What Hollywood Teaches Us About Cybersecurity

I’ve recently been on a bit of a hacking movie binge. While most people write them off as pure fantasy, even the worst have cybersecurity lessons we can learn from - yes, even Weird Science (though wearing a bra on your head is strictly your choice - movie clip). Below are four movies that still have something to teach us.

Consider this Hollywood Cybersecurity 101. Disclaimer: Some of the below clips feature profanity.

WarGames (1983)

First on our list is the classic WarGames which featured a young Matthew Broderick as Hollywood’s first nerd hero. The story is simple: Broderick is too impatient to wait for the release of a new computer game so he hacks into the “computer company’s” network and begins playing it. What he doesn’t know is that it actually belongs to the military, and the “game” he’s playing is against a new supercomputer they’re using as part of their nuclear missile command. Now, only Broderick can save the Earth from nuclear war.

How did a teen break into a nuclear military institution? He guessed the password. By researching the system designer, Broderick finds out that he had a son who died in a car crash. He correctly guesses the system's password is the name of the guy’s son.

We’d like to think we’ve moved on from guessable passwords, but a recent Senate cybersecurity report found that a common password on federal systems is "password.”

What’s the lesson learned? Don’t pick passwords based on any logical connection to you or choose obvious ones like “password” and “changeme.” Better yet, don’t use passwords at all.

 

 

 

Weird Science (1985)

Without a doubt the weirdest (I see what they did there) movie on this list, Weird Science, is a 1985 movie about two nerds who want to use their computer (a Memotech MTX512 for the oldies) to create their teen version of a perfect woman. Realizing that it’s too slow, they hack into a government mainframe for more power and storage. (Bonus points to the writers for envisioning cloud technology!)

Unfortunately for the government, the IT manager monitoring the mainframe - in a still-too-close-to-reality moment -  doesn't have the expertise to stop them. The teens bypass their security with little effort and a snazzy floppy disk program called CRYPTOSMASHER.

So where did the government go wrong? Although the moment goes by in five seconds of movie magic, they didn’t have network protection. Though (to be fair) not publicly released until three years after the movie’s release, a well placed firewall would have done enough to damper the teens’ efforts.

While everyone uses them these days, due to new mobile devices and cloud technology, legacy firewalls no longer work. If you haven’t already, begin researching newer solutions. They won’t stop all threats, but  they’ll stop the smaller cyberattacks - especially if they’re from bored teens with a floppy disk.

 

 

 

Jurassic Park (1993)

If all you took away from Jurassic Park were the dinosaurs, you missed a valuable lesson: attacks don’t always come from the outside. In the movie, Seinfeld’s Newman is an IT worker at the park (alongside Samuel L. Jackson!) who hacks his way into a coup that involves him stealing dinosaur DNA to sell to the highest bidder. Spoiler: It doesn’t end well for him.

While the DNA isn’t on a digital device, the incident is similar to a recent security breech. Edward Snowden stole top secret documents by putting them on a USB drive and walking out the door. SolarWinds’ VP of Product Management, Chris LaPoint, recently wrote about this type of situation for Technically Speaking.

So what’s the lesson? An employee walking out of your door with sensitive information is just as deadly as a hacker breaking into your network and stealing it. There are ways to prevent both. Read Chris' security recommendations for USB data breaches to learn more.

Bonus: I don't always hack Jurassic Park, but when I do, I use Jurassic Systems.

 

 

 

Hackers (1995)

Listed by many as the worst movie about hacking, Hackers nonetheless teaches us a very valuable cybersecurity lesson. The story involves a bunch of young hackers who uncover a plot involving an IT security employee who plans on unleashing a computer virus to defraud the company he works for.

Remembered more for its soundtrack and 90s-defining code names than its IT accuracy, one scene does standout as real. In it, our main character calls the company’s security officer on-duty and convinces him to give up network information he then uses to hack into their system. The industry calls this social engineering: tricking people into giving sensitive information or providing access to sensitive data. His group also dumpster dives for employee memos, and one of them poses as a delivery boy so he can walk around the office, watching people type in their passwords.

Lesson:  Hackers don’t solely rely on digital hacking to gather information. Train all your employees on tactics used in social engineering. For more information on that, SANS released an in-depth report about social engineering called A Multi-Level Defense Against Social Engineering. Also, remind employees that the trash is not a safe means of disposing of information. Provide a method of securely destroying physical documents.

 

 

 

Conclusion

Hollywood is in the business of “magical realism.” IT security isn’t an exception. I don’t think mainstream America is prepared for a two-hour movie showing the real joys of staring at line-code, so we’re left with movies that create hacking experiences closer to virtual reality than reality. But that doesn’t mean there’s nothing to learn from them.

The four above movies, although juvenile, teach us a few of the foundational elements of solid IT security:

  1. Create complicated passwords (or use a more advanced identifier)
  2. Use firewalls, though today’s solutions need to be able to handle cloud and mobile devices
  3. Emplement mobile data storage protection
  4. Continue thinking beyond your digital vulnerabilities