Sneakers: 30 Years of a Cult Classic

by GI Jack

I've done two things this week.  Watched Sneakers again, and picked up some old issues of 2600.  In the Autumn 1992 issue was a review of Sneakers, which was then a new release.  Both this issue and the movie deserve a second look.

The movie has aged like wine.  While a lot of the computer hacking and encryption are depicted with tasteful (((Hollywood))) magic, a lot of the other elements of the movie are spot on.  Reverse engineering hardware, lock picking, a bunch of ex-black hats working for a small pen-testing firm with companies such as banks as clients...  International intrigue involving state and sub-state actors.  Data being the new weapon, as discussed in 1992, more striking, topical, and pertinent in 2022 than it was in 1992.

It starts with Bishop, a college hacktivist who barely escapes arrest by just happening to step out for pizza as the police raid his setup.  Flash forward years later.  Under a false name he is now working for a pen-testing gig with a bunch of other shady characters.  An ex-CIA agent played by Sidney Poiter, a blind phone phreak (i.e., a Hollywood-ification of Joybubbles), and a hardware expert (Mother), played by Ghostbusters-era Dan Aykroyd.

While the encryption cracking is bogus, there is a lot of the technique from social engineering (using disguises and distraction), lock picking, war dialing, numbers books, and of course, voice verification hacking that is reasonably accurate for a movie.  The big kick is that the voice verification hack did not exist in 1992, but only decades later, when real voice authentication systems became common, was this actually used.  The dialog about information being more of a weapon than guns rings more true in 2022, especially in the age of weaponized shit-posting.

The small team of people with shady pasts in a small company doing pen-testing for banks and other companies should also hit some notes.  Not nearly as visible in 1992, this today is a good percentage of the hackers that would have mocked the concept back then.

Another interesting but overlooked minor detail is the "machine that cracks all encryption," which was originally thought to be "an impossible device," but when it's revealed it does not crack Russian encryption, only American, it starts wandering back to Earth.  In 1992, there were only so many encryption algorithms in use in America.  You could count them on one hand.  Blowfish wouldn't be written until the following year.  DES (known exploits), IDEA (known exploits), and RC4 (known exploits) were common ciphers.  Even if the exploits weren't known to the public at the time, it was very plausible that someone could have been sitting on some epic zero days.  It's also now known that the NSA paid RSA to weaken a cipher, so it's plausible - very much so - that someone would have a device that breaks all U.S. ciphers based on insider knowledge.  Most of these ciphers were not open-source, and the concept of public, trustable, community encryption had not come to fruition.  On top of that, it was hard coded into a chip in a black box to restrict distribution, and to prevent copying.  Smart.

Of course it's not all accurate, and (((Hollywood))) takes the typical liberties in adding car chases, clandestine rendezvous, shootouts, and of course making computer use look good on the screen.  Mix in some late 1980s, early 1990s costumes and the movie continues to charm its way to "perennial cult classic."