September 14, 2016 • 47 mins
Shannon Morse and Jonathan continue their conversation about some of the worst hacking scenes in Hollywood history and how with a little adjustment they could be more accurate.
Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Get in text with Technology with text Stuff from stuff
dot Com. Hey there, and welcome to Tech Stuff. I
am your host, Jonathan Strickland, and we pick up in
the middle of a conversation that I was having with
Shannon Morse. You heard the previous episode last week. If
you haven't, go back listen to that. It's all about
(00:25):
how Hollywood is really bad at portraying hackers and hacker
culture in a realistic way. And today we're going to
talk more about some of the embarrassing examples out there
in entertainment as well as some of the really good ones.
And we're gonna start off with a conversation about a
pair of movies that not only did a disservice to hackers,
(00:47):
but also virtual reality. We joined the conversation already in progress,
Lawnmower and and Lawnmower Man Too, Uh, inspired by the
work of Stephen King. So these movies are terrible, it
could be a lot of fun to watch with a
(01:08):
group of people who just want to see, like a
really bad movie and make fun of it, you know,
MST three case style. I included a couple of clips
and I showed them to Shannon. One of them was
a demonstration that hacking a system in this world isn't
just graphical but immersive. Uh So you're you're wearing like
(01:30):
a head mounted display and and you're wearing gloves that
allow you to interact with the virtual world. And so
they're showing a character getting backdoor access to a system
by slapping at hexagons inside this virtual space. So these
(01:51):
hexagons are popping up in front of him, and he's
slapping at them and eventually gets you know, access granted.
Mostly it's getting access to NIED. Eventually access granted pops up,
and it looks like the only thing that he did
differently was just that he hit it a little faster
that time. So, in other words, it would be equivalent
to that n C I S scene we talked about earlier,
where if you just tie fast enough, you either hack
(02:15):
in or you prevent a hack from happening. Obviously, this
is not at all remotely realistic, but it is one
of those where you you look at you your you
could tell the screenwriter was saying, well, I want to
show that this character who has has found that he's
very powerful in the virtual space, can access a system.
(02:37):
How can I do that in a way that's not
just you know, it's over in the blink of an eye,
and there's no way to show it visually, so they
created this sort of three D display. This is one
of those things we see in a lot of Hollywood
movies where they try and visualize the navigating a secure
system as like going through a maze. It happens a
(02:59):
ton and again, actually going through that maze of information
that's located on a network is actually quite boring looking
on camera. So they created this al bite terrible virtual
reality scene to to actually give some kind of uh implementation,
(03:20):
some kind of visual implementation to the people that are
watching this movie. And it's it's pretty terrible. It's definitely
not how gaining access to a network would work, but
I thought it was hilarious. Yeah. A Lawnmowerman two also
has a scene that's similar to that. The characters are
looking at what is just an equation on a computer screen. Um,
(03:43):
So they're looking at this equation and trying to figure
out how to get access and one of the character
says that she can't get past the memory lock to
access the chain. So the smarmie computer expert who's next
to her says, well, all you have to do is
just enhance the memory index, and which already none of
(04:06):
that makes any real sense. It's kind of like Star
Trek techno babble where they talk about reversing the polarity.
It really, it's just it's just there to say something
technical is happening, and you don't need to understand what
it is. It's kind of shorthand. So then a little
yellow ball appears on the screen and the equation they're
(04:28):
looking at it starts to rotate uh and starts to
turn on its side and become a three dimensional maze again,
so we get another example of accessing a system involves
navigating through an actual three dimensional maze. Uh. He uses
gesture controls to move this little yellow ball around until
(04:51):
finally getting to where the data is. The whole time
he's just using meaningless computer jargon and incorrectly. And then
at the very the cherry on top of the Sunday
is that he says toda. So if you really want
(05:11):
a good time, watch the hacking scene from lawnmower Man too.
Both of those, obviously are are in that same category
of trying to visualize what this this UH process would
be like In a way that is interesting. I said
that the worst a movie can do is not only
(05:32):
be incorrect, but also failed to be entertaining, And then
I would argue both of these fall into that category.
I feel like if hacking was as entertaining as it
is in lawnmower Man, I would have gotten gotten into
it at a much much younger age. Yea, it's not
I remember Lawn moore Man's one of the movies I
would often cite as being a real reason why virtual
(05:54):
reality died in the mid nineties. So sad because because
the stuff that was around in the mid nineties was
very very primitive, Right. You had like Dactyl Nightmare, these
these games that were just polygons, and they were very primitive. Uh.
The gameplay was limited, the headsets you war had to
be supported on cables because they were so heavy they
(06:15):
would really hurt your neck otherwise. Uh. And so when
people saw what the actual state of the art of
virtual reality was at the time compared to what they
were seeing in films, that that gap ended up making
people say, well, this is this isn't good at all.
I don't see any reason in in putting any money
(06:36):
towards this, and virtual reality died for about ten years,
and now we're starting to see it get back into
the consumer space with the success of Oculus Rift in
HTC Vibe, assuming you can get your hands on one. Uh,
we're starting to see it come back, but it took
almost twenty years for it to recover. So uh, thanks
(07:01):
lawnmore Man. The only were you a bad movie? But
you killed b R your fault. Yeah, I'm not bitter
or anything. Uh. There's a movie that we have to
mention everyone that I when I posted on Twitter that
I was going to do this, I had a lot
of people say the entire movie of Hackers should be
(07:21):
considered as part of this as a bad hacking scene.
And Hackers is a great example, uh, as another one
of those where it's a movie that was posing as
an anti authoritarian kind of film, but in the safest
way possible, like there's nothing really daring about it. Um.
And the opening sequence has a couple of characters trying
(07:43):
to battle it out over one another, and and one
of them isn't trying to create an intrusion into a system.
The other one detects it and then shuts everything down.
So Shannon, typically when you're talking about things like a
hacker intruding into a system, detecting that there's been an intrusion.
We're not normally seeing this happen on a one versus
(08:07):
one kind of basis in real time typically are we
not necessarily a lot of times what you'll see with
a hack intrusion into a system, like you said, uh,
is that they will sit and watch and they will
do a lot of recons so they'll try to figure
out what's available for them, what can they see, and
they'll wait for something to happen that will give them
(08:29):
even more access. Uh. And then if you have somebody
that's working inside of that company that's being intruded upon, uh,
usually the first action that you will see is them
trying to also collect information so they can find where
this open opening is, where this vulnerability is, and then
they'll shut it down. Uh. And then after that they'll
(08:49):
do a whole, uh whole research report on it and
try to figure out like who actually did it and
probably take to enforcement agencies so that they can get
the capture the person and hopefully get them charged, because
that's not a very good thing to do. Yeah, I mean,
you don't necessarily see people like duking it out like
they do. Yeah, it's usually you know, like your first
(09:13):
indication that something is wrong can often just be that
you've noticed there's unusual amounts of data traffic across your network,
and you might say, well, why why are we getting
these spikes? If you're a a savvy hacker, you're trying
to mask your activity. You're kind of like trying to
sneak in when a big crowd is going into a room.
(09:33):
It's kind of the same thing, right, Like you're waiting
for large transfers of data so that it masks what
you are doing. In a lot of cases, if you're
really really good at what you're doing, you're trying to
kind of go in that route because it means you
can stay hidden for longer and get more information. Information
is valuable. Therefore, you don't want to just you know,
(09:54):
you don't want to just break into a system and
then immediately get booted out. Then what was the point
of that other than to say, hey, I figured out
you have a vulnerability, And if that's your job, that's awesome.
If you're a white hat hacker and your job is
to hey, we've got the system, we think it's pretty secure,
but we would like you to really put to the
test and if you find any vulnerabilities, let us know
and then we can go and we can address that
(10:16):
and fix them so that the bad guys don't have
a chance to do it later. That's a legitimate job.
But but in the movies, that's not what you see.
You see a person going like, I've got access and
then almost immediately everything is uh gone pear shaped right,
like there's alarms going off, And that's just not how
it works, not if you're doing it correctly anyway. Yeah,
(10:39):
so these these movies, I mean, I I appreciate it. Again,
try to create dramatic tension, but not terribly accurate. Uh.
One thing that I did like about hackers is the
fact that he uses social engineering to first gain access
to this network, which is something that's very very common
with UM hackers in general, because he men's are the first,
(11:02):
the first failure in any network. They're the people, they're
the ones that you can generally go to and find
some kind of vulnerability because people inherently trust each other.
And that's just a thing that humans need to understand,
is if somebody is asking you questions that you shouldn't
necessarily give out. Don't give them out, because they might
be social engineering you into giving out those answers. Hackers
(11:26):
also does a good job of pinpointing people towards real
life hacker culture. For example, there is one scene in
Hackers where they read off the Hacker Manifesto, which was
originally found in a hacker magazine, which you can only
find if you were a part of that culture. And
then later on in the movie they also show a
(11:48):
real life booklet, a documentation book that shows that was
actually used by um By phone operations to you know,
put up new towers and things like that back in
the eighties and nineties. So it has these real life
parts of culture, but in reality the movie still has
that terrible Hollywood hockey uh parts of it as well. Yeah,
(12:10):
I'm glad you brought up the social engineering. I'm actually
going to do an episode about specifically about social engineering,
uh live at Dragon Con with our our mutual friend
Brian Brushwood. Um so Brushwood's gonna come on the show.
