I’ve recently been on a bit of a hacking movie binge. While most people write them off as pure fantasy, even the worst have cybersecurity lessons we can learn from – yes, even Weird Science (though wearing a bra on your head is strictly your choice – movie clip). Below are four movies that still have something to teach.
Consider this Hollywood Cybersecurity 101.
Disclaimer: Some of the below clips feature profanity.
First on our list is the classic WarGames which featured a young Matthew Broderick as Hollywood’s first nerd hero. The story is simple: Broderick is too impatient to wait for the release of a new computer game so he hacks into the “computer company’s” network and begins playing it. What he doesn’t know is that it actually belongs to the military, and the “game” he’s playing is against a new supercomputer they’re using as part of their nuclear missile command. Now, only Broderick can save the Earth from nuclear war.
How did a teen break into a nuclear military institution? Simply by guessing the password. By researching the system designer, Broderick finds out that he had a son who died in a car crash. He correctly guesses the password is the name of the guy’s son.
We’d like to think we’ve moved on from guessable passwords, but a recent Senate cybersecurity report found that “a common password on federal systems … is ‘password.’”
What’s the lesson learned? Don’t pick passwords based on any logical connection to you or choose obvious ones like “password” and “changeme.” Better yet, don’t use passwords at all.
Weird Science (1985)
Without a doubt, the weirdest (I see what they did there) movie on this list, Weird Science, is a 1985 movie about two nerds who want to use their computer (a Memotech MTX512 for the oldies) to create their teen version of a perfect woman. Realizing that it’s too slow, they hack into a government mainframe for more power and storage.
Unfortunately for the government IT manager monitoring the mainframe, in a still-too-close-to-reality moment, the teens bypass their security with little effort and a snazzy program on a floppy disk called CRYPTOSMASHER.
So where did the government go wrong? Although the moment goes by in five seconds of movie magic, they didn’t have network protection. Though not publically released until three years after the movie’s release, a well placed firewall would have done enough to damper the teens’ efforts.
While everyone uses firewalls these days, due to new mobile devices and cloud technology, legacy firewalls no longer work. If you haven’t already, begin researching newer solutions. They won’t stop all threats, but they’ll stop the smaller cyberattacks – especially if they’re from bored teens with a floppy disk.
Jurassic Park (1993)
If all you took away from Jurassic Park were the dinosaurs, you missed a valuable lesson: attacks don’t always come from the outside. In the movie, Seinfeld’s Newman is an IT worker at the park (alongside Samuel L. Jackson!) who hacks his way into a coup that involves him stealing dinosaur DNA to sell to the highest bidder. It doesn’t end well for him.
While the DNA isn’t on a digital device, the incident is similar to a recent security breech. Edward Snowden stole top secret documents by putting them on a USB drive and walking out the door. SolarWinds’ VP of Product Management, Chris LaPoint, recently wrote about this type of situation for Technically Speaking. You can read his security recommendations for USB data breaches here.
So what’s the lesson? An employee walking out of your door with sensitive information can be just as deadly as a hacker breaking into your network and stealing that information. There are ways to prevent both.
Bonus: I don’t always try to hack Jurassic Park, but when I do, I use Jurassic Systems.
Listed by many as one of the worst movies ever about hacking, Hackers nonetheless teaches a very valuable cybersecurity lesson. The story involves a bunch of young hackers who uncover a plot involving an IT security employee who plans on unleashing a computer virus to defraud the company he works for.
Remembered more for its soundtrack and 90s-defining codenames than its IT accuracy, one scene does standout as real. In it, our main character calls the company’s security officer on-duty and convinces him to give up network information he then uses to hack into their system. The industry calls this social engineering – tricking people into giving or providing access to sensitive data. The group also dumpster dives for employee memos, and one of them poses as a delivery boy so he can walk around the office, watching people type in their passwords.
Lesson: Hackers don’t solely rely on digital hacking to gather information. Train all your employees on tactics used in social engineering. SANS actually released an in-depth report about social engineering called A Multi-Level Defense Against Social Engineering. Also, remind employees that the trash is not a safe means of disposing of information. Provide a method of securely destroying physical documents.
Although I couldn’t think up a lesson learned from Antitrust, it’s a movie still worth mentioning purely for its abundant open source Easter eggs, including a quick one involving Red Hat.
Hollywood is in the business of “magical realism.” When they tackle IT security, it isn’t an exception. I don’t think mainstream America is prepared for a two-hour movie showing the real joys of staring at line-code, so we’re left with movies that create hacking experiences closer to virtual reality than reality. But that doesn’t mean there’s nothing to learn from them.
The four above movies, although juvenile, teach us a few of the foundational elements of solid IT security:
- Complicated passwords (or a more advanced identifier)
- Firewalls, though today’s solutions need to handle cloud and mobile devices
- Mobile data storage protection
- Thinking beyond your digital vulnerabilities
What’s your hacking movie guilty pleasure and what cybersecurity lesson does it teach?