The Orange County Register (US), September 12, 2003
Hack job: mixing movies and computer-security technology
IRVINE - In the sequel to the movie "The Matrix,'' the svelte heroine's return to the futuristic world had a group of security consultants from Irvine's Rainbow Technologies ogling the raven-haired computer whiz.
But not just because Trinity looked hot in skin-tight black leather.
Trinity, played by actor Carrie-Anne Moss, uses genuine hacking tools to help Neo, played by Keanu Reeves, rescue humankind -- she uses "Nmap'' software to scan the computer ports, finds the electrical control system's Internet protocol address and, voila, zaps the power.
"We were actually impressed,'' said Bernie Cowens, Rainbow's vice president of security services, who took his staff of "fairly jaded'' technologists to a matinee on opening day.
"They are pretty hard to please when it comes to realism in the movies,'' he said. "They all commented favorably.'' In the past, Hollywood's depiction of computer breaches left most security experts groaning in disbelief. Cracking a password in 60 seconds?
Impossible, they say. Computer screens covered with animated images of spreading viruses? Never happens. Zooming in on video recorded by a generic security camera? Ha!
But now, although Hollywood continues to exaggerate technology to make movies more exciting, hacking in films is becoming more realistic, computer experts say.
For example, this summer's "The Italian Job'' showed a credible situation of how hackers might get into the Los Angeles transportation computer system to create the city's largest traffic jam.
And, while movie critics have panned "The Matrix Reloaded,'' many computer-security professionals loved it and are eagerly awaiting the November release of the next movie in the Matrix trilogy, "The Matrix Revolutions.''
"There's a new generation of filmmakers growing up with technology,'' Cowens said. "They're acknowledging that the public is more (computer) savvy. It makes it more believable.''
At home, many people have learned not to open e-mail attachments from people they don't know. They know that, if they ignore that warning, the computer could stop working or slow down because a computer virus is sending itself to everyone in their address book.
They know that colorful images of viruses eating files don't really appear on the computer screen, as in the 1995 movie "Hackers.'' They know, and were reminded by the Blaster worm attack on Windows XP and Windows 2000 systems, that breaking into a computer isn't as tricky as somersaulting across a pressure-sensitive floor to install a snooping device, as in "Charlie's Angels 2000.''
"What seemed like science-fiction 10 years ago, people now know it exists,'' said Steve Gibson, head of the security consultants Gibson Research in Laguna Hills. "Hollywood can now have someone lament about a computer having a virus. . . . You don't have to explain it anymore.''
Close to the hearts of many a security expert is "WarGames,'' from 1983. "That was one of the turning points (in hacker movies),'' said Riley Hassell, a security researcher with eEye Digital Security, an Aliso Viejo security-software company.
In that movie, Matthew Broderick, who plays a teenage hacker trying to access unreleased computer games, skips school for a week to research the life of a man who designed the ultimate computer game. His goal is to discover a secret password that will get him through the "backdoor,'' a shortcut that programmers often add to software code so they can bypass security.
"That was pretty realistic,'' said Barnaby Jack, also a security researcher at eEye. " 'WarGames' was what got a lot of people into the hacking scene.''
Another highly rated movie among security-industry professionals was "Sneakers,'' which was written by the same folks who wrote "WarGames.'' The movie revolves around a ragtag team of hackers who were once on the other side of the law but are now in business to help companies find flaws in their security.
"That's what I wanted to do,'' Hassell said.
And that's what he does.
Hollywood enjoys the drama of hackers guessing passwords quickly and at the very last second, as in the 2001 movie "Swordfish,'' which is about a hacker who double-crosses a crime lord by adding super-strong encryption to a bank's computer system. Of course, he's forced to break back in -- in less than 60 seconds.
" 'Swordfish' is a horrible, horrible example,'' said Chris Prosise, vice president of professional services with security firm Foundstone in Mission Viejo. "The guy supposedly cracked the algorithm within a few seconds. But that's impossible.''
In reality, cracking passwords takes at least a few minutes, and much more if the word isn't in the dictionary, said Steve "Rex'' Frank, chief technology officer of Alvaka Networks in Huntington Beach.
"If there's a dollar sign or something else, it could take a hundred hours,'' said Frank, a professional "white hat'' hacker, which means he uses his computer skills for good.
Hacking a password is usually slow and methodical, he said.
"The password-cracking programs I use -- it literally will try A, A1, A2. Eventually, it will get any password.''
Sometimes Hollywood's knack for exaggeration misleads the movie-going public, Gibson said.
"I actually had one of my field agent contacts tell me that FBI management is upset because they can't track down hackers like they do in the movies,'' Gibson said.
Perhaps the biggest flaw in Hollywood's depiction of hackers is the portrayal of their lifestyle.
In "Hackers,'' for example, the troupe of teenage computer geeks -- which included sexy Angelina Jolie -- go clubbing at night, in-line skate and throw parties attended by crowds of hipsters.
Hassell says he can attest that the hackers he knows aren't the most sociable or fashionable creatures.
"None of them are attractive people,'' Hassell said. "These guys are big 'Star Trek' fans. They eat chips and drink beer.''
Gibson tries not to think about inaccuracies in movies. He goes to be entertained.
"There is definitely a trade-off between accuracy and entertainment,'' he said. "This isn't a computer seminar.''
Aaron Higbee, a Foundstone consultant, agrees. He even says that a realistic screenplay of his life as an authentic white-hat hacker would look something like this:
Setting - a black screen with green text.
Hacker: "It didn't work. It didn't work. It didn't work. It didn't work. It didn't work. It didn't work. (Goes on for days)."
Hacker: "It worked."
(Hacker writes his report and goes home.)
End of movie.