Silicon Valley Security Experts Give 'Blackhat' a Thumbs-Up; Do You?

HughPickens.com writes Cade Metz writes that last week Parisa Tabriz, head of Google's Chrome security team, helped arrange an early screening of Michael Mann's Blackhat in San Francisco for 200-odd security specialists from Google, Facebook, Apple, Tesla, Twitter, Square, Cisco, and other parts of Silicon Valley's close-knit security community, and their response to the film was shockingly positive. "Judging from the screening Q&A—and the pointed ways this audience reacted during the screening—you could certainly argue Blackhat is the best hacking movie ever made," writes Metz. "Many info-sec specialists will tell you how much they like Sneakers—the 1992 film with Robert Redford, Sidney Poitier, Dan Ackroyd, Ben Kingsley, and River Phoenix—but few films have so closely hewed to info-sec reality as Mann's new movie, fashioned in his characteristic pseudo-documentary style." "Unlike others, this is a film about a real person, not a stereotype—a real guy with real problems thrust into a real situation," says Mark Abene. "The technology—and the disasters—in the film were real, or at least plausible.

Director Michael Mann worked closely with Kevin Poulsen in researching, writing, and shooting the film. Like Hemsworth's character, Poulsen spent time in prison for his hacking exploits, and Mann says his input was invaluable. "It's the first crime-thriller to hinge so heavily on hacking without becoming silly." says Poulson. "We put a lot of work into finding plausible ways that malware and hosting arrangements and all these other things could be used to advance the plot and all of that I think turned out pretty nice." I'm a fan of Michael Mann, and the previews I've seen of Blackhat make it look at least like a passable thriller. For anyone who's seen the film already, what did you think?

Completely believable!

[khasim]

Thor is in jail because he's a hacker. But the bad guys are doing bad things and Thor is the only one who can stop them.

So people who want to help Thor stop the bad guys get Thor out of jail.

And a really hot Asian woman falls in love with Thor.

And Thor and the Asian woman race around the world fighting the bad guys. Literally fighting. Thor kicks physical ass. And he has a hot Asian girlfriend.

No "restore from backup" or "patch your servers" or "fix your firewall's DMZ". This is REAL hacking.

Re:Completely believable!

[93+Escort+Wagon]

And Thor and the Asian woman race around the world fighting the bad guys. Literally fighting. Thor kicks physical ass.

Well, yeah. What did you expect? I can't speak for you, but that certainly describes my job pretty well - and I'm just a web developer.

I remember my first day at work. They showed me my office, then they said "here is your hot Asian girlfriend". I explained I was married, but it seemed to be a requirement.

Re:Completely believable!

[schnell]

a.k.a. "NEWS FLASH: Pasty Mountain Dew-Swilling Nerds Praise Film Where Handsome Badass Pretends To Do Their Job While Things Blow Up."

Hell, if they made a movie called "The Product Manager" and it was Chris Pine seducing inexplicably hot KPI project manager analysts, engaging in high-speed car chases with developers throwing ninja stars and screaming "put this in your requirements document!" and muttering catchphrases like "Oh, it will ship all right. But you can download it in HELL!" while he walks away from explosions, I'd say "yeah, that is exactly like my job."

Re: Completely believable!

[DuckDodgers]

I'm aware of the studies. I've read and applied Beyond Brawn by Stuart McRobert, just about half the books by Ellington Darden, the Nautilus Bulletins by Arthur Jones, Heavy Duty 2 by Mike Mentzer, every article at Cyberpump (back when all of the site content was free), Power Factor Training by John Little and Pete Sisco, articles by Doug McGuff and Drew Baye, and even the Power of 10 by Adam Zickerman and Super Slow: The Ultimate Exercise Protocol by Ken Hutchins. I've also read the fitness research paper published in the June 2004 edition of the Journal of Exercise Physiology online. I've worked out as often as every other day to as infrequently as once every three weeks. I've done routines with full body single set circuits at each workout. I've also done routines with different muscle group splits. I've trained to concentric failure, to static failure, and even occasionally to eccentric failure. All that from 1996 to 2014 and in all cases the gains stopped after the first few weeks and plateaued for months until I quit and started over.

The only thing great about HIT is that it's easier on the joints. When I do higher volume work I tend to develop joint pain, and of course in the long run it's better to have barely-better-than-untrained muscles and healthy joints than strong muscles and damaged joints.

Strength training studies are problematic. A trainee can hold back at the initial strength test, thus giving false gains at the end of the study. The trainees can do additional workouts outside of the supervision of the study supervisors. Study participants can be using steroids. Perhaps worst of all, regaining muscle mass you formerly possessed tends to be much faster than gaining new muscle mass. ( There are several studies that document this. One such link: http://www.thinkmuscle.com/art... ) Most workout studies don't control for the influence of this factor on outcomes or try to control for it but only rely upon word-of-mouth of the study participants, which is unreliable. So if you conduct a strength study and your random assignment of subjects puts five people that each used to have twenty more pounds of muscle mass in one group, they're going to make much greater gains in a shorter time than other subjects in the same group, and skew your results. If you're familiar with Arthur Jones' "Colorado Experiment", the two research subjects had both gained and then lost over thirty pounds of muscle in the years before the experiment. So the fact that they made massive gains on HIT doesn't mean anything for trainees that had never previously had thirty additional pounds of muscle.

