IT People.... quick question

[Stadler]

So, I'm watching "The Equalizer"; the beautiful Queen Latifah, the excellent Chris Noth...

And like virtually every single crime show on television, there is Adam Goldberg as the quippy hipster computer genius, who has a wall of monitors, and with a flurry of keyboard strokes, hacks into NYPD, and the traffic authority, and banks like I rip open a bag of Hershey's Kisses.    Every show has one:   NCIS has Kasie (and formerly Abby), Criminal Minds has Penelope, FBI has Ian and a couple other techs, etc. etc.

Question is, to what degree is that shit real?  I imagine it's way faster on TV, because 44 minutes, but I can't imagine it's TOTAL billshot. But is it?  Are major, tech-centric entities like that THAT susceptible to hacking? 

[faizoff]

Not really, there are few shows that get the computer stuff correct or pay attention to detail. The show Mr. Robot probably has the most accurate depiction of computer hacking,  spoofing, nigerian prince scam, etc.. they nail the on screen hacking verbiage and techniques. They are of course dramatized and a little sped up but by and large they are actual scripts that run and will work in the process they describe. If I remember right, they use actual cases of hacking that happened in real life and incorporate them in some of the episodes.

It helps that the show creator has an undergraduate in Comp Sc. and always lamented that shows don't depict hacking correctly. But yeah I don't think I've ever seen it depicted anywhere as good as in Mr. Robot.

Halt and Catch fire is another pretty good show on the tech usage but it's older 80-90s tech shown there and more programming in general not necessarily hacking[size=78%].[/size]


And since you mention NCIS, this clip is gold fodder
https://www.youtube.com/watch?v=msX4oAXpvUE&ab_channel=Splavodo69

[MirrorMask]

faizoff already said it, but one of the most annoying TV tropes is the "computer guy" typing very fast and announcing loudly "I'm in".

It's almost like they believe hacking is a physical fight that requires fast and aggressive typing, to out-type the defenses of the site or facility you're breaking into. It's just not like that.

[Stadler]

There was a scene like that in Bull; the resident computer wizard Taylor (my least favorite character on the show by about a thousand miles; she's a sanctimonious bleeding heart with everything else, but doesn't blink an eye at stealing other people's intellectual property because she's "right") was under "attack" and she was typing on that keyboard like she was Yngwie-ess Ficking Malmsteen.  Absolutely ridiculous. 

I sometimes lament how lawyers are portrayed on TV (can we PLEASE retire the "obnoxious question" that is "withdrawn" with knowing winks because "the jury can't disregard even if they wanted to" billshot??  I'm both an attorney and been on a jury and I PROMISE you it doesn't work that way) but I can imagine I'd be a lot more frustrated and angry was I an IT person.   

[lonestar]

I sometimes lament how lawyers are portrayed on TV (can we PLEASE retire the "obnoxious question" that is "withdrawn" with knowing winks because "the jury can't disregard even if they wanted to" billshot??  I'm both an attorney and been on a jury and I PROMISE you it doesn't work that way) but I can imagine I'd be a lot more frustrated and angry was I an IT person. 

They do a passable job at portraying chefs on tv, except that they portray us as being sober and having lives outside of work 

[krands85]

This might be worth a watch:
https://www.youtube.com/watch?v=SZQz9tkEHIg

[faizoff]

This might be worth a watch:
https://www.youtube.com/watch?v=SZQz9tkEHIg

As much as useful information that video contains, the video editing is fucking atrocious.

[faizoff]

That video does convey useful viewpoints on many shows and movies. The Mr.Robot scene they went over at the hospital is relatable to me in some aspects. I did some side IT support work for a local clinic for a few weeks once a few years back and that was the exact interface they had and I could literally go anywhere in their system and do whatever the fuck I wanted. It was a joke from a security standpoint but my that wasn't my area of work so I never bothered to tell them they needed to upgrade security.

I was there to just make sure the drivers all worked and were connected and that the stations could play video. lol


Edit: I also like how in that video the security expert just laughs at that NCIS scene I linked earlier and is like "what do you want me to say?"

[pg1067]

I sometimes lament how lawyers are portrayed on TV (can we PLEASE retire the "obnoxious question" that is "withdrawn" with knowing winks because "the jury can't disregard even if they wanted to" billshot??  I'm both an attorney and been on a jury and I PROMISE you it doesn't work that way) but I can imagine I'd be a lot more frustrated and angry was I an IT person. 

My wife is to the point that she's annoyed with me when I critique every lawyer/examination scene we see.  Except A Few Good Men; that one is perfect.  ;-)

[kirksnosehair]

Question is, to what degree is that shit real?  I imagine it's way faster on TV, because 44 minutes, but I can't imagine it's TOTAL billshot. But is it?  Are major, tech-centric entities like that THAT susceptible to hacking?

EVERYTHING is susceptible to hacking.  There are flaws even in the most secure and redundant systems.  That said, 99.9% of the "hacking" you see on TV is 100% pure bullshit.  In many cases they use nonsensical techno-jargon which drives me crazy as a guy who has been in the I.T. business pretty much since there WAS an I.T. business to be in.

[Stadler]

Question is, to what degree is that shit real?  I imagine it's way faster on TV, because 44 minutes, but I can't imagine it's TOTAL billshot. But is it?  Are major, tech-centric entities like that THAT susceptible to hacking?

