Who Am I Movie Explained
Who Am I is a 2014 German thriller that dives deep into the world of hacking and cybercrime. Directed by Baran bo Odar, the film tells the story of Benjamin, a socially awkward computer genius who gets drawn into the thrilling, dangerous underworld of hackers. The movie captivates audiences not only through its gripping storyline but also its depiction of hacking techniques. While the film takes certain cinematic liberties, many of the tactics shown are based on real-life concepts used by hackers.
Let’s take a closer look at the hacking techniques and tools portrayed in Who Am I.
Social Engineering
One of the most prominent techniques used in Who Am I is social engineering, which refers to manipulating people into divulging confidential information. Benjamin and his hacker collective, CLAY, use social engineering multiple times to bypass security systems and gain access to restricted data.
Examples in the Film:
- Phishing and impersonation: In the movie, Benjamin tricks individuals into giving him critical information by pretending to be a trusted person or authority. This classic phishing approach is common in the real world, where hackers send emails or messages disguised as legitimate sources to get their targets to reveal passwords or click on malicious links.
- Dumpster diving: Another method shown is dumpster diving, where Benjamin searches through physical garbage to find discarded information like passwords or confidential documents. While it may sound simplistic, hackers in real life often search through companies’ trash to find valuable information.
Real-World Application:
Social engineering is one of the most effective hacking techniques because it exploits the human factor, which is often the weakest link in security. Even with the most advanced systems in place, a simple mistake by an employee can lead to a major breach.
Infected USB Sticks / The BND Hack
Benjamin and his hacker group, CLAY, primarily rely on social engineering techniques to breach the BND. Social engineering is the act of manipulating individuals into divulging confidential information or performing actions that assist the hacker. This is a key theme throughout the movie, as Benjamin and his team repeatedly exploit the human element in security systems.
For the BND hack, they create and distribute USB sticks loaded with malware. The USB sticks are specifically designed to look like BND employee badges and are strategically placed around areas where BND employees are likely to find them, such as near BND offices or in locations where employees frequent.
This technique leverages curiosity and the natural tendency of people to pick up lost items and plug them into their computers to see what’s inside. This method is known as baiting and has been used in real-world hacking attacks with surprising success.
Once a BND employee picks up a USB stick and plugs it into their computer, the malware on the USB device is automatically installed. The malware is designed to take advantage of vulnerabilities in the BND’s system, allowing Benjamin and CLAY to gain access.
In this case, the malware likely provides backdoor access to the BND network, allowing the hackers to infiltrate the agency’s internal systems. By infecting the computers, Benjamin and his team can bypass traditional security mechanisms like firewalls and anti-virus programs.
SQL Injection
SQL injection is a technique used by hackers to exploit vulnerabilities in web applications that use SQL databases. In the movie, Benjamin uses an SQL injection attack to manipulate a university’s grading system, altering his failing grade to a passing one.
How It Works:
SQL injection involves inserting malicious code into a database query through a vulnerable input field, like a login form or search bar. When the application processes the malicious code, the hacker can gain access to the database, retrieve or alter data, or even delete records.
Real-World Relevance:
SQL injection remains one of the most common forms of cyberattacks. Many companies have fallen victim to it, resulting in data leaks, financial loss, or reputational damage. Security experts recommend using parameterized queries and other safeguards to prevent these attacks.
The Europol Hack
In Who Am I, Benjamin’s hacking of the Europol database is one of the film’s pivotal moments. The hack is accomplished using a blend of advanced hacking techniques and social engineering, just as in the BND hack, but with more sophistication given the high-level security of the target.
In this case, Benjamin pretends to be a cleaning worker. Using a stolen or fake uniform, he gains physical access to the Europol offices by blending in with legitimate employees. This method is a prime example of physical social engineering, where hackers exploit physical vulnerabilities rather than digital ones.
After successfully entering the Europol building, Benjamin leverages the access he’s gained to manipulate the hardware directly. He uses a clever ruse: while pretending to clean, he plugs a USB drive loaded with malware into an unattended Europol computer. The USB drive automatically installs malware onto the system, giving Benjamin remote access to the network.
This technique is common in the real world, where a hacker gaining physical access to a machine can bypass many of the digital defenses in place. Once inside, the malware does the work of infiltrating the network.
Once the malware is installed on the Europol system, it opens up a backdoor that allows Benjamin and his hacker collective, CLAY, to remotely access the Europol database. This backdoor gives them control over the system without raising immediate red flags, as it circumvents traditional security measures.
The malware likely includes a combination of tools for privilege escalation (gaining higher access permissions within the system) and network traversal (moving laterally through the Europol network to find valuable data). These are common strategies in real-world hacking scenarios.
