Blackhat, directed by Michael Mann (Heat, The Last of the Mohicans) is a digital whodunit about a pair of cyberattacks and the duo of unlikely bedfellows — a captain in the People’s Liberation Army and a convicted felon — tasked with tracking the villains perpetrating the attacks before they strike again.
We begin inside a nuclear power plant control room looking over the shoulder of the employee responsible for monitoring the plant core’s temperature. We watch his display, where a needle bobs over the green end of a temperature gauge, while in the background we see a large pool of water, churning to cool the plant’s reactor.
As is the trope of hacker-film, the camera dives inside the computer display and runs through an Ethernet cable into the server where the camera looks down on a circuit-board, eventually magnifying to the point where individual packets of data zoom to and fro.
— Blackhat (@blackhatmovie) January 16, 2015
We pop out of this cyber jungle in an expectedly dim-lit and disheveled room, with wood paneling and oriental screen-work like a dirty, but ultimately authentic and delicious, looking Chinese food restaurant. A hand hovers above a keyboard menacingly. It drops on the enter key, and we follow a deluge of packets as they speed back toward the doomed plant. The scene cuts out of the networks and moves underwater, where the pump pushing water to cool the nuclear reactor core speeds up and inevitably breaks. Then, of course, the power plant explodes.
In a second, less dramatic hacking sequence that deploys the same cameras-in-the-network effect, we watch as the price of soy skyrockets on the New York Stock Exchange. Spoiler alert: the bad guys sell high on soy to bankroll their next attack. In the end, it turns out that the power plant attack was merely practice for the ultimate attack: a test of the bad guy’s malware to see if it would actually destroy the programmable logic controllers used in same brand of pumps but deployed at another facility. I had to wonder: if you can just steal $75m from the NYSE, then why not buy the water pump and test the malware quietly in a lab? Better yet, why not rob the NYSE blind and call it a day? After all the bad guys’ motivation was, as always, money.
#Security reporter @TheBrianDonohue reviews #Blackhat the movieTweet
Enter Chen Daiwai (Leehom Wang), a captain and fast-rising cyber-defense expert in the PLA. In one scene he’s pleading with his superiors to tap into the FBI’s expertise to track those who perpetrated the attacks; in the next, he’s highlighting green code on a black computer screen and hurrying off to consult with his little sister (Wei Tang), an attractive network architect whose role in the movie is single-mindedly and flatly as the love-interest.
As Dawai “liaises” in poorly-conceived dialogue with FBI agent Carol Barrett (Viola Davis), it becomes clear that he recognizes the remote access tool (RAT) used to establish a backdoor into the now-destroyed power plant. It is through that RAT that a piece of malware travels to both spoof the reactor core’s health dashboards and spin the pump to its early death.
But who wrote the remote access tool, you ask? Who else but our reluctant, unfortunately incarcerated and inexplicably talented hero, Nick Hathaway (Chris Hemsworth), along with a little help from his former M.I.T roommate, Dawai.
It’s a played-out plot we’ve all traversed a thousand times: young successful supporting character needs help from a washed up but talented old friend. For me, the story here is more or less stilted by its refreshing, albeit relative technological believability, even if they mostly plagiarized from the Stuxnet saga and snuck one or two cop-outs in to force the plot forward.
Hathaway’s mettle is proven in a scene where the guards rough him up after finding a mobile phone in his cell that he had apparently used to hack into the prison commissary system and replenish the funds of all his jail-yard friends. Of course, the Department of Justice offer Hathaway a temporary furlough if he’ll help them track down the bad guys.
— Gizmodo (@Gizmodo) January 16, 2015
Post-M.I.T-Hathaway had been forced into a life of cybercrime by a tarnished criminal record and is now serving 14 years for stealing millions (only from the banks, our little Robin Hood archetype points out). Does he take the furlough? Of course not! Ever the predictably savvy negotiator and high stakes gambler, he demands a full pardon should he locate this villainous hacker or group thereof.
Blackhat won’t win any awards for acting or anything else, unless, perhaps, there is an Oscar for technical advisers. They talk PLCs, carding, GPG 512-bit encryption, malware and RATs as you’ve already read, they walk-through an overly complicated money-muling scenario, and the Bourne Shell, roots and kernels even pop in for brief cameos.
— Kaspersky Lab (@kaspersky) July 22, 2014
However, like nearly all hacker movies, the story loses all credibility the second that our down-on-his-luck computer scientist starts firing a pistol one-handed like a Hollywood gunslinger.
The movie also deploys a bit of ‘deus ex machina’ when the protagonists’ collective trails run cold. Hathaway hacks the NSA (via a phishing attack that might not fool my mother-in-law) in order to remotely access their super computer software, which Hathaway and the DoJ then use to reconstruct several revelatory lines of code that would almost certainly have been destroyed in any nuclear meltdown worth its salt.
— PCMag (@PCMag) January 16, 2015
Was it a great movie? Good heavens, no. Was it even a good movie? Probably not. But it was an entertaining movie where the story more or less worked. They did an excellent job taking incredibly complicated security topics and presenting them concisely and in a way that anyone can understand.
At two hours and 13 minutes, Blackhat was about 43 minutes longer than any cyber-thriller should be. It’s the sort of movie I would not pay to watch again. However, I would watch it again if it turned up on TNT as I was flipping through the channels on a lazy Saturday afternoon (like that time I watched Eagle Eye). For that reason, I am giving Blackhat three out of a possible seven hatchets (because hatchets are for hacking things).