Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/12/2016
12:10 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Snowden May Help Explain Your Job To Your Family

Hacking Oliver Stone's new film about whistleblower Edward Snowden.

Snowden is not "Mr. Robot." The new Oliver Stone biopic about whistleblower Edward Snowden, which opens Friday, is not peppered with inside jokes and perfect technical accuracy that only hackers will get (although the terms "SQL injection" and "zero-day" are appropriately tossed off without explanation). Rather, it's the sort of movie infosec pros should bring their family, friends, and non-geek dates to -- all those people who don't understand what you do for a living.

The Snowden film showed to a packed room and an overflow room during a pre-screening Sunday at the Central Library in Brooklyn, just across the river from downtown Manhattan on the 15th anniversary of 9/11. The pre-screening was followed by a short Q&A with director Oliver Stone and Ben Wizner, Snowden's attorney and director of the ACLU's speech, privacy and technology project. 

The film also will hold interest for some people inside the industry. And for those who have been teetering on the fence for years about their feelings about Edward Snowden's actions, it may sway their opinions in his favor; he is very indelibly portrayed as the hero. It's also entertaining.

"I was worried the whole time that this thing was going to be a bore," said Stone during the Q&A. He noted that there are no car chases or shoot-outs in Snowden (although the beginning of the film does include some very Stonesque screaming drill sergeants and muddy soldiers straining over obstacles). 

Stone is clear that Snowden is neither a documentary nor a spy movie. "It's a drama," he said.

It's a character-driven piece. Joseph Gordon-Levitt in the title role admirably shows Snowden progress from someone who encourages his new girlfriend to question "the liberal media" and criticizes people peacefully protesting the government to someone holed up in a Hong Kong hotel room with reporters planning to reveal the information that would make him an enemy of the state.  

The film follows Snowden's progression up the ranks through the CIA, a shifting relationship with a CIA recruiter (hauntingly, subtly played by Rhys Ifans) who shifts from mentor to Big Brother, and a growing understanding of the extent of amount of data being collected. It shows how the stress put strain on his relationship with his girlfriend (Shailene Woodley) and contributed to him developing epilepsy. Stone said he believes that developing epilepsy may have played a role in Snowden's actions because it made him more aware of his mortality, even at a young age.   

Although Snowden isn't stuffed with lingo and inside jokes, infosec pros may find other things to identify with: the moment when Edward first decides to tape over his laptop webcam; and the struggle of trying to urge loved ones to improve their cybersecurity without being able to disclose all the confidential details of why.

For the infosec uninitiated, one of the most important and educational scenes is a sequence where Snowden explains work he was doing for the CIA in Japan. It explains how collecting surveillance targets' metadata can ultimately lead to collecting bartenders' conversations with their mothers. Snowden describes a system of US intelligence implanting malware on the critical infrastructure of its allies -- from Japan to Austria -- so that in case they are ever not allies, the US is prepared to shut them down at any time.

Stone said that of course this was the scene was was most urged to cut. However, he said that the scene shows the dangers the world is facing, and left it in.

Wizner asked the audience if it made them "connect with the subject matter more viscerally," to which many hearty "yesses" and nodding heads.

The performances are strong throughout, and while a cameo by Nicolas Cage is particularly humorous, the largest chuckle might have been after a clip of Director of National Intelligence James Clapper giving testimony that the NSA does not collect any type of data at all on millions or hundreds of millions of Americans.

This week alongside the release of the film, Wizner said there will be renewed efforts to secure a presidential pardon for Snowden. A petition is available at PardonSnowden.org. 

"I hope this film is going to do a lot of good for [Edward Snowden, too]," said Wizner. Snowden is currently residing in Moscow, and would be tried under the Espionage Act if he were to return to the US now. Wizner said that in his opinion when Snowden returns there should be "not a conversation about what his punishment should be, but a conversation about whether we've thanked him sufficiently." 

Related Content:

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/20/2016 | 11:58:14 AM
Re: Black tape.
@Whoopty: Precisely why so many security professionals are actively advising people now to write their passwords down...provided that:

1) They keep the password writings in a truly safe location (e.g., NOT on the computer monitor, NOT on their desk or in their top desk drawer, NOT in a notebook that's labelled "Password Minder" in big letters, etc.), and

2) They use long, truly entropy-filled (esp. computer-generated, for maximum randomization) passwords.

If your password is going to be "password123!" then there's little utility in writing it down (and if you make that your password and still can't remember, then maybe you should be grounded from using your devices).  But if writing your password down is what it's going to take to make you pick truly long and complex passwords that are full of entropy, then maybe that's what you should do.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/15/2016 | 7:42:16 AM
Re: Black tape.
Oh I know that headache. So often when I help fix someone's system it's because they did something dumb security wise. 

It's just not possible to take on everyone's security responsibilities though. I can't remember all of your passwords and mine!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/14/2016 | 1:26:02 PM
Re: Black tape.
I get poked fun at a lot for my secure approach to passwords.  (One person I know once changed a (low-risk/low-exposure, albeit) password of theirs to "QWERTY" for a time just to try to annoy me.)
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/13/2016 | 7:52:35 AM
Re: Black tape.
Totally agree. I have the same reaction with my giant passwords and consistent changing, their uniqueness. It's something most just don't put the effort into.

However I am interested to watch Snowden. I like Joseph Gordon Levitt a lot, so am interested to see how he plays the 'character.' 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/13/2016 | 5:08:17 AM
Black tape.
My own loved ones have called me crazy to tape over and block my webcams.  I've called them crazy not to.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.