Security Fail: Hollywood edition

I went out to the movies for the first time in quite a while (difficult to find the time with two little ones)
We saw Olympus has Fallen at a second run theater ($2 tickets FTW).

I enjoyed the movie, but couldn’t help but notice some glaring failures of security. Of course, without those failures you’d have a pretty boring movie, but I’m going to break down where things went wrong anyway.

There might be some spoilers ahead, so feel free to skip reading if you plan on seeing the movie.

The entire plot wouldn’t go very far without two key failures. Firstly, the terrorist attack begins with an aerial attack on Washington DC. Rightly, the intrusion into restricted airspace is engaged by the Air Force. Now, I’m not familiar with specific USAF protocols, but it seems to me that you should send more than two jets to confront an unknown aircraft. Also, you would probably want your weapons pointed at them, rather than the other way around.
After that, the White House goes into lockdown, and critically, the president ignores protocol and takes the visiting prime minister and his security team into the secure bunker. It’s one thing to admit a known dignitary, but to allow his entire armed security team along is unnecessarily risky.

Later on, we see a secret service agent who was formerly assigned to the White House easily entering access codes for various systems. Those codes should have all been invalidated the moment the agent was transferred out of the White House. Always revoke credentials from users that no longer need them for their duties.

Finally, I was baffled by the fact that a code for a super secret project was able to be cracked by the terrorists. Sure, they had an explanation on why they could do it (only had to crack one of three passwords), but each of those three should not have been breakable by any means. I’m assuming the terrorists were able to access the password hashes since they had direct access to the system. However, a project of this magnitude would have the passwords hashed with the strongest algorithms possible. It should take days to crack with even the most advanced technology available.

Maybe I can write off my next trip to the movies as a training course.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s