Plaintext: Lights! Camera! and Action!
During today's Seen and Heard, we talked about hacking scenes in popular entertainment, primarily in movies and TV shows, and how they shape people’s perceptions of security. In this issue of Dark Reading in Plaintext, we highlight some of the points made during the conversation. Check out the replay if you missed it. Let us know if there is something we forgot to talk about!
Star Wars: R2-D2's Story
Star Wars really isn’t a cybersecurity franchise in the traditional sense, but there is a lot about cybersecurity in the movies, especially where R2-D2 is concerned. R2-D2 could connect to any system or “mainframe.” Any information the characters needed, that little droid knew how to get it. And think about it – it didn’t matter what connector the system required…R2-D2 had it. R2-D2 really is the ultimate hacker.
From Dark Reading’s archives:
Security Isn't Dramatic. It's pretty much a given that most movies and TV shows get hacking wrong. Keyboard pounding doesn't actually help you find attackers faster. Attribution isn't easy. And there aren't nifty graphics pointing you towards malware. As Dark Reading's Terry Sweeney once wrote, "Let's acknowledge that showing people typing at a keyboard – or watching code appear on a display -- isn't visually exciting ("We just paid $15 to watch people do stuff we can do at home for free.") We all know coding is painstaking and time-consuming, but that's a reality that producers and directors skip over in favor of a narrative that moves -- mustn't bore the audience!"
Go to a bug hunting event. The participants are hunched over the keyboards staring intently at their screens. Look in during an incident response engagement. There is a lot of whiteboarding. Not very riveting stuff. That's partly why Mr. Robot gets such rave reviews from the security industry. There is some attention paid to what tools to use and to think about what a realistic story would look like.
Are People Getting Savvier About Security? The jury is out on that one. Cybersecurity is still not top of mind for many people, even with the growing number of attacks and breaches. In many cases, people don't really think about security until it becomes personal. There is still a bit of a naivete about the amount of information people put out their on social media sites, and how easy it is for someone to use that information in a social engineering attack.
But there is more awareness that it is possible to mess around with traffic lights, hijack video cameras, or potentially cause problems with the electric grid or nuclear plants. There may be a growing expectation of security as well. People want to know why their applications and devices aren't more secure. They are increasingly comfortable with "invisible security." On the other hand, maybe all these incorrect descriptions and scenes are causing people to overestimate their knowledge.
What we clearly need is more TV shows like Mr. Robot. More movies where the directors consult with security professionals to try to be more realistic More scenes that illustrate how attackers really can do a lot with social engineering attacks. That's not too much to ask, is it?
领英推荐
Headlines on Tap
Are ransomware gangs retreating?
On That Note
There are many real-life stories that don’t get told – because the incidents are still classified, or the investigators and responders involved with the incident are bound by NDAs and aren't allowed to tell them. (It's always fascinating when someone does tell a story, though!)
A possible movie that would be awesome to watch: A movie about the legendary hacking group L0pht.
Would it be a drama or a comedy? Who is the right actor to wear the long wig to play Mudge? Would any of the original members play themselves in the movie?
Some of these stories may not be as dramatic or suspenseful, but there are others that could be illuminating. Perhaps not as a full-length feature movie, but definitely enough to be multiple episodes of a Netflix series. Now, that's a thought. Any screenwriters out there reading this?