Where Hollywood Hits the Mark on Hacking (Guest Blog)

Security industry professional reveals true-to-life recent entertainment portrayal of cybersecurity scenarios

Kerry Washington, Scandal; Hayley Kiyoko, CSI: Cyber; Dylan McDermott, Stalker (ABC/CBS)
"Scandal," ABC/ "CSI: Cyber," "Stalker," CBS

The entertainment industry often highlights real life issues, which explains why cybersecurity has become increasingly front and center in popular TV shows and movies. With the rise of large scale hacks from the point-of-sale breaches, to leaked nude photos of celebrities, to attacks using Internet of Things devices in the home, it’s worth a closer look at how Hollywood is covering this emerging national issue — one that was recognized in the president’s State of the Union address earlier this year. And while the entertainment industry tends to use hyperbole to make the issues more salacious than they are in reality, many of the cyber activities depicted are ultimately grounded in truth.

Four Ways that Entertainment Meets Reality

Hacker Operations

In the film “Blackhat,” we saw a hacker operate by retooling an older variant of malware to target Programmable Logic Controllers (PLCs) used in power plants. The movie showcased a variety of hacks from using a plant in a company to access financial systems to other variants of malware like a remote access tool (RAT) that was used to control cameras in a restaurant. It also reflected other popular techniques used by cyber criminals such as spear phishing and social engineering.

So just how much of the film is based in reality?

The bottom line: The various malware and techniques were certainly consistent with what we see in the cybersecurity space. However, Hollywood took a lot of liberties about how easy it was to do some of the hacks and how things propagate. For example, the worm Stuxnet, which is a real world piece of malware used to target PLCs, was most likely distributed using an infected USB stick as opposed to someone sitting in his hotel room pushing a button on his keyboard to send the malware deep into the power plant systems.

Hacking Into Cameras

Recently, CBS launched the series premiere of “CSI: Cyber,” the latest installment of the CSI franchise, that tackles ways cybercriminals are hacking into everything including baby cameras to see when the best time is to kidnap a child.

The bottom line: Do your homework before buying any connected device. Look for companies that have good reviews when it comes to security. Also, read the privacy and security policies to make sure the company applies effective security controls and practices to keep you and your family safe. When you get the device, be sure to change the default password to something complex.

Tracing Digital Footsteps

CBS’s “Stalker” presented a situation where we learn that a video featuring a coach being intimate with a student was uploaded to a high school website. The cops show up at the student suspect’s house and explain that they know he posted it because they traced the IP address.

The bottom line: Using something like Tor that makes your online activity anonymous would have likely been enough to thwart the cops. That’s not to say that I would encourage this type of behavior. Another good example of what we are seeing in the area is script kiddies, AKA “skiddies.” Skiddies are thought to be young people with no real programming knowledge who use malware they find on the Internet to attack computers and networks, and deface the websites of organizations such as schools, police departments and other official websites.

Securing Devices With Stored Personal Information

ABC’s “Scandal” featured a scenario in which the president’s chief of staff walks away from his cell phone, leaving it in the hands of his new lover. The lover was easily able to access the phone and learn about sensitive government information. He planned to share this information with a woman looking to take down the president and his team.

The bottom line: Set a password on your device to protect your personal information from getting into the wrong hands. Create a complex password using upper and lowercase letters, strong number and character combinations and never use the same password across multiple sites. Consider using a password manager or multi factor authentications when available.

So, where does hacking in Hollywood stand?

Overall, these film and TV shows illustrate activities we rarely think twice about, but can lead to real life consequences that can often be prevented with common sense and better cyber hygiene. While the premises are all viable, the level of accuracy in their portrayals may not be.

Hollywood-style embellishments aside, pop culture is doing a great job of creating awareness about the complicated realm of cybersecurity and doing so in a way that consumers can not only learn about a complex topic, but also understand the consequences. While we, as consumers of entertainment, often seek to be pulled away from the harsh realities of our daily lives, it is important that such programs continue to educate viewers that hacks and cyberattacks can and do have the potential to affect us, our families and jobs on a personal level. Consumers should walk away from these programs feeling entertained, but also with an understanding of how these events can occur and steps they can take to help protect their digital lives.

Gary Davis is Chief Consumer Security Evangelist for Intel Security. @GaryJDavis

Comments