The very first computer virus did not happen on a Windows machine, or a Mac or an Apple II. The first virus did not travel via the Internet or in an email or in a floppy disk. The first virus was not on a minicomputer, nor was it on a mainframe. That’s because the first computer virus didn’t exist on any computer hardware or software of any kind.
It was in a work of fiction.
By the late1970′s, movies books and television shows had given the public a very strong impression of hackers, viruses, and other computer threats.
Unfortunately, these dramatic ideas have nothing at all to do with reality.
In the movies, viruses destroy computer hardware, sometimes leaving a trail of smoke and fire. In reality, no virus was ever known to damage any computer hardware. Ever.
In the movies, a virus or worm always has an immediate and dramatic visual effect. There is always an animated screen (HACKERS) or a warning message (SNEAKERS) or you can actually see the data being destroyed before your very eyes (THE NET). In reality most malware leaves no visible trace of it’s existence.
On the big screen, malware is used to open bank vault doors, to tip over an oil tanker, to blow up a power plant or even to crash an alien spacecraft. In reality, the most insidious virus ever would locate a spread sheet and randomly change one number.
Computer geeks (like me) get a real laugh out of movies about hacking and cybercrime. When a “hacker movie” opens you will find theaters in Silicon Valley or other computer tech havens full of people laughing at all the wrong things, and at all the things gotten wrong. To our amusement and dismay, these overblown, crazy overdramatic portrayals of hacking and cybercrime are what sets the public’s understanding of all things cyber. People believe in the world described by these movies. It frequently makes them less safe behind the keyboard.
So I was very interested by an ad for a movie called UNTRACEABLE. It portrayed a criminal Web site and the FBI effort to bring it down. I got ready to watch another travesty of technical misrepresentation, and talked my boss into letting me watch the very first screening.
And I was wrong. They got every single technical detail right. When they talk about spoofing, or IP addresses, or keyloggers, they get it exactly right. Now all of those old school movies did research. (One of them sent the screenwriter to talk to me personally, some years ago) and still got it wrong. They couldn’t let go of the idea that in a visual medium, the computers needed to respond with something visual. They couldn’t get over the fact that fighting computer crime is primarily done at a computer keyboard, staring at long columns of numbers.
But not UNTRACEABLE, they got it all right. The Web page was only used for a limited period of time, and was proxied and mirrored and botnetted all over the place, standard operation in cybercrime. The social engineering used to get a backdoor into the FBI agent’s home Wi-fi network was right out of the real world. None of the computer screens at the FBI headquarters had magic graphics to show where the Web site was hosted. All in all, very very believable — well done to the screenwriters and researchers involved.
Just one little problem. The movie was about horror porn online, and a serial killer with a need to invent ever escalating and absurdly disgusting ways to kill people, while feeding video to a growing internet spectator crowd. Now I know there is a long tradition of graphic violence in drama (Oedipus Rex, anyone? Romeo and Juliet?) but the modern craft is so convincing that a Grand Guignol fest like this was too much for me. I covered my eyes, I went for a diet soda, coming back to watch the plot. Diane Lane was actually quite good, as was the rest of the cast, and the procedural/plotting of the mystery and denouement were clever and inventive — but the movie has a LOT of problems, and is too preachy. It got a Rotten Tomato score of 14 (out of 100). Notably, Roger Ebert liked it a lot, and pretty much everyone else did not. Several reviewers refused to even see it.
So we have a movie that is finally getting the tech right (thanks again, guys) and pretty much nobody will see it. Not on my recommendation, anyway.
I leave with the hope that more movies get the tech right (help is offered if anyone is interested) and the prayer that nothing like this movie ever happens this side of the projector.
This post was authored by David Perry, Trend Micro’s Director of Global Education.