The movie ‘Who Am I’ is about hacking that was released in Germany in 2014.
In most cases, hacking on the media is described as "breaking into the system by dribbling the keyboard” This is why the hacking scene described in the movie ‘Who Am I’ was realistic.
Benjamin, a genius hacker, tries to live a normal life delivering pizza until he finds his first love. When he discovers that she is having trouble getting good test results, he does something absurd. Which is hacking into the university system and leaking the test paper. Benjamin eventually gets caught during the action and sentenced to do volunteering community service. There, Benjamin meets Max who is completely different version of himself, who is always confident with charisma leadership. Max gets to know Benjamin's hacking skills and they form a hacking a group called CLAY.
The purpose of CLAY is to be recognized by MRX, who is named a legendary hacker.
CLAY successfully hacks white supremacy organizations, financial institutions, businesses, etc. in order to be recognized by MRX. However, the MRX mocks CLAY by showing government agency confidential reports which he easily cracked. Provoked CLAY turns to aim the Federal Intelligence Agency known to be one of the strongest fort in the country.
After undergoing careful investigation on the target, CLAY finally succeed in infiltrating the system. CLAY infiltrated the Federal Intelligence Agency DB to take over the mission, but when all the targeted information is extracted as planned, Benjamin finds another file that is encrypted. Pushed by his own ego, Benjamin steal them all. After the successful attack CLAY sends the data they stole (including the encrypted data Benjamin took) to MRX and boast about their accomplishments. They find out something is terribly wrong after they watch the news about a famous hacker was found dead. And CLAY was the suspect.
When CLAY finds out what happened, the result was shocking. The encrypted file Benjamin extracted contained the information about a whistleblower who was known to be MRX’s right hand. After executing the traitor, MRX manipulates the evidence and made CLAY the only suspect. MRX even hands over CLAY’s information to the mafia.
CLAY chased by police and hacking groups at the same time, finds a breakthrough with one last trick.
The rest will be critical spoiler, so please watch the movie yourself. The movie 'Who Am I' will please your eye with proper plotting and a great twist.
The hacking scene in this movie contains specifically how information attack are done in the real world. In particular, the scene of attacking a government agency that can never be penetrated from the outside shows the essence of the APT attack. First, set the target for the attack, and collect information about the target. We often find ways to collect and attack information about individuals, such as what they are, what they are interested in, where they live, and so on.
In order to infect internal user PCs, if you simply send malicious attachment mail, it will not be opened and most likely be deleted. That is why APT attacks use social engineering techniques. In the movie, CLAY locates the target’s garbage is trashed first. And take the time and diligence to get the personal information of the members of the Federal Intelligence Agency. If you have information about your target, next step is to choose malware spreading method. The malware used in the APT attack is not conventional attack either. To take advantage of attacking opportunities, attackers use new or variant malicious code purchased from the Dark Web.
Based on information about target’s personal information such as family members, attackers may send file planted with this new / variant malware to inside personnel. The inside personnel, who think as the mail has been sent by a family member will open the file. The malicious code then immediately infects PC, is connected to the attacker by using C & C server. At this level, the attacker is in control the infected PC. An attacker who steals control of a PC can take all the data from an infected PC.
However, APT attacks are a much more sophisticated. Classified information is most likely be hidden in secure DB, so attackers needs to find another way to access them. One of many way for accessing secure DB is to infect other PC through attacks such as packet sniffing using the zombie PC that attack has already taken control. It’s also possible to infect the administrator PC through downloading additional malicious code. Especially these days, modularized malicious code that collects individual malicious code will neutralizes existing security solution.
If an administrator PC is infected, the attacker can do anything as they seem fit. They can wait within the system until more important corporate secrets is updated or they can paralyze the entire system network. They can also erase the trail of attack so administrator may never find out they were attacked in the first place. The terrifying fact about APT attack is that these attack will continues until it succeeds. So what do you need to do to defend against this threatening attack? Security measures that should be basically preceded to cope with APT attacks starts with changing in security perception of the company itself. We need to create a systematic and in-depth security system, not a little obvious security measures like 'do not open strange e-mails' or 'update antivirus everyday'. In addition, employee security training should be carried out to prevent APT attacks using social engineering attacks. This alone can reduce the target area.
Next is security solution operation. It is obvious that single enterprise security solution is difficult to defend against APT attacks. APT attacks use every gateway that can use, which mean it uses various protocols such as HTTP, HTTPS, POP3, SMTP, etc. This is why you need security solution that can protect various protocols. In addition, a single company's malicious code database simply can’t respond to new / variant malicious code from organized attackers. That's why we need the union of security companies against the union of the attacker, the threat intelligence. Threat Intelligence is a malware DB platform developed by security companies around the world to respond to evolving malicious codes such as APT attacks. The malicious code information is collected from all over the world, analyzed and distributed systematically, ensuring that all security solutions are equally capable of detecting malicious code.
The last key to defend against APT attacks is monitoring internal network. Once malicious code infects an insider PC, it continuously infects the network through the C & C server. Therefore, security solutions should be able to detect / block malicious activity on the internal network as well as protecting the inside from the outside. MONITORAPP’s AIATP (Application Insight Advanced Threat Protection) is APT-compliant solution developed to cope with APT attack. AIATP is an APT attack-only security solution that effectively blocks APT attacks from web, e-mail, and files. Multi-engine analysis effectively blocks malicious code and prevents unknown attacks by linking with the threat intelligence AICC (AICloud Center for Threat Intelligence).
AIATP consists of three components to effectively respond to APT attacks.
- AIATP MPS:
1) Update the database of malicious code, URL, and file in conjunction with threat intelligence
2) SSL traffic control
3) File Extraction and Transfer
4) C & C server detection and control
- AIATP MAS:
1) Profiling technology (technology to protect unknown attack by normal communication and abnormal communication simultaneous learning)
2) Perform reputation, static, and dynamic analysis through multi-engine analysis
- AIATP AGENT:
1) Stop and delete internal malicious file
2) C & C server detection and control
3) Monitoring abnormal behavior and network activity
Find out more about AIATP to protect your network in MONITORAPP website (http://www.monitorapp.com/en/products/apt)