Cyber Security at the Cinema

Cyber Security at the Cinema

by Adrian Mikeliunas, CISSP, CLP [email protected]

04/08/23 2

Agenda Movie Selection CriteriaMovie Selection Criteria Overview of Cyber SecurityOverview of Cyber Security Top 7 Movie ListTop 7 Movie List Honorary MentionsHonorary Mentions ConclusionConclusion

04/08/23 3

Movies Movies provideMovies provide

EntertainmentEntertainment EducationEducation

Many movies show how to:Many movies show how to: Break computer security, Break computer security, Hack, cheat, steal…Hack, cheat, steal…

Helps us get more preparedHelps us get more prepared

Work becomes more Work becomes more challengingchallenging

Selection Criteria Hacker has to be one of the main Hacker has to be one of the main

characters or movie ideascharacters or movie ideas A Hacker is one who:A Hacker is one who:

is proficient at using or programming is proficient at using or programming a computer; a computer buff. a computer; a computer buff.

uses programming skills to gain uses programming skills to gain illegal access to a computer network illegal access to a computer network or fileor file

Two or more cyber security events Two or more cyber security events in the movie (hacking, cracking, …)in the movie (hacking, cracking, …)

04/08/23 5

Cyber Security Events Bypass Access controls Bypass Access controls

ID, Passwords, back doors, BiometricsID, Passwords, back doors, Biometrics

Bypass Physical SecurityBypass Physical Security Personnel, Storage, EncryptionPersonnel, Storage, Encryption

Tamper CommunicationsTamper Communications Electronic commerce, Mail, DocumentsElectronic commerce, Mail, Documents

Tamper Systems DevelopmentTamper Systems Development Change controls, malware protection, Change controls, malware protection,

cryptocrypto

04/08/23 6

What is Cyber Security? Computer Security [Computer Security [TECHNOLOGYTECHNOLOGY]]

Access & PasswordsAccess & Passwords Hacking / CrackingHacking / Cracking Viruses, Worms, & TrojansViruses, Worms, & Trojans

Social Engineering [Social Engineering [HUMANHUMAN]] Personal InformationPersonal Information Medical RecordsMedical Records Personnel & Financial dataPersonnel & Financial data Spam, Scams & Phishing Spam, Scams & Phishing

http://www.antiphishing.org http://www.antiphishing.org

Weakest Security Link Human Element?Human Element?

Computer Element?Computer Element?

Both?Both?

Top Cyber Security Movies

War GamesWar Games HackersHackers The NetThe Net Matrix TrilogyMatrix Trilogy SneakersSneakers TronTron

War Games-1983 A young man finds a back door into a A young man finds a back door into a

military central computer in which military central computer in which reality is confused with game-reality is confused with game-playing, possibly starting World War playing, possibly starting World War IIIIII

The main debate is: should humans be The main debate is: should humans be in charge of launching a nuclear strike in charge of launching a nuclear strike or should a (fail safe) computer decide?or should a (fail safe) computer decide?

Simple special effects, but realistic for Simple special effects, but realistic for that time. Movie grossed $75M.that time. Movie grossed $75M.

War Games-(2) War Dialing: kids wants to connect to War Dialing: kids wants to connect to

game companygame company Back Door: modem access was for Back Door: modem access was for

developerdeveloper Easy to guess Password: JoshuaEasy to guess Password: Joshua Denial of Service: play tic-tac-toe to Denial of Service: play tic-tac-toe to

prove that in a nuclear war nobody prove that in a nuclear war nobody wins!wins!

The Net-1995

Angela Bennett is a software engineer Angela Bennett is a software engineer working from home in Reston working from home in Reston

A client sends her a game program with a A client sends her a game program with a weird glitch for her to debug. On his way weird glitch for her to debug. On his way to meet her, he’s killed in a plane crashto meet her, he’s killed in a plane crash

Angela discovers secret information on Angela discovers secret information on the disk she has received only hours the disk she has received only hours before she leaves for vacation. before she leaves for vacation.

Her life then turns into a nightmare, her Her life then turns into a nightmare, her records are erased from existence and records are erased from existence and she is given a new identity, one with a she is given a new identity, one with a police record. police record.

