Wargames: hacker’s delight

I recently saw a Quora thread about movies that have real hacker scenes in them. Wargames came up once or twice, but it was not very well explained why it’s such a great hacker movie, and the answers supporting it were all lower-voted than The Matrix Reloaded, for its scene of Trinity using nmap and an SSH exploit. Granted, that’s cool, but I think those people need to step back and analyse which movie deserves the most hack cred.

In The Matrix: Reloaded, Trinity does one real-life non-sexy hack. She uses a legitimate tool to exploit a known vulnerability. Cool. Also, there are a lot of computers and source code vision and religious symbolism. So that’s one point for the Matrix: Reloaded.

In WarGames, there are at least half a dozen distinct real hacking techniques.

Early in the movie, Mathew Broderick goes into his school’s office, and when no one is looking, he checks a sticky note with a password written on it (1). This is a prime example of social engineering to get access to data a person isn’t supposed to have — he then uses the password to manipulate data in the system to his advantage.

Not long after, he starts up a war dialer to search for phone lines that he can connect his computer to (2) — he’s basically port-scanning the telephone system. He starts the scan and then leaves, openly acknowledging that the scan is going to be running for days, and is really pretty boring.

When he finds a system, he immediately starts guessing some common and related passwords (3). He tries a blank login. Real, legitimate, boring hacker stuff is going on right there on the screen.

When he can’t guess the password to the system, he goes to the library and starts researching the person who made it (4). He learns all about Professor Falken’s life, and he goes to greater experts whom he can ask for help, just to make more informed guesses at the user’s password. At one point in the movie he starts dumpster diving (sort of 1 again) to find sensitive information! Real, boring, unglamorous things that can get you access to a system.

Then he gets access, by guessing Professor Falken’s son’s name. He starts playing games used to train the system he’s gotten into, and nearly triggers a real war (hence the title). Not long after, he realizes that he needs to get into the military complex to try to stop things before they get truly out of hand.

He uses social engineering and pretending-you-fit (5) to get into (and later, out of) the Mount Cheyenne military complex. While inside, he hardwires an electrical system to unlock a door (6) and uses social engineering to convince people to do things for him or to leave him alone.

Then, once he’s out, he does a little phone phreaking (7) to make a free phone call to his girlfriend, and shortly after uses the airplane tickets he got during a much earlier hack.

Wargames is full of real hacking techniques — not just technical, but non-technical. What’s most impressive is that the movie came out in 1983. It was one of the first computer movies that ever came out, and it more frankly and realistically addressed computer security than pretty much any movie afterward. Almost every plot point in the film revolves around some kind of systems hacking, and it never resorts to absurd special effects that have no relation to real life things.

The best part is the final scenes of the film. Warning, we’re entering real spoiler territory here (after 20 years, just go watch it!). This one is a different sort of hack. The final, major plot point of the film is how they manage to get the computer to stop the impending war.

They hack an AI. They train the system (hello, neural networks!) by providing a small, simplified training dataset (tic-tac-toe) for the AI to learn off of. They show the AI that tic-tac-toe is un-winnable if every player makes the right moves. The AI learns from this that there is no winning move — if you don’t want a draw, you’d better not play.

That segues perfectly to the movie’s political result. Falken’s AI decides to run every possible simulation in the thermonuclear war game. It concludes that there is no winning move. Just like tic-tac-toe, if everyone does the right thing, it’s a draw. Everyone loses. They have taught the computer what they couldn’t understand: nuclear war is insane, and the only winning move is not to play.

They hacked the AI by making it smarter(8). They showed themselves the most logical path: peaceful coexistence. Do not play Themonuclear war.

In summary,

  1. Find passwords that people have written down and left lying about
  2. Scan open networks for computers you can connect to.
  3. Guess common passwords.
  4. Research your target to make educated guesses.
  5. Pretend you belong / Just ask for access / Fake a reason
  6. Bypass auth — by manually connecting a wire.
  7. Tone box to get a phone call.
  8. Spam malicious (or virtuous, in this case) training data to convince a neural network to take the action you want it to take.

Truly a great hacking movie. And who doesn’t love watching Mathew Broderick?

edit: in an earlier version of this post, “Falken” was written “Faulkner”, because literature.