Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9. Hear from executives from Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.
When the movie Sneakers premiered in September 1992, the world was on the cusp of a massive shift. One that would move us from the analog era of landlines and field trips to the digital era of the internet and cryptography we all know today.
In case it has been a little bit since you last watched Sneakers, or if you’ve never seen it, the film follows Robert Redford’s Martin Bishop, a former hacker leading a team of “sneakers,” experts in hacking and social engineering (akin to the “red teams” we know today) who are paid to test the security of large organizations. On a seemingly routine job, Bishop and his team uncover a black box that can decode any encryption system and a plot being carried out by Bishop’s former hacking partner Cosmo that has grave consequences.
It’s easy for films focused on technology and cybersecurity to feel dated, especially with references to phone “phreakers” and jokes about primitive internet dating. But while revisiting Sneakers on the occasion of its recent 30th anniversary, I was struck by just how much it got right about the world of cybersecurity and technology, how much that still rings true today and feels quite prescient. There are the sophistication of the social engineering attacks being carried out, the fears about the potential of decryption performed by the black box that drives the film’s plot, and the prediction of a world controlled by data and information, for example. With that in mind, let’s dig a bit deeper into how the film converses with each of these topics.
Engineering trust
One of the standout elements of the film for me was the reliance on social engineering — entirely analog social engineering.
Event
Low-Code/No-Code Summit
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
An early sequence shows how Bishop’s team carries out this social engineering to infiltrate a bank. Each member receives a specific assignment, which together result in remarkably successful attacks: surveilling unprepared security guards, gaming fire alarms to avoid detection, and impersonating someone from the alarm company to act as further cover. Similar social engineering happens later in the film where Bishop orchestrates a chaotic situation to trick a security guard into letting him into an office building, where he breaks into a target’s office. The finest example, of course, was the meticulously planned effort to steal Werner Brandes’ “voice passport.” Sophisticated social engineering requires significant preparatory and investigative work.
Seeing the social engineering on display here in Sneakers drives home for me just how prevalent social engineering is in our hyperconnected world, but how it’s now less visible because technology has replaced excursions. These tactics, about the ways people impersonate trusted figures or websites to try and steal your information in innocuous ways for unsavory means, are the sorts of things that are now part of any good security awareness training. But now, in addition to being aware of social engineering in the physical world, we’re just as focused on how we conduct ourselves in the digital world.
Decrypting the future
Beyond the displays of superhuman social engineering, I was also fascinated by how the black box that drives the film’s plot handles the idea of encryption and decryption.
When we see the black box in action in the film, the team is able to access a Federal Reserve transfer node, the emergency shutdown control for the New England power distribution grid, and the air traffic control system by connecting the box to decipher an encrypted screen. That’s not how systems, as we understand them today, actually work though. Normally there’s a login page that you have to go through and enter credentials.
But what’s worth noting, in a world where the internet has not gained popularity yet, is that it’s plausible to discover an encrypted terminal hooked up to a phone line through a modem. Decrypting the console could actually give you access without a user ID or password. It shows a different way of thinking about what being on a network means, in this case being able to find a modem and make sense of what the encrypted session might be.
To take that a step further, though: The black box also represents what is becoming a worrisome concern in cybersecurity. Janek’s little black box races through computations in seconds that would’ve taken the world’s most powerful supercomputer at the time (one of which stands in Cosmo’s office) millions of years to perform. While some of that may be a bit of movie magic, the black box works as a potent distillation of the monumental potential threat posed by future technologies that render today’s cryptography entirely useless.
A world ruled by zeroes and ones
And as we think about the future, I was also struck by a conversation near the end of the film between Bishop and the film’s antagonist Cosmo. Talking about the black box, Cosmo asks, “Don’t you know the places we could go with this?” To which Martin replies, “Yeah, I do. There’s nobody there.”
Martin still lives in the analog world, and perhaps had lost touch with his former view of the future. Cosmo, for all of his flaws, is clearly able to see the potential of this digital future, further noting, “Exactly. The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeroes, little bits of data. It’s all just electrons.”
This scene loomed large in my mind, in just how prescient Cosmo’s thinking was 30 years ago. He goes on to say, “There’s a war out there, old friend. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think.” This is exactly the way conversations about data and information have evolved over the past three decades. As traditional perimeters dissolve, finding ways to protect data anywhere and everywhere it goes has become a top priority for every organization. It’s made all the more chilling when you consider that this wisdom is coming from the film’s antagonist, whose motives are far less pure than finding a way to keep people safe in this burgeoning digital world.
In fact, Cosmo sees potential for the black box to “crash the whole damn system,” anticipating a world where connectivity is not only ubiquitous, but rife for abuse. The kind of attack on integrity and malicious modification of data that Cosmo suggests actually suggests some of the most modern forms of attack, and the most difficult to perform, even now — far from the kind of thing attackers in 1992 could have even dreamed of being able to execute.
Whether intentional or not, Sneakers’ impression of the digital future struck me as surprisingly forward-thinking, despite its analog interpretation. Revisiting it 30 years on, I am amazed by how much of this still feels relevant to the ways we evaluate threats, design networks and thwart attackers in the hyperconnected world of cybersecurity and technology we inhabit today.
Steve Riley is field CTO at Netskope.
DataDecisionMakers
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!
