The Movie That Changed Cybersecurity: A Tech Focused Look At WarGames

If you work in cybersecurity or artificial intelligence today, you have likely suffered through your fair share of absolute nonsense Hollywood “hacks.” We all know the tropes: green text flying across a screen at terminal velocity, a protagonist fiercely mashing random keys, and someone screaming “I’m in!” just in time to save the world, every time I hear or see that line I cringe the deep cringe of annoyance. It is just painful exercise in suspension of disbelief.

But forty-three years ago, a movie hit theaters that didn’t just respect the foundational logic of technology—it actually terrified the leader of the free world so deeply that it fundamentally altered United States national security law.

That movie was the 1983 sci-fi thriller WarGames, I was just finishing my junior year of high school already with plans to go into Computer Science, and I was fascinated with the idea of Artificial Intelligence, but in the 80’s our over optimistic view of AI was that in just a few years we’d be where we are not in the 2020’s, ahh the optimism of youth.

The Camp David Screening That Sparked NSDD-145

In June 1983, President Ronald Reagan spent a weekend at Camp David, where he watched an advance screening of WarGames. The plot follows David Lightman (played by a young Matthew Broderick), a brilliant high school kid who accidentally hacks into a military supercomputer and nearly triggers World War III after mistaking a nuclear war simulation for a new computer game.

When Reagan returned to the White House the following Monday, he interrupted a serious meeting on military strategy with the Joint Chiefs of Staff to ask a blunt question: “Could something like this really happen?”

The Chairman of the Joint Chiefs, General John Vessey, took the question seriously. He returned a few days later with a chilling answer: “Mr. President, the problem is much worse than you think.”

That exchange directly catalyzed the drafting and signing of National Security Decision Directive 145 (NSDD-145) in 1984. It was the first-ever presidential directive focused entirely on telecommunications and automated systems security. 

So Reagan issued an executive order to strengthen cybersecurity practices just one year later. He didn’t really understand the broader impacts but many defense industry companies saw opportunities and fully jumped in.

When you really look at it WarGames remains a masterclass in systemic risk, totally un realistic but has enough nuggets of truth that it made for a great movie. It brilliantly highlights the catastrophic danger of connecting critical infrastructure to a learning machine without a human firmly kept in the decision-making loop.

Wardialing and the Vulnerability of the Human Element

To appreciate why the film holds up, we have to look at the technical realism of the opening act. David Lightman doesn’t bypass security using movie magic; he uses raw, systematic reconnaissance.

In 1983, long before ubiquitous fiber-optic broadband, the primary attack vector into any remote network was a standard analog telephone line.

[Attacking Terminal] —> (Automated Sequential Dialing) —> [Listening Modem] —> [Target Network]

David writes a script to sequentially dial every phone number in a specific Sunnyvale, California prefix, logging whichever numbers answer with a modem tone. This technique became so famous because of the film that the cybersecurity industry literally named it Wardialing.

When his computer finds an active modem, it turns out to belong to the WOPR (War Operation Plan Response) supercomputer. This sequence perfectly illustrates the flawed concept of Security through Obscurity. The military command assumed the WOPR was safe simply because its phone number wasn’t publicly listed. But as modern red teams know: if a modem or a port is listening, a threat actor will eventually find it. It is entirely a matter of time. 

Secondary tools

While not a direct plot point we saw Lightman in the movie use a specific tone, of 2600 Hz, which could then trick some phone switches into getting free long distance  calls. For those over fifty, remember when you had to meter our very minute when making  long distance call?  This showed that like any ‘hacker’ of the day would have many different tools in their toolbox to make gains.   It’s not just about war dialing, social engineering remains to this day one of the largest open holes there is.  The “wetware”, us humans, the always reliable weak link.

The Social Engineering Pivot

Finding the front door, however, is only half the exploit. To bypass the login screen, David shifts from a technical attack to Social Engineering. He researches the system’s creator, Dr. Stephen Falken, hunting through old academic papers and interviewing former colleagues. He ultimately uncovers a hidden backdoor password: “Joshua”—the name of Falken’s deceased son.

Dissecting the WOPR: Heuristics vs. Modern AI

If WarGames were remade today, the writers would undoubtedly throw around buzzwords like “Generative AI,” “Large Language Models,” or “Quantum Computing” to explain the threat. But the 1983 film got the computer science architecture exactly right for its era.

The WOPR is not an LLM. It doesn’t scrape data to write poetry or hallucinate legal briefs. It is a Heuristic-based Game Theory Engine.

