And it’s a reality, because we are increasingly dependent on digital systems, and with that, cyber attacks have gone from being a niche problem to a threat that should concern us all.
This is well known on the other side of the pond, and films and series have rushed to portray hackers and digital wars. But as is often the case with Hollywood, staying true to reality sometimes takes a back seat to spectacle, so in this article we review what they get right and what they exaggerate in three very different productions.
Let’s start with Mr. Robot: the realistic exception
If there is one series that cybersecurity professionals tend to recommend as ‘the most realistic’, it is Mr. Robot. What’s more, it’s entertaining and leaves no one indifferent. I’m sure more than one viewer has taken up a career in cybersecurity thanks to it.
But this is no coincidence. Sam Esmail, its creator, consulted with experts and paid attention to every detail. Here we don’t see a hacker writing a magical line of code that corrupts digital security barriers in two seconds. Instead, we see authentic techniques such as social engineering, phishing, keyloggers, and the use of software or tools such as Linux or Metasploit.
If we focus on the main character, Elliot, he is described as a socially isolated person, obsessed with control and with a feeling of fighting against large corporations. Elliot acts according to what he considers morally correct, albeit breaking the law, and is therefore a cybercriminal in his spare time and an ethical hacker by profession. Are computer security experts really like this? Well, as in any field, some are and many are not.
What can we consider a success? The technical accuracy and good reflection of the hacker mentality. And if we look at the exaggeration, in real life, breaking security, especially in large corporations, is complicated, chaotic and less cinematic.
Let’s go with a little millennial nostalgia with Hackers (1995): 90s fashion and clichés
A cult classic, more for its aesthetics than its rigour. Hackers shows us a group of teenagers in fluorescent leather jackets who enter and exit systems as if they were video games. Most of the time, the protagonists have more style than logic, but they bring up an interesting topic that is still talked about today: simple passwords (such as ‘love’ or ‘secret’) can turn computer systems upside down. The protagonist, Dade Murphy, better known by his alias ‘Crash Override’ or ‘Zero Cool,’ is capable of bringing down entire networks with graphical interfaces that seem more like something out of Back to the Future than reality.
What can we consider a success? Surely the cultural portrait of the era and the fact that the film probably did capture the spirit of the hacker community of the 1990s: young rebels, curious, bored (remember that there were no mobile phones or social networks) and eager to challenge the system. We can consider almost everything technical to be exaggerated, as it is not very accurate, from the three-dimensional graphics to the speed of the hacks.
The most surreal: Blackhat (2015), the Hollywood stereotype of a hacker
If you like action films, this film is a mixture of hacking with chases, gunfire and dizzying scenes. Chris Hemsworth plays Nicholas Hathaway, a cybercriminal imprisoned for piracy and computer crimes, whom the government needs to stop a global cyberattack.
The film mixes real concepts, such as attacks on critical infrastructure, collaboration between international agencies and the use of advanced malware, with typical Hollywood clichés: a muscular hacker who knows how to use weapons and action scenes that have little to do with sitting in front of a keyboard, but obviously add excitement to the film.
What is a success? Showing that some cyberattacks can have enormous physical and economic consequences. And if we look at the exaggeration: a hacker who looks more like a secret agent than a computer analyst with an unrealistic hacking speed.
After this brief review of the small and big screen, what can we conclude?
Films about hackers and cybersecurity clearly seek to entertain, not to teach lessons in awareness or computer security, although we do find some rigorous references. The downside is that, thanks to imaginative screenwriters, the general public thinks that hackers are charismatic characters or, conversely, people with social difficulties, capable of doing anything, when in reality they are limited by knowledge, resources and time. Hollywood plays on the fact that this is a world that is largely unknown to most mortals and creates a very entertaining spectacle.
Perhaps the most valuable lesson is that films may distort the technology, but they do succeed in showing that, ultimately, those who control information have great power in their hands.
Finally, a gentle rebuke to the audiovisual industry: what about female protagonists? Women experts in cybersecurity also exist, and it would be a great idea to attract female audiences by having female protagonists in more technical roles. Furthermore, of the three productions examined, only Mr. Robot barely passes the Bechdel Test, which assesses whether a work shows at least two women with their own names who talk to each other about something other than a man.
