TV / Movies and security
I’ll be the first one that says TV shows and movies are hardly based on reality. But when they screw up something that is near and dear to me, I get very upset.Â
For instance, I was in the Army and Army National Guard for over 7 years. Though I was never a career soldier, I still took it seriously, and I still do today. Maybe too seriously. I get very upset when I see a TV show or a movie that screws up things like rank insignia (Army sergeant rank on upside down in some sitcom I watched) or basic military rules (you do NOT salute indoors unless you are reporting to an officer – that mistake is in too many military movies).
This feeling also bleeds over big time into my chosen profession of information security.  There is a new show on NBC called Kidnapped that I have been watching and enjoying for the last few weeks. Basically, it is about a rich family’s son getting kidnapped and the family trying to get him back. There are all kinds of twists and turns in the plot. The dad used to be into some bad stuff, so it seems to revolve around someone getting back at him or trying to get some stuff from him.Â
Anyway, last week the family’s hired gun (ex-military, police dude, etc.) gets asked by the FBI for help. They want him to apply for a job with a civilian-run military company (basically, mercenaries) that supposedly has info on some people they think are involved in the kidnapping. The guy goes through some weird psych-interview, then he is placed in front on some computer by himself that has a program running with pictures flashing. The guy looks around, then easily opens some access panel to the PC and inserts a “remote control” device in some very conveniently-placed access port. Of course, I am thinking, “where are the cameras that should be watching this guy?”Â
Then, as the agent outside in the FBI van (real unique, right?) takes over the running of the program, he runs down the hall, guided by the blue prints of the inside of the building (which that type of compnay probably just publishes on the Internet) and strolls into the server room with no challenge and no lock on any door that I can see. There are racks of servers, switches, etc.  Then he sticks another device in the “mainframe”, and away they go.Â
He does get caught, but it was only because another agent ran in the building and called a security alert in a ploy to get the main bad guy to start erasing sensitive files. They capture the screens (with all pertinent information on the first screen – nice, huh?), thus saving them the effort of searching through records.
Yea, ok, right. I know it probably shouldn’t bother me, but that just pisses me off. At least TRY to make it somewhat real.  I think even a layperson without security experience would probably be thinking, “where’s the security here?”
Sheesh.
Vet