System Feature1983 WOPR ArchitectureModern Generative AI
Core MechanismHeuristic-based Game TheoryDeep Learning & Neural Networks
ObjectiveStrategic optimization of defined rulesPattern recognition & statistical probability
Data ProcessingExhaustive decision-tree mappingVector embeddings & transformer architectures
InterfaceRigid command-line textNatural language processing

The AI Alignment Problem

The military high command trusted WOPR to control their nuclear launch capabilities because they wanted an automated response system that eliminated human hesitation. But in doing so, they ran headfirst into what we now call the AI Alignment Problem—the challenge of ensuring a machine’s objective function actually matches human values.

The WOPR does not understand the concepts of death, geopolitics, or the existential horror of mutual assured destruction. It only understands its mathematically programmed goal: to win the game. When the simulation starts, the machine treats a nuclear first strike identically to a move on a chessboard.

Even the UI/UX design reflects this mechanical coldness. While the giant glowing “big boards” in the NORAD command center are pure Hollywood spectacle designed to keep the audience visually engaged, the way the machine communicates with David is grounded in reality. It is entirely text-based command-line interaction—cold, rigid, and perfectly capturing the terminal culture of the early 1980s.

The Tic-Tac-Toe Logic Bomb

The climax of WarGames features one of the most elegant resolutions in science fiction history. To stop the computer from launching actual nuclear missiles, David forces the WOPR to play Tic-Tac-Toe against itself.

From a computer science standpoint, this is a brilliant demonstration of Reinforcement Learning navigating a Zero-Sum Game.

Tic-Tac-Toe is a mathematically solved game. If both sides play perfectly, the game will always result in a draw (a cat’s game). By forcing the AI to play against itself at lightning speed, David traps the system in an infinite loop of its own decision tree.

The WOPR runs millions of iterations, calculating every possible permutation of a nuclear exchange. It simulates US strikes, Soviet counterstrikes, and every tactical variation imaginable, searching for a path to victory.

[WOPR Explores Decision Tree]
       │
       ├──> Scenario A: Total Devastation (No Winner)
       ├──> Scenario B: Total Devastation (No Winner)
       └──> Scenario C: Total Devastation (No Winner)
       │
[System Realization: Game Unwinnable]

Ultimately, the flashing screens fall silent, and the machine outputs its legendary final realization:

“A strange game. The only winning move is not to play.”

In the language of modern cybersecurity architecture, this is the ultimate lesson in risk avoidance. Sometimes, the only way to protect a truly critical asset from automated threats or systemic failure is to remove it from the board entirely via an air-gapped system which means physically disconnecting it from the network. the Most air gapped system is a computer running in a room with no connection whatsoever to the outside world.

Final Verdict and Legacy

WarGames deserves a resounding A+ for intent and conceptual accuracy. While the processing speeds of David’s home setup are heavily optimized for Hollywood pacing, and real military networks possessed tighter physical isolation protocols even in the 1980s, the underlying logic is incredibly sound.

The movie also commands massive respect for its attention to detail. David’s home computer isn’t a prop; it is a genuine IMSAI 8080 microcomputer system, complete with an authentic FDC2-2 floppy drive system—a beautiful nod to the hobbyist roots of the early personal computing revolution. See the image below for what that looked like.

We have come an astronomical distance since 1983.

By the way the IMSAI 8080 was a ‘cousin’ of the computer I learned on starting when I was about 11, the Altair 8800 which was the PC that Gates and Allen started to write software for, their little company turned into Microsoft. I ended up moving across the country to work there for 17 years.  GWBASIC programmers unite! Below is an image of an Altair 8800 identical to the one my Dad built, he still has the darn thing. Yes you used to boot it up by flipping switches to load information in and it didn’t have a keyboard or monitor at first, to a ten year old it still felt like Star trek.

We have traded acoustic couplers for multi-gigabit networks, and basic heuristic engines for massive neural networks. Yet, as we hand over increasingly more operational control to automated software and autonomous systems, the core

question of WarGames remains uncomfortably urgent:  Have we actually fixed the “human-in-the-loop” problem, or are we just building a much faster WOPR? In Artificial Intelligence we often talk about having a human in the loop to ensure what’s coming out of your large language model is in fact tracking to real world expectations and is accurate, it’s not a new concept.

