We Analyze 13 Hacks in the 1995 Movie ‘Hackers’ and How They Compare to Today

Hackers, the 1995 directed film by Iain Softley, celebrates the 20th anniversary of its release this week. The movie starred a young, pre-Sherlock Jonny Lee Miller with a ridiculous dye job and an equally unconvincing American accent, across from future sex symbol Angelina Jolie.

Softley reunited with Miller and other cast members for a special screening in New York, and he also did a fascinating interview with Vice Motherboard about how well the movie holds up today. And the results are mixed.

With its flourish of visual effects to depict people typing at a computer, it is clearly the godfather of today’s hacksploitation movie and TV genre, inspiring the likes of CSI: Cyber. And the technology is clearly dated, with plot points relying on floppy discs (seriously, how many floppy discs do we see get dead-dropped?) and payphones (“what are those?” asks every millennial), as well as executives stupid enough to set passwords as “love,” “secret,” “god,” or “sex” (come on, ‘90s people, in this day and age our executives use “sophisticated” passwords like “123456” and “password”).

“Their crime is curiosity” no longer holds up in a court of law (United Artists)

The movie is clearly a product of the ‘90s, both stylistically and technologically, but maybe we don’t give it enough credit these days for some of its predictive elements. And rollerblades haven’t completely gone away — just ask Kim Jong-un. Also, though we might laugh at the corny user handles, how many of us today don’t have an online moniker we prefer to use?

So, Cloudbric’s crack team of cybersecurity experts set aside some time to watch the 1995 teen film and comment on its accuracy and relevance to 2015's comparatively hulked-out cyberculture.

1. Hacking a TV Station

After Miller’s Dade (aka Zero Cool, aka Crash Override) turns 18, he gets a new computer and immediately sets to hacking a TV station’s programming schedule. How he does it has parts that are plausible and parts that are kind of ridiculous.

He uses a pretty basic social engineering technique to get access to their network — calling a security guard up and asking him for the phone number for the modem. I barely even remember this technology, but the exact same thing could conceivably be done today by calling the same security guard and asking for an admin password.

What happens next, he’s able to manipulate a robotic arm to interrupt a Rush Limbaugh-style TV show and put on an episode of The Outer Limits, which isn’t immediately detected. And to compound on the ridiculousness, he encounters another hacker known as Acid Burn (who — spoiler — later turns out to be Jolie’s character Kate). The two have a very implausible robotic arm jousting match within whatever space these physical TV show tapes are moved around for scheduling.

Hacking TV stations is a thing, and earlier this very year, hackers claiming to represent IS managed to disrupt French station TV5Monde. The attack likely started by compromising account passwords or installing malware on the office network, which wasn’t properly isolated from the TV broadcast. Rather than hijack the broadcast, they disabled the station for part of the day — but they also took over social media channels to distribute propaganda. These techniques weren’t sophisticated, but they likely wouldn’t be available in the ‘90s, let alone as effective as portrayed in the movie.

More effective — and more impressive especially compared to a terrorist action — is the broadcast signal intrusion method of hijacking a TV or radio station’s frequency using a strong enough FM signal. This was especially common in the ‘80s but happened as recently as 2006.

The Max Headroom hacking of WGN-TV in 1987 wasn’t as dangerous as TV5Monde but it could still give you nightmares.

2. Hijacking Another Hacker’s Computer

During the TV-station-hacking sequence, Crash Override clashes with Acid Burn, another hacker wishing to reprogram the schedule herself. They manage to communicate online, with Burn sending messages directly to Crash’s screen.

This supposes that not only has she compromised the TV station’s system, but also through that she’s accessed Crash’s, which seems like it would be contingent on the station’s (nonexistent) intrusion detection capabilities — as well as its modem’s ability to connect with two attackers at once, which if you remember the early days of the Internet wasn’t a thing you could do.

How could they both hack in, and how could they detect let alone communicate with each other? This is really a hacking trope, and if this type of intrusion is hitting Crash’s computer, it would likely mean Burn has access to his whole hard drive, exposing his identity and physical location, which she hasn’t.

This is a TV trope more intended to accelerate drama rather than impart technical accuracy. Thanks to an intricately detailed scene in 2015's hacking masterpiece Mr Robot, we know what it looks like to gain access to a remote device. Spoilers: it involved some man-on-man lovin’.