After locating the desired information, Benjamin exfiltrates the data. Exfiltration is the process of extracting and transmitting data from the compromised system to the attacker’s system. He would have likely used encryption and other anonymization techniques to ensure that the data transfer did not trigger any alarms within Europol’s monitoring systems.
The use of TOR (The Onion Router) or a VPN could also have played a role here, as these tools help conceal the attacker’s location and identity. In real-world cyberattacks, hackers often route the exfiltrated data through multiple servers to obscure the data’s destination.
As in all of his previous hacks, Benjamin is meticulous in covering his tracks. He ensures that after he has exfiltrated the data from the Europol database, he removes any trace of the malware he planted. This would involve deleting logs, removing the malware’s presence from the system, and ensuring that no obvious signs of the hack remain.
This level of stealth would make it difficult for Europol to detect the breach, or at least to identify when and how it occurred, allowing Benjamin and CLAY to stay under the radar for a longer period.
Denial of Service (DoS) Attacks
In one of the film’s major sequences, CLAY performs a Denial of Service (DoS) attack to disrupt a target’s website, temporarily bringing it down by overwhelming it with fake traffic.
How It Works:
A DoS attack is designed to make a network or website unavailable to its intended users by flooding the target with an overwhelming amount of traffic or sending requests that overload its system. The website becomes too slow to respond or crashes altogether.
Real-World Example:
DoS and its more advanced form, Distributed Denial of Service (DDoS), are common attacks used by hacktivists, criminal organizations, and even nation-states to disrupt services or extort money from businesses. In some cases, large botnets (networks of infected computers) are used to launch these attacks on a massive scale.
Man-in-the-Middle (MitM) Attacks
A “Man-in-the-Middle” (MitM) attack occurs when a hacker intercepts communication between two parties without them knowing, allowing the attacker to monitor or alter the information exchanged. This technique is used in the film when Benjamin intercepts private messages to gather sensitive data.
How It Works:
In an MitM attack, the hacker places themselves between the victim and the intended recipient. For example, they might intercept communications on a public Wi-Fi network by spoofing the network’s credentials. The victim believes they’re connected to a legitimate network or server, but the attacker is silently eavesdropping or even manipulating the data being exchanged.
Real-World Risks:
MitM attacks are highly dangerous because they can lead to identity theft, financial fraud, or data breaches. To protect against these attacks, security professionals recommend using encryption protocols such as SSL/TLS and ensuring that users are connecting to legitimate, secure networks.
Zero-Day Exploits
While not as explicitly referenced in the movie as the other techniques, the concept of a “zero-day exploit” hovers in the background of many of the film’s hacking efforts. A zero-day exploit is a previously unknown vulnerability in software that hackers can exploit before developers have the chance to patch it.
How It Works:
Zero-day vulnerabilities are considered extremely valuable in the hacker world because they can be exploited before the software developer becomes aware of them. Once the vulnerability is discovered, hackers can write malicious code targeting that flaw, gaining unauthorized access to a system or causing other forms of damage.
Real-World Application:
Zero-day exploits are rare but highly coveted. Governments, cybercriminals, and hacktivist groups often pay high sums for these vulnerabilities, as they can be used to launch devastating attacks against targets. Companies frequently release security patches to address vulnerabilities, but if the exploit is used before the patch, the consequences can be severe.
Masking Identity and Anonymity
Throughout the film, the hackers are extremely careful about hiding their identities. They use a combination of anonymity tools and techniques to ensure they remain untraceable while performing illegal activities. These include:
- TOR (The Onion Router): The hackers use the TOR network to anonymize their online activities. TOR encrypts a user’s internet traffic and routes it through multiple volunteer-operated servers, making it nearly impossible to trace the user’s IP address.
- VPNs (Virtual Private Networks): A VPN can further obfuscate an individual’s location by masking their IP address, making it appear as though they are browsing from a different geographical location.
Real-World Relevance:
Anonymity tools like TOR and VPNs are used by a variety of people, from journalists and activists trying to protect their identities to hackers and cybercriminals seeking to avoid law enforcement. However, these tools aren’t foolproof; governments and law enforcement agencies are constantly working on ways to track users on even the most secure networks.
Digital Forensics and Countermeasures
In Who Am I, there are several instances where both the authorities and the hackers engage in digital forensics to track and outwit each other. Benjamin and his team go to great lengths to cover their tracks, including wiping data from devices and using techniques like steganography to hide information within seemingly innocent files.
Real-World Use:
Digital forensics is a critical tool used by law enforcement to investigate cybercrimes. Techniques like data recovery, analyzing digital footprints, and decoding hidden messages help forensic experts trace the activities of cybercriminals. On the flip side, hackers continuously develop new ways to avoid detection, making the cat-and-mouse game between hackers and law enforcement ever more complex.