There's no one like a magician to tell you how
to fool people right, how to how to lie to
(12:32):
people and get them to do the things you want
them to do. So we're gonna we're gonna go into
social engineering big time on that episode. And I'm also
glad you mentioned that things like the manuals that definitely
is a big part of hacker culture, going all the
way back to those phone freak days, where again the
hackers were not necessarily trying to take advantage of a system.
They just wanted to know how it worked. They were
(12:54):
fascinated by the way it actually performed. And so when
you got a manual's only you had the uh an
insight into it. Even if the manual didn't go into
deep detail about how the system as a whole operates
on the back end, it could give you enough insight
and then they start understanding like, oh wow, that's really
(13:15):
cool that they have this system set up in such
a way where they can route calls like this and
they can dynamically change things over. And I'm glad you
brought that up, because once again, being a hacker doesn't
necessarily mean you're a terrible person at all. It may
mean that you just have a deep curiosity that is
only satisfied by learning how this stuff works, and it's
(13:36):
not always easy to do that. Information is not always
publicly available at all times. There have been times where
it accidentally got publicly available. That's again going back to
the phone freaks. There were some phone manuals that kind
of were released to the public, not intentionally. It also
wasn't considered to be a huge problem until the phone
(13:58):
freakers got hold of it, and somedy, you had all
these people making weird calls long distance all over the place.
So yeah, our next one is is another case of
people just throwing out terms without really having any meaning
to them. I mean, the terms themselves have meaning, but
not in the context of the lines. And it was
from a c s I New York episode in which
(14:19):
a character says, and this is a quote, I'll create
a gooey interface using visual basics, see if I can
track an IP address. So, Shannon, you want to track
an IP address, Do you go to the trouble of
developing a graphical user interface? Uh? No. What I would
do is open up probably netcat in my terminals so
(14:41):
that I can gain access and see what the heck
is going on on that IP address. Right. If it
was wireless, uh, and I was on a nearby network,
I would I would probably use wire Shark and WiFi
Pie Apple like it's it's not. You don't have to
create an entirely new graphical user interface to able to
be able to access an IP address and see what
(15:02):
kind of traffic is happening to and from them. Yeah,
it doesn't. Creating a graphical user interface literally makes no sense.
I mean, it has nothing to do with your ability
to track an IP address, to identify an IP address,
It has nothing to do with A graphical user interface
is an interface in itself. Isn't a thing that performs
(15:25):
these functions. It's just a way to visualize data and
allow you to interact with it in some way. So
Windows is a graphical user interface. It's a googy. Any
any program that has a graphical representation of information that
allows you to move things around, that's a gooey. Has
nothing to do with the actual function. It is separate
(15:48):
from the function. It is just a way of, uh
manifesting what that data actually means. Now, you might go
through the trouble of creating some sort of visual day
if you wanted to explain it to someone else who
wouldn't understand if you just handed them lines of code
or whatever. But that's not what that That doesn't even
(16:09):
work in this case because we're talking about an IP address,
and I'd be as, you don't need like a pie
chart or you know, you don't need a graphical representation
of what an IP addresses. It's an IP address. Yeah,
this one, this one kind of broke my brain for
about twenty minutes when I when I watched it. The
next one I had on the list was another example
(16:30):
of of hackers battling it out in real time and
seeing who could type the fastest. This happens all the time.
There was also an episode of Chuck that did this
where the best part of that episode of Chuck was
that the guy that Chuck was facing against was played
by Freddie Wong and his character was named Freddie. So
I was like, oh my gosh, it's Freddie Wong, a
YouTube star. Done good. Um, it's fantastic, It's I think
(16:54):
it's uh, it's I can't remember. It's like Chuck versus
the Hackathon or something like that. It's along those line,
and Freddy Wong plays the leite hacker that he goes
up against. But in this case, I'm talking about Criminal Minds,
which has Nicholas Brendan did it who I will always
and forever think of as Zander from Buffy the Vampire Slayer. Yep.
(17:14):
And he's brought into to try and access a another
I think another employees system, but the employees kind of
on the lamb, and she's working with other folks who
are trying to do this quietly without the rest of
the organization taking any notice of them. And uh. And
so he ends up getting into her system and trying
(17:39):
to snoop around a bit she notices, and then they
have this duel and as Shannon has already said, this
is not really how we see things play out, but
does have the best line I think out of all
the examples we have here, which is her gooey is
mind blowing and would actually see a hacker say, is
(18:00):
whoa check out this code? Yeah yeah, instead of all
these little uh these little windows pop up. Also, it's
funny because in the sequence as they're typing uh, there's
like one point where the Zander I'll always call him Xander,
is saying, well, here, see what you think about this,
and all that you see on the screen is that
one of the windows on the screen is dragged down
(18:23):
to like the lower right corner. Yes, and you're thinking, wow,
you have a mouse, but they're they're actually not even
using computer mice. They're just typing on the keyboard. And
so really all you're seeing are all these little windows
being dragged around the screen and and no real way
of doing that easily. If you're just if you're using
(18:44):
a keyboard, you're making it too hard on yourself. Honestly,
the thing is about hackers that I have noticed. Um,
I am not as good as a lot of my
friends are, but keyboard shortcuts are huge, culture huge. Well yeah,
I mean, especially if you're doing the same sort of
code over and over, if you're gonna be using the
(19:06):
same sort of strings repeatedly, having like various shortcuts and
macro set up saves you so much time. Uh, it's
way more efficient. And you know, I totally get that.
I've worked on documents where that sort of thing made
a lot of sense. And I don't even do coding
right I'm doing I'm talking about working mostly in the
(19:28):
legal world. I don't like to talk about it. It
was a long time ago, and I really like to
leave that chapter behind. Uh, I was working for law years.
I wasn't being pursued by them. Um. Another great example
weird science. This one. This one sort of gets a
pass from me too, because it's such a goofy movie.
It's uh, it's one of those films from the eighties
(19:50):
where you kind of the the basic premise is kind
of squeaky, well more than kind of squeaky, because you've
got too high school males who decide to try and
create a girl so that they can do various sexual
things with her, which is pretty awful. But it turns
out that she ends up having a way more intelligence
(20:10):
than either of them and a lot more agency than
either of them. So it's okay because it could have
gone way worse than that. I know because I've watched
a movie recently that took the other path and it
was terrible. That was for a different podcast. Uh So.
This one also has another depiction of characters trying to
navigate through a three dimensional virtual environment in order to
(20:35):
access a secure system. In this case, they're trying to
create a simulated brain for their they're created female, but
the computer that Wyatt has is only capable of getting
her intelligence up to fifth grade level, and they need
more than that, so they tap into some as far
as I can tell unidentified government agency to get more
(20:58):
computing power, which in this film is equated to electricity.
I guess because if you watch the sequence when they
get access to the computers, everything at the government center
is going crazy. You're seeing these real, too real tapes
that are spinning super fast. Uh. You see lights flashing,
(21:19):
and then a power surge ends up blasting all of
the electronics at why it's home like the microwave, and
there's like a a smoke detector. I think that explodes,
and so that's what zooms in enough power to not
only boost the intelligence of the character up to uh
superhuman levels, but also somehow magically brings to life this woman. Um,
(21:46):
i'd say accurate. Let's take a quick break to thank
our sponsor. Are you hiring? Do you know where to
post your job to find the best candidates? Posting your
job in one place isn't enough to find quality candidates.
If you want to find the perfect higher, you need
(22:06):
to post your job on all the top job sites,
and now you can. With zip recruiter dot com. You
can post your job to one plus job sites, including
social media networks like Facebook and Twitter, all with a
single click find candidates in any city or industry nationwide.
Just post once and watch your qualified candidates roll into
(22:29):
zip recruiters easy to use interface. There's no juggling emails
or calls to your office. You can quickly screen candidates,
rate them, and hire the right person fast. Find out
today why zip recruiter has been used by over one
million businesses and right now listeners of tech stuff can
post jobs on zip recruiter for free by going to
(22:51):
zip recruiter dot com slash first. That's zip recruiter dot
com slash first, f I r ST one more time.
Try it for free, go to zip recruiter dot com
slash first. So this is a great example the Weird
Science series. Your segment is a great example of what
(23:15):
you can actually do with more computing power. So in
the real life, we have quantum computing, which people are
currently working on to be able to d decrypt encryption
that is not currently vulnerable, but that requires more computing power.
That's what quantum computing is all about, not necessarily more electricity, right, yeah,
(23:36):
quantum computing, you know using cubits where you have quantum
bits that represent not just a zero, not just a one,
but both and technically all values in between. I mean
that you can complete calculations in parallel, and this is
great for certain types of computing problems where you can
have those parallel computing problems that are easily solved this way.
(23:58):
Other computing problems are not parallel, and in those cases,
a quantum computer is not necessarily going to be any
better than a classical computer. In fact, it may be
worse depending upon how many cubits the quantum computer has.
If it has enough, then it'll chug along. But for
those parallel problems, including encryption, quantum computers will transform our world.
(24:19):
The encryption that we rely upon today will be trivial
if you have a significantly powerful quantum computer, because it
will be able to go through all the possible answers
that are the basis for your encryption. Typically we're talking
about um you know, very large hash numbers and assigned
probabilities to them and figure out things like your encryption
(24:42):
keys very very quickly. So that is interesting, But as
you say, not just by it's not something that's done
by pumping more electricity through a power line. That would
be a little little simplistic. Our next example is, of course,
the most famous one in my mind, it's the one
that I spent an episode ranting about previously on text Ups,
(25:04):
So I won't go into too much detail. It is
Independence Day. It's like, yeah, I gotta tell you, if
an alien race ever attacks us, I I want Jeff
Goldbloom to develop the computer virus that we're going to
put on their on their ships so that they can't
attack us. So this is a great example because he
(25:27):
was without about any prior knowledge, he was able to
get a computer virus from his Mac laptop onto an
alien spacecraft and be able to basically take him over
and shut them down. Yeah. So there's so many things
wrong with this one. One. We cannot be certain that
any alien, intelligent alien civilization out there uses computers that
(25:52):
remotely resemble the way our computers work. That's problem one.
Problem too, We can't be certain that a virus that
we would create for Earth based computers would ever be
transferable onto an alien craft. From three we don't even
know how we would do that, right, Like, it's do
they have universal serial ports or something? What's how how
(26:14):
do you get your stuff, your your program into alien technology,
even if it's wireless. The wireless protocols. Those are things.
We don't just have computers shooting off random radio waves.
They have to follow very specific rules for computers to
(26:35):
communicate with each other. Everything about this is wrong, And
given the premise of this movie, I highly doubt that
their alien technology would even remotely compare to ours. M
I'm sure that they would be much much stronger and
much more, much more advanced than our own. Yeah, and
some of the arguments are that, oh, but see, the
(26:56):
whole point of the movie is that the United States
took technology from the Aliens and use that to boost
our own technology so that we would advance faster. And
my thought to that is, how that considering that all
the technology that we rely upon today is based off
of very very very well documented advances in engineering, none
(27:21):
of which are so dramatic as to say, oh, that's
what the aliens arrived that one. Now, I included this
next one just for you, Shannon, because I know that
you are a lover of Japanese culture, and so I
found a great eneme scene from Tangan Toppa Guran Lagan
(27:44):
Guran hen and Uh. It involves a character going into
a virtual world as a virtual avatar runs through a
maze as we've seen before, finds a lock box that
apparently has the day that he wants to get at,
takes out a green glowing key, puts it in the
(28:04):
locked box, tries to unlock. It doesn't work, so does
he do His virtual avatar head butts the box repeatedly
till it breaks open. He grabs hold of a red sphere,
which represents the data he wants, and then his character
eats the data and that's how they analyze it. And
boy do I wish that's the way it worked. Oh
(28:26):
that's hilarious. I just I hope that it tasted good. Yeah,
I mean, I mean it is a virtual character, so
I guess you could technically assume it tasted anyway you
like it to taste. Uh. I watched this and I thought, well,
this is delightful, but it's it's also again not trying
to play this as this is how real hackers are.
This is obviously a fantasy sci fi world that we're
(28:50):
looking at, but one of the most entertaining versions of
that mean that I've ever seen. I just love it,
and like, just watching that tea makes me want to
watch the entire UH anime because it's just so ridiculous. Yeah, yeah, works.
It's like somebody trying to brute force, but their implementation
(29:11):
of brute forcing is headbuts. Yeah, literal brute force, like
not not putting password after password attempt through a password manager,
nothing like that. It's literally attacking a virtual box with
a virtual head butt. It's wonderful. The last little bit
I have on here, this one, This one doesn't really
(29:33):
count because it was done on purpose. But there was
a segment on The Late Show with Stephen Colbert who
had Michael Ian Black on Michael Ian Black who uh
was in the state and tons of other stuff, and
Michael Iam Black explained that he had dramatic acting chops
that he felt he never got a chance to really
(29:54):
exercise he's known as a comedic actor, and that he
always wanted his dream role is that of a hacker
on a police procedural show, because it meant that he
could dress in nice clothes, sit down behind a desk,
and everything he would do would seem really important, he says,
is a dream job. And so then they do a
(30:15):
segment where Stephen Colbert's show gets hacked and Mike William
Black comes back out to fight off against the hack.
It is a send up of all the tropes we've
been mentioning so far in this episode, and if you
have not seen it, I recommend going out and watching
it because it's hilarious. My favorite part is the fact
that he comes out with black lipstick on and these
(30:38):
like biker gloves, which first off, would be incredibly hard
to type in wearing those gloves, and second off, like
the hackers, I know, do you not wear black lipstick,
especially if they're male? Yeah, yeah, he The first one
of the first things he says is talking about how
he's gonna be typing, and then it's typing will in
no way be uh hampered by the fact he's wearing
(31:01):
fingerless microgloves, so he's actually he actually brings attention to that,
and there is a funny there's a funny moment he's
bent over Stephen Colbert's desk and he's typing furiously, not
really typing, he's just slapping at the keyboard furiously. And
then it becomes clear that his lines are on the
screen and and he scrolled past them, and so he's like,
(31:22):
I'm trying to find my line. So there's but it's
great because they just roll with it. They just keep
on going. So uh, it's fantastic to see that kind
of self aware um uh take. On the way hackers
and hacking culture has been portrayed in the popular media,
(31:43):
there are you know, we've we've harped on a lot
of different shows and movies about being terrible or being
uh inaccurate, But there are some examples out there that
are trying really hard to be respectful and realistic when
it comes to hacker culture. One of the ones that
leaps to mind is Mr Robot, a series where hacking
(32:07):
plays a very important part. It's not like it's all
about hacking, but that's an important plot device in several episodes.
And they they name real security firms, they name real
penetration teams that actually go and do this sort of testing.
They name real software packages that are meant to either
(32:29):
help someone commit one of these attacks or defend against them.
They use real products, they're not so it's clear the
people who are working on the show do their research. Yes,
it's very clear, And in fact, I have a very
close working relationship with the team over at Mr Robot
to make sure that they get our products right because
(32:51):
they have shown very recently one of hack fives products
called the USB rubber Ducky. They have a team over
there that that include Lude, somebody he used to work
for the FBI, So they have actual people who have
worked with security and with privacy and they have a
general understanding. But they still like to talk to real
(33:11):
life hackers to make sure that everything that they show
on the show is legit and is an actual hack. Um.
Mr Robot is such a great example because it gives
a perfect, uh, real life scenario where you have people
that are fighting back. You have people that are fighting
back against you know, the big corps and trying to
do something that's right for the little guy. Um, which
(33:33):
you do see a lot in real life hacking cases.
A lot of times people will go after large corporations
because they don't necessarily agree with their tactics, or they
don't agree with how much they're paying their employees or
something like that. UM. So, I just I love watching
Mr Robot because it gives me the chance to look
at it and be like like, oh, what they're showing
(33:53):
right now is a real it's a real hack. Like
they're actually showing this to a huge fan base of
people wouldn't necessarily be uh interested in this kind of
stuff unless they were watching a show. So I just
love that they're bringing so such a huge fan base
into what we do on a day to day basis.
(34:16):
And I like that not only are they taking these
steps to make sure that the stuff they portray is accurate,
but they're even going so far as certain aspects that
we do see reflected in the news. You were mentioning
this ship and things like someone being on the inside
of a company and for one reason or another, they
decide to aid someone who wants to access that company's information,
(34:42):
and they're doing so knowingly. It's not that they've been
tricked into it. We see this where we have their
their hackers who one of the best things, one of
the best tools you can have is making friends with
someone who's works for the company that you want to
try and uh access, like you want to get into
the their system. And if it's someone who's disgruntled for
(35:03):
whatever reason, maybe they were looked over for a promotion,
maybe they don't like what the company is doing, maybe
that what the company's purposes conflicts with their own ethical code.
They might feel like helping someone out is the right choice. Um,
and even if they themselves are not the ones doing
the programming or whatever, when it comes to it, they
(35:25):
might be the ones who allow the access in the
first place. We do see that in real life, and
there are sometimes where we have to ask the question
like was this someone from the inside or was this
someone who attacked from an external site. Again, going back
to Sony, there was there's still a lot of argument
about who ultimately was responsible for that. At the time,
(35:49):
the two big arguments that were coming out was that
it was either someone in North Korea who had done this,
or someone who was in the pay of North Korea
like a state agent in other words, or it was
someone who used to work for Sony or was currently
working for Sony and they did not like something that
(36:10):
happened and so as a result ended up stealing a
ton of information and dumping it online for public review. Uh.
And then the North Korea part just became a great
smoke screen for that person. I saw that A lot
of security experts, at least at the time, I felt
more inclined to believe it was the second possibility, that
(36:32):
it was someone from the inside and not necessarily a
state sponsored attack. I don't know of that opinion ultimately changed.
I've honestly lost track of the Sony story at this
point because it kind of died down after that initial
um flare of of controversy around all the different elements. Yeah.
(36:52):
The interesting thing that I found about that is a
lot of the friends that I have in hacker culture,
um just move on because there are so many different
hacks that you see in our day and age that
they don't have time to go back and discuss the
Sony hack. And disclaimer, I did do a bunch of
videos for Signal by Sony, which was a different, um,
(37:15):
different core company inside of Sony that was doing these
shows that I was working with. It wasn't the entertainment
one that got hacked, but um, I definitely went to
them when I got that job, and I was like,
you sure you want to hire because um, that thing
happened to you guys, and I'm kind of a hackers,
so yeah, okay with Yeah, So I'm I'm pleased that
(37:39):
Mr Robot is out there. You were mentioning before we
went on on the recording, before we started recording that
that Silicon Valley also typically does a pretty good job
of portraying hacking in a in a realistic way. They
do so Silicon Valley I actually hired one of my friends,
Rob Fuller, who you can see in the credits of
(38:00):
several of their episodes, to give them a good overview,
a good synopsis of what they should be showing on
their show and what would be fake, what would be
called out. So he helped, and he's actually a penetration tester.
He does this as his day job, and he's been
doing it for you know, a couple of decades, I believe,
uh So, he was the perfect person for them to
(38:22):
go to to say, you know, is this right? Is
this correct? Can you can you actually build a script
for us to show on on camera so that we
don't get called out by our fan base, a lot
of which is going to be the Silicon Valley you know,
gurus that actually do coding on a day day and
day out basis. Uh So, Mr Robot and siliconbat Valley
(38:44):
both have hired on um several people who have worked
in security and penetration testing, information technology, things of that
nature so that they can get it right on camera.
And I think that's very important because what we're finding
in this in this genre, in this career career path
is that where there's a lot of people who lose
(39:05):
interest very very quickly in it because it is hard,
it is ever changing, and it's complicated, uh, and you
have to go to school for it, and you have
to get certificates uh that increase your knowledge, and you
have to renew those certificates day in and day out
every year. So it's expensive to stay in this career too.
Hopefully you get a company or get a job with
(39:25):
a company that you know will pay for those certificates
for you. So the fact that they're showing these real
life scenarios on camera, I'm hoping that it will increase
more interests in this in this genre of work, because
we really need more people to be interested in in
it in in the long term, because it is so
(39:46):
so important for companies as a whole, especially if they're
holding user data, to be secure and to be private
and to be very conscious of what they're doing behind
the scenes as opposed to just making a website pretty Uh.
The things that are most important to me are security
and privacy, and it's it's very important to me that
more and more companies get involved with this information and
(40:08):
get a much broader understanding of how important it is
to actually pay money to make sure that you have
good security. And uh to that end, I mean, there's
a there's a movie that's coming out later on this year,
I believe called I T. It's got pierced broadening in it. Uh.
And in that film there's, uh this idea of privacy
(40:30):
and security plays of a huge part of it, as
well as the Internet of Things, which again is a
great illustration of why security is so important. We have
more and more devices that are are opening up opportunities
to be a point of entry for a hacker, right
Like if you have not, if you haven't designed your
IoT device to also be secure and encrypted, that's a
(40:54):
potential in depending upon how it how it communicates with
the rest of your device aces. Uh. So this movie
I T that's coming out, there's a Pierce Brosiden's playing
like a Tony Stark like business guy who ends up
having a an I T guy come in and help
him out when he's giving a presentation and the technology
(41:16):
is failing. The I T guy gets it turned around,
and so Pierce President says, Hey, come back to my house.
I'd like you to help me out with some stuff,
and the guy's like, okay, sure, and he comes by
and the guy's house has got all this high tech equipment,
most of which is not really working up to the
possibility that could. But he also has a young like
a teenage daughter that the I T guy ends up
(41:40):
becoming fixated with. So then it becomes a psychological thriller
where the I T guy who was upgrading all the
systems is really using them to spy on people, and
too when he when he's rebuffed, he uses them to
terrorize people. So it becomes kind of a psychological thriller
slash horror movie that's I T based uh an Internet
of Things based, And while that is going to be
(42:02):
pushed to the limit for drama, for dramatic purposes, there's
a lot there that you could say, like, you know, um, yeah,
it went to extremes for the purposes of this movie,
but it does drive home certain things you should be
aware of, like how many devices do you own to
have microphones in them? How many do you own that
(42:22):
have cameras in them? What what are they connected to?
And is it secure? Is your router secure? Did you
buy any chance not change the the default identifier and
password to your router because you might want to do
that that kind of stuff. So I'm so grateful that
(42:43):
I got into this early, so like before Internet of
Things became a thing, because now I can go home,
like right at this minute, pull up a program on
my computer, sit down on the same network as my
as my camera, and make sure that it's not open
to the World Wide Web, because it's it's entirely possible
that those things can happen. They have happened, and it's
(43:06):
oh man, consumers, just I wish more consumers were interested
in this kind of thing because it would make them
so much safer. Yeah. Yeah, it's the sort of stuff
no one wants to really think about. The The convenience
of the technology is so great that it people don't
feel comfortable thinking about the other side of it because
(43:27):
the technology they rely so heavily on it, it does
so many useful things for them that I think that
ends up making them kind of ignore the possible security
problems because if they paid attention to it, they would
feel that they would either need to take a lot
of effort to fix those security issues, at least the
ones they can fix from a consumer side of things,
(43:48):
or they would have to abandon the technology which is
so incredibly useful and convenient, and neither of those seem
particularly interesting. It's way better to just, you know, just
pretend like it doesn't have been and keep using your
unsecured WiFi. And yeah, absolutely, I mean there. I've made
some sacrifices in my life to be more secure. For example,
(44:10):
I don't use Facebook Messenger on my phone because I
don't I don't trust that feature. I don't even use
the Facebook app on my phone because I don't trust
the app. And I noticed that when I when I
abandoned the Facebook app, you gave me a big thumbs
up on that day. Oh yes I did. And there's
other things that I've chosen convenience over security, even though
(44:30):
I understand what what I might what might happen to
me if I because I chose that convenience. For example,
I use a thumb print to unlock my phone, even
though you are basically forced to give away a thumbprint
if you are ever um, if there is a warrant
on your phone, as opposed to if you have a
pin code or a password, you don't have to give
(44:51):
those aways. So that's like those kind of things you
really have to think about it, especially if you know
you're going into this with the with the thought, you know,
I have to better my security and privacy. Yeah. And
and see it's different for you too, Shannon, because you're
you are aware of all the potential or at least
(45:11):
a large majority of the potential bad things that can happen.
So you can make an informed decision, and you can
you can measure that risk versus the reward you get
based upon whatever choice you make. A lot of people
out there they aren't. I think the problem is so
scary they don't even want to look at it. And
(45:32):
that's and that means that they're making uninformed, uneducated decisions.
And I know that. I know the problem is scary, guys,
but that's why you've gotta look at it. You can't.
That's why we're here so that we can inform everybody,
and we can educate everyone right on the proper uses
of the security and privacy. So if if you guys
out there take anything at all away from this episode,
(45:54):
I want you to take a well, really there's two
things I want you to take away. One is really
give it some serious thought. If you have it before,
because it's it's something that could save you tons of
heartache down the line, and it can protect you and
those who are close to you from attacks. And the
second thing I want you to remember is if aliens attack,
(46:15):
get Jeff goldblooma Mac because that guy can do anything.
Ah So, Shannon, thank you so much for joining this episode.
Help everyone where they can find your work. Sure, so,
you can find me on Twitter. I'm at snubs s
and uvs and I promise I will not snubs you
unless you're mean to me. Uh. And you can also
(46:36):
find me on Hack five and tech Thing, both of
which are over at h K five dot org. And
we talk about the simplest of simple hacks and we
go all the way up to the hardest of the
hardest hacks. So there's something there for everybody, and I
hope that you guys will enjoy it. Awesome, Shannon, thank
you so much. And guys, if you want to get
in touch with me and talk about some of the
(46:57):
stuff we chatted about on this episode, maybe there's a
television or film that you know we didn't touch that
you think absolutely needs to be on this list. Let
me know if you have a suggestion for anything else,
like whether you know, maybe it's another guest I could
have on the show. Let me know the addresses tech
stuff at how stuff works dot com or drop me
a line on Facebook or Twitter. The handle of both
(47:18):
of those is text stuff H s W. And I
will talk to you guys again really soon. For more
on this and bathrooms of other topics. Is it how
stuff works dot com.