Real, real, real...

[fahrbot-bot]

"Unlike others, this is a film about a real person, not a stereotype—a real guy with real problems thrust into a real situation," says Mark Abene. "The technology—and the disasters—in the film were real, or at least plausible.

Where have I head this before? Oh right - Blackhat is the Interstellar of info-sec terrorism films - sigh

And the "bad guy" is able to reach "anyone" , "anywhere" , "anytime" - wow, how does he bridge the air-gap for all those disconnected networks? He must have one of those four-dimensional "tesseract" library thingys.

Director Michael Mann worked closely with Kevin Poulsen in researching, writing, and shooting the film. Like Hemsworth's character, Poulsen spent time in prison for his hacking exploits, and Mann says his input was invaluable.

Checking out the photo of Kevin Poulsen on Wikipedia, he must be thrilled to have Chris Hemsworth playing him and "us" - seriously how many hackers (elite or otherwise) look like Chris, are firearms experts and, apparently, ninjas? I didn't realize, until just this moment, how physical hacking could be.

Well as long as the security geeks in Silicon Valley (and their egos) liked it, the critics at Rotten Tomatoes that gave it a 31% *must* be wrong. I'll wait to see this on Amazon Prime or Netflix ...

Re:Real, real, real...

[chill]

Actually, I know several that are gun nuts and are pretty damn accurate with firearms. Mostly when aiming at defenseless, motionless, bloodless targets, but still...

Geeks and guns is a popular thing, at least in the U.S.

Re:Real, real, real...

[sgt_doom]

Quite a few Feng Shui experts in IT. Is Feng Shui deadly?

Re:Real, real, real...

[_xeno_]

Where have I head this before? Oh right - Blackhat is the Interstellar of info-sec terrorism films - sigh

Interesting analogy, because the "accuracy" in Interstellar actually was somewhat distracting to me because it made the areas that weren't accurate stand out more.

OK, so there are magic space aliens driving the plot at some point. That I didn't have a problem with. Magic space aliens doing magic, whatever, it drives the movie, willful suspension of disbelief and all that.

Infinite fuel space-planes and the magical spaceship that somehow carried enough supplies for a multi-year mission while looking way too small to do that, on the other hand - those annoyed me. If they hadn't gone for the "realistic" initial spaceship launch I probably could have binned those into the "magic space aliens" "suspension of disbelief" category and just ignored them, but when you go for "realism" you need to go for "realism" everywhere.

Sounds like it's the same with this movie. OK, so the hacking is super realistic, great. Too bad the rest of the movie isn't, making the contrast just that much more jarring.

(That being said, I enjoyed Interstellar. It's a good movie. The science stuff is still a bit bogus, but the core movie is good. Sounds like the same can't be said for Blackhat based on the reviews I've seen.)

Good looking hacker who can run up flght of stairs

[JoeyRox]

without getting winded? You call that believable? :)

Best hacker movie?

Sorry Michael Mann, but the hacker movie that represented hacker culture best was the Swedish original The Girl with the Dragon Tattoo".

Hell Yes

[SuperKendall]

Is Feng Shui deadly?

If you angle a mirror wrong it will FUCK UP someone walking into the space.

Not to mention that just one of the precepts of Feng Shui is that you not sit with your back to any openings in a room. They say it's for "good energy" but really it's so you can gun down every motherfucker that comes for you before they even see your face.

Awful. Insulted my intelligence.

[rjh]

Terrible. It insulted my intelligence at every opportunity. To pick just three:

1. A hard drive that's been at Ground Zero of a Chernobyl-level event, exposed to hundreds of sieverts of ionizing radiation, extraordinary extremes of temperature, a hydrogen-oxygen explosion with such tremendous overpressure that it blew the containment dome, and seawater pumped through the building as a last-ditch effort at cooling the core, is still somehow so readable that it just requires a classified forensics program to recover it fully.
2. The main bad guy's ultimate plan involves speculating on the future of a commodity that isn't exactly rare.
3. Targeting nuclear reactors in the U.S. and China as a practice run for the real attack is pretty stupid, as the practice run is so devastating that it guarantees an immediate and vigorous reaction from two world-power countries known to have active cyberwarfare programs, thereby announcing your presence to exactly the people you want to keep completely in the dark

This movie insulted my intelligence at every turn. I have a long (and spoilerific) list of all the what-the no-they-didn't good-Christ moments I saw in the movie; if there's interest I'll post them here.

don't believe the hype

[aepervius]

1) still take a very good looking guy able to go into "action scene" mode as heroe (not to count all trope which comes with it rsp the female lead)

2) the hacking is... Well as hollywoodian as ever

3) the film villain reach is unebliavable and cartoonish

4) it ends with ana ction scene.


Let us get real a real hacker film would be boring for your average hollywood audience. But that does not excuse the rest above which is your average poor heroe trope full film with just "hacking" thin coated over.