why hollywood needs to leave the hacking to the experts
When a Bond movie comes out, you pretty much have to go see it. I mean come on, it’s a Bond movie, right? In the latest installment, 007 is taking on a computer hacker of sorts and shows us just how little research screenwriters tend to do about technology. While Bond’s brash and bold style of field work is somewhat passable with a little suspension of disbelief from the audience in the grand scheme of things — do we really need to go into detail why not staying low and using some very carefully crafted aliases and passports is a bad idea in spy craft? — the key crimes of the film’s villain, Agent Silva, sound as if the writer skimmed a few Wikipedia pages, pulled out a few impressive sounding buzzwords, and randomly jammed them into the film. And the resulting mix of buzzword salad and technobabble drew me out of the story like an icy slap to the face.
Look, I know, I know, it’s just a movie and a Bond movie at that, and so I’m willing to believe that an agent who needs to shovel painkillers and pour scotch down his gullet to function could still beat the living crap out of an international assassin on a very high level floor of a new Shanghai skyscraper. I’m also willing to give Bond the 600 foot fall that should’ve shattered his body into a million pieces. But when M is telling her assistant to “strip the headers” to pinpoint the source of a hack, my inner professional geek rebels, mostly because the headers is there the data she’d want can be found since it carries the request IP. She basically asked one of the top intelligence agencies in the world to do the equivalent of taking a letter out of its addressed envelope, throw that envelope away, and use the letter to figure out from where the envelope came. Ugh.
And when the tech jargon isn’t just plain wrong, it’s meaningless. When Bond is told that a hard drive containing the name of every NATO agent embedded in terrorist groups is “encrypted with an asymmetric encryption” we’re supposed to get the idea that it’s really tough to crack because the encryption is asymmetric. Classified data is generally encrypted using a Triple AES cipher, an updated block cipher first created in 1998 in a competition to create a brand new encryption standard, and as a block cipher, it’s strength is measured by key size. The bigger the key size, the harder it is to decrypt. So if MI6 wanted to explain to Bond how dire the situation is while still sounding computer literate, they would fret that Silva cracked say, a 2,048 bit key. That’s a very badass thing to do and would mean that Silva can summon NSA-scale resources, and well in line with some very basic information security jargon you can see on most tech blogs.
Finally we have an egregious scene in which Q tried to decrypt Silva’s hard drive contents. If we were to believe Q, only six people in the world could write polymorphic code and that using code obfuscators makes things ridiculously difficult to decrypt. There are exactly two problems with all that. One: polymorphic code in malware is so common that anti-virus companies have a special algorithm to detect it, an algorithm you can easily find online since it’s been published sometime in the late 1990s. Two: obfuscated code is generally quickly deobfuscated because for every obfuscator there is a deobfuscator out there. By the time a plain text password appeared in what was otherwise a wall of hex — which is what you would see if you tried to reverse engineer code you found suspicious — so blatantly obviously that even the computer illiterate Bond noticed it, I was slumped in my seat, sobbing softly into my sleeve. What in the hell was that?
Again, I know it’s just a movie, but at the same time, just consider that a few days of rudimentary research could’ve created a much better picture of real cyber threats facing world governments and might have even given the writers new plots for Bond movies. Silva mentioned destabilizing entire countries by manipulating stock markets. You could totally do that! I could even explain a hypothetical step by step process of how to make that happen with a mix of social engineering, high frequency trading algorithms, and customized hacking tools while you hobnob with the elite traders of the world’s foremost financial hubs. (Screenwriters in search of new ideas, you know how to reach me, just click the About page…) And that’s certainly a worthy task for Bond to dive into, isn’t it? Think of how much press a properly researched and computer literate movie about hacking and espionage could generate. Seriously Hollywood, stop being lazy about technology and do your homework. You’ll get fun plots and save the geeks in the audience a lot of angst…