CXO

Never get complacent about security, even in fiction

TV crime dramas get IT security wrong so often it's remarkable when it gets something right. On that rare occasion, you might learn something.

I recently watched a rerun of an episode of Criminal Minds, in which someone who had been terribly burned in a fire where he essentially lost his entire family got the notion into his head that he was the Fisher King and the FBI Behavioral Analysis Unit — the heroes of the series — were the Knights of the Round Table. All in all, the episode was only mildly better than mediocre, which put it mostly on par with the rest of the series.

In typical television fictional style, the villain of the episode just happened to have the skills necessary to crack security on a remote computer and work some serious mischief. He got access to the network at the Virginia FBI offices where the BAU worked and used that to gather information on the team. This was a man who was apparently a suburban family man, nearly killed in a fire, who spent literally years in a hospital recovering.

It is technically possible he may have gained those skills along the way, but the unlikeliness of it was striking. Any time I hear the word "hacker" in a television crime drama series, I prepare myself for a load of nonsense and unlikely circumstances, for most of which they never bother to try to provide even a half-baked explanation. Screenwriters appear content to treat computer security like magic, and to expect everyone in the audience to do the same.

I have been pleasantly surprised by two different episodes of Criminal Minds, recently. In one, where the team was trying to track down a kidnapper, they were looking at footage from a mall's security cameras. A member of the team asked the team's resident computer geek (there's always one of those, it seems — and the person always does shockingly illegal things and generally does not act like any credible computer geek I have ever met) if she could enhance the image. Unlike, say, CSI: Miami, though, she did not just click a few buttons and wave a magic wand. There was no "Enhance," click, "Enhance," click, "Enhance," click, followed by a perfect, crystal clear close-up as if digital cameras recorded with exacting clarity all the way down to the Planck length. Instead, she said something like "I can start the process, but we do not have that kind of time!"

The other episode with such a pleasant surprise was this Fisher King episode. The team's resident computer geek, on the verge of tears because she knew how badly she had screwed up, told the team she had figured out how the bad guy had managed to get past the FBI network's defenses. She had been playing some kind of Camelot themed MMORPG on her personal laptop, which she had connected to the Internet via the FBI offices' wireless network so she could play the game. He had simply cracked security on her laptop through an exploit in the game, or perhaps via some social engineering trick (the specifics were not described), and used her laptop as a staging ground from which to crack security on other computers in the network.

The woman had introduced a vulnerability into the FBI network in the form of her own computer, running a networked computer game, and that chink in the network's armor let the bad guy in.

I suppose there are two morals to this story:

  1. Never get complacent about security. You can be your own worst vulnerability when it comes to security.
  2. Hire someone like me as a consultant if you want plausible computer security subplots in your TV shows.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks

Free Newsletters, In your Inbox