In movies, the word "hacker" is interchangeable with "wizard." Screenwriters can have a character mutter something about "nodes" or "encryption," slap the shit out of a keyboard, and acquire godlike powers over the natural world. They figure the average person doesn't really understand computers, so anyone who can hack one might as well be a mythical creature. Well, this is one of those times when the Hollywood version of a job is somehow even more hilariously off the mark than usual.
My name is Caleb Brinkman. I'm a white hat hacker, which means I only hurt websites to make them stronger. Read on and you'll learn why everything movies and NCIS taught you about hacking is ridiculously wrong ...
5Myth: You Can Hack into Any Mainframe Over the Internet
If you hear the words "hack the ..." in a movie, the next word is almost certainly "mainframe." It's a common enough occurrence to qualify as a trope:
We tend to imagine a website as the facade for this giant pile of secret records and internal details. Hack deep enough into the CIA's website and you can get into their mainframe. There you'll find all the records of their undercover agents and schematics for their wristwatch-mounted lasers. When I got into hacking, I assumed I'd be searching out mainframes, running decrypters, and breaking my way into all these systems.
I bought this exact pattern of Hawaiian shirt in preparation.
But the idea that you can get into any major computer system through the Web is just false. They may have a database with, say, username and password information that you can access through the Internet, but their records aren't going to be kept in any kind of public-facing database, because that's incredibly stupid. You won't find the nuclear launch codes hidden in anything attached to Defense.gov.
Websites are less like facades and more like handbills stapled to telephone poles. You can scribble all over that Albertson's ad in crayon, but no amount of doodling will let you steal a big pile of steaks. It's the same thing with all those movies where some supervillain hacker cracks his way onto the power grid: You'd have to know a ton of secret internal information to have a hope of getting in. Even the word "mainframe" itself is kind of an anachronism, because they've been largely replaced with server farms. Those servers are connected to a company-wide intranet, but why would Microsoft or Lockheed Martin pay to host all their billions of gigabytes of secret files in the cloud? That would be like paying thousands of dollars to install a solid glass gun safe in your front yard.
Thinkstock Images/Stockbyte/Getty Images
"But what if we put our secret files up on the Internet, where everyone can find them?"
Look at Edward Snowden, the guy who made off with all of those secrets about the NSA's spying program. He didn't steal that data by punching some hole in the NSA's website and sucking up all their secret goo. He got it all from the inside, because he worked there as a high-ranking system admin. There's very little hacking required when they hand you the keys.
4Myth: Hacking Is Illegal
There are obviously people out there who hack in the service of evil -- without them, I wouldn't have a job. I work as a "white hat" hacker paid specifically to stop those people. But most of the hackers I know spend their time and brain juice on research. We analyze source code to figure out ways we might exploit it. Call it preventive vandalism -- people pay us to break into their websites and then tell them which window we used.
"In the future, you might want to invest in the fist-proof glass."
The other side of white hat hacking is more mercenary: finding bugs in Web applications and collecting bounties. It's like we're questing in an MMORPG, only the rewards are straight up cheddar. Facebook pays $500 minimum for evidence of a bug. Google pays up to $20,000 if you can find something serious enough. They've paid out $2 million in the last three years, because operating the world's largest search engine makes you a money pinata filled with vulnerabilities.
Justin Sullivan / Getty
Much like Google co-founder Sergey Brin.
So yeah -- real hackers spend most of their time trying to break into high-profile websites. But they aren't doing it because they're crazy anarchist rebels fighting the Power; they're doing it to help make those websites safer, and because every bug they find nets them piles of big sexy money (as tempting as it would be to replace your boss' profile picture with an ejaculating penis, wouldn't you rather turn that vulnerability into a year's rent?).
There's even a website to collect all these bounties: Bugcrowd.
Justin Sullivan / Getty
It's like being a hit man, but with a higher rate of adult-onset diabetes.
So, since hacking can actually be a real J-O-B job where you make a legitimate living (and white hat hacking is a big business), that also knocks down another movie stereotype: that hackers are all eccentric, socially disconnected basement dwellers living off the grid. Here's the hacker "Warlock" from the fourth Die Hard movie in a pretty typical hacker basement:
This is actually how I'd always imagined Kevin Smith's bathroom.
And here's a typical movie hacker boasting that he works for "Star Trek tapes and Hot Pockets":
Well, our team works in a typical office, and most of the people here are married. And we're not some kind of isolated pocket of normal people in a world of freaks, either -- hackers have public trade shows where our best and brightest drink heavily and exchange business cards. Black Hat and Def Con are two such events, both filled with networking and even people in suits (although T-shirts are much more common). The keynote speaker at Black Hat this year was none other than the director of the freaking NSA, and for your reference, the crowd he spoke to looked like this:
If you've spent any time in the tech industry, you'd recognize this as a pretty normal group. Only one dude had a fedora, and he took a ton of shit for it.