Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/26/2019
02:10 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
100%
0%

10 Movies All Security Pros Should Watch

Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
Previous
1 of 11
Next

Image Source: Adobe Stock- metamorworks

Image Source: Adobe Stock- metamorworks

Some may wonder why the computer press makes such a big fuss about hacker movies. Naysayers describe them as old-hat — a formulaic blend of computing and hacking done by societal misfits peppered in with sex, violence, shady and diabolical villains, and an occasional car chase that ends in a fiery explosion. 

That may be true — it is Hollywood, after all — but key people in the industry say hacker movies are important for security people to watch. We agree, which is why we set out to put together such a list.

"These movies are important — and fun to watch — for IT pros who need to keep their networks secure because they mostly get it right and highlight the risks of cybersecurity in a way that communicates to C-level execs," says Stu Sjouwerman, founder and CEO of security awareness company KnowBe4.

The better hacker movies are really quite realistic, adds Chenxi Wang, founder and general partner at Rain Capital.

"As a hacker, some of the movies have a lot of inside information — jokes that you'd find interesting even if it was a bad movie otherwise," she says. "The normal public may miss those insider references, but people like us in the trade find it really interesting. Mr. Robot, for instance, had two real hackers consult for the series, so many things are realistic, including using real IP addresses, using real exploit code — things that only people in the trade would pick up."

And Jeremiah Grossman, CEO at Bit Discovery, says movies such as Snowden can hep security pros can keep up with important current events. While we selected the documentary about Edward Snowden for our list, there's no stopping you if you want to see the 2016 bio-pic directed by Oliver Stone.  

"Snowden is a story about the most important and pivotal governmental whistleblower story in modern times — a story that includes computer security, personal privacy, data security, government surveillance, public policy, and national security," Grossman says. "The ethos of the story is not only compelling but valuable to understand as a working professional in the security field.”

In compiling our list, we combined the opinions Sjouwerman, Wang, and Grossman, as well as Dark Reading's staff. All of the writeups have links to the trailers, so if you haven't seen some of these movies, check them out and let us know what you think.

Let us know your own picks in the Comments section below.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NathanDavidson
50%
50%
NathanDavidson,
User Rank: Apprentice
4/7/2019 | 11:41:40 PM
Inside jokes
It is interesting to know how much info in certain movies that I have blatantly missed. I guess it really does take an insider to pick up the inside 'jokes'. Now that you've mentioned it all, those very movies seem good for a quick re-run.
nexus100
100%
0%
nexus100,
User Rank: Apprentice
4/3/2019 | 10:04:36 AM
Hackers?
Disappointed to not see Hackers on the list.  While the CGI was over the top and a bit ridiculous, the hacking aspects were really good. It was mostly social engineering to get passwords. Dumpster diving, shoulder surfing, and phone phreaking were all featured prominently. They also referenced a bunch of real-world reference books that were absolutely required reading for hackers during that time period. Not to mention highlighting the potential risks involved in computerizing control systems of large ships. Something that has recently been recognized again as a major risk with the potential to sink ships at sea.
szurier210
100%
0%
szurier210,
User Rank: Moderator
3/29/2019 | 7:02:35 PM
Re: Lawnmower man??!
Thanks for your comment. I looked this up and you are right, Stephen King sued to have his name removed from the credits. Here's a link to some background of the lawsuit. This all happened in the 1990s, but thanks again for pointing this out, seems that Stephen King was upset by this because the movie The Lawnmower Man bore little or no resemblance to his short story. Take a look: https://ew.com/article/1994/04/22/stephen-king-wins-lawsuit/
jeffmaley
50%
50%
jeffmaley,
User Rank: Strategist
3/29/2019 | 6:37:56 PM
Lawnmower man??!
You should research this one a bit more. Only a small, unimportant part of the movie referenced the Stephen King short story. The producers used that to leverage it into a 'Stephen King' movie, which it is not. Not a bad flick, but has very little to do with King.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/28/2019 | 3:32:57 PM
COLOSSUS - THE FORBIN PROJECT
Now this is going a way back - a TV movie with Eric Stradden (if memory has that right) about a huge super-computer in America that talks to and befriends a companion in Russia.  The two, of course, decide that all humans need their supervision and assistance, stand down weapons to promote world peace with total dictatorial control of everything.  A very cautionary tale indeed about the sheer power of networks and, even then, when this was primitive stuff--- still holds true today.  

i would be remiss not to note down the power of the CRM114 device either - and true movie buffs know where that one came from.  (Back to the Future gives it a polite knod as well as Men in Black 3). 
msims20701
100%
0%
msims20701,
User Rank: Apprentice
3/28/2019 | 1:37:51 PM
TRON (1982)
TRON - A 1982 walt Disney film staring Jeff bridges as Kevin Flynn a brilliant computer programmer who was fired from ENCOM turned hacker who teams up with two computer programmers from Encom Alan Bradly (Bruce Boxleitner) and Lora (Cindy Morgan) to recover his computer game programs that were stolen and missppropriated by his former boss Ed Dillinger now senior exec at ENCOM. When Flynn breaks into ENCOM he sarcastically states: "They never should have gotten rid of me" and latter Flynn encounters the MCP (Master Control program) which transports him inside a supercomputer into the digitized world of TRON.

Once there Flynn latter encounters two programs Yori5 and TRON to help TRON serach for and distroy the MCP and Sark (Command Program) so that Flynn can restore ownership to his video game programs, put Dillienger in jail and (spoiler alert) Flynn becomes the new exec at ENCOM. The movie briliantly combines live action with mostly computer animation for the entire three quarters of the film. The most interesting thing about this film is that the digital world of TRON mirrors the real world of Flynn where every program has a user. Flynn is Clu's user, Alan1 is TRON's user, Lora is Yori5's user and Dillinger is Sark's user.

This film also posses a very interesting question which may be somewhat apparent at the very end when day turns to night over the city before the credits roll: Are we humans just conscripts controlled by some type of master control program in the sky? Maybe as to paraphrase William Shakesphere: "The computer's a platform and all it's programs merley its systems."

Something for everyone to comtemplate since we humans are so dependent on our computers and other types of electronics. A lesson here for all companies from a security standpoint is before you fire any programmer or technician make sure you fully revoke all privilaged access both soft (passwords) and hard (access cards).   

 
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/26/2019 | 3:26:21 PM
Added title
THE CUCKOO'S EGG - documentary on the epic battle an astronomer, Clifford Stoll, waged against a renegade intruder in Berkeley labs in CA many years ago - an insightful examination of security flaws embedded in the minds of military personnel who claim their systems ARE secure when the hacker is rampaging through and downloading files.  The book itself is fascinating and it was turned into a documentary.  Either one is a frightening tale for our time and much of it remains valid today.  (Passwords sent by email and written down) plus a unique flaw in Berkeley UNIX that permitted a system to spawn SUPERADMIN rights through a simple word processor akin to our NOTEPAD.  Definate to do - read or watch!

Steven Levy's HACKERS is also a great read about the birth of the community we live in starting in Route 128 in Boston through the Homebrew Computer Club and the emergence of Gates and Jobs.  Along the way we meet techs who lived for the DEC PDP-11 systems and Colossal Cave.  A different time, and maybe then not so different.
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now this is the worst micromanagment I've seen.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.