MovieChat Forums > Blackhat (2015) Discussion > 100 things I learned from Blackhat

100 things I learned from Blackhat


[EDIT: Turns out there IS actually another list which I must have overlooked. This one is more comprehensive, though ... :-)]

Just coming back from the cinema after watching this wonderful piece of art - yes, this marvel is a true gem - I was a bit surprised that no one seems to have started a "100 things I learned from Blackhat" list yet.

Okay, off we go:

1. Hackers are very muscular and not afraid to take on three triad squad members at the same time because
2. they are also martial arts experts, and actually
3. they are one-man armies.
4. Hackers who aren't a one-man army hire real armies.
5. Routers save a memory dump on their hard drives before they die because of a nuclear meltdown.
6. Oh, routers actually *have* hard drives.
7. Maybe that only applies to "edge routers" as found in nuclear power plants.
8. If you "have an onion router", your Internet connection will work without an IP address.
9. NSA agents are stupid.
10. Bad guys smart enough to bring an RPG to blow up the main character's car are luckily too dumb to bring more than one rocket so that they can only fire once which they conveniently do when their target is actually not even anywhere close to the car.
11. NSA agents are stupid.
12. China is dangerous place - US Marshalls run around there with handguns.
13. So do FBI agents.
14. NSA agents are stupid.
15. Jakarta is also dangerous - people often die there with screwdrivers in their eyes and no one seems to care, and
16. parades are being held in open gunfire.
17. NSA agents are STUPID.
18. 70 million US dollars equal roughly 40 million euro.
19. Speaking of the Euro - Switzerland has adopted it.
20. NSA agents are so frelling STUPID it actually HURTS!
21. The NSA is also stupid - one of their most secret pieces of software is apparently reachable from the Internet.
22. Via the lamest GUI ever.
23. Gaining access to a frontend of a system means "you have it", according to the NSA. But as we all know ...
24. NSA agents are just so frelling STUPID it actually HURTS!
25. Hackers don't need to know your phone number - they can just call you anyway.
26. You might be good enough a hacker to hack yourself into an NSA supercomputer, but an Malaysian web hoster surely is too difficult of a target to hack into.
27. Luckily, their "datacenter" is just a random shed with little to no security.
28. If you can't hack yourself into a datacenter, then just ram yourself into it.
29. Bank employees are almost as stupid as NSA agents.
30. Malaysian IP addresses look just like URLs in the rest of the world.
31. Police forces all around the world must be stupid to spend $$$ on bullet-proof vests when they can achieve the same with just magazines and duct tape.
32. If you wanna track down someone who modified a short program, you absolutely need the person who wrote the code originally as no one else on Earth is capable of spoofing a sender's email address.
33. Love comes quickly. Sometimes it hits you like a sledgehammer.
34. Chinese women must be very unhappy and
35. once they are "happier than ever before" you won't notice any change in their behavior.

--
"We're with you all the way, mostly"

reply


There are 6 "NSA agents are stupid"

reply

Well, Lost-Ethan was stupid for six in this movie. At least.

--
"We're with you all the way, mostly"

reply

36. White male hackers banging asian female hackers is never a cliche

37. Some actors can look smarter with a superhero costume than with a computer

38. Really cool hackers don't wear pocket protectors

38. Saying "emergency" will get you to the head of the checkout line

39. Chris Hemsworth's hair-dresser was the same person who styled Aha in the 80s

40. Towering blond white guys blend in asian countries

41. You can pull a gun and knife right out in public surrounded by thousands of asians and not one of them will pause or throw a karate move, but all the white immigrants will straight up show mad karate skills while people walk idly by carrying fire torches.

42. Wearing sunglasses inside a terminal while turning your head side to side constantly to look around for someone following you does not attract any attention at all.

43. People with access to sensitive information do not have antivirus programs installed on their computers and certainly do not have those programs set to scan pdf/docs before opening them.

44. Viola needs to stick with HTGAWM instead of wasting her talent in a movie where she just looks like she has PMS all the time.

45. This movie blows because everyone knows that a hacker movie needs at least 1 minimum of the following: caffeinated beverage, star wars, comic book, hobbit/lotr, and/or video game.

reply

46. People who thinks this is a good movie, also don't know how to play "100 things...".

reply

1. Hackers are very muscular and not afraid to take on three triad squad members at the same time because
2. they are also martial arts experts, and actually
3. they are one-man armies.
4. Hackers who aren't a one-man army hire real armies.


you did not understand a Frame of this movie

dumb

"To photograph: it is to put on the same line of sight the head, the eye and the heart."HCB

reply

Because there was so much to understand, right?

reply

I love your replies.. And things that you've learned from this movie.

reply

1 thing I learned from your post -

"100 things I learned" threads are about as interesting as "100 shades of paint drying in slow motion."

reply

Yet they are at least a hundred times more interesting than this movie. Funny, isn't it?

reply

Too much Avant-Garde for your synapses

"To photograph: it is to put on the same line of sight the head, the eye and the heart."HCB

reply

Because no one has ever made a movie full of inaccuracies, logical flaws and with a pathetic plot before? Apparently you've never visited the straight-to-video section of your nearest Blockbuster.

reply

Your points are terrible:

5. You can telnet into your home router and you will find a config file, and a diagnostic file, and a memory stack. I personally have not seen a router used at industrial power plants, but I can bet a $72,000,000 that they at least have EEPROM to store memory dumps and diagnostics in case of failure or power outage. (Jeez, think for yourself, your router stores your info and login even when you unplug it, that data is non-volatile and gets stored on the router)

6. See above...

8. TOR essentially randomizes your IP, you can even schedule it to change it every minute if need be. Using 10-100 or even 1000 random IP addresses that then get passed through 3-5 relays, is the same as using no IP address at all. In fact, in IT a person using TOR has no single external IP address, because there is no way to trace it back. It is like saying that you have no mailing address because you are constantly on the move. The comment was spot on.

9. NSA agents are in fact stupid. Snowden was able to convince his colleauges to give him their login info.

21. Of course it would be reachable from the internet. Currently, more than 85% of IT defense work is outsourced to private defense contractors. These contractors work remotely, and access repositories from their respective locations. Not to mention the obvious: do you really think Pentagon needs to send guys to Ft. Meade or worse Utah with a USB drive when they need to run analysis over a large sample of intelligence data?

22. The Lamest GUI for a parallel CPU is any GUI that is not a terminal. I have used supercomputers while doing research (no, they are not only used by NSA and every large research university/national laboratory will have at least one cluster) and typically you either get a bash or nicely stripped-down customized version of linux env.

23. Gaining access to a piece of software like that, especially if the terminal provided verbose output could yield enormous amount of info in terms of reverse engineering it. Best case scenario, the software would be available for use on another large piece of data in need of analysis. Worst case scenario, the bureaucrat at the NSA had admin level access to branches etc.

25. He sent him his phone number.

26. He did not "hack into the NSA". What he did was trick the NSA guy into providing him with his login info. Things like that have happened in the past: Kevin Mitnick was able to use social engineering to get into ARPA.net, or place wiretaps on FBI agents phones through his access to PacBell.

29. Bank or in reality most security guards are technologically stupid, and males in these professions tend to run high on testosterone. If they were smarter they would not be working for $12/hr, and would not be flirting with every good looking girl they see.

30. ??? What do you mean? Every URL is an IP address passed through a DNS. Type 74.125.224.72 into your browser and you will get Google.

====================================================

Real/possible technical inaccuracies:

1. Breaking into the stock exchange and corrupting its trading system would likely cause a suspension of trading and reversal from backup. - See Nasdaq Aug 22nd, 2013. Although a 250% change in soy prices might not lead to a market shutdown, if one could accomplish that, it would be easier to apply a 10-20% shift to random markers per day, and starting with 1 million and having that run that over 60 days at 15% would easily push one into a multibillionaire status.

2. Breaking into a bank, would very likely yield the same the moment the owner of the account complained about the transaction. If you transfer money out of your account in the US or EU into an erroneous account, the bank will reverse the transaction and if the receiver spends any of the money they will be liable. While a bank in Malaysia might have different rules, the movie should have shown Hathaway actually withdrawing the cash, because while it was still at the bank the bad guy could have just called the bank and had the transfer reversed. (This is the reason why the bad guy could not break directly into a bank)

3. The reactor meltdown - while not impossible because recently there have been hydro plants in Italy that had their diagnostic admin systems exposed to the net - would never work as a test run. The backdoor would have to be installed way in advance, it would have to survive any firmware updates, the logic arrays would have to have access beyond intranet (no reason whatsoever, when you could easily run a long cable to a terminal station outside), and exposing an exploit like that would make your future tin plan impossible.

