Good Critical Thinking About CSI Analysis
Unfortunately, the spin-off series I chose to watch for this analysis was CSI Cyber, a new show to the CSI family on CBS this season. My opinion of this show was quite negative overall. The script was mechanically following the crime drama formula to the point where it was hardly necessary to watch the whole episode to know how it would play out and resolve itself in the end. The acting was canned, not at all what I would have expected from Patricia Arquette who stars as FBI Agent Avery Ryan, head of the bureau’s cybercrimes division in Washington D.C.
This episode originally aired on March 11, 2015. A roller coaster at the Thrill Country Amusement Park in Richmond, Virginia failed to come to a stop at the end of the track, causing a crash which killed one woman on site, sent four others to the Intensive Care Unit of the local hospital and injured twenty more. We viewers can see an unidentified suspect holding some remote device in hand as he smiles over a model sized replica of the purple ride in what appears to be a room in his dimly lit home.
The first responders from the Richmond Police Department and the FBI field office agents collect all the video footage from the scene. We are told this includes surveillance footage from the park, smart phones and video cameras from the witnesses to the crash. From these recordings, investigators conclude that the ride operators knew the cars were failing to stop, screamed a frantic warning to the folks waiting in line on the platform. A systems diagnostic check rules out mechanical failure; the brakes, track and cars are in perfect working order, with no signs of tampering. A diagnostics check on the computer system also shows nothing. So much nothing, in fact, that the computer is unaware that a crash even occurred. According to the computer, there is no detection of an emergency situation and everything is in proper working order across the board. Investigators decide the crash was deliberately caused by a remote hack into the breeched computer security system by a suspect they call a “black hat hacker”, a person who breaks into secure computers with malicious intent.
This raises more questions than it answers, however. There is an “air gap” on this type of system, which we are told means there is no internet or wireless, remote access to the computer. They can be sure from the available clues that a new source code was written to override the computer. Without remote access, the suspect must have been present in the control room at the time of the incident, mere feet away from the event. A check on the control room reveals no forced entry and suspicious attempted access through the keypad.
We watch as the investigative team follows up a dead end lead from a fired employee. Meanwhile, the computer scientists explain their original take on the remote access was a mistake. While it is true that the computer did not have that capability, the suspect managed to sneak an extra panel into the system, and it was through that panel that they were able to gain control by means of a blue tooth connection with a sixty foot radius, probably their cell phone. We are told that this panel is able to be purchased on-line by anyone, for $50, and includes the instructions to have the device to take charge of the programmable logic controller (PLC) of the ride.
Now Agent Avery concludes the suspect was up-close and personal with the wreckage, then infers he must be a “pathological voyeur” who is a deviant, excited by carnage. She steers the investigation towards “gore porn” sites on the internet, where members go to support each other in their sick, obsessive fetish. She believes he will escalate to a larger incident, which the team tries successfully to find before the fact.
Chasing down another false lead kills some on-screen time, until the climatic finale when the FBI finds the unique, 12 digit alphanumeric address which points to “Otto”, the actual suspect, who they nab in the nick of time, as he attempts to crash a subway train in Boston. This final scene is filled with pseudo drama as an agent hangs off the back end of a speeding train car, his head inches away from the track, attempting to disconnect the device which is programmed to override the train computer and prevent it from stopping. Naturally, he succeeds and saves the innocent passengers. His colleague arrests Otto in the station, with nothing but a tell-tale micro expression on his face to give him away in the crowd.
According to reporter Keith Wagstaff, the show fails in the eyes of tech savvy viewers. CSI Cyber comes through with delivering blinking lights, pixelated images, plenty of use of the word “cyber” and doing the impossible in mere minutes, but gets nothing right beyond that when it comes to technical investigative methods. Kaue Pena is a software specialist at Cigital who notes that any hacker who is sophisticated enough to commit the crimes profiled on the show, would certainly have enough knowledge to conceal his IP location, rather than waiting in the open like a proverbial sitting duck for the FBI to come down on him.
Other experts agree with the total implausibility of the show’s depiction of resolving cybercrimes in an hour long episode. Chris Thomas, a strategist at Tenable Network Security thought CSI Cyber got cybersecurity “completely, unbelievably wrong”, while Vice President of security solutions at TaaSera, Ivan Shefrin, said “Cyber forensic analysis doesn’t move at the speed of a TV show.” Jason Rodzik, director of CNO software engineering at Endgame, agreed that trying to trace a crime back to the perpetrator is currently one of the most difficult challenges to overcome in the computer industry. Senior security advisor Chester Wisniewski at Sophos called the show “technically implausible and frankly ridiculous”.
Finn also makes an interesting observation in noting the fact that the CSI family of TV shows has a long tradition of “borrowing” material from other famous sources, ones who have done it better in its initial incarnation than CSI’s watered-down rehashed interpretation. Cyber Crimes division is stolen, Finn purports, straight out of the book The Blue Nowhere’
Finn, Delcan. (March 16, 2015)CSI Cyber, very robotic. Retrieved from http://www.examiner.com/review/csi-cyber-very-robotic April 12, 2015.
Pennington, Gail. (March 4, 2015)TV Review: CSI Cyber is scary bad. Retrieved from http://www.stltoday.com/entertainment/television/gail-pennington/tv-review-csi-cyber-is-scary-bad/article_1d8cf1bb-19a2-5997-9d1e-ad961d065790.html April 12, 2015.
Wagstaff, Keith. (March 15, 2015) CSI: Cyber 10 real cybersecurity experts review the show. Retrieved from http://www.today.com/money/csi-cyber-10-real-cybersecurity-experts-review-show-t6946 April 12, 2015.