Last updated: October, 7th. 2004, version 4
There was recently some discussion about movies and series showing some interest into information systems hacking techniques on webappsec@securityfocus.com.
This list is to be used as a reference for IT security professionals who might need some ‘cultural’ examples within their teaching or coaching work. I’ll try to keep it updated so do not hesitate to add your propositions (please add them into the comments in order to have your name referenced).
Alias
- Computer systems hacked in almost every episode;
Antitrust
- Physical console access not being locked by an administrator;
- Source code leak from a inside corporate employee;
Battle Royale
- A group of teenagers introduce themselves to the military network, then launches a logic bomb;
CSI: Crime Scene Investigators
- Username and password written on a post-it stuck on a monitor (Episode ‘$35K O.B.O.) ;
- Man in the middle attack: a message is intercepted and modified by the cable guy (Episode: ‘Stalker’);
Cowboy Bebop (anime)
- Biometric security: Faye accepts responsibility for debts through thumbprint;
- Insider threat: corporate employee leaves access code to the main system;
- Remote access exploits;
Dreiundzwantzig
- About a hackergroup in the 80’s selling info to KGB etc somewhat true story;
Gunsmith Cats (anime)
- Compromised password;
- Steganography (images on a fake adult site hide criminal information);
Hackers
- 0 days exploits;
- Distributed denial of service;
- Corporate employee attack: the sysadmin wrote a worm which was shaving pennies off of every transaction;
- Virus;
Independence Day
- Introduction of malicious code into central network (mother ship) using a remote authorized connection (drone ship) by unauthorized party’s (the hero’s);
Jurassic Park
- Insider threat (the programmer gets the system to bypass security while he steals the DNA/embryos);
Lord of the Rings, The
- At the mines of Moria entrance gate. The password is written on an elfic ‘post-it’;
- Inside the mines, when Gandalf faces the Balrog and shouts ‘thou shall not pass!’;
- Sauron builds vast defenses and Mormannon, a fortified gate to lock everyone out of his domain. Yet the danger lies within: three hobbits are already inside the structure et getting closer to the “core”;
Matrix
- Backdoors;
- Exploits (ssh);
Minority Report
- Biometric (retina scan) access control and identity spoofing;
- Faulty HR termination procedures: employee’s access was not disabled after being fired;
Office Space
- Worm: gathers fractions of rounded pennies on a ‘private’ account;
Operation Swordfish
- Brute force attack;
- Virus;
Resident Evil
- Multiple PIN brute force attempts to enter Red Queen’s chamber;
- Vocally shared PIN results in death of team member;
Silicon Towers
- Cards built by a company all include a hardcoded backdoor access;
Sneakers
- Cryptography (when the team discovers it’s a crypto box they have;
Takedown
- Social engineering;
Tenki Universe (anime)
- Multi-tier authentication system (access to the crypts of Juraian Knights);
- Virus;
Terminator 2
- John Connor hacks into an ATM;
- Later in the movie, John uses the same technique to unlock a secured safe;
The Net
- Personally identifiable information (main characters personal information is deleted thanks to a single floppy disk containing some hacking software;
War Games
- Passwords directly related to the personality are easily guessed;
- Lack of authentication failure monitoring;
–
Contributors:
- webappsec@securityfocus members
- Serg Belokamen
- Skander Ben Mansour
- Mark Brewis
- Mark Curphey
- Stephen De Vries
- Matt Fisher
- Lucas Holt
- Jeff Levenglick
- Jason Merriman
- Arnold Meyers
- Edward Miller
- Rui Pereira
- Michael Russel
- Mattias Sandström
- Mickael Silk
- Koen Vingerhoets
and specially Mike Andrews, for having asked the question 