A teenage hacker breaks into NORAD and almost starts a nuclear war.
Ronald Reagan was so disturbed by the movie War Games that he signed into law the draconian Computer Fraud and Abuse Act (CFAA), a dog’s breakfast of a law that continues to loom over good-faith security researchers.
Other, more lighthearted movies enchant infosec folks with their campy B-movie shtick — think Hackers, an easy-going flick so well-loved that at RSA this year a group of enthusiasts rented a nearby movie theater in San Francisco and screened the film for conference-goers.
The work of security pros inspires tales of derring-do, not all of them honest or accurate. But those stories in turn affect our laws, our norms, the way we talk about and think about ourselves...for better or worse. Here is our by-no-means-comprehensive list of must-watch hacker movies, in no particular order.
Did we miss something? Let us know!
The eponymous movie of the genre, aptly entitled Hackers, spins the tale of white-hat hackers battling a black hat who, for reasons never fully explained, wants to steal the enormous sum of $21 million dollars (cue Dr. Evil pinky finger to the corner of your lips) and capsize five oil tankers to cover his tracks. It's campy and hard to take seriously, but full of counterculture wardrobe and hairstyles that have influenced how hackers dress and speak — even if only in jest — for nearly a quarter of a century.
"Hack the planet," a phrase it must be noted the protagonist utters while being handcuffed and stuffed into the back of a cop car, has become something of a rallying cry for offensive security pros of the less savory variety.
2. V for Vendetta
No hackers are in this movie and it has nothing to do with information security, but its vision of a dystopian future, and the hero's use of the Guy Fawkes mask, made it an iconic vision of a future to avoid. The movie became a pop culture reference during Occupy Wall Street, and a favorite among early Anonymous members as a symbol of rebellion against perceived government tyranny.
Based on the classic Alan Moore comic of the same name, V for Vendetta takes us into an Orwellian future Britain where a demagogue has seized control, chaos has destroyed North America, and propaganda rules the airwaves. The masked hero, who wears a Guy Fawkes mask and urges us to "Remember, remember the fifth of November," the anniversary of Guy Fawkes' failed 17th-century revolution, brings knives to gunfights and somehow manages to succeed in the end.
3. The Matrix
Will you take the red pill or the blue pill?
While hacking is largely absent from this entertaining and iconic movie about a world where AI enslaves humans and condemns them to live out their lives in a virtual reality indistinguishable from the real world, the metaphors The Matrix gave us to discuss hacking and malware and the nature of computer-intermediated experience continues to resonate to this day.
As our world becomes more and more connected, the threat of gaslighting grows as well. Are you seeing what is real or what someone wants you to see? Both targeted propaganda and malware fall into this category. It's no coincidence famed security researcher Joanna Rutkowska called her hypervisor malware proof of concept Blue Pill — tricking a user into believing all is well when under-the-hood control passes to another. That's about as Matrix as you can get.
4. War Games
"Would you like to play a game?" the terminal asks a youthful Matthew Broderick. Naturally he responds, "Lets play Global Thermonuclear War." And so it begins. When a fun-loving high school hacker, whose biggest crime is hacking his grades, discovers a new online game server, he wants to play the funnest game on the list, not realizing, of course, that he's talking to a computer at NORAD.
World War III nearly ensues, along with thoughtful contemplation of nuclear annihiliation, the unwinnable nature of nuclear conflict, and the passage of legislation like the CFAA. Love it or hate it, War Games is a must-watch hacker movie.
Sneakers is a classic of the genre from 1992 that manages to be both entertaining and (mostly) technically accurate, while avoiding fearmongering excesses. The movie follows physical penetration tester Robert Redford and his team as they confront an unsavory plot, which naturally would be a spoiler to tell you about. As IMDB puts it, "A security pro finds his past coming back to haunt him, when he and his unique team are tasked with retrieving a particularly important item." What might that "important item" be? This is a must-watch hacker flick, so we'll let you find out for yourself.
Young 'uns are not likely to get the reference to the popular, early 1980s arcade game Tron, on which this movie is based. "What would happen if you got sucked into the video game?" the screenwriters mused.
Sucked into the game and forced to play for his life, our hero advances through all the levels and confronts the dastardly Master Control Program. Coupled with poor special effects, camp acting and a B-grade script, this film is mock-worthy but watchable nevertheless for its awkward contemplation on the relationship between human and machine. At least you don't have to keep stuffing quarters into the arcade game to find out how the story ends.
7. Mr. Robot
Inspired, apparently, by American journalist Barrett Brown — who doesn't know how to hack and is not in the least technically minded by his own public admission — Mr. Robot made quite a splash in the information security community because the show's technical advisors went to great pains to get the technical details right.
Infosec folks have been known to pore over the show, frame by frame, double-checking the technical details and, so far, delighting in how plausible they are. CSI: Cyber this ain't. Rather than watching an actor flail their fingers at the keyboard and utter mumbo-jumbo about firewalls until proclaiming "I'm in!", we are instead treated to both plot lines and computer screens that look less like the Matrix and more like a frustrated hacker's Kali Linux install.
Note the inspiration from V for Vendetta. Masks play a prominent role in the story line, but since they can't use the Warner Bros' copyrighted Guy Fawkes mask, the Mr. Robot writers have created their own mask, sufficiently different to pass legal muster under copyright law.
This German-language movie has had a profound influence on the German hacker scene, including the Chaos Computer Club (CCC). The film is loosely based on the true story of Karl Koch, a youthful German computer security enthusiast who got involved in a plot to sell hacked U.S. military information to the KGB in the 1980s. Koch wound up burned to death at the age of 23 in a German forest in an incident believed by many to be a KGB murder to prevent him from talking to investigators.
9. In Ascolto
Another European favorite, this time in Italian. We struggled to find a trailer for In Ascolto in English, so we'll have to rely on the IMDB plot summary: "Estranged by the degree of corporate influence within the largest U.S. listening station in the world, an aging NSA officer defects and mounts a clandestine counter-listening station high in the Italian alps." European contacts assure us this is a much-see hacker movie. Have you seen it? Tell us what you thought.
Art imitates life imitates art
Hacker movies have given us the CFAA, Anonymous, amplification and calcification of counterculture norms of physical appearance, and have attracted both wanted and unwanted attention to the information security community.
Let us hope that Mr Robot is a milestone on the trend towards realistic, technically sound storytelling. It's a dangerous 'net out there. If the days of making movies like The Matrix or Hackers is over, then maybe that's a good thing.