Top 10 hacking failures in movies

It had been requested that we make a short video covering the top worst hacks in movies. Being the community that we are, it seemed like an interesting request. We asked for your input, and you were happy to deliver! However, the proposition of creating a “top 10″ list turned out to be quite difficult. There were just SO MANY horrible scenes that I started thinking about how to even categorize them. We could probably to a “top 10″ in any of the following categories without even having to dig too deeply:

  • hacker lingo
  • mocked up interfaces
  • fake input devices
  • virus screen-takeover moments
  • access denied messages
  • hardware taped together

Honestly, after breaking it down in such a manner, making the top 10 movie hacking failures, felt painfully general. It is like making a list of “top 10 animals that ever existed”. The state of technology portrayal in movies is frankly abysmal. It is obvious that the only people who know less about tech than “hollywood” are the people making laws about it.

So, lets take a look at this list and see what we ended up with.

10.  The Core

There’s a scene where they have to get through a door and it won’t budge. To open it, they’re going to have to crack into the control panel and hotwire the the thing. What do they find inside? A breadboard.  Ok, well, we all know that in that environment, you wouldn’t be finding any breadboards. Then again, I’ve seen some duct taped together networks in large corporations that might convince me that this one isn’t a failure at all.

9. Jurassic Park

I’ve heard so many people point out this scene as a failure, and it is usually for the wrong reason all together. The young woman sits down at a computer and announces to everyone “hey, I know this, it is unix!”, while the camera switches to a 3d rendering that looks like a physical layout of a neighborhood.

“aha! that’s not a real interface!” is usually what I hear from people, but they’re wrong. It was called FSN and did actually exist. No one really used it though because, while neat, it wasn’t a great way to actually work.  Tons of people loaded it up and played with it, but it never really caught on. I actually wouldn’t have been surprised to see a super gratuitously funded IT department loading stuff like this in their spare time because they had convinced the boss man that they totally needed that SGI for… uh… network security or something.

The real hack failure is the fact that her simply recognizing the operating system means that she now has full control over EVERYTHING in the Jurassic park network.

firewall

8. Firewall

This one is fun because it gets into a little hardware hacking. I LOVE improvised devices, so it caught my interest. It turned out pretty silly though. In the movie Firewall, [Harrison Ford] needs to get data off his screen to someone far away. To pull this off, he rips the scanner head from his fax machine and attaches it to an ipod. He remarks that the ipod won’t know the difference between “10,000 files or 10,000 songs”.

This is where the hackaday crowd really comes into play. Many will recognize that it is wrong, but only here will you find people that might actually figure out how it would have to really work.

First, you need something to read the data from the scanner head. Then, it needs to be converted to an actual file that is compatible with the ipod. Then you would have to initialize the transfer onto said ipod. That means that there’s got to be a decent amount of hardware and code going on in between the two items. To be fair though, they do show something there as an interface, so maybe I should have left it off the list. However, I challenge anyone to pull this off as fast as he did.

7. Goldeneye

In the beginning of the movie Goldeneye, they are establishing just how fantastic [Boris] the hacker is. After an “access denied” screen that could easily be part of another list, [Boris] proceeds to hop into the network of the CIA. When he’s caught, he simply issues this magical command: SEND SPIKE. The nasty security guy who caught him is immediately disconnected. Wow. I don’t even know where they were going with this. I guess it was just supposed to be another notch on the “[Borris] is amazing ” tally sheet.

6. Hackers

This movie always comes up when talking about hacking. Some people love it, some hate it. The accuracy of the movie is about as divided as the fan base as well. They do a decent job of showing how tedious and silly hacking can actually be, but when they show the 3d renderings of the data, it all falls apart.  However, this movie was released in 1995, and at that time we really had high hopes for the immediate future of 3d interfaces (see FSN).  It is like our generations version of “jet pack disappointment”. I was promised spacial file navigation and I’m not upset that it hasn’t been delivered.

5. Swordfish

Swordfish came out in 2001. It has no excuse for 3d renderings of data. By this time we knew that the 3d interface of the future wasn’t really very usable (again, see FSN). Not to mention the gratuitous blow job/ gunpoint uber hacker scene that made my beverage attempt a quick escape out my nasal passage.

4. Skyfall

In this latest installment of the James bond series, I was incredibly let down. As a child, I found [Q] to be one of the coolest things ever. I wanted that job, bad (this job is slowly turning into that actually). When I heard that the actor who played him passed away, I thought they would take this as an opportunity to do a resurgence of gadgetry with the new [Q]. Unfortunately they continued their slow slide toward an entire 2 hours of sullen looks and knees to the ribs.

The scene that really almost caused an aneurism was where [Q] proclaims that the only way to look at the data on the computer is to attach it to their network (wow, really?). Then they proceed to look at the encrypted data as a giant 3d sphere. This trope is already bad, I mean why would you look at encrypted code as a sphere? On top of that, [James Bond] recognizes a word in plain text. This somehow unlocks all the encryption.

What comes next is the really painful part. We are looking at encrypted CODE. When you decrypt code, you get code. Sure, you might be able to then RUN that code to get some kind of a visualization, I guess. What you don’t get is your encrypted code morphing into a visualization of a map.

3. Live Free or Die Hard

Hackers don’t put bombs in peoples computers. If they did, they wouldn’t set them to initialize using a keystroke.  I mean if you can remotely make their screen go all wiggly, can’t you just detonate your damn bomb?

2. Enemy of the State.

I’m not exaggerating when I say that I didn’t know if this was a joke. [Jack Black] does that bit where you rotate an image in a direction that is physically impossible. [Jack Black] is a comedian. Admittedly I didn’t see this movie till after [Jack's] career was more established, so maybe it wasn’t as obvious back then.

1. Stupid Crime shows on tv like NCIS, CSI, BONES, etc.

Yes, I know it isn’t a movie. They’re just so amazingly horrible that I couldn’t leave them out. It has become this massive joke just how horribly incorrect they are. It has actually gotten to the point that I’m convinced they’re doing it on purpose. While I can understand a tiny bit of writing being targeted for audiences that aren’t familiar with the technology, some of it is simply too much.

The example of “two idiots one keyboard” is one that stands out. It is conceivable that you or your audience may not be familiar with hacking, or don’t know what a believable game would look like, but every one of you has used a keyboard. The script was probably written in a word processor using a keyboard. Hell, this is older than computers themselves, typewriters have them. Two people can not type on a keyboard simultaneously. It doesn’t work and everyone on the planet knows it.

Comments

  1. Richard says:

    The “young woman” in Jurassic Park is a 12-year-old girl. In English, the word “woman” is only used to refer to an adult.

  2. Sean says:

    The best hack I’ve seen in a movie is in The Matrix: Reloaded. Trinity used nmap (a real-world port scanner), and sshnuke (a real attack tool) to exploit a then-recent vulnerability.

    Details can be found at the official nmap website! http://nmap.org/movies/

  3. jerobillard8 says:

    I don’t know if anyone has posted this major flaw yet? It bugs me when you see expensive cutting edge technology that has not made it to the market yet, in a present day police departments. This leaves me wondering why do they complain about budget cuts when they can afford to install clear glass monitors that can be used in the middle of the day, into SUV’s.

  4. Teck-Freak says:

    well, the part about two persons typing on the same keybord: it was ment to show that Abby and Timmethy were like soulmatched. some time later in the german version Di Noso says sth. equal to “first they finisch each others sentences, then they even type each others words. It frightens me a bit.” BUT I give you a point in that: it was way over the top. Fine video you made. I hope for some others.

  5. John Riggs says:

    NCIS is likeable for it’s characterization not it’s technology. Abby could not possibly have that many levels of expertise in her 22-23 years whereas Gibbs, Abby and McGee are likeable. Having spent years as a programmer I grind my teeth when I see McGee and Abby or characters on CSI and CSI:Miami activate complex programs with one or two keystrokes; but enjoyable for the characters.

    • Mike Skoczen says:

      But Activating Complex programs with a couple of keystrokes is easy,
      there are may macro programs that allow that kind of thing. I use is AutoHotkey for my macros.

  6. chris says:

    Not to mention the CSI image enhancement used by many TV crime shows.
    A picture with enormous blocky pixels becomes a smooth and recognisable image by magic. People really believe this is possible until you explain that it really isn’t.

  7. re multiple keyboards: It is possible to connect two keyboards and have two cursors, there’s even some software for Linux to do it, but you either need to use some fairly advanced software or hack X

  8. PK says:

    I’ve got to say the biggest offender is the show “Bones” in which someone is able to perform impossible feats of hacking using a computer that runs on vacuum tubes and library books. Fail.

  9. Matt says:

    What is the white monster can on the desk ??

  10. Mc says:

    Red drawf “back to earth” not sure which of the 3 episodes, but theres a great “zoom in enhance rotate ” bit, (it is meant to be bit of a joke ) but good!

  11. culexus says:

    Operation Take Down is the best hacker movie ever :)

  12. Kevin says:

    When I was a kid I saw ‘Weird Science’ and thought computer programming looked really fun. Those ‘Access Denied’ screens were pretty scary with the skulls. Now that I’m older and have a little experience with Visual Studio, I’m going to try to figure out how to avoid those screens and finish up my Kelly Lebrock making application.

  13. I think the “blowjob/gun/hack” from swordfish takes the cake.

    Granted I am not a specialist with experience exploiting TCP/IP or doing packet sniffing or physical layer captures and analysis but the sad thing is you don’t have to be to understand how unbelievably stupid that scene is. So stupid that if you try and seize upon some particular aspect as having some passing connection to reality it gets worse. You then have to re-evaluate how ridiculous it is on so many levels… almost a work of art in terms

    Reason 3D stuff is plausible: I am a command line programmer/debugger/profiler/ssh man myself but I can’t really complain THAT much about the 3D visualization BS. Because technically it is just that… visualization. I could disassemble any data (whether it was an executable by design or not) into processor command mnemonics, display it in ASCII, a hex editor, etc. The stuff they do in movies strikes me as profoundly impractical/unrealistic because you limit yourself to what you can visualize on a screen. Then you could only work with 2 or 3 dimensional arrays (visualization is a teaching tool for this reason). Still, I am forced to admit there is nothing implausible about it… people still use UML diagrams.

    Reason weird hardware stuff is plausible: Listen people, I have worked in plenty of labs where a breadboard was the “permanent stopgap”, I met a guy who once overclocked his TI-89 Titanium calculator, most of us know the story of “Captain Crunch” and his 2600 Hz whistle and most important: you don’t have to be a security specialist to know that very often the biggest weak link is whether someone can walk into an office building grab some papers/equipment and walk out with it. With actual hardware the sky is the limit because you technically can change how it works at almost any level.

    Reason bad tech jargon is plausible: Technically the battle for the word “hacking” rages on between programmers, the crackers/exploiters they look down upon and the script kiddies who the crackers/exploiters look down upon. Also from firewall… “won’t know the difference between 10,000 files and 10,000 songs”… what is objectionable here? Songs in an mp3 player are indeed almost always files by definition (“almost” because I don’t know the details of how Mac/ipod stuff inevitably deviates from the standard). I will grant that the author does a good job of recognizing that last one as plausible. I have to admit Apple did make the most of that one TRRS jack considering you can swipe cards on ipads nowadays. So even if it was possible with an ipad but not an ipod that one step removed from “plausible with minor tweaking” (let alone major tweaking). Words are just words, and they can THEORETICALLY vary from one community to the next.

