Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Impress Your Friends While Watching "Untraceable"

Posted by kdawson on Sunday January 27, @03:35PM
from the did-she-really-say-short-ttl dept.
Movies
Frequent Slashdot contributor Bennett Haselton writes in today with a nerd-oriented review of "Untraceable," which opened in theaters last Friday. Read on for Bennett's take on what the movie gets right — a surprising amount as these movies usually go — but be warned, his review contains spoilers.


I went into the theater planning to come out with notes for an article like "Everything that 'Untraceable' gets wrong" (feeling pessimistic after "Swordfish" and "Firewall"), but it actually doesn't do that bad. Oh, it gets stuff wrong -- I don't think the FBI can "blackhole" an IP address by clicking a button -- but the errors are for dramatic license, not technical howlers, and the plot holes fall more in the category of things that could have been accomplished more easily some other way. In fact the dialog goes out of its way in several spots to make sure we know they know what they're talking about; screenwriters can't win with these movies, because they'll get grief for getting too much stuff wrong, but if they explain things correctly, it breaks the reality when we can feel the writers telegraphing their knowledge to the geeks in the audience. But it is mostly accurate, and the movie throws you just enough softballs for you to impress your movie-mates as well as the patrons two rows in front and back of you.

The movie takes its first stab at geek realism right at the top, when Diane Lane tells Colin Hanks that his Internet date is never going to see him again because she's more attractive in person than he is. (So far, the only thing wrong with this is that Colin Hanks has exactly the kind of adorable-nerd face that appeals to girls who like to think they don't care about looks.) Then Diane Lane explains how she's ensnaring the cyber-criminal on her screen, in a set piece that has nothing to do with the rest of the plot, like the pre-title action sequence in a Bond movie. First, in a horde of pop-ups covers her monitor, and a site tries to entice her into downloading and running a program that contains a trojan horse. She runs the trojan horse on a virtual machine, where she watches it steal a file full of passwords and financial records, but she inserts her own trojan into the data that's uploaded back to the criminal's computer. In a few moments they find the user's IP address and realize that it must be a neighbor stealing that person's wireless service.

Batter up! I think that an FBI cyber crime expert would have a pop-up blocker installed, but moving on. If a criminal wanted to gain access to your machine to steal your financial records, tricking you into downloading and installing a trojan horse as part of another program, is probably exactly how they'd do it. (However, a trojan wouldn't automatically and instantly find a file full of passwords, even if she did named it "passwords.txt" as bait.) The biggest slip is that if you upload a trojan horse back to someone who was downloading data from your machine, there's still no way to force the remote criminal's computer to run it, as happens in the movie. And a criminal that smart would probably be running the operation from the compromised PC of someone in another city, not stealing a neighbor's wireless access. (In any case, while having the criminal's IP address would allow you to go to someone's ISP and ask them to turn over the records of where that person lived, the characters should not have been able to narrow an IP address down to a person's house without that extra step.) Also, if I heard right, the FBI figures out who the guilty neighbor is even though he has no priors, based on the fact that he has two registered handguns. That will offend a certain portion of the audience, so viewers of "27 Dresses" in some cinemas may hear angry gunfire coming from the next theater.

However, most of these errors were probably necessary to show what the main character does in as short a time as possible and to end the set piece with the villain actually getting caught, so this is probably the best the movie could have done. Don't point that out to your date, of course, since she'll be more impressed by knowledgeable sneering, especially if everyone in the seats around you can hear what a smart guy she's with.

Then the main villain's site is introduced, and the movie has to handle the question of how a site with its own top-level domain like KillWithMe.com would be able to remain online despite showing real-time streaming video of a murder victim being killed. (The hook in the movie is that the more people visit the site, the faster some automated murder contraption kills the victim.) Diane Lane explains how, in a virtuoso sentence designed to silence the nerds who would otherwise say afterwards that there's no way that could ever happen. You'll know the line; it's the one right before her boss says, "I didn't understand anything you said; something about 'Russia'?" Apparently the domain is registered in Russia, and the DNS servers use a low TTL (yes, Diane Lane actually says "low TTL" -- sexy!) to switch the hostname between thousands of different IP addresses, each belonging to some compromised machine.

If you had to come up with a way to do this in a film, and if you assumed that Russian authorities could not be persuaded to go after the domain registrar (something nobody tries in the movie), this would probably be the simplest way that was semi-plausible. You need the site to resolve to thousands of possible IP addresses so that it can't be made to disappear by simply taking one machine offline. The way the movie demonstrates this, though, is for Diane Lane to make one of the site's many IP addresses go dark by clicking a button on her screen and causing it to be blackholed, before the hostname switches to the next IP. The only people who can actually do this in real life are backbone operators with an axe to grind, not the FBI (something the movie actually acknowledges with a passing reference to Net Neutrality legislation!). Ah, but here's where you can knock one out of the park: If you assume, as the movie does, that the FBI has the ability to blackhole individual IP addresses, then they could shut the site down not by blocking the site's IP addresses but by blocking the primary and secondary DNS servers for the killwithme.com domain in Russia, so that if people's computers couldn't communicate with the DNS servers, they'd have no way of resolving the hostname.

By now, the surrounding theatergoers should be threatening to jam your USB thumb drive keychain into your nostril, but you're not done yet. At one point a character targets an IP address beginning with "10.*", and everybody knows those are reserved for intranets, not the public Internet, so you can point out that that's like the 555 prefix for a movie phone number. Later, the heroine finds that a Trojan horse installed on her daughter's machine, has access to all files on all PCs in the house. That could work if (a) the other PCs were set to share out files to other PCs on the same local network, or (b) if the traffic between the other PCs and the wireless router were unencrypted, although it's unlikely the main character would make either of these mistakes.

But you don't want fellow viewers getting the idea you're too Net-savvy; one suspect is later described: "He blogged, he built web sites, he practically lived online," which sets the bar a little low for qualifying as a sociopathic online loner.

With regard to the non-Internet technical details, I have no idea if OnStar can actually help you get through a traffic jam the way they do in this movie, but I'm sure they paid a lot of money to have it appear that they could (although maybe they got a discount since the movie later shows the villain hacking into Diane Lane's car's system, during which the brand name "OnStar" is definitely not mentioned). Speaking of product placement, several in the audience snickered when the movie twice showed the heroine conspicuously logging into the Windows Live interface. But Microsoft may have gotten an even better deal: while the villain's operating system of choice is never mentioned, during closeups of his screen at the end, you can clearly see the word "GNU".

Or maybe it just fits with his overachieving character. After he ties his victims to a bedframe, he likes to elevate it into the path of the camera using a remote-controlled motorized winch evocative of a medieval torture device. Unless I'm mistaken, though, that happens before the site is actually streaming, which means he could have just as easily walked over and lifted up the bedframe. With that kind of fetish for doing simple things the horrendously hard way for no reason, why didn't he just go ahead and wear a "Got Linux?" t-shirt?

Related Stories

[+] Your Rights Online: Yes Virginia, ISPs Have Silently Blocked Web Sites 204 comments
Slashdot contributor Bennett Haselton writes "A recurring theme in editorials about Net Neutrality -- broadly defined as the principle that ISPs may not block or degrade access to sites based on their content or ownership (with exceptions for clearly delineated services like parental controls) -- is that it is a "solution in search of a problem", that ISPs in the free world have never actually blocked legal content on purpose. True, the movement is mostly motivated by statements by some ISPs about what they might do in the future, such as slow down customers' access to sites if the sites haven't paid a fast-lane "toll". But there was also an oft-forgotten episode in 2000 when it was revealed that two backbone providers, AboveNet and TeleGlobe, had been blocking users' access to certain Web sites for over a year -- not due to a configuration error, but by the choice of management within those companies. Maybe I'm biased, since one of the Web sites being blocked was mine. But I think this incident is more relevant than ever now -- not just because it shows that prolonged violations of Net Neutrality can happen, but because some of the people who organized or supported AboveNet's Web filtering, are people in fairly influential positions today, including the head of the Internet Systems Consortium, the head of the IRTF's Anti-Spam Research Group, and the operator of Spamhaus. Which begs the question: If they really believe that backbone companies have the right to silently block Web sites, are some of them headed for a rift with Net Neutrality supporters?" Read on for the rest of his story.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Impress Your Friends While Watching "Untraceable" 25 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Keybindings Beta
Q W E
A S D
Loading ... Please wait.

  • Another way to impress your friends (Score:5, Funny)

    by Anonymous Coward on Sunday January 27, @03:36PM (#22202022)
    Save your money and DON'T WATCH Untraceable. For bonus points joke that they "should've called it Unwatchable."

    Oh no, they're in my wireless network, I've got to go.
  • "If you take sexual advantage of her, you're going to burn in a very special level of Hell. A level they reserve for child molesters and people who talk at the theater."

    'nuff said.

  • Millennium (Score:5, Interesting)

    by BenjiTheGreat98 (707903) on Sunday January 27, @03:55PM (#22202146)
    Did anybody else see this movie the first time it was released when it was an episode of The Millennium several years back? The plot line is exactly the same. Another forum even posted that some of the lines in the movie match up with the episode.

    • Re:Millennium (Score:4, Informative)

      by darkitecture (627408) on Sunday January 27, @05:06PM (#22202656)
      Did anybody else see this movie the first time it was released when it was an episode of The Millennium several years back? The plot line is exactly the same. Another forum even posted that some of the lines in the movie match up with the episode.

      Yeah, I got the same feeling too. The episode you're thinking of was called "The Mikado" - Series 2, Episode 13. I never watched too many episodes of Millennium but I did catch this on tv years ago and found it thoroughly entertaining. Definitely very, very, VERY similar to the premise of Untraceable.

  • I think you mean... (Score:5, Funny)

    by Anonymous Coward on Sunday January 27, @04:01PM (#22202186)

    With that kind of fetish for doing simple things the horrendously hard way for no reason, why didn't he just go ahead and wear a "Got Gentoo?" t-shirt?
    there fixed that for you. Then again he'd spend the entire movie + his whole prison sentence trying to get it installed.

  • Untraceable? Try Unwatchable! (Score:4, Interesting)

    by downix (84795) on Sunday January 27, @04:02PM (#22202188) Homepage
    It is really sad when Matrix Reloaded got hacking more accurate than a movie about hacking!

    these writers should log into IRC sometime and chat with people that know how this stuff works. I could have rewritten portions of this movie to be more plausible as well as more compelling.

    • Re:Untraceable? Try Unwatchable! (Score:5, Insightful)

      by Dun Malg (230075) on Sunday January 27, @07:42PM (#22203608) Homepage

      these writers should log into IRC sometime and chat with people that know how this stuff works. I could have rewritten portions of this movie to be more plausible as well as more compelling.
      Let me let you in on a dirty little secret about script writers: they're mostly idiots. Granted, many are far more literate and intelligent than most people, but those tend to have a really bizarre streak of arrogant self importance that monkey-wrenches their ability to recognize their own fallibility. The works of those very few screenwriters that are diligent in their research don't turn out much better either. Once the script gets into the hands of the director and the producers, it often gets "fixed" so that it "won't be so confusing". Really, it all goes back to the primary problem with the entertainment industry in general: nepotism. There are too many blockhead writers, directors, producers, and general studio executives that got where they are because of who they know and/or who they are related to, rather than any particular display of skill at their craft (JJ Abrams, I am looking in your direction!). By the time a script goes from Final Draft Pro on the writer's iMac to the projector at your local UA GoogolPlex, it's passed through the hands of so many potential cow-eyed idiots that it's a wonder if the film contains any technical sophistication at all. Seriously, if I had a nickel for every time I've heard of (or personally experienced) a studio exec suggesting utterly asinine changes to a script before accepting it, well... I'd have a lot of freakin' nickels! The voiceover in the first release of Blade Runner? Fox execs asking Joss Whedon to make Mal in Firefly "less dark, more cheerful"? It happens all the time. It's sad, really, but because the industry is so intellectually inbred, there's just no place for meritocracy to take hold. How do they react when a movie somehow manages to do well because there were somehow fewer idiots involved? Do they say "we need to get more smart, competent folks in here to make movies"? No! They simply copy it relentlessly, somehow thinking the public is simply "hungry" for that genre, not that we want to see good movies. How many abysmal space movies came out after Star Wars was a hit? How many movies with stupid "twist" endings after The Sixth Sense*? The endless plethora of fantasy dreck following the successes of Lord of the Rings and Harry Potter*? It's a mass of idiots and fools, all patting each other on the back, telling each other how smart they all are. If they weren't smart, they wouldn't be paid so much, right?

      * themselves not particularly good, but they made enough money to induce the cloning process

  • Remote Execution: google more (Score:4, Interesting)

    by Anonymous Coward on Sunday January 27, @04:04PM (#22202204)
    "The biggest slip is that if you upload a trojan horse back to someone who was downloading data from your machine, there's still no way to force the remote criminal's computer to run it, as happens in the movie."

    This is actually how many worms have spread in the past, actually. If you can get files onto a windows box, you can probably execute them remotely (easy mode: you have acquired logon credentials or the box accepts null sessions).

    http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx [microsoft.com]

    • Re:Remote Execution: google more (Score:5, Informative)

      by n0-0p (325773) on Sunday January 27, @04:41PM (#22202498)
      Uh, no. First off, null sessions have never granted the rights necessary to execute a remote shell (unless paired with an exploit). You need admin rights to kick off an exe via the SCM or scheduler. If you have that access already, copying a file is a foregone conclusion because you can just open a share.

