Cracked Columnists

4 Things Movies Always Get Wrong About Computer Hackers

You're all smart people, I'm sure. You know that movies might not always be entirely realistic. That jumping away from explosions is only good for dying a little farther away from that explosion. You get that hacking in movies isn't always portrayed that realistically. It's not all rapid typing and leather pants and kick flips. You get that.

But no, you don't get that at all. Hacking still sounds pretty cool doesn't it? Even without the leather pants -- even with no pants at all -- holy shit, busting into someone's computer? How badass is that? Stealing passwords and credit card numbers and NOC lists, using nothing more than your brain? That's cool as fuck! Even if hackers can't do everything they can in the movies, (and holy shit, yes they can!) making a computer dance like a puppet is pretty cool.

"Man, I wish I could get porn on this thing."

I'm here to tell you that's not the case.

How do I know? You might not be able to tell by the prestigious dong-joke-writing career I have now, but I used to be a pretty big nerd, specifically of the computer variety. I have, by most definitions of the word, actually hacked things. I certainly don't claim to be an expert; I know just enough to know how much I suck. (Truthfully, my only real hacking experience was the time in the late '90s when I won a series of dance contests under suspicious circumstances.)

But I do know enough to tell you that everything you've learned about hacking has utterly failed to communicate just how completely fucking boring it actually is. Here's why:

#4. Most "Hacks" Are Really Easy

The vast majority of events that you would describe as "hacks" are pretty trivial, only marginally more complicated than assembling furniture from IKEA.

"Fnord? What the fuck is a Fnord anyways? The Swedish god of laminated particle-board?"

It turns out that someone with little more training than watching The Matrix ten times is perfectly capable of cracking passwords or bringing down a website. Even you, dear Cracked reader, with your limited time for gaining technical expertise due to all the sex you're having, are entirely capable of conducting these hacks. Do you want to know how?

Google it.

No bullshit. If you Google "How to hack Windows PC" or "How to hack Android" or "How to hack lesbian porn site passwords" you will find your answers. Maybe not right away; it might take a bit of clicking around, and even, alas, some reading. But before too long you will find a FAQ which explains exactly what you need to do. It will tell you the tools you need to download, and then sigh and provide you links to the tools you need to download, and then sigh again, and provide you instructions on how to install those tools, and then scream at you, and tell you exactly how to use those tools. And when all that's done, you'll have hacked something and be completely L337.

"Script-kiddies" is the term for those who hack this way exclusively; a label which is not, as you might expect, derived from some kind of prescription-drug/pedophilia fetish, but from the fact that it takes very little thought to run someone else's scripts (i.e.: hacking tools someone else has made). Many of the stories about websites being taken down can be attributed to this category of hackers, who use premade tools to scan their targets, premade tools to exploit those targets, and premade tools to insert more dongs on the front page than normal (or less, if that site's audience demands dongs).

"Oh shit. Cracked has less dongs today. Why did I ever give those guys my credit card number?"

Private note for the approximately half of you who have already opened another browser tab to start hacking things: It can take substantially more expertise to actually get away with what you're about to do. Please, for the sake of our overcrowded prisons, stay your hand. Your clammy, clammy hand.

#3. But When It's Hard, It Takes Way More Work Than You Can Imagine

Most of the interesting stuff about hacking isn't how those tools are used; it's how they're made. I've never done anything even close to this, because it looks like it takes a lot of effort. But I know enough to describe it.

What these hacking tools are doing is taking advantage of flaws in software or hardware. These flaws, and the methods of taking advantage of them, are called exploits. An example would be if you had come up with a system for securing your house where, after you locked the front door, you placed the key under the doormat. The flaw in this system -- that you're an idiot -- can be exploited by a hacker with the following hack: Checking Under the Doormat.

This type of security may be acceptable if the only thing you have worth stealing is the doormat itself, in which case, it actually qualifies as a clever ruse.

Sounds simple enough, but when the systems involved get more complicated than idiots and doormats, the flaws become harder to find and the exploits become harder to create. Here's an example of a much harder exploit: an ATM hacked to make money spew on the ground.

In action, once the exploit is prepared, it takes only a couple seconds to execute. But if you read this news story, you see a hint of what had to be done first:

"[The hacker] then reverse-engineered the machines' code and created his own version of the firmware that could be installed on the machines ..."

It'd take a real idiot of a writer to think that one sentence could communicate the amount of labor that went in to "reverse-engineering the machines' code." So I'll try with one paragraph:

Step 1: Obtain an ATM. Surprisingly, this isn't too hard; you can get them on eBay apparently.

Step 2: Figure out as much as you can about how the ATM works. This will probably involve obtaining the manual from the manufacturer, and then partially disassembling the thing and looking at all its naughty bits.

It's an acquired taste getting off on this, but it can be done. To an electrical engineer, this is basically the equivalent of butt stuff.

Step 3: Based on how you think the ATM works, abuse it a bit. Find its various inputs (the keypad, USB or network ports) and feed them crazy gibberish. See how it likes that. This will tell you more about how the ATM works internally.

Step 4: Break the ATM. Like a spurned lover or a really sinister psychiatrist, use everything you've learned about the ATM to destroy it. This is going to involve technical things like stack overflows, code injections, birthday attacks, race conditions, or any of a thousand other attacks you've never heard of.

For just about every part of that procedure that didn't involve eBay, it would be super handy if you were an expert at reverse engineering, computer security, or witchcraft. And even knowing those sinister lores, this isn't done in minutes; you're looking at days or weeks of work here.

I should be clear, if you are a real big computer nerd, none of this is boring at all. Taking apart a machine or piece of software, staring at oscilloscopes or pages of hex for days and weeks; that's fascinating stuff to the kind of person with just the right chemical imbalances in their brain. But it's not fascinating to the average layman, and certainly not interesting to a movie producer, which is why you've never seen it in a movie before (the closest we've come is this gibbering nonsense). Film of someone hacking hex code is about as cinematic as someone flipping through television channels for twenty six hours.

And that's not even the slowest type of hacking ...

Recommended For Your Pleasure

Chris Bucholz

  • Rss

More by Chris Bucholz:

See More
To turn on reply notifications, click here


The Cracked Podcast

Choosing to "Like" Cracked has no side effects, so what's the worst that could happen?

The Weekly Hit List

Sit back... Relax... We'll do all the work.
Get a weekly update on the best at Cracked. Subscribe now!