It takes a lot to make five cybersecurity experts scream in agony simultaneously, but Skyfall pulled it off.
In 2012, Brian Higgins sat down to watch the then-new James Bond film with a few recent standouts from a UK cybersecurity challenge, a government-sponsored effort to find emerging IT talent.
During a scene where “Q,” UK spy agency MI6’s tech pro (played by Ben Whishaw), plugs a questionable laptop captured from cybervillain Raoul Silva (Javier Bardem) into the agency’s network, Higgins and his movie mates groaned in disbelief.
“It’s absolute nonsense,” Higgins, now a security specialist at Comparitech, told us. “He just plugs it straight into the flipping—to his laptop, which is obviously linked to the MI6 network, the mainframe, etcetera, and bang, he basically knackers everyone for the rest of the whole film.”
The compromised laptop triggers doors throughout the facility to open, allowing the imprisoned Silva to escape.
“He hacked us!” Q cries. Not quite, according to Higgins, who couldn’t believe what he was seeing.
“It’s dark. Everyone’s watching this brilliant spy film, and suddenly five people in the middle just go, ‘Oh, for God’s sake!’”
Earlier in the movie, Q says to Bond, “I can do more damage on my laptop sitting in my pajamas before my first cup of Earl Grey than you can do in a year in the field.”
“If you’re that stupid, and you’re going to plug Mr. Silva’s laptop into the MI6 mainframe with an Ethernet cable without even checking it first, yeah, you’re going to do a lot of damage while you’re having your flipping cornflakes,” Higgins said. “Honestly, it was just completely ridiculous, and we were incensed by the stupidity.”
We talked with Higgins about the missing security controls in the movie—like basic digital forensics tools—along with the other elements that felt off…way off.
The internet’s down. When Higgins was working in the UK’s Financial Intelligence Unit around 2009, he said, desktop computers lacked an internet connection—both for security purposes and to provide only the bare minimum capabilities for the job role.
“We had one terminal for 200 people,” he said, “and that was the internet terminal.”
While physically isolated and unconnected—or air-gapped—computers offer some safety from hacks and other nefarious activity, plugging in a device such as a compromised USB stick can still lead to network chaos. The centrifuge-disabling computer worm Stuxnet, for example, reportedly infiltrated an air-gapped environment via USB.
How to not Q it up. According to Higgins, any responsible IT pro trying to investigate a potentially nasty laptop would need to:
- Not touch the original device. Use forensic tooling to take a mirror image of a drive or registry.
- Put the forensic image into a sandbox—a virtual environment that won’t allow code execution.
- Use endpoint security software tools.
- Have backups ready that can restore to known healthy points.
- And, of course, make sure it’s not connected to a network.
Scene it all. Other parts of the movie stand out to Higgins as far-fetched.
- Off derails. Q’s plug-in pandemonium leads to a cascade of problems: Silva escapes, dresses as a police officer, then leads Bond to an underground tunnel, where an explosion causes a train to fall through the ceiling, almost precisely onto the super-agent. That couldn’t happen—digitally at least. Trains “don’t come off the track anyway ever. So, I don’t know how he managed that,” Higgins said. “That wasn’t any kind of digital intervention getting a tube train to come off its tracks.”
- The best-laid plans. Silva’s chain of events requires lots of preparation, and lots to go right. “He couldn’t have predicted he’d be in that particular tunnel at that particular point where his invisible tech backup were able to crash a tube train right on top of James Bond’s head,” Higgins said.
- Help desk. And where’s his IT team? Higgins says Silva would need some backup, especially while he’s busy running around the subway as a police officer. “You never see him with a team of, you know, SOC analysts or anyone like that, as his backup. He’s got lots of henchmen to shoot you.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Higgins is a huge fan of the Bond movies, which have spent decades featuring futuristic, semi-realistic tech, including an underwater car. But Q exploring a laptop in an unsafe way felt like a step back to Higgins’s crew: “With Skyfall, they went a bit daft with faking up a hack that wasn’t a hack.”