the-conversation-700

The Conversation (1974)

You’re wondering what a 1974 movie has to do with hacking, and it’s true, there’s no computer hacking here. But hacking is really just a specific form of electronic data collection, and that’s what Gene Hackman’s character Harry Caul does — he just uses analog tech rather than digital.

The film also features a really good detail that points to the very origin of hacking. One of Harry Caul’s rivals demonstrates a device that blows a specific tone into a phone system, which converts the phone on the other end of the line to a microphone. That’s related to phone phreaking, which is where hacking was born.

One of the coolest bits of phone phreaking history is that some of the most proficient early phreaks were blind. In fact, the earliest was Joe Engressia, who legally changed his name to Joybubbles, a boy born blind and with perfect pitch. At five years old he discovered that tapping a specific pattern with a phone’s switch hook could trick the phone system into action. Soon, he could whistle a 2600Hz tone into the phone, which tricked the tone-based phone system into activation. (Much like the device in The Conversation.) Other notable phone phreaks include Steve Jobs and Steve Wozniak.

As phreaking developed into the ’70s, enthusiasts built electronic boxes to simulate other tones and help control phone systems. Some of that tech is for sale in the trade show attended by Harry Caul in The Conversation. (Thanks to my friend Dan for suggesting this entry. There’s a good essay on the intersection between The Conversation and phone phreaking here.)

***

wargames-1983-700

Wargames (1983)

Matthew Broderick plays David, a kid with a computer and a lot of time on his hands. This kid isn’t evil, just curious. He uses his relatively rudimentary modem to explore computer networks just for fun, at one point looking for info on upcoming video games. During one bulk scan of phone numbers, David stumbles on a computer that is a bit different. His interest piqued, David soon finds his way into a system that belongs to NORAD — aka the North American Aerospace Defense Command.

Some of the most legit hacking in the film is actually David’s research on a specific topic once he has had his first access to WOPR, the computer at NORAD. David is on the hunt for a backdoor password that will allow him invisible access to the system. So he kicks into a version of social engineering, using clues in the part of the system he was able to access to get external information about its designer, and ultimately guess the backdoor password. The password isn’t as simple as one of the dumb ones in the “most popular passwords” list we mentioned before, but the film is a good example of how someone trying to break into a system might first go about it.

Perhaps the funniest part of Wargames is that, while David sets the film’s plot in motion by searching for information about video games, he’s really not a particularly good gamer. Big points for the hacking, though. (Broderick would reprise his hacker origins to a certain degree in Ferris Bueller’s Day Off.)

***

sneakers

Sneakers (1992)

Sneakers has some embellished hacking, sure — an all-powerful MacGuffin box drives the plot —  but it also has some really good examples of basic real-world hacking concepts that take place away from the computer. Robert Redford’s character runs the sort of legit hacking that earns big money for talented practitioners, testing the systems of various companies for potential security flaws. They do the sort of reconnaissance that we typically see in heist movies, looking up blueprints for a facility they need to penetrate, and they use various forms of social engineering to acquire an access key. There’s a good rundown of some of the techniques in the film here.

The characters even go dumpster-diving to find documents. Dumpster-diving was a big part of the early phone phreaking scene, too, as early phreaks raided discarded phone company documents to get insider information on how phone networks were assembled. It’s not as glamorous as using garish 3D cube models to represent some bizarre virtual space, but it’s a trick that gets the job done.

And as he has pointed out multiple timesSneakers is (or was, a couple years ago) the favorite hacking movie of famed real-world hacker Kevin Mitnick. That’s about as good an endorsement as you need.

***

The Matrix Reloaded (2003)

What, no The Matrix? Well, the original film captured some of the then-current interest in hacking, and used it as a portal to a philosophical sci-fi story. Most of the “hacking” in the Matrix films, however, is just more rapid finger tapping and random code gibberish. But The Matrix Reloaded sees Trinity using a real-world tool called Nmap, and the scene is popular enough that it has pages dedicated to explaining the intersection between the scene and reality.

So what’s going on in that clip? A reddit comment explains it better than I can:

At :03, you can see at the top she scanned (Nmap) a server and noticed it had SSH running, which is used for administering computers remotely. She then uses sshnuke, which is a program that exploits SSH and resets the administrative password that she sets (Z1ON0101). Then she logs in as administrator using that password. Then once she’s in, she just executes a command that disables the grid nodes.

Usage of Nmap is popular enough in films that the official Nmap page has a whole collection of screens and explanations for the tool as used in past and, in some cases, far future storylines. It shows up in Dredd, Elysium, The Bourne Ultimatum, and the original The Girl With the Dragon Tattoo, among others.

***

BLACKHAT-1-700

Blackhat (2015)

Go ahead and laugh at Chris Hemsworth playing an MIT hacker, but many of the little details are just right in Michael Mann’s latest film. That’s no surprise given Mann’s preoccupation with detail, but it is a pleasant surprise given the fact that Blackhat blows it with some other details. And yet none of it is new. While films of the ’90s were all about pushing the idea that technology is an outlandishly visual new frontier, the best hacking movies and scenes approach the subject in the same way we’ve seen for decades.

Hemsworth’s character Nick Hathaway uses quite a few real-worlds tricks to gain access to systems. A couple of the most attention-getting bits in the film isn’t something that most hackers would do — they involve extreme violence and a crashed car — but in general the type of threat faced by the characters is quite legit. Indeed, the threat seems kind of boring to some audiences, as the bad guys are targeting a utility in order to make money. But cyber-terrorism does go after such targets just as often as it angles towards a company like Sony.

There’s also a big example of social engineering rendered with terrific detail, as a woman persuades a security guard to connect a USB flash drive to his company’s system, allowing Hathaway to have access. And this film looks right when it comes to hacking, as we see Hathaway typing away at UNIX-based systems with the same command lines everyone in the real world uses.

Wired showed the film to a set of “200-odd security specialists from Google, Facebook, Apple, Tesla, Twitter, Square, Cisco, and other parts of Silicon Valley’s close-knit security community,” and found afterward that the audience generally endorsed the legitimacy of many of the tactics used.

Pages: Previous page 1 2

Cool Posts From Around the Web: