Several common misconceptions hinder the widespread adoption of cybersecurity culture. One myth — hackers are really smart, so it’s pointless to fight them —was popularized in particular by the movie Hackers, released exactly a quarter of a century ago. The movie gave rise to a set of clichés still employed by the film industry.
Indeed, the movie’s misfit heroes and their adversary, Plague, an infosec expert at Ellingson Mineral, are portrayed as highly intelligent geeks able to find and exploit vulnerabilities in any information system.
For example, the main character is equally at ease breaking into a school database and a cable operator’s network. Phantom Phreak makes calls from payphones to Venezuela without paying a cent. Even Joey, the group’s youngest and least-experienced hacker, manages to gain access to the Gibson supercomputer at Ellingson Mineral. It all looks quite impressive (for 1995) but let’s take a closer look at the crew’s accomplishments.
Hacking a TV station
The protagonist, Dade (aka Crash Override), breaks into the network of a TV station to replace a dull show with something more captivating. He does so by calling the night guard, posing as an accounting employee who needs access to his computer, and asking the guard to read out the phone number on the dial-up modem.
On the one hand, it’s basic social engineering. On the other hand, it’s lunacy on the part of the company — and I’m not even talking about the haplessness of the guard. Why is the accountant’s computer on the same network that controls the broadcast? Why does it have a modem constantly waiting for an incoming call? Why is the phone number written on the modem?
While that intrusion is going on, it turns out another hacker is already inside the company’s network: Kate, aka Acid Burn. How did she get there? Well, the company probably has other computers with exposed modems.
Novice hacker Joey breaks into the Gibson supercomputer. That is, he logs in through a modem from home using the head of PR’s super-secure account password, god. That’s despite every character in the movie (including said head of PR and Plague, who is responsible for the company’s security) knowing that the most common passwords in this flick’s reality are love, secret, sex, and god. What’s more, the head of PR has superuser rights for some inexplicable reason. All told, the hackers’ “great” achievement is less about ingenuity than corporate fecklessness.
The movie’s plot revolves around the cunning scheme of the hacker Plague, who works at Ellingson Mineral. He writes a piece of malware to salami-slice a few cents off every company transaction, and transfers the proceeds to a secret account in the Bahamas. That might have been an original plotline had a similar scheme not been deployed 12 years earlier in the movie Superman III. For some reason, everyone describes the malware as a worm, although the film says nothing about its distribution and replication.
Based on that information, can we really consider Plague a cybercriminal genius? Hardly. He heads information security at a company where no one apart from him has the first clue about the subject. And he’s in cahoots with the head of the PR department, effectively giving him carte blanche? It’s an insider attack; the problem is notContinue reading