Earlier this month, the season five opener of Showtime’s “Homeland” was criticized for its unrealistic depiction of the Central Intelligence Agency getting hacked. “No one bothers to explain why these files were not encrypted,” said writer Cyrus Farivar in the technology publication Ars Technica. “In the fictitious world of ‘Homeland,’ apparently only hackers use encryption.”
About two weeks later, it was disclosed that the personal e-mail account of CIA Director John Brennan was hacked, and a person who claimed to be a teenager told The New York Post he did the hacking.
So while the show’s execution may have been lacking, hacking remains as relevant and compelling a subject as ever.
Hacking has been depicted in movies and on television off and on for over 30 years, but with high-profile hacks now taking place on a regular basis, it’s likely to become more fodder for the foreseeable future. 2015 has already seen high-profile data breaches of such giant companies as CVS, Ashley Madison and Anthem, and there are still two months to go before the year is over.
Despite the pervasiveness, people with firsthand knowledge of the subject say that Hollywood’s depictions of hacking are still wrong a great deal of the time, sometimes laughably so. For instance, Peter Krapp, professor of Film and Media Studies at University of California, Irvine, criticized the “Homeland” episode for multiple implausibilities, not the least of which was that the CIA’s top secret files are depicted as residing in directories clearly marked “CIA.” And that’s not all.
“We are supposed to believe that pulling a physical cable out of the wall is the only thing experts in Langley can do to defend the CIA against an onslaught of Internet connections seeking pornographic cam-shows?” he asked.
What’s so hard about getting this right?
“The truth is, hacking isn’t very visual and is generally highly technical,” said Pieter VanIperen, co-founder and chief technology officer at Sports Media 101 in New York City. “It would be far better to just say in dialogue, ‘we hacked into the CIA and found blank’ than go through a long-winded explanation with bad visuals that is almost always wrong or implausible.”
Walter O’Brien, founder and CEO of Scorpion Computer Services in Los Angeles, California, is doing his part. As a consultant to major movie studios, he’s helped filmmakers depict hacking more realistically. “Screen writers and producers are learning that audiences are very sophisticated,” he told Fortune. “It can be a fun and neat challenge for those in the film and television industry to emulate hacking scenarios realistically.”
Fortune spoke with experts in the technology field and asked them which movies and television shows were accurate in their depictions of hacking, and which ones got it wrong. Here’s what they said.
1. The Bad
“Swordfish” is a 2001 action movie starring Hugh Jackman. Tom Gorup, Security Operations Manager at the global IT security firm Rook Security, characterized it as not just unrealistic, but preposterous.
“‘Swordfish’ is a great example of getting it wrong, over and over and over,” he said. He cited a sequence in which Jackman’s character breaches Department of Defense data in under two minutes, while simultaneously being fellated.
“An attack like this would take quite some research and time, if it were possible at all.”
Jurassic Park (1993)
1993’s “Jurassic Park” was a groundbreaking movie that grossed over $1 billion at the worldwide box office and spawned such mega-popular sequels as “Jurassic World,” which currently holds the distinction of being 2015’s highest-grossing movie.
Unfortunately, that doesn’t impress Dale Drew. The chief security officer at Level 3 Communications in Broomfield, Colorado, he said that the original dinosaur classic featured one of filmdom’s most spectacularly wrong hacking sequences.
“The graphical ‘Unix’ system used to run and secure the park looked like a Mattel toy, and the process to try to ‘hack’ into the park system by giving it actual sentences — ‘access the park system’ — is exactly how my mother thinks hacking is done.”
2012’s “Skyfall” is one of the most critically-acclaimed entries in the entire James Bond film series. In fact, Philip French of The Guardian said that it may have been the best movie in the franchise’s entire history. Audiences agreed, lavishing the film with $1.1 billion in ticket sales worldwide.
Unfortunately, even 007 can’t get it right 100 percent of the time, and according to Giang Nguyen of Technology Blog in Hanoi, Vietnam, “Skyfall” was so inaccurate in its depiction of hacking that it bore almost no resemblance to the real thing.
“Viruses and hacking don’t look like some flashing and shifting, cool 3D graphics that can be destroyed in a few clicks of a button,” he said. “Hacking in this movie is beautiful, neat, elegant and garbage.”
