Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blackhat movie: The Good, the Bad, and the Ugly

Maria Korolov | Feb. 3, 2015
If you still haven't seen the new movie Michael Mann movie "Blackhat" with Chris Hemsworth playing the lead, you won't be getting any new insights into how hackers work.

If you still haven't seen the new movie Michael Mann movie "Blackhat" with Chris Hemsworth playing the lead, you won't be getting any new insights into how hackers work.

If you are not a security professional, however, then the movie does, in fact, have some interesting things to say about the kinds of cyberthreats we're now up against, so stop reading and go see it.

Good: The IoT attack was real

Unlike other movies, in which hackers magically crack "several layers of encryption" with their laptops, the attacks in this movie are actually credible hacks.

The central attack, for example, takes down a nuclear power plant. Okay, there was a bit more explosion than when Stuxnet took down a nuclear power plant in Iran, but then again, it is a Michael Mann movie.

"The gist of Stuxnet was to go after programmable logic controllers inside critical infrastructure devices and industrial devices," said Jeff Schmidt, founder at Chicago-based JAS Global Advisors LLC, a consulting firm focusing on technology for critical infrastructure sectors.

"In the case of Stuxnet, it was centrifuges used in preparing uranium," he added. "In the case of this movie, it was water pumps that were used in a nuclear power plant."

This is a real threat. Many industrial control systems were built before the Internet or by companies that focus on hardware, not security software, and are now vulnerable. If your company or organization is putting off spending the money it would take to get this fixed, then maybe this movie will scare you into action.

Bad: ... but the IoT attacks made no sense

Right at the start of the movie, the bad guys go after two targets — the nuclear power plant, and the Chicago futures market.

The attack on the power plant brings in massive and immediate attention from law enforcement, who immediately launch a coordinated global search.

The attack on the Chicago futures market brings in $75 million. Without the other attack, the bad guys could have taken the money, gone home, and lived happily ever after.

"It reminded me of the old James Bond movies and the cartoons where the bad guy always has the perfect opportunity to kill the hero, and employs some overly complicated Rube Goldberg machine to kill the good guy and it never works," said Schmidt.

Instead, the two initial attacks turn out to part of a setup for a ridiculously complex evil plan that I'm not going to go into here.

"In reality, it's just unnecessary," said Schmidt. "With their skills, there are a lot easier ways to make more money — and they already did! $75 million in a couple of hours. They could lather, rinse, repeat and make a whole lot of money."

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.