Get in text with Technology with text Stuff from stuff
dot Com. Hey there, and welcome to Tech Stuff. I
am your host, Jonathan Strickland, and we pick up in
the middle of a conversation that I was having with
Shannon Morse. You heard the previous episode last week. If
you haven't, go back listen to that. It's all about
(00:25):
how Hollywood is really bad at portraying hackers and hacker
culture in a realistic way. And today we're going to
talk more about some of the embarrassing examples out there
in entertainment as well as some of the really good ones.
And we're gonna start off with a conversation about a
pair of movies that not only did a disservice to hackers,
(00:47):
but also virtual reality. We joined the conversation already in progress,
Lawnmower and and Lawnmower Man Too, Uh, inspired by the
work of Stephen King. So these movies are terrible, it
could be a lot of fun to watch with a
(01:08):
group of people who just want to see, like a
really bad movie and make fun of it, you know,
MST three case style. I included a couple of clips
and I showed them to Shannon. One of them was
a demonstration that hacking a system in this world isn't
just graphical but immersive. Uh So you're you're wearing like
(01:30):
a head mounted display and and you're wearing gloves that
allow you to interact with the virtual world. And so
they're showing a character getting backdoor access to a system
by slapping at hexagons inside this virtual space. So these
(01:51):
hexagons are popping up in front of him, and he's
slapping at them and eventually gets you know, access granted.
Mostly it's getting access to NIED. Eventually access granted pops up,
and it looks like the only thing that he did
differently was just that he hit it a little faster
that time. So, in other words, it would be equivalent
to that n C I S scene we talked about earlier,
where if you just tie fast enough, you either hack
(02:15):
in or you prevent a hack from happening. Obviously, this
is not at all remotely realistic, but it is one
of those where you you look at you your you
could tell the screenwriter was saying, well, I want to
show that this character who has has found that he's
very powerful in the virtual space, can access a system.
(02:37):
How can I do that in a way that's not
just you know, it's over in the blink of an eye,
and there's no way to show it visually, so they
created this sort of three D display. This is one
of those things we see in a lot of Hollywood
movies where they try and visualize the navigating a secure
system as like going through a maze. It happens a
(02:59):
ton and again, actually going through that maze of information
that's located on a network is actually quite boring looking
on camera. So they created this al bite terrible virtual
reality scene to to actually give some kind of uh implementation,
(03:20):
some kind of visual implementation to the people that are
watching this movie. And it's it's pretty terrible. It's definitely
not how gaining access to a network would work, but
I thought it was hilarious. Yeah. A Lawnmowerman two also
has a scene that's similar to that. The characters are
looking at what is just an equation on a computer screen. Um,
(03:43):
So they're looking at this equation and trying to figure
out how to get access and one of the character
says that she can't get past the memory lock to
access the chain. So the smarmie computer expert who's next
to her says, well, all you have to do is
just enhance the memory index, and which already none of
(04:06):
that makes any real sense. It's kind of like Star
Trek techno babble where they talk about reversing the polarity.
It really, it's just it's just there to say something
technical is happening, and you don't need to understand what
it is. It's kind of shorthand. So then a little
yellow ball appears on the screen and the equation they're
(04:28):
looking at it starts to rotate uh and starts to
turn on its side and become a three dimensional maze again,
so we get another example of accessing a system involves
navigating through an actual three dimensional maze. Uh. He uses
gesture controls to move this little yellow ball around until
(04:51):
finally getting to where the data is. The whole time
he's just using meaningless computer jargon and incorrectly. And then
at the very the cherry on top of the Sunday
is that he says toda. So if you really want
(05:11):
a good time, watch the hacking scene from lawnmower Man too.
Both of those, obviously are are in that same category
of trying to visualize what this this UH process would
be like In a way that is interesting. I said
that the worst a movie can do is not only
(05:32):
be incorrect, but also failed to be entertaining, And then
I would argue both of these fall into that category.
I feel like if hacking was as entertaining as it
is in lawnmower Man, I would have gotten gotten into
it at a much much younger age. Yea, it's not
I remember Lawn moore Man's one of the movies I
would often cite as being a real reason why virtual
(05:54):
reality died in the mid nineties. So sad because because
the stuff that was around in the mid nineties was
very very primitive, Right. You had like Dactyl Nightmare, these
these games that were just polygons, and they were very primitive. Uh.
The gameplay was limited, the headsets you war had to
be supported on cables because they were so heavy they
(06:15):
would really hurt your neck otherwise. Uh. And so when
people saw what the actual state of the art of
virtual reality was at the time compared to what they
were seeing in films, that that gap ended up making
people say, well, this is this isn't good at all.
I don't see any reason in in putting any money
(06:36):
towards this, and virtual reality died for about ten years,
and now we're starting to see it get back into
the consumer space with the success of Oculus Rift in
HTC Vibe, assuming you can get your hands on one. Uh,
we're starting to see it come back, but it took
almost twenty years for it to recover. So uh, thanks
(07:01):
lawnmore Man. The only were you a bad movie? But
you killed b R your fault. Yeah, I'm not bitter
or anything. Uh. There's a movie that we have to
mention everyone that I when I posted on Twitter that
I was going to do this, I had a lot
of people say the entire movie of Hackers should be
(07:21):
considered as part of this as a bad hacking scene.
And Hackers is a great example, uh, as another one
of those where it's a movie that was posing as
an anti authoritarian kind of film, but in the safest
way possible, like there's nothing really daring about it. Um.
And the opening sequence has a couple of characters trying
(07:43):
to battle it out over one another, and and one
of them isn't trying to create an intrusion into a system.
The other one detects it and then shuts everything down.
So Shannon, typically when you're talking about things like a
hacker intruding into a system, detecting that there's been an intrusion.
We're not normally seeing this happen on a one versus
(08:07):
one kind of basis in real time typically are we
not necessarily a lot of times what you'll see with
a hack intrusion into a system, like you said, uh,
is that they will sit and watch and they will
do a lot of recons so they'll try to figure
out what's available for them, what can they see, and
they'll wait for something to happen that will give them
(08:29):
even more access. Uh. And then if you have somebody
that's working inside of that company that's being intruded upon, uh,
usually the first action that you will see is them
trying to also collect information so they can find where
this open opening is, where this vulnerability is, and then
they'll shut it down. Uh. And then after that they'll
(08:49):
do a whole, uh whole research report on it and
try to figure out like who actually did it and
probably take to enforcement agencies so that they can get
the capture the person and hopefully get them charged, because
that's not a very good thing to do. Yeah, I mean,
you don't necessarily see people like duking it out like
they do. Yeah, it's usually you know, like your first
(09:13):
indication that something is wrong can often just be that
you've noticed there's unusual amounts of data traffic across your network,
and you might say, well, why why are we getting
these spikes? If you're a a savvy hacker, you're trying
to mask your activity. You're kind of like trying to
sneak in when a big crowd is going into a room.
(09:33):
It's kind of the same thing, right, Like you're waiting
for large transfers of data so that it masks what
you are doing. In a lot of cases, if you're
really really good at what you're doing, you're trying to
kind of go in that route because it means you
can stay hidden for longer and get more information. Information
is valuable. Therefore, you don't want to just you know,
(09:54):
you don't want to just break into a system and
then immediately get booted out. Then what was the point
of that other than to say, hey, I figured out
you have a vulnerability, And if that's your job, that's awesome.
If you're a white hat hacker and your job is
to hey, we've got the system, we think it's pretty secure,
but we would like you to really put to the
test and if you find any vulnerabilities, let us know
and then we can go and we can address that
(10:16):
and fix them so that the bad guys don't have
a chance to do it later. That's a legitimate job.
But but in the movies, that's not what you see.
You see a person going like, I've got access and
then almost immediately everything is uh gone pear shaped right,
like there's alarms going off, And that's just not how
it works, not if you're doing it correctly anyway. Yeah,
(10:39):
so these these movies, I mean, I I appreciate it. Again,
try to create dramatic tension, but not terribly accurate. Uh.
One thing that I did like about hackers is the
fact that he uses social engineering to first gain access
to this network, which is something that's very very common
with UM hackers in general, because he men's are the first,
(11:02):
the first failure in any network. They're the people, they're
the ones that you can generally go to and find
some kind of vulnerability because people inherently trust each other.
And that's just a thing that humans need to understand,
is if somebody is asking you questions that you shouldn't
necessarily give out. Don't give them out, because they might
be social engineering you into giving out those answers. Hackers
(11:26):
also does a good job of pinpointing people towards real
life hacker culture. For example, there is one scene in
Hackers where they read off the Hacker Manifesto, which was
originally found in a hacker magazine, which you can only
find if you were a part of that culture. And
then later on in the movie they also show a
(11:48):
real life booklet, a documentation book that shows that was
actually used by um By phone operations to you know,
put up new towers and things like that back in
the eighties and nineties. So it has these real life
parts of culture, but in reality the movie still has
that terrible Hollywood hockey uh parts of it as well. Yeah,
(12:10):
I'm glad you brought up the social engineering. I'm actually
going to do an episode about specifically about social engineering,
uh live at Dragon Con with our our mutual friend
Brian Brushwood. Um so Brushwood's gonna come on the show.
There's no one like a magician to tell you how
to fool people right, how to how to lie to
(12:32):
people and get them to do the things you want
them to do. So we're gonna we're gonna go into
social engineering big time on that episode. And I'm also
glad you mentioned that things like the manuals that definitely
is a big part of hacker culture, going all the
way back to those phone freak days, where again the
hackers were not necessarily trying to take advantage of a system.
They just wanted to know how it worked. They were
(12:54):
fascinated by the way it actually performed. And so when
you got a manual's only you had the uh an
insight into it. Even if the manual didn't go into
deep detail about how the system as a whole operates
on the back end, it could give you enough insight
and then they start understanding like, oh wow, that's really
(13:15):
cool that they have this system set up in such
a way where they can route calls like this and
they can dynamically change things over. And I'm glad you
brought that up, because once again, being a hacker doesn't
necessarily mean you're a terrible person at all. It may
mean that you just have a deep curiosity that is
only satisfied by learning how this stuff works, and it's
(13:36):
not always easy to do that. Information is not always
publicly available at all times. There have been times where
it accidentally got publicly available. That's again going back to
the phone freaks. There were some phone manuals that kind
of were released to the public, not intentionally. It also
wasn't considered to be a huge problem until the phone
(13:58):
freakers got hold of it, and somedy, you had all
these people making weird calls long distance all over the place.
So yeah, our next one is is another case of
people just throwing out terms without really having any meaning
to them. I mean, the terms themselves have meaning, but
not in the context of the lines. And it was
from a c s I New York episode in which
(14:19):
a character says, and this is a quote, I'll create
a gooey interface using visual basics, see if I can
track an IP address. So, Shannon, you want to track
an IP address, Do you go to the trouble of
developing a graphical user interface? Uh? No. What I would
do is open up probably netcat in my terminals so
(14:41):
that I can gain access and see what the heck
is going on on that IP address. Right. If it
was wireless, uh, and I was on a nearby network,
I would I would probably use wire Shark and WiFi
Pie Apple like it's it's not. You don't have to
create an entirely new graphical user interface to able to
be able to access an IP address and see what
(15:02):
kind of traffic is happening to and from them. Yeah,
it doesn't. Creating a graphical user interface literally makes no sense.
I mean, it has nothing to do with your ability
to track an IP address, to identify an IP address,
It has nothing to do with A graphical user interface
is an interface in itself. Isn't a thing that performs
(15:25):
these functions. It's just a way to visualize data and
allow you to interact with it in some way. So
Windows is a graphical user interface. It's a googy. Any
any program that has a graphical representation of information that
allows you to move things around, that's a gooey. Has
nothing to do with the actual function. It is separate
(15:48):
from the function. It is just a way of, uh
manifesting what that data actually means. Now, you might go
through the trouble of creating some sort of visual day
if you wanted to explain it to someone else who
wouldn't understand if you just handed them lines of code
or whatever. But that's not what that That doesn't even
(16:09):
work in this case because we're talking about an IP address,
and I'd be as, you don't need like a pie
chart or you know, you don't need a graphical representation
of what an IP addresses. It's an IP address. Yeah,
this one, this one kind of broke my brain for
about twenty minutes when I when I watched it. The
next one I had on the list was another example
(16:30):
of of hackers battling it out in real time and
seeing who could type the fastest. This happens all the time.
There was also an episode of Chuck that did this
where the best part of that episode of Chuck was
that the guy that Chuck was facing against was played
by Freddie Wong and his character was named Freddie. So
I was like, oh my gosh, it's Freddie Wong, a
YouTube star. Done good. Um, it's fantastic, It's I think
(16:54):
it's uh, it's I can't remember. It's like Chuck versus
the Hackathon or something like that. It's along those line,
and Freddy Wong plays the leite hacker that he goes
up against. But in this case, I'm talking about Criminal Minds,
which has Nicholas Brendan did it who I will always
and forever think of as Zander from Buffy the Vampire Slayer. Yep.
(17:14):
And he's brought into to try and access a another
I think another employees system, but the employees kind of
on the lamb, and she's working with other folks who
are trying to do this quietly without the rest of
the organization taking any notice of them. And uh. And
so he ends up getting into her system and trying
(17:39):
to snoop around a bit she notices, and then they
have this duel and as Shannon has already said, this
is not really how we see things play out, but
does have the best line I think out of all
the examples we have here, which is her gooey is
mind blowing and would actually see a hacker say, is
(18:00):
whoa check out this code? Yeah yeah, instead of all
these little uh these little windows pop up. Also, it's
funny because in the sequence as they're typing uh, there's
like one point where the Zander I'll always call him Xander,
is saying, well, here, see what you think about this,
and all that you see on the screen is that
one of the windows on the screen is dragged down
(18:23):
to like the lower right corner. Yes, and you're thinking, wow,
you have a mouse, but they're they're actually not even
using computer mice. They're just typing on the keyboard. And
so really all you're seeing are all these little windows
being dragged around the screen and and no real way
of doing that easily. If you're just if you're using
(18:44):
a keyboard, you're making it too hard on yourself. Honestly,
the thing is about hackers that I have noticed. Um,
I am not as good as a lot of my
friends are, but keyboard shortcuts are huge, culture huge. Well yeah,
I mean, especially if you're doing the same sort of
code over and over, if you're gonna be using the
(19:06):
same sort of strings repeatedly, having like various shortcuts and
macro set up saves you so much time. Uh, it's
way more efficient. And you know, I totally get that.
I've worked on documents where that sort of thing made
a lot of sense. And I don't even do coding
right I'm doing I'm talking about working mostly in the
(19:28):
legal world. I don't like to talk about it. It
was a long time ago, and I really like to
leave that chapter behind. Uh, I was working for law years.
I wasn't being pursued by them. Um. Another great example
weird science. This one. This one sort of gets a
pass from me too, because it's such a goofy movie.
It's uh, it's one of those films from the eighties
(19:50):
where you kind of the the basic premise is kind
of squeaky, well more than kind of squeaky, because you've
got too high school males who decide to try and
create a girl so that they can do various sexual
things with her, which is pretty awful. But it turns
out that she ends up having a way more intelligence
(20:10):
than either of them and a lot more agency than
either of them. So it's okay because it could have
gone way worse than that. I know because I've watched
a movie recently that took the other path and it
was terrible. That was for a different podcast. Uh So.
This one also has another depiction of characters trying to
navigate through a three dimensional virtual environment in order to
(20:35):
access a secure system. In this case, they're trying to
create a simulated brain for their they're created female, but
the computer that Wyatt has is only capable of getting
her intelligence up to fifth grade level, and they need
more than that, so they tap into some as far
as I can tell unidentified government agency to get more
(20:58):
computing power, which in this film is equated to electricity.
I guess because if you watch the sequence when they
get access to the computers, everything at the government center
is going crazy. You're seeing these real, too real tapes
that are spinning super fast. Uh. You see lights flashing,
(21:19):
and then a power surge ends up blasting all of
the electronics at why it's home like the microwave, and
there's like a a smoke detector. I think that explodes,
and so that's what zooms in enough power to not
only boost the intelligence of the character up to uh
superhuman levels, but also somehow magically brings to life this woman. Um,
(21:46):
i'd say accurate. Let's take a quick break to thank
our sponsor. Are you hiring? Do you know where to
post your job to find the best candidates? Posting your
job in one place isn't enough to find quality candidates.
If you want to find the perfect higher, you need
(22:06):
to post your job on all the top job sites,
and now you can. With zip recruiter dot com. You
can post your job to one plus job sites, including
social media networks like Facebook and Twitter, all with a
single click find candidates in any city or industry nationwide.
Just post once and watch your qualified candidates roll into
(22:29):
zip recruiters easy to use interface. There's no juggling emails
or calls to your office. You can quickly screen candidates,
rate them, and hire the right person fast. Find out
today why zip recruiter has been used by over one
million businesses and right now listeners of tech stuff can
post jobs on zip recruiter for free by going to
(22:51):
zip recruiter dot com slash first. That's zip recruiter dot
com slash first, f I r ST one more time.
Try it for free, go to zip recruiter dot com
slash first. So this is a great example the Weird
Science series. Your segment is a great example of what
(23:15):
you can actually do with more computing power. So in
the real life, we have quantum computing, which people are
currently working on to be able to d decrypt encryption
that is not currently vulnerable, but that requires more computing power.
That's what quantum computing is all about, not necessarily more electricity, right, yeah,
(23:36):
quantum computing, you know using cubits where you have quantum
bits that represent not just a zero, not just a one,
but both and technically all values in between. I mean
that you can complete calculations in parallel, and this is
great for certain types of computing problems where you can
have those parallel computing problems that are easily solved this way.
