Things Movies Always Get Wrong About Computer Hacking
Hacking has been a Hollywood staple for decades. From Hackers to Independence Day, we love seeing heroes and villains duke it out on the digital plane. Fingers fly, text scrolls, computers literally explode — it's dramatic stuff. It's only becoming more and more relevant as technology becomes ever more intertwined with the everyday and large-scale hack jobs like the Ashley Madison and Equifax leaks make headlines. Plus, to the layman, it's basically magic. You type some stuff in, you press the enter key, and money, secrets, and all manner of useful information falls into your lap. Right?
Wrong. Hacking might be capable of fantastic feats of subterfuge, espionage, and trickery, but it's a long ways off from the mystical mumbo-jumbo movies make it into. The truth is that hacking is simultaneously a lot more mundane and a lot more weird than you might guess. In fact, it's a lot more in reach of the average guy off the street than he might guess. Join us as we explore the hows, whys, and whens and real-life hacking — and just how wrong Hollywood manages to get it.
Hackers refer constantly to other hackers' work
Hackers, as depicted in movies, are independent above all, working their magic with only the power of their brain and their fingertips. They sit down in front of a computer, take a deep breath, and work their magic. There is no copy-and-pasting, no referral to others' work. Hackers are lone-wolf geniuses, solitary maestros of a digital symphony all their own. It's independent work, ruthlessly so, conducted in the dead of night between one man and his machines.
The truth, however, is quite a bit more collaborative. Hackers refer to other hackers' work all the time. Just like any other job in information technology, it is work that builds on what others have done before. Sharing work, in fact, has a long and illustrious history within the world of hacking. Nonprofit organizations like the People's Computer Company and Community Memory, the first computerized bulletin board system, are among the most important landmarks in hacker history. For good-hearted hackers, sharing one's work isn't just common — it's often revered as a moral imperative.
It's a lot of trial and error
To the uninformed observer of mass media, hacking appears to be a very precise affair. The hacker in question penetrates the security system with intense efficiency and skill, like a surgeon with a scalpel. They know exactly what codes to use, where to apply pressure, what part of the digital architecture is most likely to collapse. They are experts and they are ruthless. The computers of we commonfolk fall like autumn leaves before them.
Really, hacking is a lot of trial and error. Wired magazine put it best in a 2016 article on hacking tools: it's "a fundamentally random process of poking at a machine and watching what happens." Though this would seem to puncture the image of the hacker-as-expert, trial-and-error is in fact an essential tool in any hacker's arsenal. How, indeed, have we ever learned about anything if not through poking at it and seeing what happens? This practice is often refined into "fuzzing," which Wired describes as "finding hackable software bugs by randomly feeding different permutations of data into a target program until one of those permutations reveals a vulnerability." When it comes to hacking, as with many other sciences, "whatever works" remains a tried-and-true method.
Hacking can be legal and positive
The word "hacking" conjures up images of men in ski masks, slinking into office buildings after hours to do their dirty deeds. Or perhaps one pictures the smirking teenager, nestled in his messy bedroom, sending forth a virus into the world simply to enjoy the destruction. Or maybe you see the low-rent digital safecracker in an obscure shack, working with perhaps a few other disreputable-looking people, breaking into bank accounts from half a world away. Regardless, the image is criminal. Hackers are bad people doing bad things for bad reasons. Right?
Wrong. Ethical hacking doesn't just exist, it's a movement — and it's growing all the time. Often referred to as "white hat" hacking, ethical hackers use their specialized skills to test and refine internet security. The history of the practice is long, and involves everyone from high-level corporations to the military. Groups like MalwareMustDie operate independently (sometimes even as registered nonprofit organizations) to make the internet a safer and more pleasant place for all. Ethical hacking can even be a paying career, complete with councils and certifications. Turns out hacking isn't just something the good guys do now and then — it can be a heroic life calling.
Serious hacking needs a serious machine
If you take movies as gospel, hacking can be accomplished by one person wielding basically anything with buttons. A phone, a tablet, a smartwatch, whatever — if it connects, it can be commandeered. One man with a TI-83 calculator and head full of code can bring down governments, to say nothing of your dinky little PC.
This isn't entirely untrue. A lot of basic hacking, and especially scams like phishing, can be done from everyday tech. But if you're working on large-scale projects, you need a serious machine. Hacking requires constant simultaneous testing of multiple parameters, making high-powered multitasking rigs like gaming computers far more capable. The process is more sophisticated than a battering ram, but the brute force of the work — the programs that run over and over, the amount of data that needs to be processed — is similar. For the biggest jobs, hackers need the best tools.
Hackers don't need to type at lightspeed
Recall the portrayals of hacking you've seen from media. Things happen fast, and not just on the screen. The hacker in question rolls from monitor to monitor, fingers dancing on multiple keyboards, eyes flicking from screen to screen. It's a frenzied, panicked process, often complete with countdowns and alarms. There's no time to lose! A hack is in process! NCIS took it to its most absurd extreme in the 2004 episode "The Bone Yard," when two people ended up typing busily on the same keyboard.
