scenarios are indeed plausible, Holliday continues. Many ATM, business, public safety and traffic camera feeds are now networked for real-time monitoring and control—but generally on closed private networks. So would the NSA have unfettered access to these nongovernmental real-time feeds? At present the answer is no, unless certain legal instruments are invoked. However, future cyber security legislation may eventually give the NSA unfettered access to any network deemed “critical” for the purpose of cyber defense, Holliday concludes.
The Net (starring Sandra Bullock, Jeremy Northam and Dennis Miller, 1995)
The scenario: After computer expert Angela Bennett is given a disk that identifies a glitch in the leading cyber security program that allows certain users to access the mainframe of whatever the program is installed on, she finds herself on the run from a tech-savvy assassin who has altered her personal data to turn her into a wanted criminal. As she’s being chased by the police and a mysterious syndicate of computer hackers, Angela must expose the security program’s secret if she wants to ever get her life back.
The reality check: There are plenty of programs out there that can be installed on target computers to send information back to a hacker (or forward the information to other target computers). In fact, when many computers are compromised and begin sending information to a server, this creates what is commonly called a “zombie network.” Those zombie computers receive instructions from a master computer and begin sending garbled data to a server. The server attempts to process the garbled data and can no longer do its job, usually resulting in a website crash, Dixon explains.
DeVry University operates as DeVry Institute of Technology in Calgary, Alberta.
In New York, DeVry University operates as DeVry College of New York.
DeVry University is accredited by The Higher Learning Commission of the North Central Association of Colleges and Schools, www.ncahlc.org.
Certified to operate by the State Council of Higher Education for Virginia. AC0060.
DeVry University is authorized for operation by the THEC, www.state.tn.us/thec/.
Nashville Campus – 3343 Perimeter Hill Dr., Nashville, TN 37211.
Program availability varies by location.