Pinterest Stumbleupon Whatsapp
Ads by Google

Blackhat is the latest in a line of movies that feature hacking as a major plot point, and it paints a pretty scary picture of what nefarious computer geniuses can do. But how accurate is it? Should we be worried? I talked to Jeff Schmidt, founder of JAS Global Advisors and Zurich Insurance Cyber-risk Fellow at The Atlantic Council, about the movie, some of its inaccuracies, and what we can learn from Blackhat.

What’s Blackhat All About?

To provide some background for this discussion, here’s a quick synopsis of the movie. Spoiler alert: if you haven’t seen it, and you don’t want to know the plot, you might want to come back to this article after you’ve seen it (though the box-office numbers and mediocre reviews suggest that it’s probably not worth the $20 it costs to see it in the theater).

In short, a hacker Top 5 Websites To Learn How To Hack Like A Pro Top 5 Websites To Learn How To Hack Like A Pro You might be surprised to learn just how many people want to learn how to hack. The stereotype is that of the young college guy - a computer science major for sure - who spends... Read More , Nicholas Hathaway, is brought out of prison by the American and Chinese governments to help them track down the source of a cyber attack on a nuclear plant in Hong Kong (the attack included pieces of code written by Hathaway years ago). After another attack on the Mercantile Trade Exchange in Chicago, some cat-and-mouse with the villain, a fight in a Korean restaurant, and some bank account sleuthing, Hathaway and the agents recover a HDD from the nuclear reactor.

Because of the physical damage to the drive, the American agents request access to a top-secret NSA data reconstruction tool What Is Data Recovery And How Does It Work? What Is Data Recovery And How Does It Work? If you've ever experienced a major loss of data, you've probably wondered about data recovery -- how does it work? Read More called Black Widow, but is denied. Hathaway hacks into the NSA and uses the tool to discover the location of the source of the cyber attacks.

blackhat-chase

Ads by Google

Heading to Jakarta they find that the hacker is planning something in Malaysia. After heading to the location of the next attack, they reason that the attack on the nuclear plant was a test run—the hacker’s plan is to flood a Malaysian river valley to destroy a number of tin mines, which will enable the him and his gang to make a bunch of money on the tin market using the funds they stole from the Exchange.

Needless to say, there are some chase scenes, a shoot-out, and some knife fighting, but Hathaway, the good hacker What Is The Difference Between A Good Hacker & A Bad Hacker? [Opinion] What Is The Difference Between A Good Hacker & A Bad Hacker? [Opinion] Every now and then, we hear something in the news about hackers taking down sites, exploit a multitude of programs, or threatening to wiggle their way into high-security areas where they shouldn't belong. But, if... Read More , ends up killing the bad hacker and making off with his money.

How Accurate Is It?

In general, Blackhat has gotten fairly positive responses on the technical side. Kevin Poulsen, a former hacker and a consultant on Blackhat, told Gizmodo that it’s probably the most authentic thing that’s been done in the realm of hacking movies. When I talked to Schmidt, he emphasized that he thought the team behind the movie had put a lot effort into getting things right, and did a really good job, despite the “overly complex, Rube Goldberg plot,” which—though a bit demanding in the suspension-of-disbelief area—he found entertaining.

Beyond the positive overall reaction, Schmidt pointed out a few interesting things in the plot that gave him pause. For example, if an organization like the NSA had developed the Black Widow data reconstruction program, they wouldn’t make it accessible over the internet, and they’d certainly protect it with something stronger than a simple username and password authentication Lock Down These Services Now With Two-Factor Authentication Lock Down These Services Now With Two-Factor Authentication Two-factor authentication is the smart way to protect your online accounts. Let's take a look at few of the services you can lock-down with better security. Read More . Similarly, computer forensics Investigate Or Troubleshoot Computer Systems With OSForensics [Windows] Investigate Or Troubleshoot Computer Systems With OSForensics [Windows] Read More isn’t as simple as starting a program and waiting for a pop-up with the critical piece of information.

password-extraction

Similarly, the portrayal of tools like whois WhoIsrequest: Find Out WhoIs Information About Any Site WhoIsrequest: Find Out WhoIs Information About Any Site Read More and talk simplifies the process quite a bit—they don’t just work like magic. Schmidt says that “good guys usually talk to bad guys over something more simple, like IRC or Twitter,” which surprised me a bit; government agents talking to cyber criminals via Twitter sounds like something out of a movie!