3. Editing a Class Attendance List

Honestly, if Mr Robot’s Elliot can hack a hospital to remove mention of his morphine habit, Dade can probably insert himself in a high school class attendance list to be closer to Angelina Jolie. Some of the hacks in the movie work best when we see the least amount of work on screen, without all the visuals getting in the way.

4. Activating School Sprinklers

Our hero hacks the school’s system and schedules a test of the fire alarm sprinklers during class hours. It goes off without a hitch.

Personally, speaking as someone who pulled the fire alarm in ninth grade, this Cloudbric employee finds it a bit convoluted that this could be best done through the Internet, although I was unable to make it rain.

5. Hiding a Virus in a Garbage File

The main big bad of the film, The Plague played by Fisher Stevens, hides a computer virus in a garbage file, which is then pilfered by one of the hacker characters as proof of his intrusion. The main characters later use the fragment of the file to deduce its malicious purpose.

This concept doesn’t seem so far off course for modern-day malware. Go ahead, open that suspicious PDF file and it may just hijack your computer (Note from Cloudbric’s engineering department: no, don’t do this). The point is, you can craft a dangerous computer virus and tack on any familiar extension to it.

After the garbage file is stolen, Stevens’ The Plague manipulates events to make it look like the intruder planted the virus, rather than downloaded it. This is…plausible but requires incompetent infosec. Which, considering this is the mid-’90s, is maybe more expected.

6. Skimming Off of Every Financial Transaction

The bad guys’ plan is to use a worm to shave some value off every transaction of the Ellingson Mineral Company. Yes, this is known as salami slicing or penny shaving, and while it’s more common in the movies (notably Superman III and Office Space), it’s a thing that’s happened in real life. At least the Office Space guys got to take their rage out on the office printer…

However, it’s unlikely such an attack would be carried out by a worm, which is simply a malware program that replicates itself.

7. Causing an Oil Tanker to Capsize

Once the bad guys discover that a teenage hacker has stolen evidence of their salami-slicing worm, they introduce the Da Vinci virus, a ransomware program that threatens to flip the company’s oil tankers upside-down unless a hefty sum is paid. They claim that the innocent hackers are behind this virus, hoping to enlist the Secret Service to track down the young hackers and making everything way more convoluted.

This sounds pretty outlandish, but it turns out sometime in recent history hackers did manage to tilt an offshore oil rig, which made us all wonder why Exxon isn’t calling up Cloudbric. Oil tankers are prone to all sorts of vulnerabilities that may give their location away to pirates, eject their cargo, disable collision avoidance, or surrender location information or cargo inventory and allow tech-savvy pirates to cover up traces of theft.

Stay afloat, oil tanker!

In real life, hackers haven’t been able to turn a tanker totally upside-down, but they wouldn’t really need to go that far if they wanted to bring a corporation to its knees.

8. Messing with Someone’s Life

Crash and Burn compete with each other to mess with Secret Service Special Agent Richard Gill (Wendell Pierce), and all of the methods they use are certainly plausible.

  • Cancelling a credit card: Well, it’s probably easier to hack a website and steal someone’s credit card information to steal their identity and hijack their finances, but you could probably cancel their credit card. And we can expect more websites with such sensitive information to care about protecting customer data, but let’s be serious, there are enough prominent hacks that it’s conceivable.
  • Creating a fake personal ad: Yes, one Cloudbric employee admits to talking down a personal friend from doing exactly this earlier this year to someone who bothered them online.
  • Fabricating criminal charges: We’d like to believe this one is less likely due to heightened security. Then again, we in the cybersecurity industry are used to being let down.
  • Declaring someone dead: Yeah, this one is a pretty big concern today, following a reveal at the recent Def Con.

9. Hijacking a Payphone

Early on, the stereotypical Asian characters introduce a method for hacking a payphone by recording the audio of an actual coin dropping through the slot. EDIT: This technique actually exists. Wow.

However, there were similar techniques that very much worked…

Two other times later in the movie, the character Phreak (Renoly Santiago) uses more accurate techniques to hack payphones. The first time, he uses a tape recorder as a tone dialer to mimic the sounds of a dial-tone telephone. Later, he is arrested and uses his “one phone call” to hack into the system and covertly call a fellow hacker, in which the hangup switch is rapidly manipulated to simulate the pulses generated by a rotary dial.

