Wed, 14 Nov 2012
Skyfall, the recent addition to the Bond franchise, follows on from a long line of films and TV dramas contrived to exploit our lack of understanding of the Internet and complex technology. In a departure from the norm, the latest Bond villain’s weapon of choice is hacking. But how realistic is the cyber weaponry, hacking and prevention depicted in films?
I can do more damage on my laptop in my pyjamas than you can do in a year in the field. – Q
For the most part, Skyfall survives the critical eye of the IT professional because much of what is referenced in relation to cyber activities is done so non visually, meaning they only talk about it instead of trying to film it happening. “The bad guy’s gonna hack our systems!” is certainly possible, maybe even plausible, dialogue. The problem always comes when drama producers try to actually portray the activity of hacking, or network security defence in the case of 007’s Q.
An attempt to show actual hacking with colourful software and random unrelated or misleading commentary will inevitably become the target for scathing criticism from IT professionals who have become tired of their industry being farcically misrepresented. And can we blame them?
[NUMB3RS]..is hilarious to people who actually use technology on a day to day basis. – Brian Boyko, IT Pro
Here is one such example of fighting back against the ignorance:
Trying to engage audiences on the technicalities of hacking is understandably difficult for two central reasons. Firstly, as a general rule of thumb when it comes to IT, writers and directors often have limited experience and secondly, if they did decide to become technical, it’s likely that most of their audience wouldn’t understand.
With this in mind, drama makers have taken to various artistic strategies. The now off-air BBC drama, Spooks, could be awarded several prizes for utter technology absurdity intended to create drama. The plot of episode Split Loyalties in Series 7 postulates that a denial of service attack will be launched on London to cause havoc in the City, which mirrors a potential real life threat. Plausible, if it weren’t for the unnecessary drama of the DoS attack needing a submarine latching onto an an undersea cable to send its traffic… anyone who understands IP transit knows this is unnecessary and pointless. There are lots more criticisms to be had.
A more realistic example worthy of mention is ‘The Girl With…’ trilogy by Stieg Larsson, made into blockbuster films in both Sweden and Hollywood. When interviewed for Vanity Fair back in 2010 , Kevin Paulson, a reformed “black hat” hacker and now editor for Wired.com’s ‘Threat Level’ blog, defended the film’s hacking credentials. The Girl does things that are actually happening today and more often than we would care to think.
The interesting thing is, everything that she does is completely plausible—it’s the way she does it that is for the most part completely nonsensical as a technical matter. – Kevin Paulson
Paulson’s interview reminds us that we are all at risk and that surreptitiously accessing personal computers is very much a reality.
Having been reminded that infiltration and exploitation of systems is a very real and current threat for today’s corporate network security, let’s return to Bond’s Skyfall. According to producer Michael G. Wilson the plot was based on the real life Stuxnet virus, a “cyber weapon of mass destruction” discovered in 2010 and purportedly created by government brains, as described by Ralph Langer in his famous TED talk:
Stuxnet’s deployment came via USB keys plugged into the notebooks of engineers at the Nantze nuclear enrichment facility based in Iran, rather than over the Internet. However,
- you don’t have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread ..[the virus].. as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That’s the consequence that we have to face. – Ralph Langer
The truth today is, computer viruses are all too common; this is the real cyber-drama of our time. Huge quantities of viruses are manufactured and traded by criminals, capable of large scale fraud, says Mikko Hypponen of F-Secure. Who are these hackers and how do they operate? Here’s Mikko Hypponen with an uncomfortable wakeup call: