Wednesday, April 9, 2014

Hacking: Needles in Haystacks

The term "hacking" is often dramatized in the media and Hollywood. Here are some excellent examples.

It sells more movies if you have flashy graphics and pretty pictures. It communicates a "technological fear" in a way that people can relate to. When you see the graph on Q's screen re-arranging itself and turning red, it looks scary. Or the lab techs in CSI start typing madly on the same keyboard (If you don't understand why this is ridiculous, try it some time) while windows flash across the screen you feel their horror and confusion over getting "hacked" by some invisible force. It's an accessible metaphor for hacking.

The truth is that creating all of these fancy graphics during hacking would be as much or more work than the hacking itself. Computers aren't like people. They don't flinch and scream when attacked. A lot of these fancy re-arranging graphs are an anthropomorphism for the computer. We can connect to it better emotionally when the computer looks or sounds like it's reeling under a hacker's insidious attacks.

In a lot of ways this portrayal of hacking makes it difficult to talk to people about real hacking. The Heartbleed bug is an excellent example of the contrast between Hollywood Hacking and real hacking. There are a number of excellent technical write ups here and here on the bug, but it's difficult to generate much interest for the public outside of the technical world. At least in part because it's pretty dry stuff when compared to the Hollywood Hacking in movies.

Rather than flashing cool pictures or making crazy beeping sounds, the server just responds with 0's and 1's. The attacker quietly sends an attack to the server, the server quietly responds. There's much less excitement during, but the impact is incredibly devastating.

Is this a problem? Maybe and maybe not. The people who enjoy hacking movies may not be in the same group as the people who enjoy hacking. But it may be a bit of a rude awakening for future security experts who grew up on Hollywood Hacking in movies and then realize there are far fewer exciting, automatically re-arranging graphs in the real world.