Cyber Security Goes to Hollywood
In a world where technology reigns supreme and cyber-crime is at large, cyber security is vital. But when it comes to depicting information thieves in film - tapping into personal data, hijacking government computers or stealing identities - sometimes Hollywood stretches the truth to spin a good tale.
Read about a few big-screen “reality checks” from cyber security expert Peter Holliday, senior adviser, cyber security and defense at Cisco Systems, and Andy Dixon, principal network and security analyst at 7G Technologies.
The Girl with the Dragon Tattoo (2011)
The scenario: Computer expert Lisbeth Salander is hired to create a profile of disgraced journalist Mikael Blomkvist. She secretly taps into his computer desktop to read everything stored on his hard drive and review his incoming and outgoing e-mails.
Reality check: This is plausible. According to Holliday, Salander could have easily installed the malware. Taking photos of the physical network cable is also part of a hacker’s reconnaissance. With that information, Lisbeth is able to tap his devices and have everything preconfigured for a quick insertion.
Eagle Eye (2008)
The scenario: Jerry Shaw becomes a pawn in a deadly game when a government defense program frames him for terrorism and sends him on a dangerous mission. During a key scene, the program helps Jerry escape from a police station by re-directing a crane to cause an accident. Ultimately, the program forces him to run for his life.
Reality check: It makes for a great conspiracy theory, but a single program could not have this much influence over such a wide range of electronics, says Dixon. Just as there is no universal language all humans speak, there is no universal programming language that unifies the millions of different electronic devices and networks.
The Departed (2006)
The scenario: In order to bust a mobster, the police and federal agents attempt to track the activities of the gang by monitoring cell phone signals in the vicinity. While the undercover agent’s phone is flipped open, authorities can pinpoint his location which provides the time to confirm where the deal is happening.
Reality check: A mobile phone needs to be turned on to be tracked per the association and roaming protocol between handset and the cell infrastructure, says Holliday. Under the FCC’s E911 rule, mobile phone operators must be able to track the position of customers within 300 meters, with accuracy increasing when more than one cell tower is within range of the handset. The one-meter accuracy of the geo-location depicted in the movie is too good to be realistic.
Office Space (1999)
The scenario: Programmers charged with updating banking software create a computer virus that transfers fractional leftovers of bank transactions to an account of their choice. The embezzlers hope to hide the virus behind their clients’ Y2K software updates and withdraw their ill-gotten gains over the course of several years.
Reality check: A computer virus could be written for just about anything, and this movie’s hacking scenes are the most plausible yet. All the key ingredients are there: disgruntled employees who know the processes, internal turmoil, skilled technical knowledge and, most importantly, physical access to company computers, says Dixon. There are a few cases where this type of hack was successfully implemented because it’s hard to detect. This is why many accountants agree there is no such thing as a “small discrepancy.”
Enemy of the State (1998)
The scenario: After a congressman’s murder, a wildlife researcher who caught the crime on tape must evade the agents tasked with keeping the circumstances of the assassination secret. Technicians from the National Security Agency (NSA) tap into local news and security cameras, satellites and other networked equipment in the surrounding area to pursue the researcher. NSA technicians go as far as accessing in-store surveillance cameras and even more localized video and imaging equipment to pinpoint the moment when the tape changed hands.
Reality check: Unlikely for 1998, but more plausible for 2012 and beyond, says Holliday. Back in the 1990s, very few physical security systems were networked or able to offer a real-time feed. Most systems were designed for local storage collection, so the probability that a store would have its security camera online back in the ’90s is fairly remote.
If we fast-forward to today, some of these scenarios are indeed plausible, Holliday continues. Many ATM, business, public safety and traffic camera feeds are networked for real-time monitoring and control — but generally on closed private networks.
For every Hollywood bad guy, there is a good guy looking to solve the crimes. If you are interested in a pursuing a career to protect against these types of cyber security crimes and to help solve security breaches, visit devry.edu to learn more about our Computer Information Systems degree program or request more information.