The Hacking of Blackhat, the Movie

A while back, I wrote review of my favorite hacking movies of all time. Two of my key criteria were; (1) how realistic was the hacking, and (2) are the hackers portrayed as the "good guys." This past winter, a new hacker movie was released, appropriately named Blackhat starring Chris Hemsworth (from Thor fame) as a blackhat hacker who is released from prison to stop a notorious and destructive hacker that only he can stop.

Although the movie did very poorly at the box office, I thought it was pretty good movie, as hacker movies go. In particular, the hacking was relatively authentic. One of my pet peeves about hacker movies is that Hollywood always makes hacking seem so fast and simple with lots of swirling, animated, geometric shapes. Brute-forcing passwords takes seconds instead of hours, days, or weeks. In Blackhat, we get a more realistic depiction of hacking... maybe that's why it failed at the box office?

Reportedly, Kevin Paulson served as the hacking consultant. If you haven't heard of Kevin, he was the guy who hacked the Los Angeles radio station KIIS (102.7 FM) so that he could be the 102nd caller and win the Porsche 944 S2 they were giving away. He ended up spending 5 years in prison and given a three-year prohibition on accessing the Internet (heaven forbid, that judge was inhuman). Now he is a senior writer for WIRED Magazine.

The Hemsworth character is loosely based upon the life of Max Butler (aka Max Vision). As many of you know, Max was a grey-hat hacker who was sentenced to a 14-year prison term at Lompoc and is cooperating with CERT to catch hackers. I have made reference to Max in a few articles, most particularly in my script to find vulnerabilities. In the movie, this Max-like character is released from prison to help the U.S. government stop a hacker who has taken down a nuclear plant in China.

Interestingly, the hack is almost eerily identical to the Stuxnet worm that the NSA perpetrated against Iran's uranium enrichment facility. Namely, it attacked the PLCs of the nuke plant's cooling system causing it to overheat, meltdown, and release radiation.

Throughout the movie, the character portrayed by Chris Hemsworth employs command line hacking techniques that reflect the real world of hacking (Chris Hemsworth must be the most attractive person to use a command line). In the scene below, he examines the contents of a thumb drive in Linux/Unix. Notice the command "ls /media" in this BASH Shell.

Then, he "cats" the file found at "/media/Robi_usb/autorun.inf."

He then finds the malware, and instead of finding swirling, geometric objects, he instead finds the malware in the more authentic formats of both hex and ASCII.

Eventually, Hemsworth's character needs the password of NSA's Black Widow (a special NSA program capable of reconstructing destructed or erased data) to reconstruct the malware of the bad guy hackers. Without the Black Widow, he can't track the bad guys.

When the NSA assistant director refuses them access to Black Widow, he social engineers him by sending an email from his boss, the NSA director, to him telling him he needs to change his password. He includes a new "Password Security Guidelines" PDF. Although it unrealistic to believe that the assitant director of the NSA would download a file to his machine, this type of social engineering is at the heart of so many of the major hacks in recent years (RSA, NY Times, Target, OPM, etc.). When he downloads the guidelines, they contain a hidden keylogger, so that when he changes his password, Hemsworth's character captures the keystrokes and thereby gets access to the Black Widow decrypter.

To get access to the bad guys' bank accounts and their ill-begotten money, the Chris Hemsworth's character has an inattentive security guard at the bank "seduced" by a beautiful Chinese network engineer to plug in her thumb drive to a networked printer to print some documents. The thumb drive has a Netcat listener on it that autoruns when the thumb drive is inserted and connects to Hemsworth's Netcat listener as seen below. See the netcat command in the screenshot below?

nc.exe -n -vv -l -p 8080

It's finally nice to see hacking portrayed realistically by Hollywood, but unfortunately, few people saw it. If you have a couple of hours and are interested seeing a moderately good movie with some of the most authentic hacking scenes Hollywood has ever produced, check out Blackhat.