Popular culture loves hackers. Some movies romanticize them while others depict them as secretive persons working silently behind computer screens. There are some accurate depictions of hackers in cinema, but there are also many exaggerations and misconceptions.
So we decided to shed some light on the inaccuracies of these movies and analyse some of them in a new series of articles. Lukas, a white-hat hacker at NordVPN, chose to review a movie called Blackhat. Can malware really destroy a nuclear power plant?
Blackhat is a 2015 American thriller film that was a box office failure with divisive opinions from critics. However, it has its good moments.
The film depicts the story of a very talented hacker Nick Hathaway. A computer code he once wrote was used to create a malware, which can destroy a nuclear power plant in China. The government promised to set him free if he could help catch the culprits.
A few scenes involve hacking, so let’s see what Lukas has to say about them.
The first scenario – the explosion at the nuclear power plant – is based on real-life incidents that caused substantial damage to Iran’s nuclear program. The real Stuxnet worm targeted supervisory control and data acquisition (SCADA) systems and other programmable logic controllers (PLCs). These automated Iranian electromechanical processes used to control machinery and industrial processes, including gas centrifuges for separating nuclear material.
In the movie, the Chinese military cybersecurity officer stated that a remote administration tool (RAT) introduced a virus that caused the accident at the nuclear power plant. A RAT is a type of malware that can remotely open a backdoor to the infected system and perform other malicious actions. The movie doesn’t specify how the RAT was delivered, but it could’ve been done by inserting an infected USB flash drive into the control computers. This could’ve been one of the possible ways how the Stuxnet worm started to spread as well.
Another similarity between the Stuxnet worm and the malware in the movie is that it caused a malfunction in the pumps of the nuclear plant's cooling system. The personnel didn’t notice the malfunction until it was too late. This was done by performing a man-in-the-middle attack that falsified industrial process control sensor signals to prevent the infected system from shutting down due to abnormal behavior. This is caused by a rootkit that hides the malware on the system and masks the changes in rotational speed from monitoring systems.
After the outbreak of the Stuxnet worm, multiple Windows OS zero-day exploits were discovered that had helped cause the spread. In addition, there were recommendations to prohibit the usage of third-party USB flash drives. The USB was one of the main reasons why the air gap was crossed (air gaps are network security measures employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks).
The nuclear power plant scenario is heavily based on the 2010 Stuxnet worm attack. Though the movie does not provide any deeper details on how the infection started, the scene is quite plausible.
Another scene depicts a stock market hack. Prices on the Chicago Stock Exchange suddenly start climbing rapidly, causing losses in the millions. During the brief on the malware, one of the officers mentions that the same remote administration tool was used that had caused the accident in the nuclear plant. One character states that the data center is protected by powerful firewalls and features an intrusion detection system (IDS) that performs packet inspection. This kind of protection makes sense for critical infrastructure like this. This rules out the remote infection vector.
Then, one of the data center personnel connected to the local network through a terminal. He stated that only he could access the terminal with a plugged-in hardware authentication device that acts as a digital key for storing static passwords or private keys. However, his statement that the key required his fingerprint was inaccurate. Unfortunately, this kind of device does not support biometric authentication.
The main character then requests permission to use the terminal. He analyzed the connected key and opened the autorun.inf file. This is misleading since that USB device was a one-time password (OTP) device and those are not used for storage purposes, so naturally, you can not place any user files in it. But ignore this fact for now and jump to the autorun.inf file. This file tells the Windows operating system what to run when the USB device is connected. This kind of attack vector could be used to infect computers with malware without the user noticing. However, the scene also showed that the terminal computer was using a UNIX-based operating system that does not support this kind of functionality.
Unfortunately, this scene was not as accurate as the first one. However, it does depict a real type of famous attack that was popular many years ago. Now, both operating systems and antivirus solutions are well aware of the potential risks involved and often block or flag Autoruns.
The movie starts with an intense and relatively accurate hacking scene. This scene has its inaccuracies, but it gives the film a strong start. However, the accuracy degrades as the plot progresses. The second scene gives an impression of how infiltration works, but it misses many small but relevant details. In my opinion, even though Blackhat is still very Hollywoodish, it does have some good bits that prevent it from being totally inaccurate.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!