Recently, I’ve been watching the EC Certified Ethical Hacker 7 series from James Conrad. As he described the tasks an ethical hacker might be hired to do, one thought kept popping into my mind: “Hey, that’s just like Sneakers!”
And now you probably have gotten the sense that I’m not an IT pro, nor a hacker of any kind.
Tagline: "We could tell you what it's about. But then, of course, we'd have to kill you."
But I am a huge fan of Sneakers, an underrated film from the Dark Ages of computing (also known as 1992). If you’re not familiar, the plot begins with two college friends in the ’60s, hacking into bank accounts in the name of social justice. Hacktivists, they would be called today. One of the friends gets arrested; the other gets away and goes underground. Decades later, the guy who got away (Robert Redford) is approached by the NSA. They offer him a deal: Recover a piece of equipment believed to be integral to Russian spy tactics, or they will turn him in to the feds.
In his daily life, Redford’s character runs a security consulting firm. He and his employees do things like set up fake bank accounts to show the bank the flaws in their security systems. Basically, they’re pentesters!
They’re running Black Box tests, meaning they have no prior knowledge of the systems they’re working to break. In the beginning of the film, when they’re doing this at the request of clients as opposed to the orders of a shadowy government agency, they’re acting as ethical hackers: Employing hacking techniques, with permission of the target, in order to identify and fix vulnerabilities. “Sneakers” is actually another word for white hat hackers.
Or as another character puts it, “You break into people’s places, to make sure that no one can break into their places?” Yes. Yes they do.
Once things get hairy with recovering the Russian spy equipment, they employ a variety of hacking methods. For instance, the characters need to get inside a secure facility. First, they find the building’s blueprints from the county assessor’s office (passive recon). Then one person poses as a gardener (or an insider associate) to help them gain physical access to the building. Another seduces an employee of the facility (social engineering) in order to steal an ID card.
It’s kind of amazing that this movie – which came out nearly two decades ago – isn’t completely out of touch with current technology. OK, they use giant computers, and a major plot point revolves around the use of an answering machine, but it’s still impressively relevant, all things considered.
And you don’t have to take my word for it: Sneakers is a favorite film of famed hacker Kevin Mitnick.
Check out James’ Ethical Hacker 7 series yourself – it might give you a whole new appreciation for this ’90s gem.