4. Black Widow - while it was described as a sophisticated defragmentation tool, if the NSA has it, China would very likely have it too. It was described as being dependent on the supercomputing power that was accessible to the NSA (but not the FBI, who in reality have their own cyber-intelligence and counter-intelligence divisions, and while limited to domestic intelligence the FBI deals with data defragmentation and analysis as often as the NSA) China does currently have the fastest supercomputer, and even if the NSA classified system was 2-3x faster, China's machine would take say 12 hours instead of 4-5. Unless the NSA developed it by themselves (who exactly? the majority of people at Meade are quasi-bureaucrats that use, supervise and manage projects not design them) in a bunker under Mt. Vernon, or Area 51 or a super-secret facility on the moon, the project likely would have been developed by outside contractors, and teams of dozens if not hundreds of people. Ensuring that every worker had properly secured their login info would have been impossible, as typically there is always one outlier that stores their password in a text file on their computer.

5. China's domestic surveillance is through the roof. Why do a test run in a country that has the financial means and the technology to come after you? No other country uses those pumps.

6. Finally, the most important point. Instead of going through all the trouble of melting down a reactor, killing dozens of civilians and getting the FBI, the PLA's cyberintelligence division, and the NSA involved, you could likely gain access to the system of the company that supplies the pumps, add a technician to their employee records in Jakarta, cause the tiniest of glitches and have your created tech person appear on site and install a run-of-the-mill backdoor into the system. Plenty of "hackers" have gained access to restricted facilities with nothing but a smile and some small-talk in the past. If you also get a uniform or better yet a nice looking badge, your chances increase exponentially.

=================================

I have gotten my undergrad degree in Physics and Optical engineer, and Ph.D in Atomic physics, and have been working as systems architect for close to a decade, gradually shifting my focus to cybersecurity over the last two years. While I am no where near the level of some of the people I have worked with, by now I know what's realistic, what's plausible and what represents Hollywood fiction.

In terms of IT, this movie got a lot of things right, and certainly was the most accurate depiction of intrusion methods I have seen come out of Hollywood thus far. There were no ridiculous graphical interfaces that would hog resources for no reason, the bad guy used TOR relays (and I think they mentioned a non-caching proxy too like privoxy for example), they actually had people put USBs into systems when needed instead of using some remote magical way to circumvent very strict access controls like they have done in movies like Swordfish or Skyfall, and terminal commands that I caught had correct syntax. Finally +1 for the short-range Wifi trick which was pretty ingenious actually, because with a rooted phone and a simple binary, you could likely remain undetected and communicate even if your phone got cloned by the authorities.

reply

Your points are terrible:
They are not. Please read more carefully.

5. Thanks for trying to be a smartypants here while showing at the same time that you either didn't read what I wrote or failed to comprehend it. You can certainly show me the "save memory dump on internal hard disk in case of nuclear meltdown nearby" configuration option in IOS, I assume?

6. See above. Hint: EEPROM != hard drive

8. How is that related to what I wrote? Hint: You don't "have an onion router", you might *use* one. Devices without IP addresses are unable to communicate over the Internet, no matter how much you're trying to portrait that as a valid simplification, which is of course nonsense as the statement contained the technical term "Tor".

21. Have you ever heard of corporate intranets?

22. Thanks for agreeing with me on that one.

23. How's that related to what I wrote?

25. When and how? IIRC, it was a story element that Thor's call caught the evil genius by surprise.

26. Uhm, okay. You surely can explain why you can easily trick an obviously high-ranked NSA employee into handing out his account information while a Malaysian web hoster seems to be immune against social engineering and phishing attacks? If you're actually writing up an answer for this one, please consider the use of DKIM which can be implemented by any capable systems administrator within just a few minutes and which makes domain impersonation practically impossible.

29. Which is exactly why security guards can authorize transfers of millions of dollars from their terminals? Hmmm...

30. I meant what I said. Hint: URL != IP address

Regading your last statement: You do realize that "a number higher than zero" might still refer to a very low number in absolute terms, despite the fact that, in relative terms, it is much higher than zero, right? So, at the end of the day, there (sadly) is still not much to praise about that movie.

--
"We're with you all the way, mostly"

reply

5. Thanks for trying to be a smartypants here while showing at the same time that you either didn't read what I wrote or failed to comprehend it. You can certainly show me the "save memory dump on internal hard disk in case of nuclear meltdown nearby" configuration option in IOS, I assume?


