It’s well-known and accepted that Hollywood has a knack for being dramatic and embellishing real-life scenarios for the sake of ratings. One topic that’s often grossly misrepresented is cybersecurity and cyberattacks.
Somewhere between the stereotypes of a loner dwelling in a dark basement and embedding false information into someone’s brain tissue, lies the truth about hackers and the real-life world of cybercrime.
Cyberattacks in TV shows and movies
Cybercrime has been a tried-and-true plot line in movies and television for decades. One of the first hacking movies was the 1969 film The Italian Job, in which Michael Caine portrays a robber who enlists the assistance of Britain’s most infamous threat actors to steal gold bullion from the Italian police and mafia. During one scene, the city experiences a massive traffic jam caused by an illicit breach of the city’s traffic-control computer.
While this scenario is mild compared to the havoc modern-day hackers can wreak, other movies and television shows have pushed the boundaries of realism and accuracy way beyond simply spouting technical jargon, hitting a few buttons on a keyboard and triggering chaos.
So, why does Hollywood portray hacking (ethical or otherwise) as being so over-the-top, devious or dramatic? Short answer: ratings and money. Another, more likely, reason is because watching someone actually hack into a system would be mundane, at best.
Common accuracies vs. embellishments
There are several inaccuracies and embellishments in even the best Hollywood entertainment. From the ridiculousness of NCIS implying that a system can be compromised via a power cord to the more-realistic scenario of Bruce Willis confronting a cyber-terrorist who is systemically shutting down America’s infrastructure, hacking is misrepresented in a variety of ways. Common misrepresentations include the time it takes to infiltrate a network, the jargon used and the seemingly action-packed lives of cybercriminals.
Most TV programs and films show hackers infiltrating the intended victim’s device within 30 to 60 seconds and instantly retrieving all the information they need. Generally speaking, hacking is not that easy. Reconnaissance takes more time – typically weeks. A hacker can’t just pick a random target and instantly gain unauthorized access. On the flip side, response and defense of any systems and networks takes time, too. There is no magic safety switch, but with the right experts on your team you can see an average dwell time (the duration a threat actor has undetected access in a network until it’s completely removed) of less than 2 days.
The technical jargon in most productions is usually just convoluted enough to make viewers believe that what’s being said. As in most TV-doctor shows, the actors have little-to-no understanding of the terminology they’re confidently tossing around. Don’t get us wrong, the words and phrases being used may be correct, but how they’re being used and the overall context don’t always add up.
For the sake of entertainment, these characters often appear to live much more fast-paced lives than your average hacker. Despite what the movie Blackhat with Chris Hemsworth would have you believe, to our knowledge, no one has ever ended up in multiple fist fights or shootouts over cyber warfare – but then again, what else do we expect from Thor? A typical hacker is much more likely to resemble most of us: sitting behind a computer screen browsing the Internet, on the phone chatting with friends or running routine errands throughout the day.
As far as the entertainment industry is concerned, technology is a kind of black magic that can be used as a means to an end for a storyline. The rate at which technology is advancing, the general audience isn’t going to know what is and isn’t possible if they don’t work in the technology or cybersecurity industry. For the most part, people are simply looking for entertainment, so there’s not a lot of incentive to ensure that hacking is portrayed accurately.
There are some shows, like Mr. Robot – perhaps Hollywood’s biggest tribute to the cybersecurity community — whose audience does care about the discrepancies, which is why there are experts on-set making sure everything is executed correctly. This USA Network hit is probably 99% spot-on regarding terminology and dialog, the execution of attacks and the general representation of an actual hacker.
Embellished or not, Hollywood’s devotion to cybercrime plotlines is acquainting audiences with a very real and prevalent issue. Critical infrastructure really can be compromised. Data is leaked, and systems are infiltrated in cyber warfare every day. Certainly, these movies aren’t written and produced with the intention of scaring people (well, some thrillers might be), but hopefully, they do instill a sense of awareness and the need for protection of consumers’ and businesses’ personal data. Neither the plotlines nor real-life attacks are going anywhere anytime soon.