2. The Mediocre
2015’s “Blackhat” saw Chris Hemsworth drop The Hammer of Thor and enter the world of hacking. The experts said that it’s a mixed bag, getting some things right and other things wrong. Jay Marwaha, CEO of the analytics technology company SYNTASA, chose to focus on the latter, citing a “weak plot” and general lack of realism.
Grayson Milbourne, security intelligence director at the Internet security firm Webroot, said exactly the opposite.
“’Blackhat’ portrayed the best version of hacking,” said. “The character didn’t bang on a keyboard quickly or have a massive amount of screens open, he simply opened a terminal window and typed all that was needed.”
Either way, “Blackhat” failed to attract audiences and the movie made only $18 million at the worldwide box office. Part of the problem may have been the challenge of depicting hacking in a way that’s exciting to audiences, as critic Sheri Linden said in her review of the film in The Hollywood Reporter.
“Characters looking at computer screens and explaining the significance of what they see doesn’t make for the most riveting viewing,” she wrote.
According to the experts, 1995’s “Hackers” is responsible for two things — introducing Angelina Jolie to the mainstream, and portraying the hacking subculture in a somewhat realistic way. The actual hacking itself, however, is another story.
“There were great depictions of hacker culture and camaraderie,” Margo Solomon of Avenue Stream Web Design Services in New York City said. “But it’s absolutely ridiculous how the actual hacking is depicted.”
The Net (1995)
1995’s “The Net” starred Sandra Bullock as an ordinary woman pulled into a high-tech nightmare, or at least what passed for a high-tech nightmare 20 years ago. Although the critical reception that the movie received was lukewarm at best, it earned a respectable $111 million at the worldwide box office.
Peter Krapp gave the movie credit for getting a couple of things right, such as focusing on IP addresses during hacking sequences, but the technical errors could not be ignored.
“You could not connect via telnet to an email address, for instance, you need an IP address and a TCP port number,” he said. “Only once you are connected can you initiate an email login. Nor would a Macintosh virus from 1995 infect a mainframe computer.”
3. The Good
Mr. Robot (2015)
The highest marks for accuracy, by far, went to the USA Network’s “Mr. Robot.” Daniel Ingevaldson, chief technology officer at Atlanta, Georgia security vendor Easy Solutions, called it “far and away the most technically accurate, plausible and realistic hacking drama ever created,” and Jay Marwaha called it “my all-time favorite hacker show.” Giang Nguyen explained what it gets right.
“Firstly, they use Linux, the operating system that most pro hackers use,” he said. “Windows and Mac are absolutely no use when it comes to hacking, since Windows collects your data and Mac prevents you from doing 99 percent of the things you need to do in order to hack. Also, on the screens are real codes, not just flashy shifting shapes like in ‘Skyfall.’”
The Matrix Reloaded (2003)
The entertainment staff at XFINITY called 2003’s “The Matrix Reloaded” one of the worst sequels of all time, calling it “self-indulgent” and suggesting that the parties responsible “should have taken the blue pill.” But according to Stephen Cox, chief security architect at SecureAuth in Leesburg, Virginia, it did one thing right.
“The scene where Trinity hacks the power station was one of the first scenes in a movie to accurately portray a hack,” he said. “The sequence of commands she uses to scan the remote machine, exploit it and then remotely reset the password was very accurate at the time the movie was released.”
One of the movies that the experts cited as among the most realistic is over 30 years old. 1983’s “WarGames” stars Matthew Broderick as an underachieving teenage hacker who inadvertently accesses a military supercomputer. Dale Drew cited its realistic portrayal of “war dialing,” otherwise known as using a modem to find other computers by dialing phone numbers in sequence.
The fact that Broderick’s character finds the supercomputer by accident is also consistent with hacker behavior, said Greg Mancusi-Ungaro, chief marketing officer of the Toronto cyber threat intelligence firm BrandProtect.
“Popular media often shows hackers planning to attack a specific target,” he said. “In the real world, hackers are rarely so targeted. Instead, they are opportunistic. They spend their time finding low-hanging fruit to exploit any vulnerabilities they can find. Once they do find a lucrative target, there can be a long reconnaissance period, where they make incremental progress using all of the different tools at their disposal until their attack is completed.”
Daniel Bukszpan is a New York-based freelance writer.