Almost everyone who works in the information security industry today has seen it. Many of you were inspired to get into the field by one seminal Hollywood film: the 1983 smash hit “War Games.” No lesser personage than “The Dark Tangent,” Jeff Moss himself cites it as one of the things that motivated him to get into hacking and, eventually, cybersecurity. It was still looming large enough in his thoughts in 1992 that when he started up a convention for hackers and cybersecurity professionals, he named it Defcon… an homage to the prominence that NORAD’s DEFense CONdition level played in the film.
“War Games” is the story of a teenage hacker from Seattle named David Lightman, played with disarming appeal by a young Matthew Broderick, who hacks into the North American Aerospace Defense Command (NORAD) mainframe system, called WOPR (War Operation Plan Response, as Lightman finds out only later) and inadvertently sets the nation’s nuclear forces on the road to World War III. Equipped with a cute sidekick played by Ally Sheedy and pursued by government agents (who he easily outwits), Lightman has to bond with WOPR’s reclusive programmer and save the world.
It’s heady stuff for nerds grubbing down pizza and playing PC games in the basement throughout high school—a path toward power and respect that makes use of their talents and intelligence during a period of their lives when the big guys on the football team are usually getting most of the attention.
But is the movie just a pipe dream? Or are American defense systems really susceptible to any teenager with an old Imsai 8080 laying around?
Reality and Movie Magic Cross Paths in “War Games”
In most ways, of course, “War Games” was conjured out of thin air by movie-making magic. WOPR was an elaborate prop built around an Apple II. A crew member physically seated inside the fake machine typed commands and text into the Apple to make it appear as though WOPR were operating. The tactical displays in the NORAD set were technological marvels, with super-bright screens that enabled live filming. The animations were rendered out by a Hewlett-Packard PC onto 16mm stock to be projected onto the screens from behind.
In reality, NORAD was far less advanced than shown in the movie. At the time, the missile command headquarters was still heavily reliant on computer systems from the 1950s. Even today, the command center is a far less visually impressive or heavily automated place than it was depicted in the movie.
But in other ways, the movie showed hacking techniques and capabilities that were very real at the time. The technique Lightman used to connect originally via modem to WOPR, using a modem to automatically and sequentially dial numbers until a connection was found, was already in use (although it got a new name after the movie was released: war dialing).
And although information security professionals might snort and roll their eyes at the idea of Doctor Falken using a short, easily-guessed password like “Joshua” for his backdoor into WOPR, it’s definitely a realistic portrayal of how most users approach creating passwords!
“War Games” Put The U.S. On a New Path For Cybersecurity
The film also had some very real effects on national security. President Ronald Reagan saw a private screening of the movie soon after it was released and showed up at his next National Security Council meeting with a serious question: could it really happen?
Although the details of the answers he received to that question remain classified even today, the result was not. Slightly more than a year later, his administration issued National Security Decision Directive 145, National Policy on Telecommunications and Automated Information Systems Security.
The NSDD called for a Systems Security Steering Committee with stakeholders from all the major law enforcement and defense agencies. The committee was charged with coordinating government budget recommendations and establishing standards for securing government computer and communications systems. It can be seen as the nascent beginning of modern government cybersecurity efforts.
Those security efforts weren’t misplaced. The screenwriters for “War Games” had found, for example, that it really was possible to war dial into NORAD systems—officers preferred to work from home on weekends, so the modem line was kept open.
Computer Bugs Really Did Almost Lead To Nuclear War
One of the most frightening plot points of the movie also happened to be one of the most realistic, although it wasn’t widely known until decades later: the very year that “War Games” was released, early warning systems in the Soviet Air Defense Force’s Serpukhov-15 bunker complex (the Soviet version of NORAD) registered a series of launches of U.S. nuclear missiles. Soviet doctrine called for an immediate and massive counterstrike, just like the United States.
But the officer on duty at the time, Lieutenant Stanislav Petrov, distrusted the system and did not pass along the warning. Just as had happened in the movie, the reports proved to be a computer malfunction, and no missiles landed after a tense half-hour wait at Serpukhov-15.
Did The Movie Reflect Reality, Or Help Shape It?
To some extent, the movie was more predictive than reflective of the reality at the time it was released. Although there were individuals who proudly wore the label of hackers, the community was still nascent and largely confined to academics and kids lucky enough to go to schools with computer systems. The first Bulletin Board System was established in 1978, but FidoNet, the first widespread protocol to link all the boards together, wasn’t invented until the year the movie came out.
The explosion of hacker culture in the 1980s certainly owed a lot to the proliferation of new technology, but also quite a bit to the film itself. It became cool to hack, and what teenage nerd didn’t want the ability to sneak into the school mainframe and change their grades? Today, such hijinks can result in jail time, but the inquisitive, mischievous aura of the movie helped inspire much of the hacker movement that was emerging.
One thing the movie did a good job of predicting was the unintended consequences emerging from complex systems. Cybersecurity professionals constantly uncover bugs and vulnerabilities that simply result from the impossibility of analyzing every possible interaction between software packages with thousands of lines of code. Although it hasn’t started a nuclear war, such complexity has certainly cost a lot of money in security breaches.
And the idea that military computer systems might be sacrosanct and difficult to penetrate was certainly prescient. Although NORAD’s nuclear control systems appear to remain inviolate, in 2001 a Scottish conspiracy theorist cracked and ran rampant through Department of Defense systems in search of evidence of a UFO coverup by the American government.
He claimed to have found it—along with evidence of many other hackers in the systems alongside him. And although McKinnon didn’t nearly start a nuclear conflict, his efforts did manage to shut down the entire U.S. Army Military District of Washington for 24 hours.
Other hackers, presumed to be state-sponsored, have penetrated defense and commercial systems to steal national security information. Occasionally they take offensive action: the Stuxnet attack against the Iranian nuclear program had a hint of “War Games” in it.
But for the most part, cybersecurity professionals today deal with a far more tawdry, mundane world, where financial motivations and a casually destructive stance dominate. Hacking has become less about exploration and wonder than profit motive… something that didn’t really exist in David Lightman’s world.