How CSI Cyber fails at tech
Ever watch CSI Cyber and wonder how many things the show gets wrong? Yea, you’re not the only one.
“It could happen to you,” whispers Patricia Arquette in an ominous warning to the audience at the beginning of every show, underlining the ubiquity of it. She reminds us that cybercriminals are everywhere, and are a constant threat. Over the years cybercrime has only gotten worse each year with some of the highest profile cases were super mega companies once thought invincible from attack. Companies like Target, JP Morgan, even K-Mart. With all the media attention these stories were getting, it was only a matter of time before a show like CSI: Cyber came along.
Studies show that shows like CSI have a direct impact on the number of students that pursue careers in criminal justice. Considering the numbers indicate that we need more people to join in the fight against cybercrime, this show is a very good thing. Based on the real life career of cyberpsychologist Mary Aiken, the show centers on a former psychiatrist whose practice was destroyed by a hacker leading a team of top “white-hat” hackers to catch cybercriminals. The central driver of the show – the technology – is faker than a 2 dollar bill, with an alien on it no matter what creator Anthony Zuiker says about his shows
Looks like cybersecurity professionals are in on the joke too.
This is a charge not at all unique to CSI Cyber. In fact all procedural crime shows take massive liberties with the ins and outs of forensic work stretching the truth on everything from the speed of fingerprinting to DNA. It’s such a problem that it’s routine for prosecutors to as potential jury members if they watch CSI or other crime shows. Portland State University’s Online Criminal Justice Degree program has even decided to help people out by making an infographic detailing various myths about the Criminal Justice Field.
As you might gather from the tweet above, Information Security professionals (“InfoSec” for short) are not impressed with the show’s technical accuracy. Kaue Pena, a consultant at software security firm Cigital wrote of the first episode: “A hacker dedicated enough to spy on a baby to learn the parents’ schedules, steal the baby and set up an online auction would probably obfuscate his IP location.” Referring to the hacker’s apparent negligence in not bothering to hide his IP address which led the FBI right to him. Pena also commented on the dramatization of source code review: “The good code being green and the bad code being red. Who needs source code review tools if this exists?”
Coding would be infinitely easier if the good and bad were color coded like this.
You may be wondering, “What’s the big deal? It’s just a show.” The problem is that it’s a show whose creator swears up and down to its authenticity. That they have experts in the field consulting the show to make it accurate. This is what leads people to what’s called the “CSI Effect” and instills in students some pretty unrealistic expectations. This comes back to bite them when they realize that it’s nothing like they thought, and they drop those classes, or worse, leave mid-career. Nowhere is this more evident than in CSI Cyber though.
With their “Holodeck”:
Their setup… Seriously, what are those 2 screens that have the FBI Logo on them doing? Do they need a reminder of who they work for?
… and their high tech holographic screens
A more accurate idea of what you’d be looking at:
One wonders if the dramatization of fighting cybercrime isn’t actually harmful to the real life profession. It’s good that people are learning how to prevent data breaches and safeguard sensitive information, but maybe it could be done in a more realistic way that doesn’t present a false Idea of the job? I understand that the actual processes that the professionals have to go through aren’t good TV, so there would have to be some concessions made. It is important that those looking into a career in Cybercrime prevention know the truth behind these myths.