And, of course, to make the movie interesting, the writers had to make the plot complex, involved, and suitable for a thrilling mystery. If hackers were sophisticated enough to take down a nuclear power plant, Schmidt said, they wouldn’t need to go through the trouble of using such complicated tactics as flooding a Malaysian river valley in order to affect the tin market, which they had infiltrated through an attack on a commodities exchange.

Another tactic used to make the movie more exciting was to give the hackers martial arts and gun-fighting training, something they don’t usually have.

What Can We Learn from Blackhat?

When it comes down to it, even if Blackhat isn’t a hyper-realistic portrayal of the hacking life, there are still a few things we can learn from it. When I asked Schmidt if we’re likely to see an increase in the number of attacks like the ones portrayed in the movie, he said that, while nuclear reactors and trade exchanges and dams all have computer components and could potentially be attacked, “the reality is that the thing we should actually be worried about is the more boring stuff . . . bad guys are stealing money and intellectual property and information to influence, blackmail, bribe, and extort every day.”

data-theft

He admitted that these sorts of activities are much less exciting, and that there’s not likely to be a movie about them anytime soon, but that this is where we need to focus our attention. Unfortunately, however, we’re likely to see this type of attack increase in the future—hackers are getting more sophisticated, methods are getting increasingly complex, and, as Schmidt put it, “defense is behind offense.” At the moment, the hackers’ methods are more effective than the ones used to defend against them, and they’ll likely remain so until a new technical development turns the tables.

The Takeaway

As expected, Blackhat is a sensationalized account of what it’s like to be a hacker. But, as with a great deal of fiction, there are grains of truth that can be found throughout the story. Hopefully, those who see the film will be inspired to learn more about cyber warfare and cyber security so that awareness of today’s issues become more widespread. Though Blackhat requires a bit of imagination to appreciate, it does draw attention to an important issue in today’s world, and that’s always good.

Have you seen Blackhat? What did you think? How do you feel about the portrayal of cyber terrorism and cyber warfare in the film? Share your thoughts below!

Image credits: Universal Pictures, Businesswoman holding tablet via Shutterstock.

  1. Bryan Elliott
    February 21, 2015 at 5:17 am

    The idea that a bad hacker could cause a meltdown at a nuclear plant is ludicrous as well - unless you found a way to control manual valves and simple analog circuits from a computer or something. With the exception of a couple of HUDs to bring your wall of dials into clear focus, nuclear plants aren't computerized - for the very reason that computers can't be trusted with the level of attention and problem solving thought processes required by plant operators.

    It'd be like hacking a diesel train. It ain't gonna happen.

    • Dann Albright
      February 22, 2015 at 5:03 pm

      Do you have experience in nuclear reactors, Bryan? I know very little about them, but I can believe that what you're saying is true. However, even if reactors aren't primarily monitored by computers right now, I have to believe that they will be in the future—everything is becoming more automated, and I'd be willing to bet that nuclear plants will follow that pattern. Yes, what happened in Blackhat is pretty far out there—but I'm not sure it's as far as it might seem at first!

  2. dragonmouth
    February 16, 2015 at 7:05 pm

    How realistic do you want a movie about hackers to be?
    Considering that when someone announces that they have discovered an exploit, everybody goes into hysterics from fear the "the hackers will NOW know about it and start using it", you want a realistic, step by step portrayal of how a nuclear plant and a stock exchange were cyber attacked?! Besides, like Schmidt says, the act hacking into another computer is not exciting enough for a movie. It is rather mundane with a lot of donkey work. To make a movie about hacking enticing to movie goers, chases, fights and sex have to be included.

    • Dann Albright
      February 17, 2015 at 10:18 am

      I wasn't trying to criticize the movie for not being as accurate as possible; just wanted to point out that there are a few inaccuracies that people should be aware of. And to commend the movie in taking the time to come up with an interesting plot that actually does contain a number of accuracies that are appreciated by people in the security field.

      Have you seen it?

Leave a Reply

Your email address will not be published. Required fields are marked *