Fact Checking Cyber Espionage Tactics in the Jason Bourne Movie (Spoilers)

Fact-Checking-Cyber-Espionage-Tactics

It would be an understatement to say the new movie Jason Bourne has gone hi-tech with its central theme of cyber warfare, espionage and surveillance. The movie storyline is set in motion because of a high-profile data breach at the Central Intelligence Agency (CIA).

Bear with me, a self-identified security nerd, as I walk through a few of the situations presented in the movie and examine the reality of the security scenarios.

SITUATION ONE: In the very first scene, ex-CIA analyst Nicky Parsons enters a hacker’s dome in Reykjavik, Iceland. She is collaborating remotely with hacker Christian Daasault – think Edward Snowden and Julian Assange. Nicky quickly infiltrates the CIA database to access top-secret files using the equipment available in the dome. The tactics, techniques and procedures (TTPs) mentioned in the scene are:

  • Use SQL to corrupt the databases
  • Hackers are using backdoor to exfiltrate files

Reality Check: Accurate!

Backdoor exploit kits are used to gain unauthorized remote access to computer systems. SQL Injection attacks are commonly used to gain access to databases using data-driven applications. Although the scene does not show exactly how Nicky steals the Black Ops files, it is possible that hackers using TTPs which include SQL Injection attack and Backdoor exploits can steal your data.

Advice: Web application security and real-time database activity monitoring will help mitigate data breaches due to SQL injections and backdoor exploit kits.

SITUATION TWO: Heather Lee, newly appointed Head of Cyber Security Operations, is alerted of an intrusion and immediately jumps into incident response mode. Lee and her team locate the source of intrusion and cut the power off at the hacker dome.

Reality Check: Accurate!

Lee getting notified about a data breach in real-time is very accurate. Hackers have many TTPs to get inside a network. However, savvy security experts like Lee would classify their sensitive databases and put defenses in place where they will get immediate notification in case those databases are accessed for legitimate or illegitimate reasons.

Advice: Discover all of your sensitive databases and continuously monitor user activity. Data breaches can be completely prevented with a database firewall in place which would prevent the exfiltration.

SITUATION THREE: Although she was unable to stop the data exfiltration in time, Lee identifies the location and the device being used and embeds a tracking code (malware) within the exfiltration.

Reality Check: Accurate!

Lee identified the perpetrator using a database of known devices that have been used in suspicious activity. Embedding malicious code within the exfiltration is very easy as the file transfer is already taking place.

Advice: Enterprises should deploy defenses that can block any known suspicious device from accessing their applications or infrastructure.

SITUATION FOUR: Bourne meets Christian Dassault in Berlin to access files that Nicky passes on to him. Christian decrypts the USB drive for Bourne, but Lee gets a notification from the embedded tracking code. Accessing a mobile phone in the vicinity, Lee hacks into an air gapped or firewalled computer that Bourne was using to delete the Black Ops files.

Reality Check: Not so much!

Gaining access to the mobile phone is a possibility, but hacking into what seemed to be an air gap computer from a mobile phone is far fetched. The scene shows Lee bypassing three firewalls to see Bourne’s activity. While it may be possible to bypass firewalls, it is not possible to get complete remote access control from a mobile phone in a few minutes.

Advice: Do not connect to the Internet using open Wi-Fi networks. Also turn off Bluetooth in public arenas such as the Black Hat conference.

Jason Bourne is a fast paced movie that highlights the importance of cyber security drawing parallels from real-life events.

  • The final scenes are set at a security conference called ExoCon in Las Vegas comparable to BlackHat/DefCon in Las Vegas that happened last week
  • A social media company called Deep Dream draws parallels to Facebook and Mark Zuckerberg’s confusing stance on data privacy
  • The importance of Lee’s character as the head of cyber operations within agencies such as the CIA

Jason Bourne brings cyber security and the ripple effects of a data breach into the limelight in a big way.

Want to know how other shows rate in regards to their cyber security depictions? Visit our blog, “Fact checking Mr. Robot: Reality vs. fiction on TV’s cyber security hit.”