5. I can't show you a "save memory dump on internal hard disk in case of nuclear meltdown" but I can show you that you can log memory dump in case of failure. I don't know what router you have at home (and you could do this even in most private ones if you flash the firmware and upload a custom one), so I am going to use Mikrotik CCR1009, which is an excellent router for individual and small business needs. It is nowhere near the quality of an industrial router in a power plant, but it will do. You can easily add a system script with "system script add" and set the policy to "ftp, reboot, read, write, policy, test, winbox, sniff" and every packet and read-write will be immediately recorded.

6. The above Mikrotik router allows for a SD card and boatloads allow for harddrives to be hooked up, but if you are still being picky and looking for a router with a harddrive already built in, then just get WD MyNet N900 Central, as that one comes with an internal hdd that is like 2TB the last time I heard.

8. You can't use the TOR relay network without first getting TOR installed on your system. Without "having" the bundle, you won't get to use the relays. Additionally, you can turn yourself into a part of the relay network and act as a "the onion router" yourself.

As far as the second part - to be completely technical, if you do not think the relay switch constitutes having no unique IP address - it is not mandatory for your own computer specifically to have an IP address for network communication. Intranets can use MAC addresses for device communication instead of IPs, and one could let's say get into a large wifi network (like on a college campus), find an unsecure device that can be used as an external AP, and run their own traffic through that IP. Obviously, an IP would eventually play a role.

21. I have heard of intranets, so let's assume something like Black Widow would be on SiPRNet in post-production, which is a government/military network for communication of classified materials. As of today, you are looking at over 4 million people with access to SiPRNet. Better scenario, it would be on JWICs, which raises the security level up to and beyond top secret. However, FBI has direct access to JWICs at all times, and while the FBI agent would not be able to access the compartments, they would be able to easily relay traffic through that intranet.

23. The better question is why are you so positive the only thing that Hathway gained access to was the frontend.

25. You are right, I thought you were refering to the phone call at the hideout in Jakarta.

26. The staff of a server provider used primarily as a proxy for illegal intrusion would certainly be aware of social engineering methods, or better yet they could do something as simple as have no IT staff to talk to customers directly whatsoever. They customers would post support tickets that would be addressed by the engineers, but the engineers would not speak to customers directly. We have actually done this at one of the company I worked at, and engineers would never talk to customers directly, and there would be CR guys whose only job was to get as much data as possible about the problem, but nothing would be relayed back to them or the clients except for it is fixed now, or a patch has been released.

The NSA guy was fooled by the email address that Hathaway was able to spoof thanks to FBI agents access to JWICs (whose access to the Black Widow has expired), so he could have asked himself "what are the chances he gained access to JWICs on his own?" which would be extremely low, and "what are the chances he knew my supervisors name, email address, managed to spoof his email, and send this very plausible notice". Ultimately, he could have decided that the risk was too low, and the bigger risk was leaving his login info the same. The executive could have even thought it through, and might have been worried that it would be his info that would be used to gain access leading to irreparable career damage, and given the prompt email he would be likely to make an error of judgement. Social engineers often resort to tactics that make their victims believe that their jobs, careers, and bank accounts are at serious risk, as acting as the savior immediately forms a degree of trust between them and the victim. After all, people install the majority of trojans, viruses and keyloggers these days through those fake pop-ups that tell them their systems have been infected.


29. To be honest, the more I think about it the more I hate that scene. I don't even think a security station at an international bank would have anything other than a keyboard-screen terminal for the cameras, and a USB would be a ridiculous security risk.

=======================================

Yeah, I agree with you and I certainly don't think this was great movie, and I would classify it as average at best. The ridiculousness of certain scenes made it painful to watch. I won't even mention the ending shootout in Jakarta (opening fire on a group of monks in a square, with likely dozens of people left dead would certainly make international travel very difficult for the rest of one's natural life), or the lack of character development of the antagonist.

