Zeros and ones, leather gloves, hoodies – the cliché hacker plays a lead role in film and television. But how realistic are the scenarios from Hollywood?
The “WannaCry” ransomware attacked 45,000 computers and paralysed companies, organisations and hospitals. Similar attacks have long been filling film scripts: “CSI: Cyber”, “Person of Interest”, “James Bond – Skyfall” and many others. But can you really imagine hacking the way films and series tell us? And how seriously should companies take the presented scenarios?
In “Skyfall”, a cyber-terrorist is in possession of a hard drive containing data on undercover agents of the British secret service MI6. He publishes a video containing Special Forces identities and threatens to publish more. 007 tries to stop Silva the whistleblower. It sounds quite plausible.
But let‘s take a closer look: is it possible, for example, to explode a gas pipeline over the Internet? It is, in this film at least. Bond’s adversary hacks into the computer system of MI6 headquarters and blows up gas pipes that run through the building. IT systems could theoretically be used to attack hardware and explode it in case of doubt. However, as in the Bond example, gas pipes would first need to have a centralised control system. This system would need to be connected to the Internet, there would have to be no security barriers, and there would need to be an igniter (or something that can be used as a detonator). That would be pretty time-consuming and labour intensive!
Another film sequence shows an attack by Silva in the London Underground system. Bond and his chief technician and gunner Q watch the cyber attack code fly graphically across a screen. Although the cliché of green zeroes and ones is not used here, reality would nevertheless look different. In a real hacker attack you would usually be able to see nothing more than a nasty command line.
“James Bond – Skyfall” showed an attack by a single hacker. The series “Mr. Robot” recounts an underground movement, the “fsociety” (similar to the Internet phenomenon Anonymous), which plans an attack on American corporations. Sam Esmail, the head and director of the series, wanted to portray the hacker scene and its methods as realistically as possible.
He worked together with IT professionals and focused on recent events such as the Sony hack – the largest IT attack yet to be made on any company. In that process, unknown hackers leaked internal company information such as the telephone numbers of employees and actors as well as entire films including “The Interview”. Topics such as Bitcoin, ransomware and smart-homes also play a role in the series, as does the speed with which malware and viruses are spread via USB sticks. That is what actually happened in 2010: the malicious programme “Stuxnet” infected Windows computers via USB sticks and also attacked a control software, which threw back parts of the Iranian nuclear programme for years. The attack on the control software of the Iranian centrifuges is attributed to Israeli and US intelligence agencies.
Films and series increasingly address dangers and challenges that correspond to the spirit of the times or are based on real cyber-attacks. For films and series, the main thing is to entertain the audience. For this purpose, illusions are created and reality is distorted.
Many film and serial hacks that you see on screen are like spectacular film stunts: in reality, those responsible would need significantly more time, effort, money and know-how. If you were to portray all these aspects absolutely realistically, James Bond and Co. would probably not be half so exciting and action-packed.