Hackers on Blackhat: Hollywood finally gets internet right
Director Michael Mann's new film, Blackhat, centres around a convicted hacker who is released from prison to foil the schemes of a villainous rival wreaking havoc around the world.
Given the recent highly visible lapses in cybersecurity, it's the kind of subject matter that the viewing public might find compelling. It's not surprising, however, if seasoned hands are a bit more sceptical. Hollywood has a less-than-stellar track record for presenting complex technology in a realistic manner, after all.
One need only dig up the old Sandra Bullock thriller The Net or watch practically any episode of CSI ("zoom and enhance!") to find some good examples.
"In movies, hacking tends to look like some elaborate digital art that lasts a handful of seconds," writes Gizmodo's Adam Clark Estes.
So what's the verdict on the film from hacking and cybersecurity communities? By most accounts, Blackhat hits pretty close to the mark.
Real hacking is an arduous task that's visually numbing, Estes says, and the film does a good job of reflecting this reality.
"It looks like hacking because it's everything that bad Hollywood hacking isn't: simple white code on a black background, command line arguments, references to things like Tor, keyloggers, and phishing," he writes. "It's a little bit boring, too!"
"They clearly not only had good technical consultants," tweets First Look Media's director of security Morgan Marquis-Boire. "They also listened to them."
Google's Parisa Tabriz - who served as a consultant for the film - tells Fusion's Kashmir Hill: "It's the most accurate information security film I've seen".
She also says that part of what makes Blackhat particularly compelling is the way it shows that cybersecurity is only as strong as its weakest link - and that link almost invariably is the human component. Lapses in good safety protocol allow the key players to get into closely guarded networks more than a few times in the film.
Of course, there are plenty of car chases and gunfights in Blackhat - this is still Hollywood after all. And Estes laments that the film stretches credulity in its final half when it introduces secret technology implausibly stolen from the National Security Agency.
Kevin Poulsen, a former hacker who also helped as a technical advisor for the film, says Blackhat is "close to the metal in depicting a no-longer-sci-fi world where cybercrime is serious, profitable and well-funded". But the senior editor at the digital magazine Wired is less concerned with what experts think about the film and more worried about how it plays in Washington, DC.
Blackhat, he says, could give rise to bad policy, as politicians react to cyber-threats by embracing President Barack Obama's call for harsher criminal sentences for convicted hackers.
"I can say with absolute confidence that a lawmaker will soon be standing on the floor of Congress talking about Blackhat in the same breath as the Sony intrusion, railing about the grave threat to American lives that computer hacking poses," he writes.
Such a response would ignore more effective policy prescriptions, he says.
"Pour money into research, offer incentives for organisations to invest in security, pass disclosure laws that require public reporting of breaches, so consumers can hold negligent companies accountable," he continues. "Blindly boosting sentences for the few hackers who get caught will do nothing to help."