High rev’ing race drones in a dystopian world.  Geek out, drink beer, and get your drone fix, at $2.99 USD it’s a bargain.  I’m looking forward to watching this movie.  Enjoy!

As a security professional I know the levers and buttons behind the smoke of Oz.  There’s not much that surprises me in the field.  Anyone that has actually hacked a system before knows it’s not all that glamourous.  I’m not saying hacking ops never involve hot girls, guns, fast cars, and secret orders that go up in a puff of smoke after being read, but my missions are far more sublime.  As a result, my expectations for computer security movies coming out of Hollywood these days is not very high but I am presently surprised with Algorithm: The Hacker Movie.

The movie begins with a loner on the edge of society.  Earning money from occasional odd side jobs, even to the point of occasionally sleeping outside, living with friends and hacking.  The desire to hack is a deep desire to solve puzzles (which drives many of us).  You get the impression hacking not a job but a way of life.  The character also narrates the story occasionally so you get a chance to learn what he’s thinking, his motivations, his relationships with friends.  The acting was perhaps not outstanding but it was believable.  I like the tone of the movie, quiet and not splashy.  The quite tone reminded me of watching Twilight movies but more grown-up.  Many movies portray hackers as bright social misfits but most real hackers don’t have ADD, OCD, or other social disorders.  Many of the brightest minds in the field can carry a conversation and do enjoy a daily shower.  Yes, I do have friends with binary tattooed on their knuckles, OCD, and such.  But the real truth about hackers is really somewhere in between.  The mix of characters in this movie seemed quirky yet believable which is less polarized and more true to life.

Fact is, real hacking is boring to watch.  Nobody gets excited watching someone solve a crossword puzzle.  The film makers made the film exciting while keeping more or less true to the overall security theme earns it a thumbs up in my opinion.  Oh almost forgot, I even learned something about security in the movie I didn’t know prior to watching – Port Knocking.

Algorithm: The Hacker Movie, movie link

Xan Brooks of the theguardian announced in a recent article director Oliver Stone is planning a new movie to tell of story of NSA whistle blower Edward Snowden.  Oliver Stone directed the controversial film JFK in 1991 starring Kevin Costner.

In the interim, if you would like to learn more about facts surrounding Edward Snowden before seeing the movie please consider consider reviewing my previous post.  Enjoy!


movie logo

The movie Terms and Conditions May Apply takes a hard look at personal privacy in the Internet age.  The movie explores many controversial areas of privacy like erosion of corporate privacy policies and laws, monetization of personal information, and continued indifference by governments to defend citizen privacy.  Additionally, a number of important but perhaps lesser known concerns like disposition of personal subscriber information after corporate closures and acquisitions are covered.

The documentary alternates between expert interviews following with commentary to navigate viewers through the rich maze of subject matter.  The movie illuminates shared electronic information addictions of corporations and governments.  A soft point made by the movie is that nothing is “free”.  To service consumers with free products they desire, corporations monetized personal information and traded it like a commodity.  Also post 9/11 era the trend with nation states, increased Internet surveillance provides valuable intelligence for preventing terrorist attacks and crime.  The line between government and corporations grows more fuzzy as governments desire to extend their reach into corporate information stores, private VOIP phone conversations, text messages, email, etc.  An analog is drawn by the documentary with one of my favorite science fiction movies, Minority Report.  In Minority Report, Tom Cruise leads a law enforcement Pre-Crime Unit.  The main goal of the Pre-Crime Unit is to prevent crimes before they occur.  While the technologies in the Minority Report movie and today’s Internet surveillance are different, and I will not spoil the movie, the goals are ironically similar.

“So while it may be an acceptable form of civil disobedience to burn an American flag on the White House lawn, typing *bomb* in a Facebook post may result in a SWAT team visit to your home.”

The movie elevates awareness to concerns like, Third Party Doctrine.  In Third Party Doctrine individuals abdicate their privacy rights upon disclosure of their personal information to third parties like Facebook, Pinterest, or other such Internet service providers.  Confiscating your personal diary with your most sensitive thoughts and feelings from your nightstand drawer requires authorities submit to various checks and balances like search warrants.  However, obtaining the very same sensitive information and opinions expressed on Facebook or other sites requires no public checks and balances.  And in fact, information requests are often accompanied by gag orders prohibiting service providers from publicly disclosing requests made by authorities.  At issue, 4th Amendment constitutional rights do not apply broadly to personal information and their is a rift in privacy expectations between those that use Internet services, companies, and governments.

