On March 4, the series premiere for the new crime drama CSI: Cyber aired on CBS. The show stars Patricia Arquette, who recently won an Oscar for Best Supporting Actress in a Supporting Role, as Avery Ryan, a behavioral analyst who solves crimes under the FBI Cyber Division. Peter MacNiol, Charley Koontz, Hayley Kiyoko, James Van Der Beek,and Shad Moss co-star as members of Ryan’s team.
The first episode of the series revolves around Ryan trying to locate a baby after it has been kidnapped from its crib. According to Ryan’s initial reports, the responsible parties pulled off their crime by successfully exploiting a vulnerability in a particular brand of natal camera, a flaw which the perpetrators used to monitor the infant and thereby determine the most opportune time to abduct him.
To its credit, CSI: Cyber plausibly represents a number of forensics tools that are available to law enforcement in its premiere episode. One such tool is a Farraday bag that Ryan and her team use to transport the devices of the stolen baby’s parents back to their lab. These bags, which are based off of the Farraday cage, use a conductive mesh material to block static and non-static electric fields, including the most common types of cellular, WiFi, bluetooth and radio signals. Anyone can purchase a Farraday bag on Amazon or eBay. However, as with any product, each bag’s quality varies depending on its make as well as on the target electronic device.
Later on, members of Ryan’s team use social media to build a profile against two suspects, which mirrors the extent to which law enforcement appeals to social media in conducting their investigations today. Also, Ryan at one point uses her mobile phone to send a photo of a fingerprint she lifted off of a baby’s diaper—a plausible means of forensics given the fact that Chaos Computer Club member Jan Krissler used commercially available software known as VeriFinger to create a digital copy of the German federal defense minister’s fingerprint from digital photographs taken back in October of last year.
These factual representations of reality notwithstanding, CSI: Cyber is not without its digital fantasies. One of the most glaring misrepresentations occurs when her team discovers that the attackers have been using a Remote Access Tool (RAT) to spy on the stolen baby. To illustrate this breakthrough, the computer screens in the FBI labs show a sequence of neutral, green-colored code interspersed with red-colored malware, as is shown in this image tweeted by Errata Security’s Robert Graham yesterday. Strangely enough, seemingly mundane words, such as “script” and “module,” are highlighted in red, as well.
Later on, the episode replicates this interpretation by using three separate colors with blinking boxes to indicate that one of Ryan’s team members has found a vulnerability in the natal camera’s source code. Given the speed and ease with which Ryan makes these discoveries, I wonder why it takes her and her team an hour-long episode to bring the case to a close.
But that’s not all. At one point, Ryan inspects three bodies involved in her investigation. Rather than examine the actual cadavers, she instead is able to examine a 3D digital projection of the bodies that has allegedly been “visually transported” to the FBI’s labs. It is important to note that many organizations, such as An@omedia, are making exciting advances in producing virtual dissection software. Even so, an article written last year conveyed the point that 3D virtual humans are still the stuff of scientists’ dreams, making this particular scene impossible.
Finally, as tensions rise between Ryan and the attackers, the latter assume control of a boy’s gaming console to make demands of the FBI. Here CSI: Cyber creates the impression that hackers can break into anything regardless of differences in both hardware and software. Undeterred, Ryan responds to the challenge by explaining that the FBI will use a unique code number on the game console designed to help gaming companies protect young users from pedophiles online to pinpoint the attacker’s location. Neither gaming companies nor law enforcement agencies have openly revealed code numbers of this nature to the public. To be sure, the U.S. government is known to have explored other methods of using game consoles to conduct surveillance in the past, but these are more complicated than simply tracking a code.
All of the fallacies mentioned above misrepresent how law enforcement authorities use computer security as part of their investigations. But even more significantly, they point to an even greater shortcoming of the show overall: CSI: Cyber is not really all that “cyber.” The show’s opening credit sequence, as well as several scenes in the actual episode, dispenses with computer forensics in favor of Ryan and her team carrying guns, arresting bad guys, and making the questionable choice of driving a SWAT vehicle straight into the wall of a criminal hideout.
Digital forensics for the most part operates in the background of CSI: Cyber, which has me convinced that a more appropriate title for the series would be CSI (With a Cyber Component). But as I have discussed above, the show is more “cyber”-hype than anything. Acknowledging this, it might therefore behoove CBS to remove “cyber” from the title altogether and market the show as a traditional crime drama going forward.