(23:58):
Other computing problems are not parallel, and in those cases,
a quantum computer is not necessarily going to be any
better than a classical computer. In fact, it may be
worse depending upon how many cubits the quantum computer has.
If it has enough, then it'll chug along. But for
those parallel problems, including encryption, quantum computers will transform our world.
(24:19):
The encryption that we rely upon today will be trivial
if you have a significantly powerful quantum computer, because it
will be able to go through all the possible answers
that are the basis for your encryption. Typically we're talking
about um you know, very large hash numbers and assigned
probabilities to them and figure out things like your encryption
(24:42):
keys very very quickly. So that is interesting, But as
you say, not just by it's not something that's done
by pumping more electricity through a power line. That would
be a little little simplistic. Our next example is, of course,
the most famous one in my mind, it's the one
that I spent an episode ranting about previously on text Ups,
(25:04):
So I won't go into too much detail. It is
Independence Day. It's like, yeah, I gotta tell you, if
an alien race ever attacks us, I I want Jeff
Goldbloom to develop the computer virus that we're going to
put on their on their ships so that they can't
attack us. So this is a great example because he
(25:27):
was without about any prior knowledge, he was able to
get a computer virus from his Mac laptop onto an
alien spacecraft and be able to basically take him over
and shut them down. Yeah. So there's so many things
wrong with this one. One. We cannot be certain that
any alien, intelligent alien civilization out there uses computers that
(25:52):
remotely resemble the way our computers work. That's problem one.
Problem too, We can't be certain that a virus that
we would create for Earth based computers would ever be
transferable onto an alien craft. From three we don't even
know how we would do that, right, Like, it's do
they have universal serial ports or something? What's how how
(26:14):
do you get your stuff, your your program into alien technology,
even if it's wireless. The wireless protocols. Those are things.
We don't just have computers shooting off random radio waves.
They have to follow very specific rules for computers to
(26:35):
communicate with each other. Everything about this is wrong, And
given the premise of this movie, I highly doubt that
their alien technology would even remotely compare to ours. M
I'm sure that they would be much much stronger and
much more, much more advanced than our own. Yeah, and
some of the arguments are that, oh, but see, the
(26:56):
whole point of the movie is that the United States
took technology from the Aliens and use that to boost
our own technology so that we would advance faster. And
my thought to that is, how that considering that all
the technology that we rely upon today is based off
of very very very well documented advances in engineering, none
(27:21):
of which are so dramatic as to say, oh, that's
what the aliens arrived that one. Now, I included this
next one just for you, Shannon, because I know that
you are a lover of Japanese culture, and so I
found a great eneme scene from Tangan Toppa Guran Lagan
(27:44):
Guran hen and Uh. It involves a character going into
a virtual world as a virtual avatar runs through a
maze as we've seen before, finds a lock box that
apparently has the day that he wants to get at,
takes out a green glowing key, puts it in the
(28:04):
locked box, tries to unlock. It doesn't work, so does
he do His virtual avatar head butts the box repeatedly
till it breaks open. He grabs hold of a red sphere,
which represents the data he wants, and then his character
eats the data and that's how they analyze it. And
boy do I wish that's the way it worked. Oh
(28:26):
that's hilarious. I just I hope that it tasted good. Yeah,
I mean, I mean it is a virtual character, so
I guess you could technically assume it tasted anyway you
like it to taste. Uh. I watched this and I thought, well,
this is delightful, but it's it's also again not trying
to play this as this is how real hackers are.
This is obviously a fantasy sci fi world that we're
(28:50):
looking at, but one of the most entertaining versions of
that mean that I've ever seen. I just love it,
and like, just watching that tea makes me want to
watch the entire UH anime because it's just so ridiculous. Yeah, yeah, works.
It's like somebody trying to brute force, but their implementation
(29:11):
of brute forcing is headbuts. Yeah, literal brute force, like
not not putting password after password attempt through a password manager,
nothing like that. It's literally attacking a virtual box with
a virtual head butt. It's wonderful. The last little bit
I have on here, this one, This one doesn't really
(29:33):
count because it was done on purpose. But there was
a segment on The Late Show with Stephen Colbert who
had Michael Ian Black on Michael Ian Black who uh
was in the state and tons of other stuff, and
Michael Iam Black explained that he had dramatic acting chops
that he felt he never got a chance to really
(29:54):
exercise he's known as a comedic actor, and that he
always wanted his dream role is that of a hacker
on a police procedural show, because it meant that he
could dress in nice clothes, sit down behind a desk,
and everything he would do would seem really important, he says,
is a dream job. And so then they do a
(30:15):
segment where Stephen Colbert's show gets hacked and Mike William
Black comes back out to fight off against the hack.
It is a send up of all the tropes we've
been mentioning so far in this episode, and if you
have not seen it, I recommend going out and watching
it because it's hilarious. My favorite part is the fact
that he comes out with black lipstick on and these
(30:38):
like biker gloves, which first off, would be incredibly hard
to type in wearing those gloves, and second off, like
the hackers, I know, do you not wear black lipstick,
especially if they're male? Yeah, yeah, he The first one
of the first things he says is talking about how
he's gonna be typing, and then it's typing will in
no way be uh hampered by the fact he's wearing
(31:01):
fingerless microgloves, so he's actually he actually brings attention to that,
and there is a funny there's a funny moment he's
bent over Stephen Colbert's desk and he's typing furiously, not
really typing, he's just slapping at the keyboard furiously. And
then it becomes clear that his lines are on the
screen and and he scrolled past them, and so he's like,
(31:22):
I'm trying to find my line. So there's but it's
great because they just roll with it. They just keep
on going. So uh, it's fantastic to see that kind
of self aware um uh take. On the way hackers
and hacking culture has been portrayed in the popular media,
(31:43):
there are you know, we've we've harped on a lot
of different shows and movies about being terrible or being
uh inaccurate, But there are some examples out there that
are trying really hard to be respectful and realistic when
it comes to hacker culture. One of the ones that
leaps to mind is Mr Robot, a series where hacking
(32:07):
plays a very important part. It's not like it's all
about hacking, but that's an important plot device in several episodes.
And they they name real security firms, they name real
penetration teams that actually go and do this sort of testing.
They name real software packages that are meant to either
(32:29):
help someone commit one of these attacks or defend against them.
They use real products, they're not so it's clear the
people who are working on the show do their research. Yes,
it's very clear, And in fact, I have a very
close working relationship with the team over at Mr Robot
to make sure that they get our products right because
(32:51):
they have shown very recently one of hack fives products
called the USB rubber Ducky. They have a team over
there that that include Lude, somebody he used to work
for the FBI, So they have actual people who have
worked with security and with privacy and they have a
general understanding. But they still like to talk to real
(33:11):
life hackers to make sure that everything that they show
on the show is legit and is an actual hack. Um.
Mr Robot is such a great example because it gives
a perfect, uh, real life scenario where you have people
that are fighting back. You have people that are fighting
back against you know, the big corps and trying to
do something that's right for the little guy. Um, which
(33:33):
you do see a lot in real life hacking cases.
A lot of times people will go after large corporations
because they don't necessarily agree with their tactics, or they
don't agree with how much they're paying their employees or
something like that. UM. So, I just I love watching
Mr Robot because it gives me the chance to look
at it and be like like, oh, what they're showing
(33:53):
right now is a real it's a real hack. Like
they're actually showing this to a huge fan base of
people wouldn't necessarily be uh interested in this kind of
stuff unless they were watching a show. So I just
love that they're bringing so such a huge fan base
into what we do on a day to day basis.
(34:16):
And I like that not only are they taking these
steps to make sure that the stuff they portray is accurate,
but they're even going so far as certain aspects that
we do see reflected in the news. You were mentioning
this ship and things like someone being on the inside
of a company and for one reason or another, they
decide to aid someone who wants to access that company's information,
(34:42):
and they're doing so knowingly. It's not that they've been
tricked into it. We see this where we have their
their hackers who one of the best things, one of
the best tools you can have is making friends with
someone who's works for the company that you want to
try and uh access, like you want to get into
the their system. And if it's someone who's disgruntled for
(35:03):
whatever reason, maybe they were looked over for a promotion,
maybe they don't like what the company is doing, maybe
that what the company's purposes conflicts with their own ethical code.
They might feel like helping someone out is the right choice. Um,
and even if they themselves are not the ones doing
the programming or whatever, when it comes to it, they
(35:25):
might be the ones who allow the access in the
first place. We do see that in real life, and
there are sometimes where we have to ask the question
like was this someone from the inside or was this
someone who attacked from an external site. Again, going back
to Sony, there was there's still a lot of argument
about who ultimately was responsible for that. At the time,
(35:49):
the two big arguments that were coming out was that
it was either someone in North Korea who had done this,
or someone who was in the pay of North Korea
like a state agent in other words, or it was
someone who used to work for Sony or was currently
working for Sony and they did not like something that
(36:10):
happened and so as a result ended up stealing a
ton of information and dumping it online for public review. Uh.
