Skyfall, the latest Bond flick, wasn't just a fun movie — it also featured the only Bond villain who used evil cyberhacking as the main weapon in his arsenal. Of course movie hacking is rarely accurate (except for that shining moment when Trinity used nmap in The Matrix Reloaded), but it's still fun to pick apart what's realistic and what's completely batshit insane. Surprisingly, the hacking in this flick isn't entirely ridiculous.
Spoilers for Skyfall ahead!
There were a few major hacking scenes in Skyfall. First, there is the bit where bad guy Silva hacks into M's laptop, sending her weird LulzSec-ish taunts. Second, there is the "hacking the infrastructure" moment when Silva blows up part of MI6 headquarters by taking control of the building's gas system. And finally, there is Silva's little trap for Q on the Laptop Full of Seekrits, which involves a lot of standing around looking at GUIs and plugging things in and muttering about "asymmetric humina humina." Let's tackle these one by one.
To get a computer security expert's perspective on all this, I talked to Adam O'Donnell, the chief architect at security tech company Sourcefire.
Breaking into an insecure laptop or router to take over M's monitor is quite possible. The question is, why would a hacker be able to do it again and again to the same damn laptop? As O'Donnell asked incredulously, "Who the hell allows a chief of station to use a compromised laptop?" The point is, as soon as she got the first taunt, Q or some other cybersecurity expert would immediately retrieved M's computer and taken it offline, because it was no longer secure. Extremely unlikely that she would she have gotten subsequent nastygrams from Silva.
Remote Control Explosion
Silva tells Bond that he took control of the computer controlled gas mains inside MI6 and set off the explosion in M's office. Says O'Donnell:
Yes, things were dressed up for film, but there were some kernels of truth. Software can destroy machinery and cause an explosion, but there are so many conditions attached that it is pretty impractical. If there was gas lines on that floor and if there was a control system attached and if that control system was attached to the internet and if there were no physical safeties and if there was an ignition source then it would be theoretically possible to blow up the floor using a software attack.
Computers have been used by the military to compromise infrastructure in other nations. The Stuxnet computer worm, discovered in 2010, is most likely responsible for crippling a number of Iranian uranium enrichment centrifuges. While Stuxnet didn't blow anything up, it did infect software in a way that led to key hardware breakdowns.
At Idaho National Labs, security researchers managed to compromise a model power grid by using a computer-based attack or cyberattack.
Q's Big Hacking Moment
Finally the MI6 folks have their hands on Silva's laptop full of secrets. It's time for a little high tech forensics, and Q is wearing a great cardigan with a special cyberzipper on it! The dialogue is full of words that the writers probably got from somebody who called themselves a "cyberhacker." There are algorithms and encryptions and asymmetrics! Plus — and this was my favorite part — at one point Q exclaims, "It's security through obscurity!" as if this is the most elite thing a hacker could ever do. Unfortunately for the writers, this is actually a phrase that security experts use as an insult, to describe security systems that rely on the fact that nobody cares enough about them to bother trying to hack them. Apple computers are famous for benefiting from security through obscurity. If you're a bad guy, you're going to design ways to exploit the far-more-common Windows systems so that you get more bang for your hack.
Also, this is not how hacking tools really look on your monitor:
Usually you're just dealing with a command line, even (or especially) when you're doing super fancy shit.
That said, there were few elements of the forensics scene that O'Donnell was willing to concede that the movie got (kind of) right:
Malware does mutate in memory to prevent reverse engineering, and will self-destruct if it detects that it is being reverse engineered. That's why you try to do the work inside a virtual machine that lets you rewind the machine state to before the self-destruct point. There have been attacks that directly target forensics software as well, so, if they wanted to, someone could screw with their machine with the intent of giving the investigator heartburn.
Remember when Q yells something about "mutating" right before the UI goes all hinky? Well, that might not be entirely impossible.
I asked people on Twitter what they thought the most preposterous hacking bits in the film were, and by far the most popular answer was the interface you see above. As software developer Yoz Grahame put it, "[A] pile of red wire hangers turns into a map of Tube tunnels which they then use." Added Lifehacker editor Whitson Gordon, "It looked like they were playing Asteroids." (I think he was referring to the black and white GUI, pictured earlier.)
But no problem was worse than a very, very basic one. Why did Q plug the bad guy's laptop into the highly sensitive MI6 network? Never do that!
Also, What Is This, People?
C'mon, this is Silva's super computer hacking lab? In a room full of dust, with no climate control, and servers that look like an LED project from MAKE magazine? OK fine — it does look pretty cool. But do not ever do this to your actual servers, unless they really are just blinky lights.
Security expert Bruce Schneier summed it up best. When I emailed him to ask what he thought about Skyfall, he said he hadn't yet seen it, but he was sure about one thing. "I'm sure it's implausible, whatever it is."
CGI interfaces pictured here were created by Blind, Ltd.