He does both by two very real techniques called switch-hooking and tone dialing. But we might expect that Phreak would be a master of this, seeing as his nickname comes from phreaking, a portmanteau of phone and freak, which was an early electronic hacking of telecom systems, later evolving into computer hacking and now almost totally extinct.

Come to think of it, payphones factor large throughout the movie, which is pretty laughable by today’s standards…if your memory doesn’t stretch back 20 years.

10. Stealing Passwords from a Target Company

Er, not that Target company. Anyway, once the heroes rally against the evil hacker hiding behind a big faceless corporation, they begin several operations to uncover passwords.

  • Dumpster-Diving: One Cloudbric employee spent five minutes too long disposing of a sensitive document containing passwords. But yes, sometimes accessing dumpsters gives you sensitive login information for getting into much more important systems.
  • Infiltration: Another hacker known as Lord Nikon (Laurence Mason) acts as a delivery boy, accessing the company office so he can wander around and observe employees typing in passwords. Yeah, that’s totally a thing that could still happen today.
  • Wiretapping: Hacking cohort Cereal Killer (Matthew Lillard) taps the company’s phones, which is the most illegal out of all three by a huge factor. And it’s hard to find something that repulses the public more than crawling through garbage (even when doing so gives one the chance to come into close personal contact with Angelina Jolie).
You wanted passwords? Come and get ‘em!

11. Distracting a Server with Multiple Connections

In the movie’s momentous conclusion, the heroes rally fellow hackers from around the world to pull off one final heist which will both steal sensitive information and clear their names. The globally distributed hackers are enlisted to stress the target company’s supercomputer and distract their own hacker IT guy, through “virus attacks.”

Okay, Hackers, you had me up to there. But this part was clearly written without knowledge of DDoS attacks, which require no sophisticated techniques. Though most modern-day DDoS attacks enlist enslaved botnet zombie devices, servers, BitTorrent clients, and websites, there was also Anonymous’ Operation Payback initiated around 2010 which saw Anonymous members volunteer their resources for a similar attack to what happened in this Hackers scene. And they don’t need to send viruses, just flood the server/IP/URL with requests, valid or invalid. Probably a dozen hackers pounding F5 on a 1990s website would be enough to have an effect on its speed. So maybe it was accurate but described on all accounts inaccurately.

The movie’s attack didn’t disable the target machine, but they did distract it, similar to how modern attacks may use DDoS as a smokescreen to disguise the true intent.

12. Taping Phones Together to Beat Traces

When the Secret Service closes in on the protagonistic hackers in Grand Central Station, all they find is an out-of-order sign and a bank of payphones affixed with acoustic couplers. So basically, the hackers were using the phone connection as a sort of proxy to mask their true location, And, their computers were communicating with the target company through a phone relay, entirely via audio connection. Old enough to remember the screech of a modem communicating via landline? Yeah, that’s what we’re talking about.

Legendary phone phreaker John Draper (aka Captain Crunch) was renowned for routing phone calls through switches around the world, and programming it to call the phone next to him. Picking up that phone, he could speak into the first handset and hear his voice, distorted and delayed, on the second phone. This same effect would cripple the Hackers hackers and greatly reduce their chances of transmitting successful commands.

There is some amount of believability, and this does seem like an appropriate ‘90s analog to actual proxy servers and VPNs, but using this technique to attack a major company with a diligent security team (which includes Penn Jillette for some reason)? Let’s just say they wouldn’t pass muster on Penn and Teller’s Fool Us.

13. Lighting Up the Skyline to Spell Out Words

In the final scene, Crash lures Burn to a rooftop swimming pool, at which point the lights in three skyscrapers come on to spell out:

Crash and Burn (United Artists)

Then they make out. This onscreen romance spilled over into a brief Hollywood marriage ending by 1999, but at least they had the mid-late ‘90s.
But can this hack happen? Granted, we protect websites rather than building electrical grids, but the consensus is no, that’s stupid. You’d have better luck getting a skeleton key to just one of the three buildings and manually turning on the lights yourself.

And thus we reach the end of Hackers.

So yeah, the movie strains credibility, enough that 1995-era hackers registered their displeasure using their own talents. But like Roger Ebert said, “I took it approximately as seriously as the archeology in Indiana Jones.”

Still, like all good science fiction (as the movie is still categorized on Wikipedia), the movie offers predictions for the near future, and while that future may seem as outdated as the movie’s 1995 setting, it was pointing in the right direction.