      Of course, all of that assumes you have Netbios connectivity... over the Internet. That may have been plausible 5 years ago (probably more more), but someone in between will be blocking it these days. On top of that, current Windows XP and better have a lot more restrictions on Netbios traffic, in particular disabling the default null sessions.

      One final point: This scenario is actually quite reasonable if you assume they're exploiting an application on the attacker's system. There's likely to be exploits against the trojan itself if the binary is available for analysis, or if you can identify exploitable bugs in code shared between the client and server components. There's also the possibility of attacking any services he exposes, or perhaps file parser attacks against whatever he uses to read the content he nabbed. The details of such a counterattack are more complex, but well within the realm of reason.

  • article title missing a set of quotation marks... (Score:5, Funny)

    by majorgoodvibes (1228026) on Sunday January 27, @04:06PM (#22202230)
    ...around "impress"

  • As a public service... (Score:4, Funny)

    by jpellino (202698) on Sunday January 27, @04:25PM (#22202402)
    ... I say the next techno movie plot shows how forwarding insipidly cute emails about kittens doing something pukingly cute causes your head to explode.

  • Talking in a movie? (Score:5, Insightful)

    by glimmy (796729) <nglimsdale&gmail,com> on Sunday January 27, @04:31PM (#22202440) Journal

    Don't point that out to your date, of course, since she'll be more impressed by knowledgeable sneering, especially if everyone in the seats around you can hear what a smart guy she's with.


    I don't know what kind of dates this guy has, but I don't think any date I have had would want me to talk through a movie and nitpick on every little detail.

  • misplaced sarcasm (Score:4, Insightful)

    by circletimessquare (444983) <circletimessquare@gma i l . com> on Sunday January 27, @04:35PM (#22202470) Homepage
    <sarcasm>

    "Don't point that out to your date, of course, since she'll be more impressed by knowledgeable sneering, especially if everyone in the seats around you can hear what a smart guy she's with."

    </sarcasm>

    i know you are being sarcastic, but a sentence like this pretty much explains the social life with a straight face of a good amount of slashdotters here, so your sarcasm might be wasted here, and actually encourage this sort of behavior

  • The Net (Score:4, Funny)

    by Torodung (31985) on Sunday January 27, @05:18PM (#22202744) Journal
    Too bad she didn't have Sandra Bullock on her team to type "UPLOAD VIRUS." ;^)

    --
    Toro

  • "will offend a certain portion of the audience" (Score:4, Insightful)

    by Quila (201335) on Sunday January 27, @05:35PM (#22202844)
    Now why point this to the Michigan Militia? That is insulting.

    Owning a gun isn't just legal, it was encouraged by those who wrote the Constitution, and protected by it. Owning a handgun should provide zero suspicion of any other action. In fact, owning a registered handgun is a sign of a law-abiding citizen, since a criminal would likely not have his handguns registered.

    Either this section is completely bull, or it's a sad but true description of a government that sees legal handgun ownership as a sign of criminal leanings. Unfortunately the latter is more likely.

    • Re:"will offend a certain portion of the audience" (Score:4, Insightful)

      by Scutter (18425) on Sunday January 27, @06:37PM (#22203194) Journal
      Owning a gun isn't just legal, it was encouraged by those who wrote the Constitution, and protected by it. Owning a handgun should provide zero suspicion of any other action.

      You're not the only person who's noticed that Hollywood vilifies gun ownership while at the same time zealously worshiping it.

      Leaving aside the guilt of the person in the movie, this kind of database trolling is exactly why gun registration is a bad thing. Fortunately, my state (and many others) do not require gun registration.

    • Re:Honestly... (Score:5, Informative)

      by eganloo (195345) <eganloo@a[ ]e.net ['nim' in gap]> on Sunday January 27, @04:29PM (#22202430)

      Doesn't sound quite as bad as Independence Day, though. I mean, a PowerBook from 1997 connecting to the Internet on the move?


      Actually, a PowerBook from 1997 could connect to the Internet on the move. Specifically, mine did. Like thousands of others, I was using a http://en.wikipedia.org/wiki/Ricochet_(internet_service) [wikipedia.org] Ricochet wireless modem from a company called Metricom. Independence Day made a point of attaching a Ricochet modem to the onscreen computer. And yes, Ricochet's coverage area did reach into Washington, D.C.,--apparently, Metricom was hoping that Ricochet's benefits would impress the federal regulators. Unfortunately, Metricom went bankrupt in 2001. Now that the more ubiquitous cellular networks have caught up with better speeds (Ricochet had DSL speeds at the end), it's unlikely that Ricochet will be revived. But, yes, PowerBooks could connect to the Internet in 1997.
Check for more | Reply

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.