Dying hard

I normally don’t blog about anything thats not technical enough. But this was asking for it.

Some of my readers who saw ‘Live Free or Die Hard 4′ said that they were fascinated by the technical possibility of the feats demonstrated by hackers in the movie. I’m not really the movies guy — but yielding to the awe of the readers, I was tempted to watch it.

Many have asked me “Can they really do it some day to a country?”; “Is IT warfare real?”, etc.

I’m not a movie critic and this is definitely not a movie review. This is a serious (ahem!) technology blog. So what’s ‘Die Hard 4′ doing here? Damn, I started this post, so let me begin and let me end. I promise to keep it technical.

1. How can simply copying financial information (or ‘downloading’ it – as in the movie) help the hackers steal money? Tell me how you can get rich just by copying a bank’s database to a portable hard drive?

2. The so-called “Financial Records” are 500 TB (Terabytes) as per the message on the screen and Hacker 101 says he’s going to copy the data to a portable hard drive. I’ve never seen a 500TB portable drive. Have you?

3. Every time they want to hack a system (traffic lights, tunnels, F11 controllers, CCTV cameras), our Harry Potter hacker boy just punches some buttons on his keyboard and says “we’re in”. Is it really that simple?
The encryption technologies of today require hundreds of computers working together for months and years to crack just one key, that may give access to just one system. And of course, within this long period, the key itself may change. The government of any country would not be dumb enough to protect all their systems with just one key, and passwords/keys will change frequently.

4. In the story, if system breaks, it ‘downloads’ all the data to a machine in a remote location. What kind of disaster recovery solution is that?! Data to a disaster recovery center is usually replicated in real time/periodically and does not ‘begin’ when an outage happens.

5. I believe there is always a way to manual over-ride things like traffic lights and power grids. Even when a hacker has control over traffic lights, I don’t think those systems allow anyone to set ‘green’ on every lane! I’m not a developer, but has anyone heard of user input validation?

6. How did they manage to blow up hacker good-boy’s computer when he pressed the delete button? If they were around, why didn’t they just plant a remote-controlled bomb in his apartment. Would have been more reliable

7. When they played images of blowing up government buildings, why did hacker boy have to type the messages that were being posted on TV screens manually at the time of broadcast. Couldn’t he write a simple script or at least copy-paste it from Notepad?

8. Why couldn’t somebody at the television station just physically pull the plug off the transmitter? Isn’t it better to have no transmission than to broadcast as per the hacker’s whims and fancies?

9. I wonder why some of the IP addresses are from the private IANA range – 10.x.x.x, 192.168.x.x. Were they hacking the US govt, or the neighbor’s PC?

10. Those racks in the server room look strange. Why do the servers make wierd noises when our hackerboy presses a key?

Here’s the bottom line: I don’t think that an attack of such magnitude can be done with today’s available security technologies at least for a reasonable time into the future. And beyond that – as they say – ‘Security Transcends Technology’.

Shijaz Abdulla is a Partner Technology Advisor at Microsoft, helping their top tier partners build on their Microsoft practice. He is also a trusted advisor to medium enterprise customers in Qatar. He is a blogger, tech enthusiast, and a Microsoft evangelist.

Follow him on Facebook | Twitter | LinkedIn | Website