Finding The Hidden InfoSec Story

Seeing Isn’t Believing…

Photo Credit: Gary Burke. via Compfight cc

or How Danny Ocean Made Me Open My Eyes

The 2001 remake of Ocean’s Eleven[1] is a glossy heist movie, following the exploits of a con-man (Danny Ocean, played by George Clooney) and his accomplices as they plan, prepare and then steal $160 million from three casinos in Las Vegas. It’s a very visual movie: and therein lies the clue to the film’s dénouement. (Spoiler alert!)

How do the thieves steal the money? Put very simply, they use misdirection. Realising that the security of the vault where the money is stored will foil a conventional heist, Danny Ocean and his team recreate the vault in a disused warehouse. This copy is used for training and planning.

When it’s time to launch the heist, the first step is to cause an electricity supply failure affecting the casino, which allows them to hack into the casino security systems and replace the real CCTV feed with that from the warehouse. The result? The security guards, once the CCTV feed comes back online, believe that they are watching the CCTV feed from the vault. Unbeknownst to them, they are of course watching the feed from the phoney warehouse.

As nothing moves or changes on the CCTV, the guards believe and report that everything is OK, whilst the real vault is broken into and the heist is happening. Only when the casino owner looks at the CCTV footage is it revealed to be fake: he notices that the vault floor shown on CCTV lacks a logo, which had only recently been installed in the real vault.

To my mind, this is a great story to tell people about what they should do when using websites and reacting to emails. Just because a website or email looks like it should, doesn’t mean it is the real deal. This is where paying attention to details, such as website addresses, spelling of the words and even how the website or email looks, may reveal that a site or email is fake. But it goes wider than that: we should encourage people to look at everything afresh. All too often, we look without seeing, or see what we want or expect to see – which is what the security guards did in the movie – and fail to notice changes or differences (men are infamous for this – especially when it comes to their wives’ haircuts!).

So, how did Danny Ocean make me open my eyes? I’ll confess, the first time I saw the movie, I didn’t get the switch – I think I was too busy mocking Don Cheadle’s appalling English accent. The second time, with a little concentration and attention, I got it. The lesson I learnt – and which I think is a good lesson for security professionals – is this: no matter how many times you’ve seen something, stop, focus, pay attention and look with fresh eyes. You’ll surprise yourself at what you actually see.


[1] See:,

Author: Adrian Davis

Share This Post On