And then the North Korea part just became a great
smoke screen for that person. I saw that A lot
of security experts, at least at the time, I felt
more inclined to believe it was the second possibility, that
(36:32):
it was someone from the inside and not necessarily a
state sponsored attack. I don't know of that opinion ultimately changed.
I've honestly lost track of the Sony story at this
point because it kind of died down after that initial
um flare of of controversy around all the different elements. Yeah.
(36:52):
The interesting thing that I found about that is a
lot of the friends that I have in hacker culture,
um just move on because there are so many different
hacks that you see in our day and age that
they don't have time to go back and discuss the
Sony hack. And disclaimer, I did do a bunch of
videos for Signal by Sony, which was a different, um,
(37:15):
different core company inside of Sony that was doing these
shows that I was working with. It wasn't the entertainment
one that got hacked, but um, I definitely went to
them when I got that job, and I was like,
you sure you want to hire because um, that thing
happened to you guys, and I'm kind of a hackers,
so yeah, okay with Yeah, So I'm I'm pleased that
(37:39):
Mr Robot is out there. You were mentioning before we
went on on the recording, before we started recording that
that Silicon Valley also typically does a pretty good job
of portraying hacking in a in a realistic way. They
do so Silicon Valley I actually hired one of my friends,
Rob Fuller, who you can see in the credits of
(38:00):
several of their episodes, to give them a good overview,
a good synopsis of what they should be showing on
their show and what would be fake, what would be
called out. So he helped, and he's actually a penetration tester.
He does this as his day job, and he's been
doing it for you know, a couple of decades, I believe,
uh So, he was the perfect person for them to
(38:22):
go to to say, you know, is this right? Is
this correct? Can you can you actually build a script
for us to show on on camera so that we
don't get called out by our fan base, a lot
of which is going to be the Silicon Valley you know,
gurus that actually do coding on a day day and
day out basis. Uh So, Mr Robot and siliconbat Valley
(38:44):
both have hired on um several people who have worked
in security and penetration testing, information technology, things of that
nature so that they can get it right on camera.
And I think that's very important because what we're finding
in this in this genre, in this career career path
is that where there's a lot of people who lose
(39:05):
interest very very quickly in it because it is hard,
it is ever changing, and it's complicated, uh, and you
have to go to school for it, and you have
to get certificates uh that increase your knowledge, and you
have to renew those certificates day in and day out
every year. So it's expensive to stay in this career too.
Hopefully you get a company or get a job with
(39:25):
a company that you know will pay for those certificates
for you. So the fact that they're showing these real
life scenarios on camera, I'm hoping that it will increase
more interests in this in this genre of work, because
we really need more people to be interested in in
it in in the long term, because it is so
(39:46):
so important for companies as a whole, especially if they're
holding user data, to be secure and to be private
and to be very conscious of what they're doing behind
the scenes as opposed to just making a website pretty Uh.
The things that are most important to me are security
and privacy, and it's it's very important to me that
more and more companies get involved with this information and
(40:08):
get a much broader understanding of how important it is
to actually pay money to make sure that you have
good security. And uh to that end, I mean, there's
a there's a movie that's coming out later on this year,
I believe called I T. It's got pierced broadening in it. Uh.
And in that film there's, uh this idea of privacy
(40:30):
and security plays of a huge part of it, as
well as the Internet of Things, which again is a
great illustration of why security is so important. We have
more and more devices that are are opening up opportunities
to be a point of entry for a hacker, right
Like if you have not, if you haven't designed your
IoT device to also be secure and encrypted, that's a
(40:54):
potential in depending upon how it how it communicates with
the rest of your device aces. Uh. So this movie
I T that's coming out, there's a Pierce Brosiden's playing
like a Tony Stark like business guy who ends up
having a an I T guy come in and help
him out when he's giving a presentation and the technology
(41:16):
is failing. The I T guy gets it turned around,
and so Pierce President says, Hey, come back to my house.
I'd like you to help me out with some stuff,
and the guy's like, okay, sure, and he comes by
and the guy's house has got all this high tech equipment,
most of which is not really working up to the
possibility that could. But he also has a young like
a teenage daughter that the I T guy ends up
(41:40):
becoming fixated with. So then it becomes a psychological thriller
where the I T guy who was upgrading all the
systems is really using them to spy on people, and
too when he when he's rebuffed, he uses them to
terrorize people. So it becomes kind of a psychological thriller
slash horror movie that's I T based uh an Internet
of Things based, And while that is going to be
(42:02):
pushed to the limit for drama, for dramatic purposes, there's
a lot there that you could say, like, you know, um, yeah,
it went to extremes for the purposes of this movie,
but it does drive home certain things you should be
aware of, like how many devices do you own to
have microphones in them? How many do you own that
(42:22):
have cameras in them? What what are they connected to?
And is it secure? Is your router secure? Did you
buy any chance not change the the default identifier and
password to your router because you might want to do
that that kind of stuff. So I'm so grateful that
(42:43):
I got into this early, so like before Internet of
Things became a thing, because now I can go home,
like right at this minute, pull up a program on
my computer, sit down on the same network as my
as my camera, and make sure that it's not open
to the World Wide Web, because it's it's entirely possible
that those things can happen. They have happened, and it's
(43:06):
oh man, consumers, just I wish more consumers were interested
in this kind of thing because it would make them
so much safer. Yeah. Yeah, it's the sort of stuff
no one wants to really think about. The The convenience
of the technology is so great that it people don't
feel comfortable thinking about the other side of it because
(43:27):
the technology they rely so heavily on it, it does
so many useful things for them that I think that
ends up making them kind of ignore the possible security
problems because if they paid attention to it, they would
feel that they would either need to take a lot
of effort to fix those security issues, at least the
ones they can fix from a consumer side of things,
(43:48):
or they would have to abandon the technology which is
so incredibly useful and convenient, and neither of those seem
particularly interesting. It's way better to just, you know, just
pretend like it doesn't have been and keep using your
unsecured WiFi. And yeah, absolutely, I mean there. I've made
some sacrifices in my life to be more secure. For example,
(44:10):
I don't use Facebook Messenger on my phone because I
don't I don't trust that feature. I don't even use
the Facebook app on my phone because I don't trust
the app. And I noticed that when I when I
abandoned the Facebook app, you gave me a big thumbs
up on that day. Oh yes I did. And there's
other things that I've chosen convenience over security, even though
(44:30):
I understand what what I might what might happen to
me if I because I chose that convenience. For example,
I use a thumb print to unlock my phone, even
though you are basically forced to give away a thumbprint
if you are ever um, if there is a warrant
on your phone, as opposed to if you have a
pin code or a password, you don't have to give
(44:51):
those aways. So that's like those kind of things you
really have to think about it, especially if you know
you're going into this with the with the thought, you know,
I have to better my security and privacy. Yeah. And
and see it's different for you too, Shannon, because you're
you are aware of all the potential or at least
(45:11):
a large majority of the potential bad things that can happen.
So you can make an informed decision, and you can
you can measure that risk versus the reward you get
based upon whatever choice you make. A lot of people
out there they aren't. I think the problem is so
scary they don't even want to look at it. And
(45:32):
that's and that means that they're making uninformed, uneducated decisions.
And I know that. I know the problem is scary, guys,
but that's why you've gotta look at it. You can't.
That's why we're here so that we can inform everybody,
and we can educate everyone right on the proper uses
of the security and privacy. So if if you guys
out there take anything at all away from this episode,
(45:54):
I want you to take a well, really there's two
things I want you to take away. One is really
give it some serious thought. If you have it before,
because it's it's something that could save you tons of
heartache down the line, and it can protect you and
those who are close to you from attacks. And the
second thing I want you to remember is if aliens attack,
(46:15):
get Jeff goldblooma Mac because that guy can do anything.
Ah So, Shannon, thank you so much for joining this episode.
Help everyone where they can find your work. Sure, so,
you can find me on Twitter. I'm at snubs s
and uvs and I promise I will not snubs you
unless you're mean to me. Uh. And you can also
(46:36):
find me on Hack five and tech Thing, both of
which are over at h K five dot org. And
we talk about the simplest of simple hacks and we
go all the way up to the hardest of the
hardest hacks. So there's something there for everybody, and I
hope that you guys will enjoy it. Awesome, Shannon, thank
you so much. And guys, if you want to get
in touch with me and talk about some of the
(46:57):
stuff we chatted about on this episode, maybe there's a
television or film that you know we didn't touch that
you think absolutely needs to be on this list. Let
me know if you have a suggestion for anything else,
like whether you know, maybe it's another guest I could
have on the show. Let me know the addresses tech
stuff at how stuff works dot com or drop me
a line on Facebook or Twitter. The handle of both
(47:18):
of those is text stuff H s W. And I
will talk to you guys again really soon. For more
on this and bathrooms of other topics. Is it how
stuff works dot com.
TechStuff News
Hosts And Creators
Oz Woloshyn
Karah Preiss
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.