Like reading about AI?? I wrote a book on how Prompt Engineering here:  https://shorturl.at/hBA0I

The Dark Web

In the vast expanse of the internet, a section lurks in the shadows, often misunderstood and shrouded in mystery: the dark web. This article aims to demystify this hidden segment of the digital world, exploring its history, uses, and the threats it poses, as well as the reasons why individuals may venture into this digital abyss.

So Just What is the Dark Web? The dark web is a part of the internet that isn’t indexed by standard search engines like Google or Bing. Accessible only through special software like Tor, which anonymizes users’ identities and locations, the dark web is often associated with a variety of illegal activities. However, it’s important to understand that it also serves as a haven for legitimate, privacy-seeking activities, especially in countries where free speech is restricted.   The origins of the dark web are closely linked to the development of the Tor network, originally created by the United States Naval Research Laboratory in the mid-1990s. It was designed to protect intelligence communications online. The Tor browser, released to the public in 2002, repurposed this technology for broader use, inadvertently paving the way for the dark web’s emergence.

Contrary to popular belief, the dark web isn’t solely a hub for criminal activity. It’s a complex ecosystem with both nefarious and noble uses. Are there wild rumors about what you can do? By all means there are, but I really do think they are at least partially fiction.  Some examples of very real, horrible observed activities which the Dark web can support”

  • Cybercrime: The dark web is a hotbed for cybercriminal activities. It hosts markets for buying and selling malware, exploit kits, and stolen data, including credit card information, personal identification, and login credentials.
  • Drug Trafficking: One of the most common uses of the dark web is the sale of illegal drugs. Marketplaces like the now-defunct Silk Road popularized this trend, operating much like legitimate e-commerce sites but for controlled substances.
  • Weapons Trade: The anonymity of the dark web also facilitates the sale of illegal firearms. These transactions, devoid of regulatory oversight, pose significant challenges to law enforcement agencies.
  • Human Trafficking and Exploitation: Perhaps the most abhorrent of its uses, the dark web has been used for human trafficking and sharing exploitative content, often evading standard law enforcement techniques due to its encrypted nature.

There is a downside, a big one: the anonymity of the dark web makes it a breeding ground for illegal transactions, including drug trafficking, weapons sales, and cybercrime. Notorious examples include Silk Road, a black market for drugs, and AlphaBay, a marketplace for all sorts of illegal goods and services.

This activity can be countered by good and noble uses of the Dark web.  People striving for freedom where governments try to suppress free speech are very much aided by it. In those cases   the dark web provides a platform to share information without fear of reprisal. Platforms like SecureDrop allow individuals to share sensitive information with media organizations anonymously. Some specific examples of activities for good the Dark web supports are:

  • Safe Haven for Whistleblowers: Platforms like SecureDrop are dedicated to allowing whistleblowers to share information with journalists securely. This aspect of the dark web is vital in regimes where freedom of speech is suppressed and whistleblowing can lead to severe repercussions.
  • Tool for Journalists and Activists: In countries with heavy censorship and surveillance, the dark web provides a platform for journalists and activists to communicate and share information anonymously, evading government monitoring and censorship.
  • Privacy Protection: For individuals concerned about privacy and surveillance in the digital age, the dark web offers an alternative to the surveillance-ridden ‘surface web’. It allows users to communicate, share, and browse with a significantly higher degree of anonymity.
  • Access to Censored Information: In some regions, the dark web is a crucial tool for accessing information censored by authoritarian governments, including news sites, political discussions, and cultural content

An example of good which comes to mind is  to Imagine a political activist in an oppressive regime, seeking to communicate with journalists without risking their safety. They turn to the dark web, using secure messaging services to share their story. In another scenario, a cybersecurity researcher delves into the dark web to study the latest malware trends, contributing valuable knowledge to the field of digital security.

The dark web poses significant challenges to law enforcement and national security. The anonymity it offers helps mask the identities of individuals involved in illegal activities, making it difficult to track and prosecute offenders. Additionally, it’s a fertile ground for the proliferation of malware and the exchange of stolen data, contributing to the global issue of cybersecurity. It is very much a quandary as the existence of the dark web presents a complex moral and ethical puzzle. It’s a digital embodiment of the age-old debate between liberty and security. On one hand, its potential for facilitating criminal activities demands stringent oversight and control. On the other, its role in protecting privacy, free speech, and access to information in oppressive regimes is invaluable.

I remember writing an article 25 years ago about how  (as it was often know) “The Web ” itself had strong positive and negative potential, it’s just how you use it.  The Darknet is after all, just a different type of Internet server and those pluses and misuse are magnified in a universe of anonymity.

