The cyberpunk indie short film “Reboot” is poised to grab the attention of a lot of hackers, crackers, lurkers, and watchers. The film centers around a hacker chick who wakes up with an iPhone glued to her hand with a coundown clock and scrolling code (which looks to me like Linux loading hardware drivers). It’s a race against time to prepare for “payback”.
Many people in the industry, as well as hobbyists, have noted the detail that was put into the trailer. It’s not coincidence that we see shots of some familiar interfaces. I asked writer/Director Joe Kawasaki some questions specifically from an Infosec point of view. Let’s get straight to the Q&A:
SB – Movies are for entertainment, but sometimes, a dose of reality can grip the audience in a way that pure fiction simply can’t. What steps were taken to bring some reality into Reboot and how big of a priority was that in planning?
JK – “‘Reboot” was definitely inspired and designed around what is occurring around us today with cyberwarfare becoming more and more on the forefront of news. It also stems from our personal interest and fascination with the whole idea of the virtual vs the physical, and how our daily lives continue to shift and change because of technology. Rooting what is ultimately a fun little ride about a girl with an iphone stuck to her hand into something plausible and real was a priority for us, and we did have a code consultant onboard to try (as much as we can within the context of entertainment) to have what tools and code shows up on the screen isn’t just nonsense or arbitrary alphanumerics. We realize this isn’t perfect, but we’d like to believe we did some justice for anyone who codes out there.”
SB – From the trailer, we can see certain commands being used that are actual commands used by security experts in the field. What kind of preparation and research went into working this realism into the script?
JK – “As mentioned above, we did have a code consultant help us with all that, and also our lead web programmer does have background in security, so all of that was there to help us to depict what was happening on the screens with some sense of the real. My biggest fear was (and is) to have real infosec professionals and hackers look at the film and scoff at it. It had to have some kind of place within reality in that sense – even, if to a degree, it may alienate general audiences. There are plenty of references or use of things that most people won’t get at all, but in the end, all that actually doesn’t matter either if you’re just going along with the ride. The core story is ultimately about two groups of folks who do the same thing, but are on opposite sides of the ideology coin.”
SB – In some places of the trailer we can see examples of certain things, such as the creation of a public encryption key, opening shells, metasploit, and running what appears to be Air crack-ng. Obviously, there is some lacking of complete accuracy, but was this intentional or unintentional?
JK - “Intentional that they are real tools that people use? Absolutely
Intentional that they don’t always make sense? Intentional in so much that we had to make a call between what would be die-hard accurate, and what would best serve the pace of the story. Some structural things were discussed early-on and throughout the process where we had to ditch certain steps in what would be “real” for what would keep the story moving along.”
SB – How much of this was meant to give a sense of familiarity to actual hackers and how much of it was specifically to give a bit more realism for people who have no idea what real hacking might actually look like?
JK – “I would say it was a 50/50 balance between those two groups – to both have a sense of familiarity and homage to actual hackers, as well as give a sense of realism for people who have no idea about the culture. The entire elongated introduction in the film is designed for people who have no idea, and was done to set the stage for the rest of the film.”
SB – I noticed that the trailer’s YouTube page states that it will launch with a sneak preview at DEFCON. Is that a direct nod to the hacking community as a means of promoting the film or is it more of perhaps a thanks to the community for helping on the project?
JK – “I think again, it’s a nod for both. We definitely hit a chord within the global infosec/hacker community which resonated far wider and deeper than I ever expected it to go; and a large part of that is because of our intrepid producer, Sidney Sherman, who got it out in front of these communities with his tireless efforts. But we always wanted to pay some respect to the coders out there who we believe are definitely designing this brave new world and making it run the way it does (as well as those who may not like where it’s going and want to tear it down). It’s a very poignant and important struggle in our minds.”
SB – Some of the CLI has such directories as /WINDOWS/ but we don’t see anything such as BackTrack and the interfaces are just black with gray text. Was this in an effort to avoid some kind of possible confrontation with major operating system vendors or was it just a simpler way to simulate the programs without actually hacking?
JK - “Definitely a simpler and cleaner way to simulate the programs for visual ease and audience clarity than anything else. Our consultant actually ran a lot of this stuff on his laptop and recorded the actions for our VFX people, and we then took and worked around the data that way.”
SB - At 1:26 of the trailer, we see someone using what appears to be the Metasploit framework and setting the exploit as “ms05_039_pnp”. This is a plug-and-play exploit that attacks Windows 2000 systems and XP with SP1. Microsoft published a patch that fixed this vulnerability in August of 2005 with the Windowsxp-kb899588-x86-enu patch. Were certain exploits chosen to showcase because they were more or less useless now? Were some people worried about the possible ramifications of showing more modern and functional attacks for fear that someone might try to use them because they saw them in the movie?
JK - “That is something that we would need to address without consultant, who is a very decent human being and probably did not want to explicitly show anything that could be used for attacks, but it is a solid point. We’re all very excited with the input and detailed commentary we’ve received from just the trailer! It’s been a fantastic experience, and informs us of how much further such things on the screen should be worked out for future projects and endeavors in this story arena. Very very exciting stuff, and we’re so pleased that folks are digging into it as they are!”
SB - Were there any notable hackers or security people who assisted with more detailed information on this film, or was all of the research done by people directly involved with the film who have no security experience?
JK – “Not sure how much security experience Umair (our consultant) has (he primarily is a very talented coder for websites and portals – though I have witnessed a couple occasions of ethical hacking on his part to show security holes in some places where you would expect much better), but we did have folks who have or who are working in infosec give us a positive nod on the overall plausibility of the story, and that was a good boost for us.”
SB – Overall, what inspired this particular cyberpunk film and why the decision to bring a bit more reality to the table than previous endeavors?
JK – “I’ve always loved the genre, and grew up with it. The decisions came very early in the writing process because, to us, that (the reality of it) had to weigh big to keep the entire film on keel. It always bugged me to see people in similar films just randomly punch stuff on a computer interface that looked awesome but had no relevance to actual coding parameters, and so it was also to address a personal pet-peeve. That said, I do understand how challenging it is to keep that line throughout an entire film. We had to ditch some things in the process as well because it would have slowed down the overall pace of the story far too much. We just hope there is enough there to keep it at a respectable level.”
My many thanks to Director Joe Kawasaki and Producer Sidney Sherman. To find out more about the movie, you can watch the Reboot Trailer below as well as follow them on Twitter @Reboot_film. There’s lots of great info at their website rebootfilm.com and make sure you check back often for updates. If you think your skills are up to it, you can check out their Alternate Reality Game (ARG) on this webpage and compete with thousands of other hackers for a chance to win exclusive Reboot prizes.