Select your country

Not finding what you are looking for, select your country from our regional selector:

Search

Serial hackers: War Games

For hackers, War Games is a classic. Relatively innovative for its time, it is still very current. Analysis.

When war becomes a game…

First released in 1983, War Games tells the story of David Lightman, a teenager with a passion for computers and video games. While trying to hack into Protovision, the company that publishes his favorite video games, he inadvertently gains access to the WOPR, the U.S. Army’s supercomputer, programmed to predict the potential outcomes of a nuclear war.

When David thinks he is playing a video game, he actually has access to missiles controlled by the army and finds himself triggering a conflict between the USA and the USSR. So the young boy must do everything to prevent the destruction of the planet…

War Games, hacking methods still in use

Scans

The goal of our articles is to analyze the realism of hacking scenes in movies and series. So, to be fair, let’s look at War Games taking into account the technical characteristics of the time.

At the beginning of the film, David begins the hack of what he thinks is Protovision from his home. To do this, he uses a PSTN modem, which automatically dials the telephone numbers of an entire city one by one until it finds the one it is interested in.

It’s called a scan. Although today the technologies are different and target IP networks, the method has remained the same. The goal is to scan an entire network to find a weak point, which will be the gateway and the starting point the hack.

Social engineering

At the beginning of the film, David manages to get expelled from class. He finds himself in front of the office of the school principal’s secretary, a woman who has the unfortunate tendency to write the school’s network password on a piece of paper. The young boy finds it fairly easily and memorizes it so that he can access the student grading software and give himself better grades. This is an attack by social engineering, that is, obtaining information by manipulating one or more people.

Among the techniques of social engineering, there is also identity theft, which is highlighted a little later in the film. Indeed, when David manages to connect, in spite of himself, to the WOPR (the army’s supercomputer), he does so thanks to the existence of a backdoor created by the inventor of the WOPR. As a reminder, a backdoor is a secret access, in this case only known to its inventor. David takes on his identity in order to be able to communicate with the supercomputer. But to do this, he must first find the password.

He then carries out what is called a “brute force attack”, i.e. he tests a number of passwords before finding the right one… without success. The young man then decides to study the life of the creator in detail until he obtains some rather private details, including the name of his son, Joshua. It’s the backdoor password that allows him to take control of the WOPR.

All these methods still exist today. And while one might think that in 2020 very simple passwords are no longer used, they are actually still legion. In fact, this is so widespread that cybercriminals use pre-existing lists, which are regularly updated, to try to hack into any account.

As an illustration, here are the 10 most common passwords in 2022:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. qwerty123
  7. 1q2w3e
  8. 12345678
  9. 111111
  10. 1234567890

Read more about it here.

Also, it is advisable to choose complex passwords or to use password managers, such as Dashlane, Lastpass or Bitwarden for example, as they allow strong passwords to be generated automatically.

War Games, a movie more philosophical than it sounds…

A reflection on the use of AI for military purposes

Although the film celebrates its 37th anniversary this year, it remains very current. War Games opens with a scene featuring two soldiers who are instructed to trigger the launch of a missile (and thus nuclear war). If one of the two soldiers starts the procedure without blinking an eye, his superior, aware of the impact of this decision, fails to launch the warhead.

A few minutes after this scene, we learn that it was a test. A test to prove that humans are unreliable because they are too emotional. Thus, the American army decides to replace the soldiers by the famous WOPR (the supercomputer). This choice becomes the basis of the whole plot.

Note that David will succeed in stopping the nuclear war before it takes place, but at the price of overheating the WOPR. Once programmed, the software cannot go back. So David will force the WOPR to play against itself. The WOPR, close to self-destruction, will admit defeat, revealing this famous message: “The only winning move is not to play”.

To view the scene, click here.

Although the message of the film was aimed at a Cold War audience in 1987, the issue of the automation of military weapons is still very topical. By way of illustration, in 2018, Google and the US Army were forced to put an end to the Maven project, a partnership based on artificial intelligence used to analyse drone videos.

“Google […] has faced widespread public backlash and employee resignations for helping develop technological tools that could aid in warfighting,” the Washington Post explains in this article, before going on:  “Project Maven was launched in April 2017 to find ways the military could use AI to update its national security and defense capabilities “over increasingly capable adversaries and competitors,” a Defense Department memo stated. In a pilot effort, AI was deployed to analyze hours of footage from Predator drones and other unmanned aircraft, pinpointing buildings and vehicles and processing video now tagged by human analysts“.

Thus, more than the technique, it is actually the plot and the underlying issues of War Games that continue to make sense, more than 40 years after its release…

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT