Hollywood has had a long history of misrepresenting hackers. They are usually depicted in TV shows and movies in two ways: A bunch of nerdy weirdos with no life or miracle workers that can penetrate highly secure IT systems by maniacally pounding on a keyboard. But what are hackers really like and what do they actually do? We find out.
Hacker dual wielding keyboard picture from Shutterstock
We spoke with Websense sales engineering manager, Bradley Anstis, and security engineer, Michael Ferguson, on what they thought were the four biggest misconceptions about hackers perpetuated by Hollywood. Without further ado, here is the list:
Hackers love using graphical user interface (GUI)
GUI is essentially the part of software that adds a visual element to programs, allowing users to understand and interact with them easily. In other words, it dumbs down software for us mere mortals. Windows and icons that you can drag and drop on your desktop are examples of GUI.
Movies and TV shows that have done little to no research (most of them) depict computer experts performing feats of hacking through GUI. Perhaps this is to make it more palatable for people who are clueless about technology, but it’s not very accurate.
Hackers generally use command line interface (CLI), so think rows and rows of code that is hard to track and decipher if you don’t know the type of coding language that is being used. If you want to do something in an application, you have to typed in a command and you’ll receive a response back from the system. Nearly every professional and expert hacker uses Linux or Unix for this.
Hackers rely only on computers to do their bidding
Hackers don’t just sit in front of computers bashing out lines and lines of code. Sometimes they actually have to pick up the phone and speak with people to gather information that will assist them in their attempts to gain entry into protected systems. This is called social engineering and it’s the art of manipulating people so they divulge confidential information.
Hackers have been known to impersonate employees of companies they’re trying to access; essentially calling up the business and tricking people into giving them the information they need. There are even stories of attackers impersonating external IT services worker and walking right into an organisation they are targeting.
People also underestimate the amount of personal information floating around on the internet that hackers can take advantage of. Date of birth details, which are commonly used to verify a person’s identify, are readily available on social media and it could be as simple as posting a picture of your 25th birthday party on Instagram. It’s not hard to work on your date of birth from that.
Hackers are just highly intelligent code monkeys
Hackers are perceived as intelligent nerds who are just really good at coding, but we should also give them credit for being creative. They are always finding new ways to exploit vulnerabilities in technology and in people.
People. We are quite easy to take advantage of aren’t we? Considering there are still people who fall victim to Nigerian Prince-esque scams, there are some of us that are just begging to be targeted.
One of the more creative ways hackers can gain entry into their desired IT systems is by piggybacking off the carelessness and ignorance of employees. The perfect example of this is an experiment conducted by founder of Secure Network Technologies, Steve Stasiukonis. Back in 2006, to assess the security of a client he was working with, he littered USB sticks loaded with a Trojan virus around the company’s car park. Employees actually picked up the USBs and plugged them into their PCs. The Trojan then came to life and allowed Stasiukonis to farm the login credentials of those workers.
Hackers work alone or in small groups
While this may have been true in the early days, hackers do team up to form bigger groups for concerted attacks. Think Anonymous, which has members scattered all across the world.
Another point to note is that as cybercrime has become more organised, hacking tools offered as a service has become commonplace. You can rent a platform, databases, phishing campaigns, exploit kits through various sources to use for more strategic attacks.
Attackers can go shopping in these virtual hacker supermarkets and just pick and choose what tools they want to use, which makes hacking at a larger scale so much easier than before.
What are some other hacker misconceptions you want to kick to the curb? Let us know in the comments.
Comments
18 responses to “Four Ways Hollywood Gets Hacking Hopelessly Wrong”
Try “Mr. Robot” – It’sa pretty good hacking show. They even employ the USB in the carpark trick.
Yeah! The Websense folks said Mr. Robot provides the most accurate portrayal of hackers they have seen so far! 🙂
My personal annoyance is the portrayal of hackers as being supernaturally gifted coders, who can hack into the most protected mainframes on the planet inside a minute. The other one is that old code will magically work on new hardware and software. Think Swordfish for both.
“It’s a UNIX system! I know this.”
Funny thing about that is that the GUI in that scene in Jurassic Park was a real GUI.
