By Des Nnochiri
Hacking in the movies looks so cool. Someone with a keyboard and five screens frantically types in some code, and a few seconds later: “I’m in.” That’s it– they now have all the information they need to access nuclear missile codes, blackmail a billionaire, or completely shut down a building’s security system.
If that’s how things worked in real life, the world would always be on the edge of apocalypse. None of our data stored online would be safe, and we’d be constantly held for ransom by cyber terrorists. So, why does Hollywood paint a picture of flimsy security systems so easily infiltrated by bad guys who want to ruin our lives and bring down governments? More importantly, do the movies actually get any of it right?
The Target
Most hackers are not trying to break into the White House or Homeland Security (although it has happened
in the past). Anyone who has a games console, Netflix account, or even just an email address knows that data security breaches regularly happen on a very small scale, more to cause a nuisance than anything else. As a result, both businesses and internet users have had to improve security over the years.
The requirements for passwords are now more complicated than ever, and we all know the risks of using the same one twice. Still, breaches continue to happen regularly at a consumer level. This isn’t something that’s been explored much in film, presumably because it’s such an ordinary occurrence, like paying bills and getting the bus, and the stakes are perhaps a bit too low for a blockbuster. Audiences, indeed, probably wouldn’t be interested in reliving such events in cinemas.
If you look at some of the most infamous security breaches of the past decade, most of them involve private customer data; and yet, the average person does not lose money in these large-scale cyber-attacks. In fact, most of the money companies lose in a data breach comes as a result of legal expenses and loss of customers, rather than from the attacks themselves.
Another thing to note is that, in a lot of films, the breach takes place on location. Not only does the attacker need to get into a computer system, they first have to get past physical security by entering the building where the server is held. Again, this is generally unrealistic, as most attacks take place remotely. This is because buildings which house secure servers have numerous barriers in place to prevent unauthorized people from entering. They are also checked too regularly for anyone to be able to spend enough time there, as hacking is not a 30-second job.
The Hacker
In the movies, the hacker usually takes one of two forms: a Robin Hood figure or a criminal mastermind. Their motives are clearly defined, and they often lay out their plans to the audience. Unfortunately, when cyber security attacks really take place in real life, we don’t always hear from the perpetrators and we might never know what their true goals were.
Movies would be less exciting if, instead of being played by a cunning Chris Hemsworth-type, cyber criminals were all shown to be people like systems administrator Gary McKinnon. McKinnon made headlines in 2002 for hacking into NASA in search of UFO evidence and spent a decade fighting extradition to the US. He is now permitted to work with computers again.
Aside from being incredibly adept with computers, there isn’t much to set McKinnon apart from the average person. He claimed not to have any malevolent intentions when he committed the hacking, and he did not serve prison time as a result. Though it’s an interesting story to hear, it would be hard to turn it into something cinematic.
Most of the time, the real hacking isn’t done by a person at all; it’s done by a computer program someone has set up to run. Why? Because, even for a computer, hacking can take hours, or even days. Would you watch a 14-hour long Mission Impossible film with no guns and no action and just a computer screen? Probably not.
Getting In – How it Really Works
A lot of the time, hacking attempts fail, and not just for dramatic cinematic effect. Real security systems are more robust than Hollywood would have you believe, and most security breaches get thwarted by multiple layers of complex security measures, with encryption being one of the most popular and most difficult to circumvent.
Encryption is a cool concept and an effective security measure, but it’s not very exciting to see in action. The easiest way for a hacker to get around encryption is to have the key, which would make it as simple as entering a password.
We have seen this in films in the past, with a bit of story as to how the key came into the terrorist’s hands, and those cases are often fairly close to reality.
It’s less common—though still sometimes effective—for a hacker to set up a program that will enter every possible decryption key until it finds the right one. Expensive high-level security systems have safeguards against this type of attack, and although it could work for something smaller and less secure, the time it would take would most likely not be worth the reward.
Final Thoughts
The reality of cyber security is difficult to make visually exciting, but with so much of our lives now stored digitally, filmmakers will continue to explore this topic. Ultimately, a film doesn’t need to be realistic to be enjoyable.