Is it easy to access the dark web? It actually is, now there are multiple ways to go about it, but taking steps to maintain anonymity are critical.  I’m a cybersecurity professional, I literally make a living thinking about how things can go wrong, so I would take multiple layers of precaution using specific software (VPN software or Virtual Private Network,  the Tor browser, which routes internet traffic through multiple servers to anonymize it for starters).   Some individuals access the dark web out of curiosity or for research purposes, exploring this hidden part of the internet without engaging in illegal activities.  Users who are properly set could then use the dark web for more privacy-centric communications and transactions.  But as stated above unfortunately, the dark web also attracts individuals intending to engage in or facilitate illegal activities due to its anonymity.

The dark web’s existence raises complex ethical and legal questions. It’s a testament to the internet’s decentralized nature, offering both a refuge for those seeking privacy and a challenge for law enforcement. Balancing the benefits of anonymity with the need to combat illegal activities remains a persistent dilemma. It is often viewed through a lens of criminality, is more than a simple black market online. It’s a complex, multifaceted realm that reflects the diverse needs and desires of its users. Understanding this digital frontier requires acknowledging its potential for both harm and good, as it continues to evolve alongside the broader internet landscape.

The Cyber Secure Traveler

Looking forward we will hope a bit for a world when you are not locked down as much when things get normal. The world is struggling with the Coronavirus, we have lost at least 2 Million people due to it and traveling dramatically increases risk.  We will not be traveling for a while, but eventually we will. In 2021 will see the vaccines start to make a real impact for good.  With luck we will see people traveling around again. That means we will all need a refresher on cyber safe traveling.  So, with a bit of optimism about the future and trying to imagine a good place I am going to talk about travel and how everyone is trying to steal your data, infect your devices and be generally bad—ok so much for optimism.   Let’s talk about how to travel smart and things to consider when you do.

It can be a nice distraction to look out the window at the airport, but be sure to follow best practices

By keeping a few things in mind and taking several steps to prevent bad situations coming up you can travel quite safe.  It takes a bit of planning and actions to take beforehand, but you can be quite safe.  A bit of caution and planning goes a long way.  

Before you go:

  • Encrypt your laptop, your phone and ensure they are password protected and auto-lock after a short amount of time of inactivity
  • Get the most recent updates/patches for your system, up to the day you go if you can
  • Set ‘remote wipe’ for your hardware if it is lost you can at least wipe it/lock it
  • Back up all your files and leave a backup in a secure location (such as home)
  • Make sure you have an extraordinarily strong password on all your devices   — See my post on Passwords here:  https://ericcrichardson.com/2021/01/14/the-gist-of-passwords/amp/
  • Make sure, you are only taking any technology into a country what is allowed.  As a cybersecurity professional I cannot take certain software into China for example (Travel to China is literally its own article)
  • Make a digital copy of your passport, driver’s license, credit cards, document with contact info, flight information etc. and always keep it on an encrypted USB device on your person- literally keep it on you 24/7 (X-ray machine in the airport as the exception)

While you are traveling:

  • Keep your devices with you at all time- yes take your luggage to the bathroom/Toilet with you- yes, it is annoying, but your bags should be within reach every second when traveling.   There are other more general security reasons for this, but I am focusing on cybersecurity here. On the plane, keep your carry on directly above you and your laptop bag at your feet, which when you are in the air you can pull back towards your seat to help elevate your feet a bit for comfort.
  • Shut off Bluetooth unless you absolutely need it (computers and phones)   
  • This one may seem strange but never ever plug your phone into a public USB Charging station.  USB brings both power and data between devices. The data sharing is the risk here, it is possible that you may be the victim of what is known as “Juice Jacking” where you plug in for power and a nefarious entity is performing data theft or dropping a payload with malware on it. A bit more than 70% of the phones connected will be Android and most of the rest will be Apple based—so bad guys will know that and plan accordingly. Bring a battery to charge from.  Of course, if you just use an actual plug for an outlet that will remove the data risk, however I just use my battery as I an move about the airport or train station all I wish while charging, investing in a long USB cord is helpful for this as I usually keep my battery in my laptop bag and push the phone connector out of the headset pass through to my phone.
  • Lock everything you can in the safe in your hotel room, they are by far not the most secure safe you’ll ever find as management can override it, but it does provide a layer of protection.  Usually, a laptop will fit as well as your other electronics.
  • Try not to rely on free WI FI hot spots, they can be rife with hackers watching.  Using a VPN helps for sure, however. In fact, a rule of thumb is whenever you are traveling Always use a VPN when travelling—See my post on using a VPN here: https://ericcrichardson.com/2021/01/14/the-gist-of-passwords/amp/

