Mission Impossible: The Ridiculous Tech Of Jason Bourne
Jason Bourne. You know his name, and you know what to expect in the action/espionage franchise: Stupendous car chases, brutal hand-to-hand combat, and a big CIA control room where tech wizards watch his every move around the world. The latest Bourne flick has loads of all that, making it a joyful seat-gripping action flick. It also has absurd scenes with garbled tech concepts flying at the audience as fast as the villains pursuing Bourne.
With Star Trek, Star Wars, or the Avengers, you assume the “technology” will be ridiculous: They’re fantasy films. Bourne, however, aspires to reflect the real dangers of unchecked technological power in the modern world. The movie features a CIA total-surveillance program that taps into social networks—a scenario that some people fear and many assume is already happening. Tracking Bourne around the world using extensive surveillance camera networks could, at least in theory, be possible. “The Bourne series has usually been fairly authentic compared to other movies,” says Jérôme Segura, lead analyst at Malwarebytes, in an email.
The credibility falters, though, in painful scenes of beeping computers with video game-style graphics or magical technologies like the “Enhance” feature that suddenly makes the blurriest picture crystal clear. Such wizardry is embarrassing in the era of Mr. Robot‘s tech verisimilitude, or simply in a modern world where many people have multiple computing devices, and none of them acts that way. Even funnier are scenes where these super spies and hackers are ridiculously stupid about security hygiene.
Warning: Mild spoilers ahead.
Laugh Out Loud Security
It starts when rogue agent Nicky Parsons (Julia Stiles) hacks into the CIA mainframe to download all the files on its black operations, which sit in a Windows folder named “Black Operations.” (There are even archived folders of past black ops in the file tree.) No databases for the CIA to manage its programs—not even Evernote.
Parsons connects through a palm-sized authentication device called Dubna 48K. The CIA notices the attack, and IDs the unit as one that was supposed to have been destroyed in 1993. “Sounds kind of careless of the CIA to not revoke its access, especially to parts of its network which carry details of top secret covert ops,” says security analyst Graham Cluley in an email. And how is a 23-year-old device still compatible? Small concerns compared to the fact that the real Dubna 48K was an underpowered Soviet PC used to play ports of 8-bit Nintendo games.
It’s unlikely anything would have gotten Parsons into the CIA. “Government systems and networks storing classified and/or highly sensitive data are strictly segregated from remote authentication and access over open Internet channels, and maintain their own closed environments typically requiring on-site direct terminal access,” says Peter Tran, GM and senior director at security firm RSA, in an email. There’s a reference in the film to Edward Snowden, but he didn’t hack anything. Snowden was a contractor who already had inside access.
New villain and Stanford whiz kid Heather Lee (Alicia Vikander of Ex Machina) quickly spots the intrusion thanks to an animation showing a computer icon firing what look like laser blasts at a bunch of other computers behind a force field. Security expert Chester Wisniewski of Sophos chuckles, saying he sees this kind of stuff in marketing materials (like this one from the Norse security company). Such a tool would be, “completely worthless to actually monitor your network or get anything done,” says Wisniewski.
Meanwhile, Parsons works alongside other hackers muttering their own plots, like “Use SQL to disrupt their databases.” Structured query language is used to access databases, and there is an attack called SQL injection, but no hacker or programmer would describe it that way. “It looked like someone had read part of what somebody does when they do a SQL injection attack,” says a laughing Cindy Cohn, executive director of the Electronic Frontier Foundation (EFF). “And a SQL injection is not a particularly sophisticated thing,” she adds. (Cohn says she was thrilled to see EFF stickers in the movie.)
Bourne eventually gets the files on an encrypted USB drive. You know that because “ENCRYPTED” is written on the side of it. He finds a German über-hacker to open the files on his laptop, but malware hidden on the USB drive alerts the CIA. “This is daft!” writes Cluley. “Why did they do the decryption while the computer was connected to the net?” Wisniewski says he carries two laptops—one for things like email and a second, with all his research and company files, which never goes online. “You would air-gap that sucker,” says Cohn. “That one struck me as laugh-out-loud.”
Surveillance Endgame
Cohn finds the portrayal of global surveillance more plausible than laughable, and sometimes Bourne is actually behind the times. The complex plot includes a deal between the CIA and a social network, obviously inspired by Facebook, to harvest information about users. “We know about the PRISM program,” says Cohen, naming one of the secrets revealed by Snowden. “We know the government entered into some kind of arrangement where they could get information from social networks pretty quickly. Neither the government nor the companies have still really come clean about what that is and isn’t.”
The movie fails to acknowledge that the U.S. government is already sucking up data directly from the Internet backbone. “It doesn’t matter whether they’ve got a [connection] into Facebook,” says Cohn. “I mean, that’s nice, but everything flows through the backbone.”
The biggest surveillance theme is the CIA’s ability to track people by tapping into security camera systems around the world. “CCTVs can do that, although the real-time aspect seems a little much,” says Jérôme Segura. They follow Bourne and Parsons all through Athens, at night, during a citywide political riot. “I don’t think we’re there yet, but I don’t think it’s so far-fetched,” says Wisniewski. Less plausible is that the government of Greece or Germany or the U.K. would give the U.S. unfettered access to their security camera networks, but maybe they wouldn’t have to. “So many security cameras are poorly secured and are on the Internet,” says Wisniewski.
The fidelity of imaging is implausibly high, says Cluley. “Think of all the times police have struggled to identify a suspect from CCTV footage because of poor light, bad angles, poor resolution etc., and had to appeal to the public for assistance,” he says. This is where magical technology comes in. Agent Lee spies a snippet of video showing not much more than a blur of blond hair, but when she orders one of her technicians to “enhance,” a perfect color image of Parsons’s face materializes onscreen, complete with a twinkly audio effect as it happens. (It’s also funny that Parsons, who should know what the CIA is capable of, doesn’t even wear a hat.)
“They kind of show you what the CIA wishes they could do,” says Cohn. “Especially in the part where the technology works flawlessly and immediately, [that’s] pretty far from what it’s actually like.”
Fast Company , Read Full Story
(206)