6 ways the Blackhat movie got security wrong (and 4 things it got right)

Though the plot of Blackhat takes some typical Hollywood thriller jumps, from a technical standpoint, the movie is fairly accurate.

intro title
Credit: Shutterstock
Completely Fake or Based in Reality?

This slideshow was adapted with permission from a post on the SecureState blog titled Blackhat Inaccuracies: Completely Fake or Based in Reality?. Click through to read the original post.

Released in mid-January, the movie Blackhat centers on several cyber-attacks perpetuated against a Chinese nuclear facility and the stock market, and the hunt for the perpetrator of the attacks by Chinese and American law enforcement agencies. As with many movies centering on hackers and cyber security, expectations for accuracy were fairly low among experts in the field. We at SecureState decided to watch the movie and note any of the ridiculous inaccuracies here. Be forewarned, there are some minor spoilers ahead.

See also: 15 things Back to the Future II got right (and horribly wrong)

Editor's Note: If you are unable to advance to the next slide, try disabling adblock. We apologize for the inconvenience.

fake yubikey
Credit: Autopilot/Wikimedia CC
The Yubikey

Early in the movie, as the investigators are looking into a compromised data center, the security guard at the center shows them a small keychain device, explaining that the device scans his thumbprint to authorize his access to the center. One of the SecureState consultants watching the movie happened to have that exact same device in his pocket (though the one in the movie was painted white). This device, known as a Yubikey, is used to give access to a system, but by generating a one-time passcode, not by taking a thumbprint.

Credit: ITworld/Terry Haas

When the investigators examined files utilized by the Yubikey, they found that the device executed an “autorun.inf” file when plugged into a computer. While the general idea (plugging in a USB device to run a piece of malicious code) is perfectly accurate, the actual file “autorun.inf” is of a type that hasn’t been used actively for years, and probably wouldn’t run on the computers in the data center.

disappearing IP
Credit: Shutterstock
“Route encrypted without an IP address”

One of the investigators in the movie says that the attacker is encrypting the route for the attack, leaving it with no IP address at all. Simply put, this is impossible. The IP address may be routed through any number of proxies, but it will never disappear entirely.

impossible IP address
Credit: ITworld/Terri Haas
Impossible IP addresses

Several times throughout the movie, IP addresses are shown on screen which are actually impossible. That being said, it’s not difficult to imagine this is similar to how movies have used 555- phone numbers for years to avoid real numbers being used.

jibberish c++
Credit: Shutterstock
C++ comments in gibberish code

At one specific point in the movie, several investigators are looking over the code for some malware. The code looks blatantly like it has not been decrypted, but hidden with this are clearly written out comments in plain English following a //. The double slash is a commenting method for C++ code, which the code on the screen was not at all.

misidentified IP
Credit: ITworld/Terri Haas
Misidentified IP address

This is probably the most obvious error in the movie. One person points to a hostname and says that it is the IP address of the attacker’s host server.

Publicly available malware
Credit: Shutterstock
Publicly available malware

In many attacks, the attacker will use a piece of publicly available code, modified in specific ways for that attack. The attack in Blackhat is originally perpetrated using a piece of malware written by the protagonist of the movie, then modified by the attacker.

remote access tool
Credit: Shutterstock
Remote Access Tool

The attack in the movie uses a Remote Access Tool, or a RAT, to get onto a system and download a payload, which is the malware that actually performs the attack. This is commonly how real world attacks occur, wherein a small piece of software works as the RAT to download the actual malware that attacks the target.

social engineering
Credit: Shutterstock
Social engineering techniques

At several points in the movie, the investigators use social engineering techniques to gain access to restricted systems. The first instance of this involves convincing someone with access to the restricted system to download a .pdf file, which then installs a keylogger on the system. While the person who does this is a bit goofy (one would think higher ups in the NSA would know not to download suspicious files from emails), the actual technical aspect of it is entirely accurate, and a common method for gaining access. Similarly, a later social engineering attempt involves getting a person to print a file from a USB device, which is another common attack method used in the real world.

strong passwords
Credit: Shutterstock
Strong passwords

Though the NSA employee falls for an easy social engineering attack, the actual password he uses is shown to be entirely strong, using multiple special characters and increased length.