It’s a familiar scene. A hacker, perhaps a socially awkward young man with a penchant for one-liners, sits in front of a stolen laptop, frantically tapping the keys as a band of thugs threatens his life. The hacker, who has a reputation for being the best at what he does, has been kidnapped and is working at the bidding of a shady terrorist operation, trying to hack into the Pentagon’s system to access information that will help the terrorists carry out their nefarious deeds. With a few keystrokes the hacker is in — and the criminals have all they need.
As you sit in the movie theater and watch this scene unfold, you wonder, “Could that ever really happen? Could someone steal information that easily? And why would terrorists want to mess with our computers anyway?” Hollywood does take certain liberties with how it presents cyberterrorism on the screen. Although it gets some things right, it gets more wrong when it comes to portraying how terrorists use computers and networks to attack their enemies.
• Hacking. Cyberterrorism is a very real threat due to the fact that many important systems, including those that control electrical, communications, water and sewer services have significant vulnerabilities that terrorists could exploit; however, many times, Hollywood shows hackers with the ability to hack into a specific section or location along a line; for example, the gas line below a particular building, or phone services in a single office. While hackers can attack these services, it’s unrealistic to believe they can pinpoint a specific area to target.
• Storage. In films, it’s not uncommon for the hero to be on a search to recover stolen information — an elusive hard drive or disk containing sensitive information that would be devastating if it were revealed. While individual pieces of equipment do contain sensitive information, it’s unlikely any agency would include all the pieces of sensitive data in one location. In other words, it’s unlikely a single hard drive will contain everything a terrorist needs to take over the world. Organizations should realize, though, that thanks to employees using mobile devices or corporate equipment outside of the office on unsecured networks, it’s possible for information to be inadvertently accessed, lost or stolen, making security policies and plans regarding these devices’ usage more important than ever.
• Transportation. Much as hackers can target vital utilities, they can also exploit vulnerabilities in transportation systems; however, while Hollywood tends to focus on dramatic hijackings and hostage situations, cyber-terrorists are more likely to attack the transportation infrastructure. For example, a hacker could access air traffic control to disrupt air travel or access traffic systems to change stoplights, creating chaos — that could be a diversion for something more nefarious; however, again, unlike the Hollywood portrayal, it’s unlikely a terrorist could target a specific train, airplane or intersection, instead wreaking havoc on a much larger scale.
One thing Hollywood has gotten right? It’s portrayal of how law enforcement goes about catching cybercriminals. Much like with other crimes, cybercrime detectives make use of profiling to determine the best way to stay one step ahead of criminals. Some large organizations employ hackers to attack their systems to determine vulnerabilities, while the government has been known to create computer networks that appear real but are actually elaborate traps designed to give them insight into how cyber-terrorists and criminals work.
Although Hollywood doesn’t always get it right when it comes to cyberterrorism, it is important to realize cyberterrorism is real. Every day, the U.S. government, military and businesses are all targeted by criminals attempting to gain access to their secure networks. In some cases, these attacks occur hundreds — even thousands — of times each day.
Most of the time criminals are thwarted, but the sheer number of attacks and the potential dangers of a security breach underscore the importance for education as well as comprehensive and robust network security protocols — because real lives and real issues are at risk from cyberterrorism.