Pearl Technology Blog

5 Biggest Cybersecurity Mistakes in Movies

Posted on 4/2/2019 by Pearl Technology in cybersecurity movies
image

Silver screen slip-ups.

Cybersecurity in cinema isn't a new trend. Even before the rise of the internet, computers have played a valuable role in many of our favorite movies.

Sometimes Hollywood gets it right. Other times, not so much. In some movies, the cybersecurity practices being implemented may seem like distracting plot holes, or at the very least, instances where people like us shake our heads and say, "What they should have done was…"

And it's not always bad movies that show these mistakes. Some of the most beloved movies of all time—some of our personal favorites, even—exhibit poor cybersecurity practices that, if corrected, could have seriously altered the plot of the film. Let's take five common cybersecurity mistakes in movies and analyze what could have been done differently in each case.

1. Allowing too much access.

As seen in: Star Wars (1977)

Star Wars (aka Episode IV: A New Hope) is one of the most beloved sci-fi movies of all time and is considered a pioneer in the way of special effects. But even this classic isn't without flaws. The Empire clearly could have used some IT consulting as just about everyone onboard the Death Star has access to its sensitive data, including our stowaway heroes Luke Skywalker, Han Solo, Chewbacca, Obi-Wan Kenobi, and the droids R2-D2 and C-3PO.

While onboard, R2 is able to access a Death Star terminal with ease. This revealed not only the location of Princess Leia's holding cell, but also the location of several terminals that when powered down, will deactivate the Death Star's tractor beam and allow them to escape. Had the Empire utilized not just some data security measures—such as passwords and encryption—but also some physical security measures, our heroes may not have made such an easy escape, all things considered (though as Princess Leia later hypothesized, "They let us go.").

2. Are you sure you should install that?

As seen in: Skyfall (2012)

In the James Bond lore, MI6's Q is regarded as a technological wizard capable of incredible feats, from ejector seats in an Aston-Martin DB5 to a wristwatch that shoots lasers. In 2012's Skyfall, however, Q makes an uncharacteristically careless mistake when he plugs a laptop belonging to the film's villain, Raoul Silva—a known cyberterrorist, no less—into MI6's network. This gives the criminal's associates complete and total access to British Intelligence's most sensitive data, which allows Silva to escape. Had Q put as much care into cybersecurity as he did into any of the gadgets at 007's disposal, he'd know to never, ever connect a device from an untrusted source (and especially not one from a cyberterrorist) into your network.

3. Unencrypted data.

As seen in: Watchmen (2009)

In Zack Snyder's 2009 adaptation of the seminal graphic novel Watchmen, the anti-hero Rorschach enlists the aid of his former partner, Nite Owl, to uncover a mass conspiracy with the apparent motive of murdering costumed heroes. The investigation leads them to the office of their former colleague, Adrian Veidt (aka Ozymandias). Rorschach and Nite Owl log on to Veidt's computer (more on that later) and are able to blow the case wide open by accessing the data they need and tracking Veidt down to a hidden base in Antarctica. Veidt should have been a little more proactive than just using a password. Encrypting his data would have no doubt delayed the investigation and kept the two in New York. We understand this takes place in the '80s when cybersecurity measures weren't as advanced, so maybe companies and billionaire superheroes weren't as conscious of information security. But we're only willing to suspend our disbelief as far as blue, atomic supermen will allow us.

4. Not paying attention.

As seen in: Jurassic Park (1993) and Office Space (1999)

Jurassic Park is one of the greatest movies of the 1990s and a testament to Stephen Spielberg's filmmaking genius (and like Star Wars, John Williams' musical genius). However, the titular park's founder, John Hammond, makes a critical mistake in hiring programmer Dennis Nedry and giving him unfettered access to Jurassic Park's network. This allows Nedry to deactivate all the park's physical security systems without any detection.

Similarly, in Mike Judge's 1999 film Office Space, the main characters Peter, Michael, and Samir are able to install a virus that shaves fractions of a cent from Initech's earnings and funnel them into a private bank account (though that plan goes horribly awry) without anyone else in the company noticing until hundreds of thousands of dollars go missing.

Common sense maintains that when handling assets of such sensitive nature—whether it's money or prehistoric beasts—your company should implement resources to monitor the people trusted with this access. Had John Hammond done this in Jurassic Park, dinosaur-related fatalities would have dropped by 100%. And had Bill Lumbergh done this in Office Space, Initech wouldn't have been out $300,000 (though poor Milton still probably would have burned the place to the ground).

5. Bad, bad password practices.

As seen in: Return of the Jedi (1983), Batman & Robin (1997), and Watchmen (2009)

Perhaps the most common cybersecurity mistake in movies is the use of bad, unoriginal, obvious, or otherwise compromised passwords. In the final installment of the original Star Wars trilogy, Return of the Jedi, a Rebel strike team led by Han Solo is confronted by an Imperial blockade en route to the forest moon of Endor. To bypass the blockade, Solo transmits a clearance code obtained by Rebel spies to Darth Vader's ship, Executor. Vader himself even asks an Imperial officer if the Rebels' shuttle has a code clearance, to which the officer famously responds, "It's an older code sir, but it checks out," allowing the Rebels to land and setting the fall of the Empire in motion. Had the Empire required regular password updates and locked out any older codes, they might have maintained their grip on the galaxy.

One of the many sins committed by Joel Schumacher's Batman & Robin is the classic obvious password. In this film, Alfred Pennyworth's niece, Barbara, is not only able to discover the Batcave (probably the most penetrable fortress in superhero films), but also accesses all of Bruce Wayne's bat-secrets from Alfred's computer with a password Alfred clearly just took from a nearby picture frame. We understand Alfred wanted Barbara to access this information and become Batgirl, but if you're put in charge of keeping Bruce Wayne's private data a secret, maybe guard it a little more carefully to prevent it from falling into the wrong hands? Or use a more complex password than "Peg" and tell Barbara how to access the information instead? Just a couple thoughts, Al.

In the previously mentioned Watchmen, Veidt makes the same mistake when guarding his master plan on his computer, simply giving it the password "RAMESESII," an obvious homage to the Egyptian pharaoh (known as "Ozymandias" in Greek texts) after whom Veidt named his superhero alter-ego. Trouble is, Veidt adored his office with Egyptian imagery, including books and busts to Rameses II. Even with such an obvious password, a super-genius like Veidt should have known to use some special characters and numbers (perhaps R@m3s3sIi?) to prevent intrusion—unless, of course, he wanted Rorschach and Nite Owl to discover the truth.

What are some of your favorite cybersecurity mistakes in movies? Let us know in the comments!