In truth, a hacker rarely has to work so fast. Hacking is much like doing any else on a computer: the length of time it takes is pretty much up to you. If anything, hacking tends to be slow and require patience on the part of the hacker. Something tried twelve times often needs to be tried again, an exploit will require hours to process, hit a snag, then need to start over, etc. If there are limits on the hacker, they are self-imposed for the sheer challenge of it, rather than some external countdown. And you definitely don't need four hands on one keyboard.
Anyone can become a hacker
Hacking is the kind of skill people speak about in hushed tones, with a certain note of awe in their voice. It's like being a concert pianist or working for NASA. The assumption is that it took the person years to get where they are, and that what they are capable of is inaccessible to any random schmoe with an ounce of interest. We don't think grandmothers can hack, or guidance counselors, or curious children. Hackers are elite experts, employed by governments and corporations and wealthy businessmen with interests to protect! Movies have told us so!
The truth is, in fact, that anyone can hack. Online courses — for you, the average Joe on the street to whom hacking seems something like magic — proliferate every day. There are ethical hacking communities like hackerone, which offer "Hacking 101" videos. PC World offers a White Hat Hacker Training Bundle. There's even a Hacking for Dummies book! While high-level hacking isn't covered by these sorts of courses and guides, the truth is that anyone can learn to hack and put basic knowledge into practice fairly quickly. To return to the concert pianist analogy, you can't just sit down and start banging out Rachmaninoff, but you can conquer Twinkle Twinkle Little Star inside of a week or so.
Serious hacking can take days, weeks, or even months
So, hacking doesn't have to happen at lightning speed, and can in fact be a rather slow process. But the most intense, high-level hack jobs take even longer. Certain projects can even take weeks — if not months.
If that sounds shocking, remember that hacking can be a job, like anything else, and that large-scale projects at any IT-based job can take a while. You need to do research, first off. You need to figure out what you don't know or have so you can learn or gain it. You need to get the first few tries out of the way. And, of course, you need time for all the mistakes you don't foresee but will happen regardless. Elite hacking jobs, like the Equifax breach, can even take multiple days to run — and that's after the development phase is over. With hacking, as with anything, patience is a virtue.
Easy hacks really do work more often than sophisticated methods
We've established that hacking is treated by Hollywood as a nigh-mystical skill only the chosen few possess. But even when we're focused on real hacking done by real hackers, surely the more complicated approaches are the ones that yield the greatest results? After all, we're wowed by the great Renaissance artists and their multifaceted masterworks in a way hotel watercolors can't approximate. A pasta dish comprising more than one type of seasoning or herb is more impressive than buttered toast. 19th-century opera affects us on a level that "Mary Had a Little Lamb" does not.
Generally speaking, actually, the easiest approaches in hacking really are often the most effective. There's a reason you get emails claiming to need your passwords, credit card numbers, and bank account information: a lot of people fall for them. Even today, when "phishing" is a word in the dictionary and comedians make jokes about "Nigerian princes" emailing them for help, enough of the public will fall prey to these entry-level "hacks" to make them worth doing. Phishing attacks on Google and Facebook net the perpetrators millions, and new ins, such as sending fake Amazon Prime deals, are developed every day. Human error is a powerful tool — one that won't stop being used any time soon.
It's mostly waiting
Movies make hacking look positively frantic. Code flashes by, fingers tap so fast they blur, and programs open and close within seconds. It appears more like a high-octane NASCAR race than anything else, complete with thrilling final sprints and unexpected detours. It's dramatic, it's entertaining, and it's over within a few minutes.
In reality, hacking can be a very slow process indeed. As author Chuck Wendig put it, when asked about his hacking-centric novel Zeroes, "It's incredibly dull. It involves, unsurprisingly, a whole lot of sitting around at keyboards and typing things into keyboards." Hacking, in fact, is often a tedious process of waiting — waiting for something to happen, waiting to find an "in," waiting for a program to do its thing. Not the stuff of entertainment, generally, and even when the waiting ends, there's often more to come. Perhaps this is one sin of misrepresentation that can be forgiven, as no one wants to pay to watch an actor sit and check their phone while a computer whirs in the background.
It's pretty much all plain text
Hacking in movies is a multisensory affair. Skulls flash, complicated networks are visualized as ever-fluctuating polygons, sirens sound, and often the hacker in question has a clever symbol of some kind that lets all who come across their digital mayhem know they were there. It makes sense; movies are made up of visuals and sound, and no audience wants to stare at black text on a white screen for more than a half-second or so. Jazzing the whole process up with animation, music, and multiple moving parts is likely the best way to get across what is happening in a timely and entertaining fashion. Goodness knows it sticks with people — 20 years after The Matrix premiered, we still picture scrolling green text on a black background when we think of high-level digital operations.
But the reality of hacking is a lot more boring, visually speaking. By and large, it really is mostly text — endless blocks of text that move only a little as the hacker scrolls, bit by bit, through the code. There are surprisingly few animated skulls, biohazard symbols, or other such designators of shady activity afoot. Mostly, it's letters and numbers, over and over again. Not exactly the stuff of movie magic, but it certainly gets things done.