The Girl with the Dragon Tattoo is a Hacker?

The Girl with the Dragon Tattoo, has sparked even more talk because of the heroine is a hacker named Lisbeth Salander.
Lisbeth works as an investigator from her laptop computer. She gains all kinds of access, and complete control in some cases, to the contents of anyone’s computer and uses information from emails, documents, bank statements, and even Internet web browsing history, to help her case and even to loot bank accounts.

I sat down with Robert Marshall, to talk about computer security, hacking, and just how realistic the film portrays the real life vulnerabilities of us all.

(Spoiler alert: aspects of the story will be revealed)

Rob: What’s interesting about this hacker, is that she used several techniques to get information she wanted, some without a computer. Once, she used a pirate copy of a card key to break into an office.

Ken: Yes, that could happen. ATM debit/credit and other magnetic stripped credit cards are vulnerable to be copied, but proximity cards that use RFID (radio frequency identification), like Easy Pass are much harder to clone, but not impossible.

Rob: OK, here’s an old one – she found a computer password on a piece of paper hidden underneath the blotter on a guy’s desk and used it to retrieve confidential documents. Do people still really do that!

Ken: Sure, People write and store passwords everywhere, under keyboads, on sticky notes, even stuck on their computer monitor. Over a third of the security breaches in the US are caused by some sort of human error.

Rob: But who can remember all those complex passwords you and other experts recommend and say is absolutley necessary just to be safe? Also, this never use the same password twice movement means we need a different password for every online account.

Ken: I definitely, understand because I have to keep over 100 passwords as many other IT folks do. That’s why I use a password manager SplashID but there are other good ones like 1Password, LastPass and EasyPass. Some are free. You only need to remember one master password and you are good to go.

Rob: My web browser offers to remember the passwords for websites I access, is that a good thing?

Ken: It’s a step in the right direction but I do not recommend browser based password storage as yet. Stick with a good password manager that encrypts everything. That will best keep hackers like Lisbeth out of your life.

Rob: In another scene, Lisbeth is hangs around the entrance to an apartment building and looks over a lady’s shoulder and to see the numbers to the combination she punches to get in.

Ken: I’m surprised she just didn’t go in with the lady, I’ve seen many people hold the door from someone who entered an access key. They used to call it shoulder surfing, people would look over the shoulder of someone typing in a password on their keyboard or even at an ATM machine. Sometimes, just watching the way your finger move is enough. I suggest, asking someone to back up, or turn around or just covering the keyboard if someone is really too close. Today it’s considered pretty rude and a violation of one’s personal space to be that close while someone is typing sensitive information.

Rob: In the movie a car ran over Lisbeth’s laptop. She was angry, but all her files were backed up so it wasn’t a disaster. She decided to buy an Apple PowerBook. What do you think about that?

That’s a good choice, many hackers don’t use windows operating system and prefer Unix/Linux. Apple computers use a Unix based operating system, so it’s not that hard to believe. What’s good is she keeps her files backed up and that’s a lesson everyone should learn. Hardware failure is the most common cause of data loss. You can always replace hardware, but some files are not replaceable. Imagine if your valuable photos, music and financial records are lost, it can be devastating. I recommend at least picking two methods of backup and don’t consider one a backup folder on your computer. Learn to burn files onto a CD/DVD and get an external drive or backup service.

Rob: Lisbeth hacks a bad guy’s private information, and finds out that he has millions in a secret offshore account.

Ken: Banks are pretty much aware of hacking and make things pretty tough for this to happen. Some banks use more than just a password to a access an account. I don’t have offsore accounts but even here in the USA banks take alot of security measures to keep you safe. However, I would use a password manager and a strong password to be sure you aren’t an easy victim.

Rob: Finally, Lisbeth gets something called a “cuff” that she uses hack a bad guy’s computer and make a copy of his hard-drive on a separate server, she studied his information and then took control of his computer to steal millions from him. What do you know anything about this device?

Ken: I suspect this is a little movie magic, although there are ways to accomplish cloning someone’s hard drive to a server the “cuff” as they call it doesn’t really exist. But if a hacker gets physical access to your computer you can consider your information compromised. Here’s a possible scenario, a hacker could boot your network connected computer from a special CD/DVD which would do a copy of your hard drive to their server on the Internet, to save time they would probably only copy the data and other important settings like password files. The only protection from this is to have the entire hard drive encrypted, forcing the hacker to spend hours copying your information and days to weeks trying to decrypt it. Even still if she did access his account I doubt she be able to transfer millions of dollars unchallenged by any decent bank, my bank will challenge you making a small purchase out of state.

Although I was not very interested in the film initially, after talking with Rob I will probably check it out.