Probably everybody with a background in computer science has already seen a hollywood blockbuster or read a critically acclaimed book which alluded IT-security. It is a popular topic which allows to play with the expectations and fears of the audience. Government agencies are hacked within seconds, security failures happen everywhere, destructive malware infects machines on a global scale and nobody is safe if you are a master hacker. At least this is the general picture that different authors paint in their scenarios.
\n<\/p>\n
If you are a bit familiar with the context of computer science and IT-security you often find yourself smiling at these mostly catastrophic stories and the lacking background knowledge of the people in charge. Of course this is not exclusively a problem of IT-security, the same probably goes for archeologists that watch Jurassic Park. In the context of the module IT-Security we wanted to pursue our enthusiasm for fiction and investigate if there actually are authors that get the details right and might even portrayed a scenario which happened in reality.<\/p>\n
As we are highly competent graduate students and have a somewhat scientific claim, we had two initial guiding questions for our research which we wanted to examine in reference to different books and movies.<\/p>\n
1) How similar are fiction and reality regarding IT-Security?<\/p>\n
2) Can fiction raise awareness regarding IT-Security?<\/p>\n
We looked at the concrete IT-security threat described in the book or movie and discussed whether we think it was realistic and if so, if there was a similar scenario in reality. We also evaluated questions that ensued from the scenario.<\/p>\n
After going through every scenario we noticed certain topics that repeatedly came up, which lead us to believe that these topic currently need most evaluation in society in general. The central topics we identified in fiction are: Surveillance, Hacktivism and Cyberwar. Surveillance is a widely discussed topic since whistleblower Edward Snowden uncovered the mode of operation of the NSA. The topic of Hacktivism is about a single person or a group of highly skilled hackers using their skills for good or bad. And fiction in the area of Cyberwar describes cyber attacks initiated by terrorists or governments, which target critical infrastructure, for example power plants. These attacks lead to the collapse of cities, regions or whole countries. In the following we will present the scenarios we looked at and sum up our results.<\/p>\n
Evaluation<\/b><\/p>\n
For the area of Surveillance<\/i> we evaluated the books ZERO by Marc Elsberg from 2014 and Digital Fortress by Dan Brown, which was published in 1996. ZERO follows a journalist as she uncovers the truth behind a malicious social network that promises its users a better life in exchange for all their data. In Digital Fortress the NSA that usually has it\u2019s eyes on everyone else\u2019s secrets, is attacked itself by an algorithm that threatens to reveal their critical observation results to hackers all around the world.<\/p>\n
In our opinion the scenarios presented in these books are very realistic as the NSA-affair and Wikileaks show. Also services like Facebook, Google and Amazon track, analyse and profile their users on a daily basis in order to monetize their information through advertisements. With the future adoption of technologies like smart glasses, smart wearables and ubiquitous computing the privacy of data will become an even bigger concern.<\/p>\n
As an example for the topic of Hacktivism<\/i> in fiction we examined the movie Who am I by Baran bo Odar from 2014. It follows a group of hackers in Germany which seek recognition by the public and compete with other hackers. Although the movie exaggerates with a few stereotypes regarding the lonely and socially awkward hacker, it gets the gist right when it comes to organised groups who pursue illegal activities in the internet just because they can. Hacktivism is a global phenomenon as the collective Anonymous or other groups show. They attack governments or organisations which, as they see it, violate their morals and they seek attention from the public. Another example would be the Arab Spring, where individuals formed a huge community and started protests all organised through social networking services.<\/p>\n
As to the topic of Cyberwar, <\/i>we looked at War Games from John Bradham (1983), Hackers by Ian Softly (1995<\/i>), Blackout by Marc Elsberg (2013), #pwned by Holger Junker (2015) and Cyber Storm by Matthew Maher (2013).All these books have in common that the critical infrastructure of companies or states is targeted by individuals, hacker groups or other governments. They emphasize the dependence of modern society to technology and show how vulnerable we really are, especially when it comes to the security of Supervisory Control and Data Acquisition (SCADA) Systems. These scenarios seem exaggerated, but during our research we found similar real incidents of governments or groups using technology as a modern way of warfare. The Iranian nuclear program was sabotaged by a malware called Stuxnet<\/a> in 2010, which caused turbines to spin out of control. Experts assume Stuxnet was created by American and Israeli specialists, although neither governments have confirmed this openly. Big banks<\/a> and companies are attacked daily. In 2015 there was an attack on the power grid of the western Ukraine<\/a>, which led to power outages. It would be naive to believe that governmental defense experts have not evaluated and played through how to digitally attack certain countries. So in our opinion these scenarios hit very close to home and in the future cyber warfare will become even more unexceptional.<\/p>\n Conclusion<\/b><\/p>\n