May 7 is World Password Day, the official day for the promotion of better password habits to businesses and individuals.
To mark this special day, here are five top scenes from film and TV that realistically portray some of the simple methods hackers can use to steal passwords.
This 80s classic begins with David Lightman (a young Matthew Broderick in his breakthrough role) using his IMSAI 8080 computer to hack into his school district’s computer system and change his grades. “They change the password every couple of weeks but I know where they write them down,” he tells his friend Jennifer.
Later, after programming his computer to “wardial” every phone number in Sunnyvale, California in search of a computer game company, he comes across a system that does not identify itself. The system advertises games like chess and checkers alongside mysterious titles like “Global Thermonuclear War” and “Falken’s Maze”. Unable to access the system, he turns to a hacker friend who explains the concept of a backdoor password: “Whenever I design a system I always put in a simple password that only I know about. That way whenever I want to get back in I can bypass whatever security they’ve added on.”
Eventually David discovers that the Falken behind “Falken’s Maze” has a dead son named Joshua, and he correctly guesses that this is the password. This leads us to the central plot of the movie, which is where David unintentionally starts a simulation that convinces US air defense command that American cities are about to be targeted by a Soviet nuclear attack.
Lesson: A simple backdoor password might offer convenience, but it can also get you in trouble
2- Silicon Valley
No list of hacking scenes from TV and film would be complete without one from Silicon Valley, the Emmy Award-winning comedy series about Pied Piper, a fictional startup company with a ground-breaking data compression algorithm. For those not familiar with the series, one of the running plotlines is that, despite having revolutionary technology, Pied Piper keeps failing because of CEO Richard Hendricks’ naivete about the intentions of his many rivals.
In Season 2, Episode 7, Richard and his colleagues storm into the offices of rival company End Frame to accuse them of stealing the Pied Piper algorithm. While there, Gilfoyle, Pied Piper’s systems architect, finds a simple but creative way to hack into End Frame’s system in order to dig up dirt on them.
“If you’re the CEO of a company, and you’re dumb enough to leave your login info on a Post-It note on your desk while the people that you ripped off are physically in your office, it’s not a hack. It’s barely social engineering. It’s more like natural selection,” he tells his Pied Piper colleagues after the deed has been done.
Lesson: Never store your passwords in plain text
In this 2015 action thriller, Nicholas Hathaway (Chris Hemsworth) earns a temporary release from his prison sentence for computer crimes in exchange for helping the US government catch a dangerous hacker.
Without wanting to give away the whole plot, at a certain stage in the film Hathaway finds himself having to hack into NSA software in order to retrieve information that could help him in his mission but at the same time risk landing him back in prison. He carries this out by emailing an NSA worker a malicious PDF file that installs malware with a keylogging tool. This keylogger allows Hathaway to record the keys struck on the keyboard by the NSA worker, revealing the password to Hathaway and allowing him to gain access to the NSA software.
Lesson: Be careful about opening email attachments.
4- Mr Robot
Mr. Robot is television series about a cybersecurity engineer named Elliot Alderson (played by Rami Malek) who is recruited by an insurrectionary anarchist known as Mr. Robot (played by Christian Slater) to join a group of hacktivists who want to encrypt (and thereby destroy) all debt records of a financial services conglomerate named E Corp.
There are hacking scenes in virtually every episode, many of them very realistic portrayals of what can happen in real life. In Season 1, Episode 1, Elliot is seen conducting a social engineering attack with the aim of obtaining information on his target and then using that information to brute-force the target’s password. He presents himself as a representative of the fraud department of the target’s bank, convincing the target to reveal his address (306 Hawthorne Rd, apartment 2C), the favorite baseball team (the Yankees), and pet’s name (Flipper). This is all Elliot needs to complete the hack.
Lesson: Always verify a caller’s identity (and never use basic personal information in passwords)
(0:00 – 0:41 mins)
This movie about a freelance computer hacker who discovers a secretive government computer program won’t win any awards, but it is notable for the lessons it offers us about password protection.
In one scene, the protagonist is shown talking about how he was “just exploiting the vulnerability” of Mrs. Dempsey’s kernel access. A kernel is a computer program that has complete control over a computer’s operating system, and this scene implies that the hacker was emailing Mrs. Dempsey a piece of software that was able to exploit the antivirus software – giving him access to the kernel and therefore control over the computer.
“Do you know where the weakest link in any security system is?” the hacker says. “It’s you, with your shitty passwords and how you share every part of your life online from geotagging everything you do, to a photo you post of your new ATM card, and your willingness to click on links that promise something you want.”
Lesson: Again, be suspicious of email links; also, don’t share sensitive information online
The official World Password Day initiative outlines several simple steps you can take to protect yourself, including using long passwords; changing passwords regularly; using two-factor authentication for important accounts; never storing passwords on your computer or phone, and always logging off when you’re done with a program.
Of course, password protection is only your business’s first line of defense against hackers and other malicious actors. For all-round protection combining defense and counter-attack, you need an online cybersecurity platform comprising strategic monitoring, proactive threat intelligence, and rapid incident response.