Many times its difficult to illustrate the benefits of following good information security advice. Company’s tend to keep quiet about their failings so there are few case study’s available to analyse.
But not to fear, the cynic has improvised and analysed 8 movies whose entire outcomes could have been changed had some simple infosec guidelines been adhered to.
Minority report
The scene:
Tom Cruise gains access to his workplace (then his wife gains access to the prison cells) using his old eyes after he’s been on the run and subsequently imprisoned.
Infosec Analysis
The auditors at precrime HQ should have been fired. Any users account and access must be disabled as soon as the access is no longer required. Whether that be when someone moves departments, resigns, or gets fired and becomes a fugitive from the law. So to have Tom Cruise’s eye still grant him access to all areas of the building is unforgivable.
Independence Day
The scene:
Alien invaders are successfully repelled when plucky geek Jeff Goldblum uploads a computer virus to the alien mothership, disabling the attacking ships’ protective force fields and allowing the combined military of the entire world to take them all down at once.
Goldblum’s character does this using an Apple Macintosh Powerbook 5300.
Infosec Analysis
The fact that the operating systems of an alien mothership over 500 kilometres wide, thousands of years more advanced than anything humanity has yet created, large and sophisticated enough to support an entire alien civilisation, should be compatible with Mac OS is bad enough. However, not running a decent anti-virus, firewall and leaving their wireless internet on is just plain sloppy.
If any aliens read this and need some advice on how to secure their system, just beam me up.
Dude where’s my car
The scene:
Dude, where’s my car?
Infosec Analysis
Investing in a decent alarm, immobiliser and GPS tracker would have saved everyone from enduring the shenanigans which went on in this film.
Firewall
The scene:
Bad guys capable of hacking into everything other than where the money is.
Infosec Analysis:
If a banks security was as easy to bypass as it was in firewall, you wouldn’t need a credit crunch to send them crashing. Lets see, the chief infosec guy Harrison Ford can put in ‘rule changes’ on a live firewall on the fly to stop hackers, but then has his own PC hacked so he can’t send emails etc.
If the criminals were so technologically sophisticated, they wouldn’t need Harrison to do their dirty work… ugh my brain hurts.
The Matrix
The scene:
A self-replicating Agent Smith wreaks havoc inside the matrix
Infosec Analysis:
The Matrix was a virtual world created by machines to keep the human minds occupied whilst they harvest energy from their bodies. However, it was painfully clear that the machines never really considered running any anti-virus software to support this ludicrously complex green coded software. Hence, when Agent Smith becomes a self-replicating virus there is no defence against him. Well that is not until the machines ended up going cap in hand to good old Neo to clear up the mess for them.
The Departed
The scene:
Everyone’s undercover working on the other side.
Infosec Analysis:
A case study in why pre-employment screening is so important. You really need to know who’s working for you. Or you end up with criminal organisations completely full of undercover policemen and police units completely staffed by criminals and everyone ends up getting really confused and shoots each other in the head.
Watchmen
The Scene:
Super heroes Rhorschach and Nite Owl break into the office of the worlds smartest man, Ozymandias and guess the password.
Infosec Analysis:
Hmmm how many guesses does it take for them to get in? Why have the password as the name of a book on your desk… seriously, strong passwords are important. Now if the worlds smartest man had used a 12 character, alpha numeric password with a couple of special characters thrown in which would lock out after 3 bad password attempts he would have totally foiled the duo.
Star Wars
The scene:
Death star getting blown up
Infosec Analysis
Darth Vader must be heralded as the prime example of a chief executive who really didn’t care about information security. The entire board was unapproachable and clearly no system testing was undertaken. The network security was so poor that it was hacked into and the designs for the death star were stolen without anyone knowing.
Even worse than that, the death star had a major design flaw where by dropping a bomb thingy into a big hole on the outside, it actually blew up the entire thing!
Darth Vader needed to employ a good Security Consultant to sit on the executive board and promise not to force choke him. Should have commissioned a full risk assessment of the death star followed by a full penetration test. Only then should the death star have been released into the production environment.
Javvad Malik 