[ISN] Hollywood hacks impress experts

From: InfoSec News (isnat_private)
Date: Thu Sep 18 2003 - 22:28:41 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary"

    http://www.bayarea.com/mld/mercurynews/business/6800620.htm
    
    By Tamara Chuang
    Orange County Register
    Sept. 18, 2003
    
    IRVINE - In the sequel to the movie ``The Matrix,'' the svelte 
    heroine's return to the futuristic world had a group of security 
    consultants from Irvine's Rainbow Technologies ogling the raven-haired 
    computer whiz.
    
    But not just because Trinity looked hot in skin-tight black leather.
    
    Trinity, played by actor Carrie-Anne Moss, uses genuine hacking tools 
    to help Neo, played by Keanu Reeves, rescue humankind -- she uses 
    ``Nmap'' software to scan the computer ports, finds the electrical 
    control system's Internet protocol address and, voila, zaps the power.
    
    ``We were actually impressed,'' said Bernie Cowens, Rainbow's vice 
    president of security services, who took his staff of ``fairly jaded'' 
    technologists to a matinee on opening day.
    
    ``They are pretty hard to please when it comes to realism in the 
    movies,'' he said. ``They all commented favorably.''
    
    In the past, Hollywood's depiction of computer breaches left most 
    security experts groaning in disbelief. Cracking a password in 60 
    seconds?
    
    Impossible, they say. Computer screens covered with animated images of 
    spreading viruses? Never happens. Zooming in on video recorded by a 
    generic security camera? Ha!
    
    But now, although Hollywood continues to exaggerate technology to make 
    movies more exciting, hacking in films is becoming more realistic, 
    computer experts say.
    
    For example, this summer's ``The Italian Job'' showed a credible 
    situation of how hackers might get into the Los Angeles transportation 
    computer system to create the city's largest traffic jam.
    
    And, while movie critics have panned ``The Matrix Reloaded,'' many 
    computer-security professionals loved it and are eagerly awaiting the 
    November release of the next movie in the Matrix trilogy, ``The Matrix 
    Revolutions.''
    
    ``There's a new generation of filmmakers growing up with technology,'' 
    Cowens said. ``They're acknowledging that the public is more 
    (computer) savvy. It makes it more believable.''
    
    At home, many people have learned not to open e-mail attachments from 
    people they don't know. They know that, if they ignore that warning, 
    the computer could stop working or slow down because a computer virus 
    is sending itself to everyone in their address book.
    
    They know that colorful images of viruses eating files don't really 
    appear on the computer screen, as in the 1995 movie ``Hackers.'' They 
    know, and were reminded by the Blaster worm attack on Windows XP and 
    Windows 2000 systems, that breaking into a computer isn't as tricky as 
    somersaulting across a pressure-sensitive floor to install a snooping 
    device, as in ``Charlie's Angels 2000.''
    
    ``What seemed like science-fiction 10 years ago, people now know it 
    exists,'' said Steve Gibson, head of the security consultants Gibson 
    Research in Laguna Hills. ``Hollywood can now have someone lament 
    about a computer having a virus. . . . You don't have to explain it 
    anymore.''
    
    Close to the hearts of many a security expert is ``WarGames,'' from 
    1983. ``That was one of the turning points (in hacker movies),'' said 
    Riley Hassell, a security researcher with eEye Digital Security, an 
    Aliso Viejo security-software company.
    
    In that movie, Matthew Broderick, who plays a teenage hacker trying to 
    access unreleased computer games, skips school for a week to research 
    the life of a man who designed the ultimate computer game. His goal is 
    to discover a secret password that will get him through the 
    ``backdoor,'' a shortcut that programmers often add to software code 
    so they can bypass security.
    
    ``That was pretty realistic,'' said Barnaby Jack, also a security 
    researcher at eEye. `` `WarGames' was what got a lot of people into 
    the hacking scene.''
    
    Another highly rated movie among security-industry professionals was 
    ``Sneakers,'' which was written by the same folks who wrote 
    ``WarGames.'' The movie revolves around a ragtag team of hackers who 
    were once on the other side of the law but are now in business to help 
    companies find flaws in their security.
    
    ``That's what I wanted to do,'' Hassell said.
    
    And that's what he does.
    
    Hollywood enjoys the drama of hackers guessing passwords quickly and 
    at the very last second, as in the 2001 movie ``Swordfish,'' which is 
    about a hacker who double-crosses a crime lord by adding super-strong 
    encryption to a bank's computer system. Of course, he's forced to 
    break back in -- in less than 60 seconds.
    
    `` `Swordfish' is a horrible, horrible example,'' said Chris Prosise, 
    vice president of professional services with security firm Foundstone 
    in Mission Viejo. ``The guy supposedly cracked the algorithm within a 
    few seconds. But that's impossible.''
    
    In reality, cracking passwords takes at least a few minutes, and much 
    more if the word isn't in the dictionary, said Steve ``Rex'' Frank, 
    chief technology officer of Alvaka Networks in Huntington Beach.
    
    ``If there's a dollar sign or something else, it could take a hundred 
    hours,'' said Frank, a professional ``white hat'' hacker, which means 
    he uses his computer skills for good.
    
    Hacking a password is usually slow and methodical, he said.
    
    ``The password-cracking programs I use -- it literally will try A, A1, 
    A2. Eventually, it will get any password.''
    
    Sometimes Hollywood's knack for exaggeration misleads the movie-going 
    public, Gibson said.
    
    ``I actually had one of my field agent contacts tell me that FBI 
    management is upset because they can't track down hackers like they do 
    in the movies,'' Gibson said.
    
    Perhaps the biggest flaw in Hollywood's depiction of hackers is the 
    portrayal of their lifestyle.
    
    In ``Hackers,'' for example, the troupe of teenage computer geeks -- 
    which included sexy Angelina Jolie -- go clubbing at night, in-line 
    skate and throw parties attended by crowds of hipsters.
    
    Hassell says he can attest that the hackers he knows aren't the most 
    sociable or fashionable creatures.
    
    ``None of them are attractive people,'' Hassell said. ``These guys are 
    big `Star Trek' fans. They eat chips and drink beer.''
    
    Gibson tries not to think about inaccuracies in movies. He goes to be 
    entertained.
    
    ``There is definitely a trade-off between accuracy and 
    entertainment,'' he said. ``This isn't a computer seminar.''
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Sep 19 2003 - 01:39:18 PDT