3 min read

Blackhat movie and the seven stage kill chain

It’s not often that CDN does movie reviews. The last one we did was The Social Network.

Recently I got an opportunity to watch the film Blackhat courtesy of Websense.

Blackhat is a thriller starring Chris Hemsworth. You might remember him as Thor but I actually enjoyed his performance as Formula 1 driver James Hunt in Rush.

Now Blackhat, in a nutshell, is about nuclear power plant in China getting hacked and the Chinese government are so desperate for help they call the FBI. The FBI cybercrime unit is so baffled that they too resort to desperate measures by hiring Hemsworth’s character Nick Hathaway, who is serving 15 years in the slammer for cybercrime.

Actor Chris Hemsworth with co-star Viola Davis in the movie BlackHat

Actor Chris Hemsworth with co-star Viola Davis in the movie Blackhat

The movie does point to the significant shortage of cyber security professionals. Websense Canada told CDN at the Blackhat event in Toronto that as of 2013 there was a 2.25 million people shortfall. By 2017 we shall need 4.25 million security professionals. The main reason for this is a lack of budget to develop them.  But to get a convicted felon out of prison to save a nuclear power plant in China is a bit of reach.

To say this movie is far-fetched is an understatement. If a poor country like North Korea supposedly can hack Sony you’d think a large country like China and a resourceful agency like the FBI can develop some competent security professionals.

Peter Gentile, a Toronto-based documentary filmmaker, once told me that when you go to the movies you have to suspend disbelief. But Blackhat director Michael Mann (of Miami Vice fame) is asking the audience to be brain dead.

I did get fair warning, however from Butool Rabbani, the channel account manager of Websense Canada. She told me before I entered the theatre that Blackhat is an awful film and to not hold it against the company. No worries Butool.

The one thing in its favour is that movies such as Blackhat do bring more awareness to the risk of a security breach.  The global cybercrime market is surging from $450 billion to reach $1 trillion this year.

Websense Canada executives did provide a bit of guidance to the movie goers of Blackhat. The security vendor explained the seven stage kill chain, for example.

The seven stage kill chain begins with Recon, Lure, Redirect, Dropper File, Exploit Kit, Call home and then the Data Theft.

Here is how it works: say you are a CEO and you are at the Toronto Maple Leafs game. You take you’re your smartphone and clink on what you think is a legitimate link. The link redirects you to another page somewhere else in the world where an exploit kit or malware is dropped into your machine and places the dropper file. The CEO has just reached stage five of the kill chain in less than a minute. The dropper file performs a scan with a temp Internet file and then the CEO’s information is collected. From there it calls home to a command and control centre and it’s at this stage where the data theft is processed.

Two quick hits before I go: GoDaddy is growing its Canadian operations and has hired former Microsoft Canada executive Jill Schoolenberg. Schoolenberg will be in the newly created position of Vice President of Canada for GoDaddy and she will be responsible for expansion across Canada.

And, Dimension Data Canada has appointed Mike Hodder to the role of Area Sales Director to be based in Calgary.

2 Comments

  1. Hollywood has never learned. Few high tech movies have ever got it right. You can tell they don’t know what they are doing when they use something like 354.543.0.255 as an IP address.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment