Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blackhat movie: The Good, the Bad, and the Ugly

Maria Korolov | Feb. 3, 2015
If you still haven't seen the new movie Michael Mann movie "Blackhat" with Chris Hemsworth playing the lead, you won't be getting any new insights into how hackers work.

Ugly: ... the criminal hacker is the one genius who can fix things

Plenty of smart people try their hand at hacking and find out that they're good at it, but stop short of actual criminal activity and jail time. Or maybe they just were smart enough not to get caught.

And plenty of other smart people go straight into computer science and forensics and cyber security.

If the FBI needed some bright minds to send against the bad guys, surely there were better options than a criminal who'd written a Trojan back in college and had been stuck in prison for the previous five years after getting caught breaking into a bunch of banks. Not to mention the fact that he'd previously served another year for a bar fight.

In fact, we first meet him at the start of the movie when he's caught yet again, this time for using a cell phone to hack into the prison's commissary accounting.

Really, you want this guy? Really?

Then, instead of keeping him in some secure facility while he offers his advice in return for time off his sentence, the FBI sends him into the field. What? Why?

So, okay, it's unlikely, but maybe this guy has some insights into some code. But since when does that make him qualified to run around alleys and get into shootouts?

Good: The social engineering was real

In one pivotal scene, Hemsworth's hacker, who's named Hathaway, sends an email to an NSA official purporting to be from the official's boss, referring to a conversation that official just had with an FBI agent.

That's an excellent example of a highly targeted spear phishing attack, in which the hacker uses all the knowledge he acquired about the target to create an email that convinces the official to open a document that contains malware.

This happens. The Sony hack reportedly started with a phishing email. People are always clicking on things they shouldn't — even people who you'd think would know better.

Later on in the movie, a pretty woman talks a bank employee into printing something for her from a USB drive — a drive that also contains malware.

That happens, too.


Bad: The social engineering is normally just the start of an attack

But it's a big step from infecting a computer at the bank's periphery to actually being able to initiate wire transfers out of bank accounts.

It's not necessarily impossible, but banks have been adding a lot of checks and balances in recent years. Not only would it would take more than a few minutes to get to the core financial systems, but even once into an account, it takes more than a few clicks to initiate a wire transfer.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.