If you want to be super secure you could get a burner phone which is a dumb phone via a pre-purchase for the country, you will be traveling to.   Also, you could bring a laptop with a less friendly operating system that is cheap such as Ubuntu Linux and just remote back to your main computer this way if you lose either the phone or the laptop your losses and potential data loss will be mitigated.  I will be honest with you, while I used to write and edit books about Linux, I prefer just using Windows- it is just easier.

By being smart and following prudent steps you can prevent possible attacks on your devices while traveling. One could literally write a book on steps to take but if you take nothing away from this be very aware there are bad guys out there trying to attack travelers.

@ericcrichardson

The ins and outs of using a VPN

One of the ways many people today are using Virtual Private Network, also known as a “VPN” is something you are hearing about often now likely.  You are likely seeing that is protects you from bad guys (aka the ever present “Hacker”) but just how does a VPN work?

The technology which would become the VPN started their life 25 years ago at Microsoft as part of Windows 95.  The problem which was being solved was the case where someone who worked for an organization who was traveling or located in a remote office who needed to securely connect to their home office.  While you could spend huge amount of money to get a dedicated direct physical connection between the two locations using the already existing worldwide Internet was a great way to go.   Effectively the team came up with the notion of creating a virtual dedicated line between two points. This became known a s PPTP- Point to Point Tunneling Protocol.  The way PPTP works is creating an encrypted connection between the remote user and the home office.

A standard Internet Connection with no VPN

What is a tunnel?

A VPN is just the next step in evolution of PPTN, the general way it works is a remote individual connects to a VPN server in a specific location. That connection is secure using encryption, they any other connections done are done from the VPN Server.  Again, the notion of the “tunnel” is like a virtual cable going from your computer to the VPN Server Selected.   The obvious use of the tunnel is security, if you and work are both connecting to a VPN server you have a virtual connection from you to work. So a Virtual Private Network is just that, you can access resources at work from the other side the world with the ease you would from inside the office.

Using a VPN as a corporate user

Benefits of a VPN

As you have encryption that means it’s much more difficult for bad guys to see your data, it’ll also prevent your ISP, or any organization for that matter with the sole exception of the VPN provider, from seeing your activity.  It also makes targeted marketing difficult as internet advertisers will have no idea who you are and where you are coming from.  Interestingly many private individuals have realized they would like some of those benefits. In the last few years, we have seen a spate of companies starting up to provide VPN services for anyone and they are pretty in expensive. 

VPN’s for everyone

A non-corporate connection to the Internet using a VPN Server- you can have a range of servers to choose from

These works just like their corporate cousins with the exception that you effectively connect to the internet from the VPN server you choose.  The “other end” of the connection is simply the internet versus a corporation. There are added benefits, a major one is regarding streaming services which restrict content depending on where you are located you can simply identify a VPN Server. 

There are some other great benefits, if you use a VPN connected to a specific country products or services could be priced much lower than where you are.  Airline tickets are a well known opportunity to connect to one country via a VPN to get better prices. I will note that as time goes on it’s more likely that merchants of all shapes and sizes will begin to identify popular VPN services and close these holes. In some countries where free speech is not guaranteed, a VPN could be a way to embrace free speech but at a risk to personal safety.

There are some less serious reasons to use a personal VPN-say you want to see the new episode of “Staged” from the BBC but you are in North America, you can select a server in the UK and the BBC would allow you to watch the episode as opposed to waiting for it to come to a streaming service in North America. 

Looking at the BBC from North America

As an example, you can see that he BBC main page is quite different when connecting from North America versus the UK, as in the second instance a VPN was used to connect to the UK.  You will notice that the websites are similar but quite different.

Looking at the BBC Website using a VPN in the UK from North America

I hope this has helped give you a quick overview on VPNs, why people use them and can help you to identify if you wish to use one or not.  They are not awfully expensive for private individuals and are becoming much more popular.  Using one all the time, just connect to your own country, is not a bad way to go as it is still a more secure way to browse the web. There will be minor lag triggered due to the encryption, but you will not notice it under normal browsing conditions.  Most personal VPN companies offer a free trial, give it a spin!

@ericcrichardson