    So… the blowjob/gun/hack scene: my god I don’t know where to begin… I would not have thought it possible short scene full of so little dialogue and so few relevant visual details could be so objectionable. I will therefore give 3 highlights/greatest-hits of fail that occured to me:

    Department of Defense “Login”:
    Ok I will start with a softball. A computer system has to be designed to be remotely accessible to be remotely accessible. Remember people were legitimately proud when they set up the first computer that could talk to another computer far away. It is public knowledge that the Department of Energy has an outer “green/yellow” (public and non-sensitive private respectively) network and an internal “red” network that has ZERO connection to the outside. True, people make boneheaded mistakes who don’t know better. Often they do so despite that impressive degree in computer science LOL (no offense to all the many competent and talented computer science graduate-students/professors I have met and worked with). But military types are paranoid for good reason and always prefer old/solid to new/untested. Especially regarding things like secure information access that are mission critical. A great many leaks, including weapons design from DoE to China have involved thumb drives as a result.

    Sit down at random computer and hack something or DIE/get-blue-balled:
    One thing I have to tell people when they float the idea of me rebuilding some code for them is that I HAVE to have at the least several weeks (ideally months) to get a handle of what they are working with (assuming I am not screwed and need to stay up for several days because it is mission critical). I understand that TCP/IP security represents a more set-in-stone medium (the TCP/IP protocol and its most common interface software and application layer protocols on various versions of Windows, Macs, LInux, etc.). But even then, going with this highly idealized situation… what computer was he using? How could he do anything without having his preferred lineup of software installed? Having macros can the mean the difference between minutes and days (that is why you write them) and not having your preferred setup will in a best case scenario throw you off… which is still an understatement. Even if it was Linux bash (the one plausible common medium that a lot of system level programmers are familiar with) someone who works prodigy-like magic would likely have that magic stored in the form of custom builds and a toolkit array of software they wrote themselves. It is the programs that someone writes and uses as tools that truly represents their talent at getting in places where they are not supposed to be.

    From 60 minutes to 60 seconds for hacking DoD:
    NOTE: boasting Kessel run “in less than 12 parsecs”
    I put the Star Wars quote in because I see a clear parallel. Kessel run presumably is a fixed distance given it refers to a place (Kessel as described by C3PO “the spice mines of Kessel) and is somehow measured by another fixed distance parsecs (3.08567758e16 meters or 3.26 light years). Boasting you traveled a kilometer in 1000 meters as opposed to… what exactly? Something other than 1000 meters? The parallel is that you do not measure skill finding exploits in units of keyboard per unit time any more than you measure speed in units of distance per unit distance. By definition an exploit is something no one predicted which may or may not exist. Hacking is being treated as a sport with a 100 meter standard time or some other repeatable feat. People do things that are clever and impressive but even the things which are impressive for a short span of time are inherently unique events. You would have to be familiar with the code base involved to see whether a feat was genius or trivial. Computers are stubborn and infuriating when they don’t work as intended and unbelievably sweet when they do. When someone finds an exploit and remains undetected they get to use it for as long as no one (including them) gives it away to the system admin.

    In short: This scene is about as dumb as saying “I heard there is someone who was able to invent the pulley in 60 minutes, but I need someone who can invent the pulley in 60 seconds. Here is a lab to invent it in even though I have no idea what hardware you would need to invent the pulley. Take a complimentary blowjob and gun to your head to distract you.” More than anything else on this list it is completely removed from reality to point of being a conceptual inkblot. It looks like a butterfly from one angle and a puddle of gasoline from another.

  14. drw72 says:

    ‘Enemy fo the State got it right about the NSA though…all the way back in 1998.

  15. daveboltman says:

    Mmmm – pity I didn’t know about Hack-A-Day when this vote was happening last year…
    I’d have definately voted for guy that uploaded a virus to the alien spaceship in the movie “Independence Day” from his laptop. I think it was a MacBook.
    How did anyone on earth make a virus for a computer with alien technology anyways, letalone connect to it though it’s alien firewalls etc. His the app clearly said “Uploading Virus to Alien Spacecraft”, and he saves the world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 97,541 other followers