My pet peeves with the portrayal of hackers:
1) Their computers make a chirping noise every time a character, line or graphic gets drawn[
2) You can hack into super-secure systems faster by just mashing keys faster
3) Hacking is like a 3D game rendered in ASCII. You have to press keys to zoom in to the transparent cubes and turn all the blue text red
4) Hackers are seen as Neo type nerds — zero social skills and infinite computer skills. Some hackers I know are so charming and smooth, they could sell an Apple computer to an Android fanboy.
Frustrated by this, I started writing my own game (an RPG of sorts) where you had to “hack” into systems by pretending to be contractors, maintenance crews and such. You could gain entry into systems by grabbing post-it notes off the monitors of managers or by calling tech support and getting a password reset over the phone.
I didn’t get too far with it (I was writing it from scratch), but I wanted to make a game that was realistic and fun.
I’d buy that. It sounds cool, and you could make it just a little disturbing.
I’ve half considered some kind of Kickstarter-y fund to get it off the ground, but there’s SO much stuff I would need to line up first, including someone to handle finances, taxes and such, someone who has had more game development experience than me and some kind of storyline, direction and other such things, along with a prototype to show, in order to generate enough interest.
Cool idea…but the trouble is, calling tech support to get a password reset isn’t fun…it’s 15 minutes of oddly tense hold music followed by a barely understandable operator. The pretending to be contractors and stuff sounds alright though. I can see a character walking aimlessly around the office with a step-ladder and tool belt, profiling the most likely worker to tell him where the network center is.
Yeah, there’d be plenty of “fade to black” moments where the game would skip bits like that, or make it a little less realistic and get someone on the phone within seconds.
My prototype uses Lua for almost everything, with the aim of including semi-optional programming elements within the game (e.g. in order to crack a PIN code for a door, you’d write a simple loop that counts up from 0000 to 9999. You could skip that if you had discovered the code earlier, by copying down the post-it note from a monitor)
So yeah it’d be as realistic as fun gameplay would allow, but not so unrealistic as to make it “mash the keyboard faster to hack faster” type hacking.
Everyone on TV that has even been hacked somehow has 100GB+ or RAM in their computers. Hundreds of windows start flicking up and appearing all over the screen, screaming “I AM A VIRUS/YOU ARE BEING HACKED”.
Really stupid shit on mainstream TV adds to this. Everyone knows the NCIS and CSI clips with the stupid hacking in them.
and
my personal fav , is when they are doing a search on something , the wild banging on the keyboard
These misconceptions aren’t exclusive too hollywood..
It frustrates me to no end when Police/Crime shows have a briefing and use a couple of laser pointer/remote clicks to perform complex tasks (bringing up images, resizing, analysis, tracking etc) usually on some ‘custom’ OS with 90s graphics and far too much wire-frame.
Tonight I watched Minority Report and thought of this comment. Everything was transparent (good luck using one of their computers next to a window) and Mr. Scientology himself had to wave his hands around like a loon to paw through info.
At one point he asked his buddy to transfer him some information. While Tom is pulling info from various detached screens left right and center, his buddy had to put a transparent clipboard-sized thing into a transparent screen (great idea!) to copy some faces onto it, like the future didn’t have WiFi or networking capabilities.
Minority Report looks hokey, but at least Spielberg used real interface theorists (for lack of a better term) to suggest what a user interface might look like in 2050.
One of the film’s advisors, John Underkoffler, gave a great TED talk demonstrating how much of this is already possible, albeit with a lot of cameras. That was five years ago (and includes some very cool stuff that he explains was already 15 years old even then) and I assume it’s much improved now.
http://www.ted.com/talks/john_underkoffler_drive_3d_data_with_a_gesture?language=en
Seriously , how boring would the shows be if it showed actual hacking. You need people to be entertained not bored to death.
I just love the “Access Granted” screen.
Isn’t it about time that programmers world-wide yielded to this obvious demand and put “Access Granted” splash-screens in the workflow between successfully entering a username and password, and getting down to doing real work.
Seriously, Each time I put my PIN in and unlock Windows 10 I want 2-second delay screen and cortana to announce though the PC speakers “Access Granted”.