How real is 'Skyfall's' portrayal of cyberterrorism?

How real is 'Skyfall's' portrayal of cyberterrorism?
Tech Corner

POSTED: Thursday, November 15, 2012 - 1:00am

UPDATED: Thursday, November 15, 2012 - 1:04am

"Skyfall," the 23rd installment in the James Bond series, one of the longest-running film franchises in history, recently landed at the top of the box office with $87.8 million in ticket sales.

It was the largest opening ever for 007 and the fourth largest opening this year, behind "The Avengers," "The Dark Knight Rises," and "The Hunger Games." Ian Fleming's agent has always been a man of wish fulfillment. After all, he brought heat during the chilliest parts of the Cold War and had the requisite women and weapons. Now, Bond is proving that he still has a place at MI6 by tackling a much more modern dilemma: tactical cyberespionage and terrorism.

While the methods for wreaking havoc have changed, the confidential case files are as classic as the man's martini. CNN spoke to Morgan Wright, a decorated former law enforcement officer who has done work relating to cyberterrorism for the United States Department of Justice, the Department of Homeland Security, and the Department of Defense about what "Skyfall" gets right and wrong. In the end, the evolving franchise portrays a very real scenario that the United States may soon struggle with from a policy standpoint: When does cyberterrorism necessitate a physical response?

(Warning, there are movie spoilers ahead).

Information storage

Shaking disbelief: One of the standout moments in "Skyfall" is the film's opening sequence in which Bond, played for the third time by Daniel Craig, and field operative Eve, played by Naomie Harris, chase a man through the streets of Istanbul. They're after a hard drive containing confidential information about MI6 agents. It's information that "Skyfall's" bad guy Silva, played by Javier Bardem, plans on uploading to YouTube, putting the agents' lives at risk. But how likely would it be for a terrorist to obtain and store this information in one place?

Stirring reality: Terrorists and intelligence agencies handle the management and distribution of intelligence in radically different ways, Wright said.

"If you take Osama bin Laden, for example, they're not going to have big classified systems or safeguards that go with that," Wright said.

It's true that after bin Laden's compound was raided, stashes of flash drives, CDs and tapes were discovered. He had everything in one place. "That's very consistent when you're not part of the government and you lack the infrastructure to build out a big system that a national security agency does," Wright said. "Bad guys need everything in one place because that's how they operate."

Unlike the 15 different members of the intelligence community -- ranging from the National Reconnaissance Office to the National Geospatial-Intelligence Agency --- terrorist groups would be unable to have a secure worldwide network or to participate in cloud computing. However, it's implied that the man they're chasing is more than your common terrorist. He's a man with access. Still, it's unlikely that he would be able to have all of this information in one place.

"It's not very plausible that the government is going to put all of their sensitive information on one hard drive that manages to get stolen because that would be a violation of what they call OPSEC," Wright said.

When it comes to top secret information, there are special access programs that are very restricted, so, Wright said, it would be virtually impossible for someone to have access to all of that information as "everything is regulated on the government side."

Hacking in

Shaking disbelief: While Bond is sipping tequila as everyone assumes he is dead, Silva goes after his main target, M, played once again by Judi Dench. The villain hacks into MI6 to gain control of the agency's gas pipeline, which allows him to target and blow up specific rooms. The act brings Bond out of retirement.

But would it be possible for a bad guy to hack into MI6 -- or any infrastructure -- to target it for destruction?

Stirring reality: Wright said many critical infrastructures are connected to Supervisory Control and Data Acquisition systems, controlling our electricity grid, water, and sewers, and are therefore are a huge soft target for terrorism.

"Now you can use it for transmissions of data communications that control everything from power in hospitals to controlling the cell doors inside a prison," he said, adding that targeting a specific office is highly unlikely.

Transportation safety

Shaking disbelief: After hacking into the MI6 mainframe, Silva accesses the London Underground and manages to send one of the Tube's trains off the rails, launching it toward Bond in rapid succession. Would it be possible for Silva to access something like a train, and how much control could he actually have over it?

Stirring reality: "Transportation is one of the softest terrorism targets there is, and quite frankly I'm shocked that public transportation hasn't been targeted more often and that there haven't been more successful attacks," Wright said. "You can create a small explosion or diversion using a computer to change the lights from go to stop or interfering with the traffic control capabilities of the track by overriding a command." Wright said.

Airlines could also be at risk, the expert said.

"There are some gaping holes in the air traffic control system in terms of being able to access frequencies or being able to talk directly to pilots."

Still, just like M's office, Wright said the idea that Silva could target a train so quickly and send it to Bond's location is based predominately in fantasy.

Snagging the villain

Shaking disbelief: When things get really bad, Bond and M decide the time has come to create a digital trail that will lead Silva directly to them, but they want to make it look like they're actually hiding.

This leads them to the final battle in a place called Skyfall, which fans of Ian Fleming's books know as a very personal place for Bond. It's the final showdown and the final act of tactical cyberespionage in the film. However, would anyone ever really need to create a fake geosignal to make someone like Silva think that they're actually hiding from them?

Stirring reality: According to Wright you can create a computer network that looks legitimate to someone else but in reality uses its weakness for your own benefit.

"There's actually a term for this in the computer world called 'Honeypots'," he said. "When we were concerned about the financial sector, there was actually a project called the Honeypot project. It was a deception project where we created what appeared to be a bank front end, a Web-based front end where transactions were taking place."

By doing so, Wright and his team were able to see the latest techniques being used and which vulnerabilities cyberterrorists were willing to exploit. "We looked at how they went about scanning the system, what tools they used, and what vulnerabilities they went after."

Often, Wright would patch the most obvious vulnerabilities but leave esoteric ones unpatched, allowing hackers to exploit the system as he monitored their behavioral patterns. In the movie, Q explains that if he makes it too easy for Silva to find them, he'll know something is up. Likewise, if the signal is too hard to find, M could possibly remain in hiding.

"People tend to get comfortable using their own techniques, and they use the same approach over and over again," Wright explained. "You can get a profile of an attacker, determine if it was the same group doing something else, and see what methodology they're using."

Wright said it's a cat-and-mouse game, and "the old saying is that government has to be right 100 percent, but the bad guy has only got to be lucky once."

In the case of the latest film from the 50-year-old Bond franchise, it's safe to assume who comes out on top.  

Comments News Comments

Post new Comment