The Net (2) Identity Theft has become #1 Identity Theft has become #1

crime in the worldcrime in the world Many commercial programs Many commercial programs

contain Easter Eggs (or contain Easter Eggs (or backdoors) http://www.eeggs.com backdoors) http://www.eeggs.com

Angela uses a keylogger & virus Angela uses a keylogger & virus at the end to payback her at the end to payback her attackersattackers

Hackers-1995

A young boy is arrested by the Secret A young boy is arrested by the Secret Service for writing a virus, and banned Service for writing a virus, and banned from using a computer until his 18th from using a computer until his 18th birthday.birthday.

Years later, he and his new-found friends Years later, he and his new-found friends discover a plot to unleash a dangerous discover a plot to unleash a dangerous computer virus, but must use their computer virus, but must use their computer skills to find the evidence while computer skills to find the evidence while being pursued by the Secret Service and being pursued by the Secret Service and the evil computer genius behind the virus.the evil computer genius behind the virus.

Unreal special “hacking” effects!Unreal special “hacking” effects!

Hackers (2) Remote take over of other Remote take over of other

computer systemscomputer systems TV StationTV Station School fire alarm systemSchool fire alarm system Corporate MainframeCorporate Mainframe

Hacking in many instancesHacking in many instances

Matrix-1999

A group of rebels free Neo, a A group of rebels free Neo, a computer hacker, in hope that he computer hacker, in hope that he can stop the Matrix, a computer can stop the Matrix, a computer system that slaves mankind.system that slaves mankind.

In the second movie, Trinity uses In the second movie, Trinity uses a special hacking tool: nmapa special hacking tool: nmap

Great Sci-Fi trilogy, many special Great Sci-Fi trilogy, many special effectseffects

Matrix (2) Neo is a hacker who gets hacked Neo is a hacker who gets hacked

by Trinity in order to communicate by Trinity in order to communicate inside the Matrixinside the Matrix

Trinity shuts down the power Trinity shuts down the power plant grid by exploiting an SSH plant grid by exploiting an SSH vulnerabilityvulnerability

He goes back in to fight the He goes back in to fight the agents and the Matrix, going out agents and the Matrix, going out via a regular phone line…via a regular phone line…

Sneakers-1993

Complex but lighthearted thriller Complex but lighthearted thriller about computers and about computers and cryptography, government and cryptography, government and espionage, secrets and deception espionage, secrets and deception and betrayal. and betrayal.

They recover a box that has the They recover a box that has the capability to decode all existing capability to decode all existing encryption systems around the encryption systems around the worldworld

TRON-1982

A hacker is literally abducted into A hacker is literally abducted into the world of a computer and forced the world of a computer and forced to participate in gladiatorial games to participate in gladiatorial games where his only chance of escape is where his only chance of escape is with the help of a heroic security with the help of a heroic security program.program.

TRON (trace on) defeats the MCP TRON (trace on) defeats the MCP (master control program) so his (master control program) so his user can retrieve the stolen video user can retrieve the stolen video game copyrights he owned.game copyrights he owned.

Honorable Mentions SwordfishSwordfish The Italian JobThe Italian Job Catch me if you canCatch me if you can Take DownTake Down Independence DayIndependence Day GathakaGathaka Charlie’s AngelsCharlie’s Angels

Swordfish-2001

The D.E.A. shut down its dummy The D.E.A. shut down its dummy corporation operation codenamed corporation operation codenamed SWORDFISH in 1986, with $400M…SWORDFISH in 1986, with $400M…

The world's most dangerous spy is The world's most dangerous spy is hired by the CIA to coerce a hired by the CIA to coerce a computer hacker recently released computer hacker recently released from prison to help steal billions in from prison to help steal billions in unused government funds, but it's unused government funds, but it's all locked away behind super-all locked away behind super-encryption. encryption.

Takedown-2000

Kevin Mitnick is quite possibly the Kevin Mitnick is quite possibly the most well known hacker in the worldmost well known hacker in the world

Hunting for more and more Hunting for more and more information, seeking more and more information, seeking more and more cybertrophies every day, he constantly cybertrophies every day, he constantly looks for bigger challenges looks for bigger challenges

When he breaks into the computer of When he breaks into the computer of a security expert and an ex-hacker, he a security expert and an ex-hacker, he finds one - and much more than that...finds one - and much more than that...

04/08/23 46

Conclusion Cyber Security is always under Cyber Security is always under

attack, prevention can helpattack, prevention can help Protect your passwordProtect your password Protect your company information Protect your company information

assets & your personal assets & your personal information information

Get informed & Get Involved!Get informed & Get Involved! New Information Security Policy New Information Security Policy

http://infosec http://infosec New Information Security Training New Information Security Training

http://ISO17799 http://ISO17799