In the popular Amazon series, Mr Robot, hacking was given a glamourous Hollywood make-over. Gone are the days when hackers are represented as anti-social nerds in dark rooms furiously tapping on their keyboards. Despite the attractive cast, the series has been praised for giving a realistic look at hacking and the dangers of insider threats. But I’m not convinced.
Not that I’m on their side, but I can’t help thinking E Corp would do well to improve its ‘access management’ technology if it plans on keeping up its evil ways. In one episode, Angela Moss attempts to take down her devious employers using a colleague’s stolen credentials via a ‘rubber ducky’ USB.
If only E Corp had tighter restrictions to stop other users accessing certain workstations based on their location or the time of day or if they had thought it through a little better, the colleague’s login details wouldn’t have worked on Angela’s machine and she would’ve been in some serious trouble with the IT team.
We know it’s only a TV programme, and we can’t let security get in the way of a good bit of TV. But it’s not always about far-fetched, unrealistic plots and futuristic tech. Software currently exists that improves access management by requiring simple contextual information about each login attempt, such as when and where it’s happening, to grant access.
This means that if anything out of the ordinary happens, such as a disgruntled employee looking to throw the cat amongst the pigeons, the system will automatically deny access or alert the administrator, who can quickly and easily find out who’s behind it all and give them a serious talking to.
Instead of spending valuable time making money from gullible consumers and covering up their misdoings, E Corp could have put some serious time and effort into protecting their employees’ passwords, meaning that only Julian would’ve been privy to his hastily thought-up login of ‘Password123’.
However, the nasty conglomerate E Corp isn’t alone in its poor security. There are countless examples from films and series where, if the attacker had come up against better network access and file security, a whole new plot would have unfolded.
Take, for example, everyone’s favorite early noughties sci-fi trilogy, The Matrix. In the second instalment, we saw female lead Trinity being tasked with destroying a power plant to prevent a security system being triggered. In the film, she cracks the code and saves the planet; all in a day’s work. But, this type of hack could have been prevented by software that blocks logins from leather-clad strangers on strange laptops in strange locations.
With or without uncovering the password, these restrictions would have prevented Trinity from disabling that grid system. Sorry, humanity - we just like to see things done right.
It’s not just humans who could benefit from shaping up their IT. In the action-packed ‘90s classic, Independence Day, the aliens are thwarted when a virus is uploaded to the mothership, which deactivates the force fields. In reality, would a superior race from outer space be duped by such a simple idea? We’re not expecting aliens to make a cameo in our lives anytime soon, but we’d like to think that they’d have the tech that would stop even Jeff Goldblum from interfering with their plans for world domination.
Imagine how different the plot would be if Jeff had tried to access the mothership in his hijacked spaceship at an IT-unapproved time of the day. Despite his best efforts, it would have been access denied and the virus would never have been uploaded. Now that’s what I call a close encounter.
Even Baker Street’s most famous clever-clogs resident, Sherlock, has gotten into the hacking spirit. In the Hound of the Baskerville episode, where the eccentric detective gains access to Major Barrymore’s computer to foil the bad guys yet again, he seems to have no trouble.
If the Major had restricted access at certain times of the day, however, he would’ve received an alert to warn him that a certain genius investigator was trying to log in using his real password and the case would’ve gone unsolved. It's elementary, my dear reader.
The moral of the story is: security breaches make for a great movie plot, but in the real world, a password falling into the wrong hands is serious stuff. Protecting your organization from both insider and outsider threats means you leave the drama to the professionals, your company’s private information stays safe and there’s no nasty plot twist for the IT professionals out there before the credits roll.
IS Decisions look at how other cases of Hollywood hacking could have been easily solved