The problems of computer security on TV

Here’s a thing you might not have realised: writers are usually not experts at much except writing. Some are experts on some things, but on a TV show, often as not, the writers will have to go and ask someone else or look it up on the Internet when they need to look authoritative on a subject. Burn Notice is mostly Internet research, for example, and that little show Star Trek: The Next Generation had a scientific advisor who would fill some plausible jargon whenever a writer wrote “Insert Technobabble here”.

When it comes to computers and computer security, it gets trickier. Computers are like magic to a lot of writers, anyway, but in an hour-long show, depicting true hacking (aka ‘cracking’ for purists) is almost impossible. There usually isn’t enough time to depict the weeks and months of complicated crafting of custom malware, SQL injection, spear phishing, etc that the average computer criminal will need to do to break through a moderately secure installation. Two-factor authentication, face recognition, etc also make it hard for writers to come up with a non-technical way of breaking through security.

So they fudge it. At one extreme, you’ll have Charlie’s Angels, which assumes computer security is practically voodoo. In its first episode, that featured someone cracking a safe’s thumbnail recognition system – by reprogramming it with her thumb. No, not metaphorically. Literally.

Oh dear. Wonder why that was cancelled? Insulting the audience’s intelligence maybe?

At the other extreme, we have the likes of Missing. Now, that’s just had Ashley Judd trying to break into the HQ of the French Secret Service. Let’s skip over the particularly poor levels of physical security that involved and go straight to the computer.

French Secret Service computer security cracked in Missing

Now the producers have clearly gone to some effort here. As well as actually having an application with its window in French – “File”, “Edit”, “Window”, “Search”, “Favourite”, “Help” – in that window there is some proper UNIX, some IP6 addressing and more. Proper computer stuff, in other words.

And yet, again, we have a problem. See, if you know what that all says, you’ll appreciate the French IT security is very lax.

We start with someone logged in as “user” – that’s not good. Then we ask to switch user to the root account – the most powerful account in the entire system and which any IT admin worth his or her salt would have disabled (or never even have enabled). Worse still, Ashley Judd actually knows the password.

To connect to the local security computer or device (apparently there is one, although it’s on the same machine, being localhost yet also on some kind of Bonjour security domain. Not quite sure what’s going on there), Ashley then uses Telnet, which is incredibly insecure and again, any IT admin would have switched that off in favour of ssh.

Apparently, though, the local security device doesn’t require either an id or password. Oops. Worse still, it can’t spell ‘established’ correctly. And all she has to do then is change directory to the persistent data directory /var/lib and she’s there. She might not have opened an X11 connection to do it, but she can somehow still access a nice windowed application to start messing around with the physical security for the entire building.

Now you’re bored already by this, aren’t you? Which is part of the problem – it is boring. If writers had to deal with this properly, the audience would be bored rigged.

Basically, then, no matter what you do with computer security on TV, you’re always either going to find yourself having to gloss over the difficulties and finding at least one section of the audience (or possibly all of it in Charlie’s Angels‘ case) rolling their eyes at you, unless you really just want to bore the audience silly.

Poor TV writers. Poor TV producers. Feel sorry for them.