A take that I've always had is that the reason hacking in movies always looks absurd is because the reality of hacking is turbo boring.
You spend hours to months staring at total gibberish; most of the time you are not having great revelations, you are not pointing out the blonde and the brunette and the redhead, you do not see through the code, you are looking for a button you can press that happens to inadvertently probe an IO address at which you have something you control due to an oversight somewhere, and you're literally just doing things randomly and hoping that something does what you want. At least, that's what every single blog post or article or TED talk that I've ever seen talking about how an exploit was discovered reads. Maybe you have a specific avenue in mind, maybe you're using more advanced tools than just blind prodding, but nobody can visualize the entirety of a hardware or software system at once, so you're always going to have some amount of uncertainty about what exactly it is you're trying to accomplish.
This doesn't make good on screen drama, but the trouble is, frequently the outcomes of fictional hacking are also boring. Writing the quick start series, seeing things like Phoenix Hyperspace, I find myself thinking about all the terrifying things that computers can do without your even noticing.
Yes, it's very punchy to imagine your bank account suddenly depleting itself, or your identity being rewritten in every government database, shit like that, but of course it's absurd, nobody has that capability and if anybody did it would literally trigger wars, historically significant events, things that would go down in the history books. Nobody is hacking bank accounts, I don't think that's ever even been done. It doesn't even make sense, because once your subterfuge is discovered it's all just going to get reverted anyway because all the banks are in cahoots with one another as well as every law enforcement agency in the world, so once they undo what you did, they will find you and put you through a meat grinder. This is often expressed in posts about theoretical security vulnerabilities; "nobody has broken TLS, and if they do, they are not going to use it against you, because they suddenly have much bigger fish to fry."
But I did learn that there was a moment in time when Xmir had a bug where it would not stop listening to your keystrokes when you switched to a VTY. So you could be looking at a terminal, typing away, and everything you're typing is being fed into your IRC client. This sort of shenanigan is closer to the reality of actual targeted hacks, and in many ways far more unsettling. And there are so many ways to do this on the PC - compromising the Intel ME or the SMM is a horrifying idea because it is so hard to discover. We've all become used to the idea of a root kit, a kind of malware that scares us because it fucks with the computers ability to inspect itself. But you don't need to do that if you can get code into the parts of the computer that are already uninspectable, of which there are now many.
Actual hacking, state level shit, is more Evil Maid slipping your laptop's hard drive out in your hotel room than it is Kevin Mitnick whistling into a payphone. And the outcomes are also potentially way subtler than anything you'd ever see in a movie, but I wonder what that would look like - a hacker movie written by actual hackers, who understand the very real and not cartoonish reality of how your computer can betray you, sometimes even without deliberate malice being involved.
ironically one of the most believable hacks I can think of in modern cinema is that scene in the matrix sequels (forget which one) where they need to get into the magic building with the special door and so they need to cut the power. iirc Trinity is using, like, identifiable professional hacking tools to attack the power station
most big breaches boil down to "you're exposing a port to the internet that is answered by software with a bug, and I know the bug, so I can use the bug to give myself access to things". a lot of times it's just a matter of getting a command line! then you kinda have to choose your own adventure from there, i.e. "other ports I can see from here that have known bugs" or "other software with bugs I can access on this machine to give myself more things"
Steve Jackson's Hacker is my favorite board game. The core loop is:
-
begin with a dial-in number and set of credentials, leaked or bought from an insider, for a computer system with low security and low value, but with a mildly privileged relationship to another system
-
using that privileged access, find other machines that it can see. access them using more security exploits, more purchased credentials, or information left laying around on the machine you're already in. this all becomes easier if you can elevate to root.
-
repeat until you're inside the NSA
it's from 1992 and extremely fun
