“Hackers” (1995) and the Public View of Computer Security

I’ve always been a huge fan of the 1995 movie “Hackers”, to the point where it is probably the most watched movie in my collection. While a lot of people rightly view it as a bit cliche with some of the cheesy dialog and general 90s pop culture, to this day it is one of the most accurate hacking movies I’ve seen come out of Hollywood. Let’s take a look at some of the things it does right that a lot of the more modern movies miss.

  1. Phreaking
    In “Hackers”, the character of the “Phantom Phreak” takes his name from the concept of phone phreaking, and we see him using a mini-tape recorder to play back operational frequencies into a pay phone early in the movie. Phone phreaking has been around since before personal computers existed. This technology, briefly discussed in Pirates of Silicon Valley (1999), essentially comes down to manipulating control tones in the public phone system to emulate some sort of diagnostic or management hardware. The most famous instance of this is with the “Blue Box” technology, which was a hardware tone-generation device built off a simple concept originated by a hacker named John Draper, known as “Captain Crunch”. This hacker realized that the toy whistle inside boxes of Captain Crunch at the time emitted a perfect 2600Hz tone which, when routed through AT&T’s public telephone network, would disconnect the remote end of a trunk and send the node that the user with the whistle was standing at into an operator mode, giving the hacker some control over the phone system, at the time frequently abused to make long-distance calls for fun. (Fun fact, Steve Jobs and Wozniak made money in college by selling Blue Boxes)
  2. Eidetic Memory and Other Atypical Brain Characteristics
    This movie has a character (“Lord Nikon”) whose value is largely derived from his talent, an eidetic memory. Having an eidetic (or photographic) memory means a person can recall, in vivid detail, something they saw or heard, even long after they originally experienced it. This kind of characteristic is widely questioned by the modern scientific community, but even doubters agree that it still points to an atypical pattern of thought, suggesting it is more likely due to the way the brain organizes and correlates information rather than an actual recollection of the image or sound itself. The was seen in Adriaan de Groot’s experiment with chess grand masters to memorize chess board positions and movements. The grand masters were seen to demonstrate the ability to retain and recall significantly more information than varied “non-expert” control subjects, but when the arrangements were reset to show positions that could never occur in a chess game, the grand masters’ recollection dropped substantially, to the level of the control subjects. Various books, papers, and research have speculated that many of the most famous hackers and computer experts had (and have) unusual ways of interpreting data in their mind, which leads to some of the unconventional thinking generally associated with exploiting technology.
  3. Social Engineering
    “Hackers” is a Kevin Mitnick dream experience; from the first scene in the movie after the prologue where Dade tricks a security guard into giving away a dial-in number to the scene where Lord Nikon is pretending to be a flower delivery person, this movie has both subtle and loud uses of social engineering to help the characters to accomplish their goals. Mitnick is better known as a master of human nature than a master of technology, as many of the crimes for which he was tried involved his use of credentials gained through social engineering rather than via technical exploits. Even to this day, computer security experts agree that the “human link” is always the weakest, and ensuring a solid security policy around dissemination of sensitive information is a significant, yet difficult endeavor to maintain.
  4. Just Plain Digging Around
    Arguably a part of “Social Engineering” above, many modern hacker movies leave out some of the dirtier work necessary to exploit a corporate network. Often times, the best way to figure out background information about a target before beginning a digital assault is to dig through garbage. These days with facilities like Iron Mountain and the frequent use of paper shredders, this task is made much more difficult, but as with social engineering, it relies entirely on people to redact or shred the right information, and for someone to not accidentally throw out that post-it note with their password written on it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s