EVERYTHING is susceptible to hacking.  There are flaws even in the most secure and redundant systems.  That said, 99.9% of the "hacking" you see on TV is 100% pure bullshit.  In many cases they use nonsensical techno-jargon which drives me crazy as a guy who has been in the I.T. business pretty much since there WAS an I.T. business to be in.

How much of it is random (in real life)?   Meaning, in many of these shows, they seem to have this magical ability to zoom through firewalls, get into the exact directory, and find the "folder" or "file" they need instantly, download it to a thumb drive while invariably spilling coffee as a diversion, then getting out of dodge.  With "phishing" it seems to be more random, as in probing for weakness, and getting in where you get in, and getting access to what you get access to. 

I know for me, I get asked for files and contracts all the time, and it's usually a "well, let's see; is it in the "Bid and Tenders" folder, or the "Projects" folder?  Under the "Customer" name or the "Business" name?  Wait, did I even save the final version from my email when it was sent to me?   (And all of our computers nominally need advanced admin access to allow downloads to thumb drives; I have admin access to my own computer and I can't download files to a thumb drive.  That's a pirating preventative, to stop people who are fired or who quit from taking IP with them.)

[faizoff]

How much of it is random (in real life)?   

Well it really depends. The methods most TV shows and movies display are obviously sped up and they often utilize a mix of real and fake (read 'convenient')  technologies. If you remember the Target hack, it took months and months of waiting after installing infected malware on the card terminals. To get to those terminals they had to be creative and find the company that installs the patches. That company I believe installs this kind of firmware on all kinds of devices like card readers and smart fridges, and not just for Target but many other smaller companies. The hackers exploited one of those devices with weak security and sowed their way in from there. So it took ages to get to finally read customers' cards and steal their numbers. It took even longer for Target to find out, that's pretty much how these things usually pan out. Plus they aren't exactly sure if that is how it really happened, it's what I remember last reading on the subject many years ago.


The SolarWinds hack was along those lines too IIRC.



I think the most obvious not-so-real-things are the pretty graphics all shows and movies tend to display while the "hacking" is going on. Ping! you've been hacked! Ting! Access granted! Zing! I'm in!
All the showboat stuff is really the opposite of what much of the hacking is really is.


There's also the cases and times it doesn't work. I'm sure a huge amount of effort is spent of things not working out.

That said, 99.9% of the "hacking" you see on TV is 100% pure bullshit.  In many cases they use nonsensical techno-jargon which drives me crazy as a guy who has been in the I.T. business pretty much since there WAS an I.T. business to be in.

I would highly recommend you watch Mr. Robot, all the tech stuff they use on their show is screened and cleared by a software security consultant and while they do stretch things here and there, it's all within the realm of possibility. While the show doesn't always center around hacking, when they do use it, they do a pretty good job of using what's available. It's not 100% right all the time, they too take liberties but they get a ton of stuff right.

[hefdaddy42]

My wife is in IT, and she frequently LOLs at stuff we see on shows and in movies.

[kirksnosehair]

Question is, to what degree is that shit real?  I imagine it's way faster on TV, because 44 minutes, but I can't imagine it's TOTAL billshot. But is it?  Are major, tech-centric entities like that THAT susceptible to hacking?

EVERYTHING is susceptible to hacking.  There are flaws even in the most secure and redundant systems.  That said, 99.9% of the "hacking" you see on TV is 100% pure bullshit.  In many cases they use nonsensical techno-jargon which drives me crazy as a guy who has been in the I.T. business pretty much since there WAS an I.T. business to be in.

How much of it is random (in real life)?   Meaning, in many of these shows, they seem to have this magical ability to zoom through firewalls, get into the exact directory, and find the "folder" or "file" they need instantly, download it to a thumb drive while invariably spilling coffee as a diversion, then getting out of dodge.  With "phishing" it seems to be more random, as in probing for weakness, and getting in where you get in, and getting access to what you get access to. 

I know for me, I get asked for files and contracts all the time, and it's usually a "well, let's see; is it in the "Bid and Tenders" folder, or the "Projects" folder?  Under the "Customer" name or the "Business" name?  Wait, did I even save the final version from my email when it was sent to me?   (And all of our computers nominally need advanced admin access to allow downloads to thumb drives; I have admin access to my own computer and I can't download files to a thumb drive.  That's a pirating preventative, to stop people who are fired or who quit from taking IP with them.)

The way "zooming through firewalls" is portrayed in most modern television shows is simply not how it works.   Breaking in to a network that is protected with the kind of systems I have setup here at my company's data center takes months and months of effort, sometimes longer.  We have multiple hardware firewalls that conduct a process known as "stateful packet inspection" wherein every packet of data that passes through is evaluated at one or more levels in the OSI model.   The OSI model is basically the physical and logical architecture of a computer network and is expressed in 7 layers:


7 - Application
6 - Presentation
5 - Session
4 - Transport
3 - Network
2 - Data Link
1 - Physical


Most modern routers and firewall appliances have algorithms that can identify and flag attempts at disrupting/penetrating/circumventing any level of this process and the packets are both rejected and flagged for action by an administrator.  In the 20 years I've been at this company, 15 in the role of Director of I.T. we've not had a significant security breach because we keep our equipment meticulously updated and maintained with all of the original equipment manufacturer's recommended settings and firmware levels.  Network security is not a static thing, it's dynamic and constantly evolving.