why hollywood needs to leave the hacking to the experts

November 11, 2012

skyfall

When a Bond movie comes out, you pretty much have to go see it. I mean come on, it’s a Bond movie, right? In the latest installment, 007 is taking on a computer hacker of sorts and shows us just how little research screenwriters tend to do about technology. While Bond’s brash and bold style of field work is somewhat passable with a little suspension of disbelief from the audience in the grand scheme of things — do we really need to go into detail why not staying low and using some very carefully crafted aliases and passports is a bad idea in spy craft? — the key crimes of the film’s villain, Agent Silva, sound as if the writer skimmed a few Wikipedia pages, pulled out a few impressive sounding buzzwords, and randomly jammed them into the film. And the resulting mix of buzzword salad and technobabble drew me out of the story like an icy slap to the face.

Look, I know, I know, it’s just a movie and a Bond movie at that, and so I’m willing to believe that an agent who needs to shovel painkillers and pour scotch down his gullet to function could still beat the living crap out of an international assassin on a very high level floor of a new Shanghai skyscraper. I’m also willing to give Bond the 600 foot fall that should’ve shattered his body into a million pieces. But when M is telling her assistant to “strip the headers” to pinpoint the source of a hack, my inner professional geek rebels, mostly because the headers is there the data she’d want can be found since it carries the request IP. She basically asked one of the top intelligence agencies in the world to do the equivalent of taking a letter out of its addressed envelope, throw that envelope away, and use the letter to figure out from where the envelope came. Ugh.

And when the tech jargon isn’t just plain wrong, it’s meaningless. When Bond is told that a hard drive containing the name of every NATO agent embedded in terrorist groups is “encrypted with an asymmetric encryption” we’re supposed to get the idea that it’s really tough to crack because the encryption is asymmetric. Classified data is generally encrypted using a Triple AES cipher, an updated block cipher first created in 1998 in a competition to create a brand new encryption standard, and as a block cipher, it’s strength is measured by key size. The bigger the key size, the harder it is to decrypt. So if MI6 wanted to explain to Bond how dire the situation is while still sounding computer literate, they would fret that Silva cracked say, a 2,048 bit key. That’s a very badass thing to do and would mean that Silva can summon NSA-scale resources, and well in line with some very basic information security jargon you can see on most tech blogs.

Finally we have an egregious scene in which Q tried to decrypt Silva’s hard drive contents. If we were to believe Q, only six people in the world could write polymorphic code and that using code obfuscators makes things ridiculously difficult to decrypt. There are exactly two problems with all that. One: polymorphic code in malware is so common that anti-virus companies have a special algorithm to detect it, an algorithm you can easily find online since it’s been published sometime in the late 1990s. Two: obfuscated code is generally quickly deobfuscated because for every obfuscator there is a deobfuscator out there. By the time a plain text password appeared in what was otherwise a wall of hex — which is what you would see if you tried to reverse engineer code you found suspicious — so blatantly obviously that even the computer illiterate Bond noticed it, I was slumped in my seat, sobbing softly into my sleeve. What in the hell was that?

Again, I know it’s just a movie, but at the same time, just consider that a few days of rudimentary research could’ve created a much better picture of real cyber threats facing world governments and might have even given the writers new plots for Bond movies. Silva mentioned destabilizing entire countries by manipulating stock markets. You could totally do that! I could even explain a hypothetical step by step process of how to make that happen with a mix of social engineering, high frequency trading algorithms, and customized hacking tools while you hobnob with the elite traders of the world’s foremost financial hubs. (Screenwriters in search of new ideas, you know how to reach me, just click the About page…) And that’s certainly a worthy task for Bond to dive into, isn’t it? Think of how much press a properly researched and computer literate movie about hacking and espionage could generate. Seriously Hollywood, stop being lazy about technology and do your homework. You’ll get fun plots and save the geeks in the audience a lot of angst…

Share
  • Dar Norris

    These errors stand out to you because of your profession. I’m a truck driver and the writers still show fluid leaking out of the brake lines during brake failure on a tractor-trailer rig. (Monk) These are air brakes – no fluid. I enjoy reading your blog but I’m not going to pretend I understand everything technical you write but at least try to get the gist of what you’re saying. I’m sure cops watching many movies and tv shows cringe every time they get it wrong, or bakers, or tailors, or candlestick makers. Only people technically familiar with computers will notice computer gaffes. I’m guessing most people won’t be leaving the theater to go home and fact check a 007 movie or any other movie unless it claims to be a documentary. I bet the CIA gets a chuckle out of these Bond movies.

  • Russ Toelke

    This isn’t the first time computer technology was dumbed down for the viewing masses. Who can forget Matthew Broderick easily hacking US defense computers in War Games? Or the computer understanding Whoopie Goldberg asking it questions in Jumping Jack Flash? And don’t forget every other movie in the 80′s showing the computer’s text in reverse seemingly reflecting on the protagonist’s face, like that ever happens.

    I worked in the auto business for 21 years, I get a chuckle out of movies and TV shows with V8 engine sounds from little front-wheel drive cars and gears shifting in automatics. And every car ad has that subtle NASCAR-ish engine sound effect while their car is drifting across pristine testing grounds.

    Heh. I can’t go to movies with any hint of sci-fi or technology in it. I guess that comes from reading too many Mad Magazines when I was a kid.

  • Paul451

    The difference is that today, we all have computers. A decent chunk of the audience can be expected to have at least rudimentary understanding of what computers do, and what computer processes look like.

    And a decent chunk of the crew would also have this understanding, certainly whoever designed the computer effects knew how stupid the computer effects were. I’m not saying they’ll get the fine details right, but they really haven’t progressed since those dodgy ’80s flicks.