The movie wraps up with some specific cases where individuals have been “red flagged” by government agencies, detained, and interviewed.  So while it may be an acceptable form of civil disobedience to burn an American flag on the White House lawn, typing *bomb* in a Facebook post may result in a SWAT team visit to your home.  The reaction seems somewhat inconsistent.  The movie interviews a few individuals with interesting stories to share about their experiences with authorities.  I find it interesting law enforcement agencies believe what they read on the Internet at all.  Knowing communications are actively monitored provides a powerful advantage to influence the thoughts or actions of adversaries to desired outcomes.  Earlier this year Brian Krebs described his SWATing experience in his Black Hat session, Spy Jacking the Booters around 11:25 minute mark.  Influencing authorities to shake down or otherwise inconvenience targets of interest is the modern pranky equivalent to doorbell ringing when I was a kid.  But it proves information is a powerful tool to manipulate advisory behavior.  Perhaps this is nothing new for governments but the power of the Internet has given this attack a whole new life and perhaps broadened the pool benefactors.

Several experts are interviewed throughout the movie.  Most noteworthy, famous entrepreneur and technologist Ray Kurzweil, singer/musician Moby, and previous Facebook and Google employees are interviewed.  Perhaps a criticism is that is easy for movie viewers to get lost in the details and miss the larger points and challenges in the domain of privacy.  Nevertheless, Terms and Conditions May Apply is a great movie to raise your privacy IQ.  For those knowledgeable in privacy, the movie provides some details regarding specific surveillance tools (Carrier IQ, FinFisher/FinSpy, Kapow, and more), cases, techniques and capabilities used by nation states (Spyfiles) across the globe.

Personally, I’m unconvinced increasingly broad Internet surveillance is a valuable tool to prevent attacks, crime, or it provides more good than harm.  Irregardless of anyone’s opinion, it’s certainly the trend.  My opinion, I’m an optimist, I think the rift between our privacy and our expectations of privacy will close in the not so distant future.  Not necessarily because citizens desire better privacy but because it’s more prosperous for society at large.  See my previous post, A Crisis of Confidence Costs Real Money.


If you have any personal experiences in these areas (privacy incursions, swatted, or otherwise) or know about some great security/privacy movies feel free to send me a note.  Love to hear about this stuff.  Thanks!

We are Legion:  The Story of Hactivists[1] is a documentary taking viewers inside the security hacktivist organization, Anonymous.  The film explores computer hacking subculture, early hacker organizations like Cult of the Dead Cow and Electronic Disturbance Theater, and provides history around Anonymous and where it’s heading.

Many of us have heard news about the group Anonymous in the popular media and press lately.  But what is the group Anonymous?  Who is in charge?  What are their goals?  Following is the quick rundown.

What is Anonymous?
Anonymous not a group of angry teenagers pranking computers for fun.  Anonymous is a large group of hacktivists spanning many countries.

Who is in charge?
To quote the movie, “Anonymous is like a flock of birds”.  When one bird changes direction sometimes the entire flock follows.  Leaders emerge from the group from time to time and people with like interests rally behind the leader.  For leaders, group relevance is determined by the number of people rallying behind your cause.  There is more than one leader since there is more than one cause.

What are Anonymous’s goals?
The goals of the group change as group leadership changes.  The goals today are not the same goals as when the group started.  In fact, some of Anonymous original leadership discusses their differences in opinion with the newer leadership.

A number of individuals where interviewed throughout the program in particular, Chris Wysopal (Twitter @weldpond) CTO of Veracode.  Chris is a very talented and outspoken security researcher[2] and provides some hacking commentary including Blackhat conference origins.  The film also raises interesting points of view.  For instance, the film frames Anonymous as, hactivists, and describes their activities largely as forms of political protest or civil disobedience   The group uses technology means to demonstrate their causes like, Distributed Denial of Service (DDoS), web site defacement,  DOSing phone lines, trolling, even fake pizza delivery orders to harass individuals are considered fair game.  All of these are activities are painted as forms of political protest.  Sure, DDoS attacks are disruptive but no different than “sit ins” or picket lines (in the groups eyes).  I never thought of a DDoS attack as a form of political protest but it surely could be.  The world is changing fast and how we organize and protest is changing as well.

Thumbs up!  If your a security professional or interested in computer security it’s a good movie to see.

[1] “We Are Legion | The Story of Hactivists.” We Are Legion. Luminantmedia.com, n.d. Web. 06 Nov. 2012. <http://wearelegionthedocumentary.com/>.
[2] “Chris Wysopal.” Wikipedia. Wikimedia Foundation, 29 Oct. 2012. Web. 06 Nov. 2012. <http://en.wikipedia.org/wiki/Chris_Wysopal>.