What I found the most ridiculous in terms of action movie realism were the shoot-outs in Hong Kong. Hong Kong has one of the strictest gun control laws in the world, and there is no way the FBI agent or the U.S. Marshal would get to keep their guns. Getting caught with a firearm of any kind will get you over 10 years in prison, and a loaded fully-automatic assault rifle can get you a life sentence. The rate of gun-related homicides in Hong Kong has been essentially 0.0 per 100,000 people for quite a while. There was not a single recorded robbery with a firearm in both 2013 and 2014. Criminals - and especially members of organized crime syndicates - in Hong Kong do not actually use guns, it is an established fact and not just HK movie fiction. The penalties for gun possession are extreme, and typically exceed penalties for crimes one might be committing. Even the military captain from China's PLA would likely not be allowed to carry a firearm (the majority of police officers in China do not carry firearms) in Hong Kong, and to have a pair of federal agents running around with their guns drawn would be inconceivable. A HK police officer could encounter them on the street, see the firearm and draw their own weapon, and one error of judgement on either side could spark an international incident of considerable proportions. Just imagine the headlines "United States FBI agent shot by police in Hong Kong" or worse "U.S. federal agent has shot and killed a HK police officer while attempting to evade arrest".

reply

Good post! Maybe that's why people disliked it, it was too techno true and did nor use common movie tropes. Plus getting the main actor confused with his other comic book franchise role.

reply

42. If you want an actor to play a baddie with no speaking lines, you get Troy Polamalu

43. If you are an Indonesian boy in a parade, you will get rudely pushed out of the way by both Lebanese jerks and American hacker jerks

http://www.westerncivforum.com

reply

Hitchcock: "To insist that a storyteller stick to the facts is just as ridiculous as to demand of a representative painter that he show objects accurately. What's the ultimate in representative painting? Color photography. Don't you agree? There's quite a difference, you see, between the creation of a film and the making of a documentary. In the documentary the basic material has been created by God, whereas in the fiction film the director is the god; he must create life. And in the process of that creation, there are lots of feelings, forms of expression, and viewpoints that have to be juxtaposed. We should have total freedom to do as we like, just so long as it's not dull. A critic who talks to me about plausibility is a dull fellow."

reply

Amen to that. (That quote does not apply here, and of course you know that yourself.)

--
"We're with you all the way, mostly"

reply

It certainly does apply here - your entire OP and lengthy exchanges with chciwywezyr are precisely the kind of literal-mindedness and inability to meet a film on its own terms which Hitchcock deplored as the worst, "dullest" type of film critic - the "Plausibles." Truffaut makes a similar observation: "It's sometimes said that a critic, by the very nature of his work, is unimaginative, and in a way, that makes sense, since imagination may be a deterrent to his objectivity. That lack of imagination might account for a predeliction for films that are close to real life."

reply

Suuuuure it does, sweetheart, suuuuure! Seriously, do you even have the slightest clue what Hitchcock was talking about in the quote you posted? Apparently not. To give you just a little hint (because countering facts in an evasive manner combined with personal attacks is bad style and the very example of trolling and thus doesn't justify a well-formulated answer): Hitchock's favorite color was yellow, and he was a strong believer in extraterrestrial life. Still, none of his movies are set in outer space or show yellow blood. Once you understand why you will also comprehend what he was trying to convey with that quote so you can use it adequately next time. And maybe - really just maybe - you might then even understand why making Switzerland a part of the EU is not a masterpiece of art.
--
"We're with you all the way, mostly"

reply





reply

Thiese,

You spend an aweful lot of time and energy writing about something you can't stand. Why?

reply

I already told you - I'm a good person, and if there's a chance I can save only one person from wasting two hours and several bucks on this movie, then I've already accomplished something.
--
"We're with you all the way, mostly"

reply

100. If someone posts more than 5 items - NO ONE READS THEM.
101. There is a class action lawsuit by computer-savvy ppl to get 2.5 hrs of their lives refunded by Michael Mann.
102. Never hire a Samoan with 3 ft long curly hair who likes to wear his shirt open as a henchman.
103. Dam sites always leave their hatches open
104. See point 100

reply

Some routers have actually hard drives, but most intended for domestic use memory card. In some cases the memory dump is not imposible, because the information is recorded in real time before it die.

reply

You are right - I stand corrected. There are actually routers with hard drives which are meant for branch office locations, for instance the Cisco ASR 1001. I was under the impression that only the really big iron(tm) you would never find in any nuclear power plant had hard drives - unless, of course, your nuclear power plant also happens to be a tier-1 Internet backbone operator.
--
"We're with you all the way, mostly"

reply

I believe that every nuclear power plant has a very good and reliable equipment than shown in every movie, and probably for any such we have not heard that exists.

But what happens in the movie do not know, because I have not seen it and at this stage I do not want to waste my time with it. I have not read a single one positive comment about it and I'm quite sure I do not want to see the movie after reading this topic. It cheer me up :) :) :)

reply