Hollywood reality check: "Blackhat"
By Don Jones on January 20, 2015
You know how these Hollywood blockbusters go when there's technology involved, right? It's something like this: "Hey, we need to hack into the NSA!" Followed by, "No problem, I'll just mash the keyboard a couple of times...and we're in!" Don't get me wrong, I understand the need for storytelling shortcuts, but sometimes suspending disbelief is so hard. "Blackhat" is a new hacker movie starring Thor Chris Hemsworth as the lead hacker. And it's got everything: a lady hacker, explosions, foreign intrigue -- you name it.
I learned several important, real life, indisputable facts:
- A good hacker can not only hack, but win a bar fight, live through a gunfight, be superhero-buff, and have beautiful hair the entire time. Seriously, Hemsworth has a line on some truly magical hair product. And he gets the girl.
- Steel shipping containers are less effective than you'd think at stopping automatic rifle fire. Magazines, on the other hand, are pretty good.
- Everyone overseas, except the Chinese high command, speaks great English. Thank goodness, too, because I hate subtitles unless it's in anime.
- Jakarta has kick-butt server hosting, and it's pretty affordable. But people there smoke too much, and the data centers are in sketchy neighborhoods.
What surprised me, though, was how basically accurate and plausible the actual hacking was -- within the limits of practical storytelling, of course. There was, in fact, almost no hacking. There was a lot of social engineering. Need to hack into a network? Get a temporary employee into the office, and stick some malware on the sys admin's favorite USB flash drive. E-mail a keylogger, disguised as a "password guidelines" PDF, to someone who's just been told to change his password. Yeah, some of the details were a little Hollywood-fuzzy, but the premise was sound: When you get hacked, it's going to come from the inside, and it's going to start with social engineering. It's actually a brilliant and relevant lesson to everyone in IT. Pretty much all the tech stuff in the movie could actually happen in real life -- and has.
OK, in one instance, the "hack" was to get physical access to the server's drives -- extremely plausible, and one reason technologies like BitLocker can be important, by creating a distraction. Now, imagine someone breaking into your data center by causing a "distraction." Can't think of something distracting enough to make that happen? No? How about dropping a delivery truck through the roof? Hollywood! Still, not totally off base.
All that said, it's a terribly slow movie. I'm not exactly recommending it, unless you're looking for tips on surviving a gunfight by means of periodical-based armor. Yeah. But again, amazing hair product.