Hacking Hollywood: Meet the man getting big screen cybersecurity right
Movies often gets hacking wrong. Ralph Echemendia is trying to put that right
When telling a story, it's sometimes easier to pretend the modern world doesn't exist. Somehow it's hard to imagine anyone checking into the Bates Motel after checking its TripAdvisor page. Likewise, you probably wouldn't watch the video in The Ring if you'd seen its IMDB ratings.
But you can't ignore the modern world forever, and as some kind of hack or data breach seems to crop up on a weekly basis, it's unsurprising that Hollywood is taking notice, slowly introducing hacking and cybersecurity into modern movies.
You may not know his name or face, but Ralph Echemendia has a lot to do with that. As well as providing security training to the likes of NASA, Google and Microsoft, Echemendia has provided technical consultation for films and TV series where hacking is integral to the plot, like Mr Robot and Snowden.
The need for a cybersecurity consultant was once unheard of, but with hacking and data breaches in the news every week, it was only a matter of time before art had to imitate life. And more convincingly than it once was: we've come a long way from 1995's Hackers ("a cult phenomenon and we love it, but it's not accurate at all," opines Echemendia.)
"Hollywood likes to see what's in the news and what's happening in the world and build things around it," Echemendia tells me over the phone. "It's no longer a subculture: it's now a culture. There's a lot more interest in Hollywood to writing about that culture and making stories around it." Perhaps the 2014 hacking of Sony Pictures focused the mind of writers and producers over what had become the part and parcel of our daily digital lives.
Art imitating life
Of course, having an interest and a budget doesn't guarantee quality: take Black Hat, for example ("awful," says Echemendia, and IMDB's audience of critics seems to agree). Still, the Venn diagram between "realistic hacking" and "watchable" is slowly beginning to populate. "I think they're getting a lot better," says Echemendia. "Mr Robot has been very accurate with how it happens in the real world and being able to properly adapt that to a screenplay format.
"You can't go into these projects with the idea that they're going to be completely accurate: it's still a movie. It's usually only seconds in a movie, for the most part, so it's not as critical as the real storytelling behind it."
That's true but given a basic understanding of online safety is essential nowadays, do films have a responsibility to adhere to accuracy? Echemendia agrees with this: "Whether it's seen as such or not, it's still processed as education in some way so there's a level of responsibility for films to better educate. There's no better way to educate than to entertain.
"The future of science and innovation comes from what's on the screen too. The five-year-old kid watching Star Trek was later a scientist responsible for the creation of cell technology and now we have cell phones."
If you're thinking that actors, directors and assorted Hollywood bigwigs would be on top of their security by dint of being easy targets, you'd be wrong. "The crazy part about it is that you'd think there would be more security because of the level of visibility, fame and notoriety, but the truth is that actors, directors and writers really aren't that different from the everyday consumer," he explains. "They tend to be a lot more aware afterwards -- the majority of the crew working on Snowden have become a lot more security savvy," he adds. Many have stayed in touch, and continue to send questions. "They don't necessarily believe that message came from the director now," he adds.
The human problem
I'm talking to Echemendia shortly before he flies to Portugal for an appearance at the annual Web Summit, where he promises he'll be hacking a member of a panel audience to demonstrate how easy it is -- even with the security-conscious audience of a tech conference. At the time he has a few plans of attack in mind, but it all comes back to using technology against humans: the weak link. "I try and play with their device in such a way that they believe something that isn't true," he explains. "You trust what you see. So I can make them see things that aren't true. The vulnerabilities lie in the people, rather than the technology."
Humans are the weak link at whatever level Echemendia deals with. Even at NASA, he was surprised at some of the mistakes being made. "This is NASA, it's the holy grail of nerds," he jokes. "I was surprised -- not so much with what they were doing, but what they weren't doing and what they weren't aware of.
"It's everyone, it's not a technology issue. This is a people problem, and we tend to think that it's an issue that can be resolved either by governments, regulatory clients or companies being held accountable when the truth is the biggest problem is you: the person using the technology."
Ah, squishy, fallible humans. So if this human wanted to be slightly less fallible, what's the one piece of advice Echemendia would offer? "Common sense," he replies. "Technology provides convenience, and convenience always comes with a price. We know that when we go to a convenience store we'll spend an extra dollar on milk, but we know it's more convenient than going to the store. We don't know what the cost is with technology. We've lost all common sense with what we're doing with it."
"It's just a tool, don't forget that." If anything can get that message across, it's the magic of cinema.
Main image credit: Zachary Balber
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now