The way the movies portray hacking, forensics, security research and coding is obviously metaphoric and usually made as visually rich as possible to ensure the audience ‘gets it’ and as a bonus can see how cool the process is. Anyone who spent a few sleepless nights with Olly and Ida Pro, worked around the clock on forensic cases, reviewed vulnerability reports or source code, or worked in their head on a particular algorithm for a few weeks before actually sitting down and writing the code knows that the reality is a bit more boring 🙂
If you ask a random security pro what are ‘the best’ hacking movies they will surely laugh pointing out at least a few from the following list:
- Hackers
- Swordfish
- ‘the Visual Basic’ episode of CSI
- The Net (IP 23.75.345.200 🙂
- The Golden Eye
- Skyfall
- Social Network
..and perhaps at some stage they will suddenly become a bit more serious and mention that ‘but Matrix did show NMAP in action’.
Luckily, there are actually movies out there that beat all the above mentioned productions in terms of technical accuracy, and show a relatively realistic representation of IT security work.
This post is about one of them.
A while ago I happened to stumble upon a Korean TV Drama called “Phantom” (also know as “Ghost“) that made my jaws drop. The drama was produced by a Korean Network SBS.
The plot of the drama is simple – The Hades haz you 🙂
Copyright notice: The picture of Hades logo was taken from the clip on Youtube. The copyright belongs to SBS.
Okay, the plot is a bit more complicated – it’s a “Face off” meet “Jason Bourne” meet CSI.
Or
Evil Hackers from Korea and Hong Kong vs. Forensic guys from Korean Police.
Since it’s not IMDB, just a short note on the movie – I have already described bits of the plot; I don’t want to spoil it so I won’t add more information here. The music is all right. The acting is so so (the lead characters are a little bit too stiff and rarely smile). There are gaps in the story as well, but it’s a TV Drama after all, and it’s Korean so there is lots of melodrama ‘by default’. There is also a very strong product placement, but if this the only way to get funds to make TV dramas then so be it.
Okay, back to ‘technical’ stuff.
What makes this particular TV Drama stand out is the attention to details. While they didn’t completely escape typical Hollywood cliché (computers with the evidence are thrown out of the window, logic bombs with a progress bar, etc.) the makers really did their homework and put quite an effort to demonstrate how a typical hacking works. And how forensic guys investigate it.
Lots of scenes are taken in the forensic lab, or on the crime scene – in internet coffee shops, data centers, etc.. We also witness the actual data acquisition, evidence analysis (HDD, mobile, CCTV footage, video manipulation analysis, social media, Event Logs) and most importantly – lots of popular DFIR/RCE software is used to ‘understand’ the data and code. This is really not just a single random tool or a hand made HTML page that is supposed to look like ‘analysis results’. Quite the opposite – many of the most common tools from the DFIR/RCE/pentesting arsenal somehow found its way to the drama.
The software I remember seeing includes:
- Encase
- WinHex
- Metasploit
- OllyDbg
- DCode
- SecureCRT
- Wireshark
- XRY
- BackTrack
- Process Explorer
and lots more (I wish I took notes!).
Last, but not least – there are also realistic attacks being used as a part of the plot including, but not limited to:
- 0Day exploits (using documents from Hangul Word Processor)
- malware infections
- billboard hacking
- spoofed emails
- identity theft
- SCADA attacks
- car hacking
- hacking back in real time
- DDoS attacks
- Wi-Fi hacking
- social engineering
and lo and behold – even STUXNET is mentioned!
Thumbs up South Korea!!!