How 'Blackhat' got hackers right: A Q&A with cowriter Morgan Davis Foehl
Morgan Davis Foehl explains how "Blackhat" avoided the computer cliches and technological gobbledygook of so many hacker movies that came before.
The first two attacks the bad guy hacker makes in "Blackhat" are a clone of Project Aurora, the US government test demonstrating a worst-case scenario cyberattack on a power plant, and a thumb drive exploit like the one that delivered the Stuxnet attack on Iran's nuclear facility. Throughout the movie, it's clear that writers Morgan Davis Foehl and Michael Mann (who directed) did their research. They get right what so many movies that came before got wrong.
The movie is ostensibly about Nick Hathaway, played by Chris Hemsworth, being freed from prison to aid an FBI manhunt of an extremely destructive hacker – but for a generation of computer professionals used to being portrayed as timid weaklings, wisecracking sidekicks, and deus ex machina devices for magic computer powers, it's the first movie about the real world they live in.
Passcode spoke to Mr. Foehl about the research that went into "Blackhat," the challenges of writing a movie about computers, and why, despite public bafflement Hemsworth is exactly as muscled up as he should be to play the star. Edited excerpts follow.
Passcode: It doesn't take long for "Blackhat" to establish how much research went into it. You draw from Aurora and Stuxnet within, what, the first 10 minutes?
Foehl: The script started to come together in 2011, and some of the things that were happening then were Aurora and Stuxnet. And some of the other things that were floating around in that time were the Albert Gonzalez and Max Vision cases – you were starting to see guys get sentenced to serious prison terms for offenses that were a different breed of criminal then you've seen before.
When you work with Michael, he has contacts and a Rolodex like nobody else in this business. So, early on in the process, even before we were working on a story in any meaningful way, I had the opportunity to travel with him to Washington where we sat down with ex-CIA guys, current FBI guys, State Department guys, Homeland Security people, and guys at think tanks and ask them: “What is happening now? What could be happening in two or three years? And what keeps you up at night and scares you?”
Passcode: What was keeping them up at night?
Foehl: One thing that stuck with me was a Homeland Security employee talking about a flash NASDAQ crash that really happened but did not turn out to be an attack. He said that the aftermath – if that had been an actual attack would have been far worse than the attack itself. People would lose faith in the markets and pull out – there could be a crash worse than 2008.
Passcode: Beyond researching techniques, it’s pretty apparent you researched the people involved. Your star isn’t a 98-pound pushover, isn’t a wise cracking teenager, isn’t afraid of girls, and isn’t dressed to go to a rave. You have the actor who played Thor playing a normal guy grappling with prison psychology. What’s wrong with the hacker Hollywood knows and loves?
Foehl: That's been an interesting thing to watch as the movie came out. There's sort of a perception that when casting was announced that Chris Hemsworth was somehow miscast and it was funny because the script was written with his character being a big guy. We were trying to do something that was maybe a little subversive, but mostly an acknowledgement that maybe this world was a little broader and a little deeper than most people know. It came out of things we were hearing in DC – one of the people was talking about this ring of very orthodox Hasidic Jews that were also hackers. And you look at someone like [prodigious cyber-criminal] Max Vision, and he's a big and physical guy.
When we started, Kevin Poulsen’s book “Kingpin” about Max Vision had just come out and I loved it – I thought it was a fantastic look into that world and a fantastic piece of nonfiction storytelling. Early on, I was beating my drum in Michael's office saying “This is the guy. We have to talk to this guy.”
What we took away from him was the many mindsets people have getting into this world. You get these Eastern European cybercriminals, and the motivation there is “I'm living at the fringes of this society that's kind of unjust and corrupt and I need to monetize something, and I can monetize this.”
That’s one mindset into the world. I think Kevin's mindset into the world is more fascinating and more sympathetic, and something I could relate to from back when we got our first PS/2 in 1987, which is wanting to understand how these things work – wanting to take things apart and rebuild them. And it’s fascinating to hear a guy as brilliant as Kevin talk about how that impulse becomes an obsession and then how that obsession can lead you into a place where all of the sudden you are standing at the other side of some prison bars.
We were looking at people like Max Vision or Albert Gonzolez who aren’t really the archetypal hardened criminal in a situation where what separates these guys from everyone around them – which is taking apart these systems – and then puts them in a system they can’t take apart. It’s a fascinating irony.
For me, in the movie, the main character Hathaway is a guy who is incredibly brilliant, but that brilliance brings about these self-destructive moments. For him, the investigation in the film is about whether his skills can transcend his self-destructiveness.
Passcode: The bane of movies about technology is that furiously typing on a keyboard is not much of a climax.
Foehl: You better believe it.
Passcode: How do you get around that as a screenwriter?
Foehl: We used the globe in some ways as a metaphor for the story we wanted to tell – because this is about an interconnected world and about an ability to create an effect in China when your sitting in Jakarta. We tried to do that through travel and putting our characters in movement as much as possible so there was a trail to follow. Part of it is incorporating set pieces with the gunplay and part of it – without being too heady about something I wrote – is demonstrate these guys at a keyboard are doing things that spill over into the world that are tangible.
Passcode: Also, you called your movie “Blackhat.” How do you resist the urge to have a character physically wearing a black hat?
Foehl: We got lucky. We came to the title pretty late in the process – obviously there are lines in the script, but for a long time this was “Untitled Mann Project.” Maybe if we named it early on, everyone would be in a different bowler or cloche. Maybe we could have gotten Helmsworth a top hat.
Passcode: This movie comes out at a really strange time, where some of the best advertising for the movie is coming out of the daily news – Sony and, to a lesser extent, Islamic State supporters tinkering with CENTCOM’s Twitter. How do you react to seeing your movie play out in real life?
Foehl: A lot of cognitive dissonance. I have a lot of friends at Sony. I've done work there in the past and you never want to see dirty laundry aired in the public. You end up thinking, “Well, maybe some of the things that might seem farfetched about the movie might not seem farfetched.” As someone who has tried to steep myself in this world a little bit, I was surprised that this attack wasn't something on a national scale, but on the scale of a single business. But mostly you think “Maybe I was on the right track.”