IE 11 is not supported. For an optimal experience visit our site on another browser.

'CSI: Cyber': 10 real cybersecurity experts review the show

Hackers! Crime! The guy from "Dawson's Creek"! Yes, "CSI: Cyber" had it all Wednesday night in its premiere on CBS. Or did it?
/ Source: NBC News

Hackers! Crime! The guy from "Dawson's Creek"! Yes, "CSI: Cyber" had it all Wednesday night in its premiere on CBS.

Or did it? We asked several real-life cyber experts what they thought about the show's portrayal of cybercrime.

In case you didn't see it, here is the basic rundown: Academy Award-winner Patricia Arquette, James "I don't want your life" Van Der Beek and Shad Moss, née Bow Wow, née Lil' Bow Wow, are part of an elite cybercrime unit of the FBI.

In the first episode, they investigate a baby kidnapping, which involved hackers infiltrating a Web-connected baby monitor. (The hacking part is ripped from true-life headlines. It has happened several times, including an incident in April where parents found someone screaming "Wake up baby!" at their infant.)

Let's just say the show's technical accuracy failed to impress our experts.

Zoom and enhance

"'CSI: Cyber' really delivered when it came to blinking lights, pixelated images, doing the difficult in mere minutes, and, of course, using the word 'cyber,'" Kaue Pena, a consultant at software security firm Cigital, wrote to TODAY.

His main problems:

  • "The good code being green and the bad code being red. Who needs source code review tools if this exists?"
  • "A hacker dedicated enough to spy on a baby to learn the parents' schedules, steal the baby and set up an online auction would probably obfuscate his IP location."

On the bright side, the show did get the maximum penalty for hacking right: five years in prison.


Chester "Chet" Wisniewski, senior security adviser at Sophos, called the show "technically implausible and frankly ridiculous." His main problem? The "disturbing stereotypes" including the overweight, bearded guy who was the "very caricature of a hacker" and the "thug in need of redemption" played by the actor formerly known as Lil' Bow Wow. It's extremely implausible, he noted, that a hacker would be recruited to actively investigate cybercrimes.

"The resolution to the entire story doesn't really even involve technology," he wrote. (Spoiler: There is a car chase.)

The need for speed

Many experts also criticized how easily and quickly Arquette and friends tracked down the cyber perp. Jason Rodzik, director of CNO software engineering at Endgame, called the inability to track actions back to criminals "one of the most difficult problems facing the industry today: just look at the controversy over who is to blame for the Sony hack as the most recent example."

"Cyber forensic analysis doesn't move at the speed of a TV show," Ivan Shefrin, vice president of security solution at TaaSera, wrote to TODAY. "While it can take minutes or less for a hacker to penetrate a home computer, the process of gathering and analyzing computer and network forensic evidence unfortunately takes much longer."

Risky business

There is a reason why hackers use computers to steal credit card numbers instead of robbing people on the street: They don't want to get arrested. In "CSI: Cyber," there is a physical kidnapping to go along with the hacking.

"Most organized crime cyber attackers are content to prosecute their attacks from the safety of places like Russia," John Dickson, principal at software security firm the Denim Group, wrote to TODAY. "It’s simply not worth it to come to the U.S. to put themselves in harm's way."

So what did "CSI: Cyber" get right?

Careless corporations

While Chris Thomas, a strategist at Tenable Network Security, thought the show mostly got cybersecurity "completely, unbelievably wrong," he thinks it captured the blasé attitude corporate executives sometimes have about the threat of hackers.

"Probably the most important thing that they got right in this show was when the 'World's Greatest Hacker' was berating the lowly tech employee for allowing a vulnerability to exist in the company's software and the tech guy responds with, 'I took it upstairs but they didn't listen,'" Thomas wrote to TODAY.

"Company executives often refuse to listen to security concerns and instead focus more on the bottom line."

Dumb mistakes

It also turns out that hackers, like the rest of us, are sometimes not too smart.

"Even in a world that demands a 'CSI: Cyber' division, the evil hackers are guilty of the same old user errors we've seen for years in information security: writing passwords down because they are too hard to remember," wrote Tom Turner from security ratings company BitSight.

The Internet of vulnerable things

The plot's focus on hackers infiltrating "smart devices" — like baby monitors and video game consoles — rang true to several experts.

"They did a reasonably good job of portraying to the public that Internet-connected devices are susceptible to hacking," Kevin Epstein, vice president of advanced security at Proofpoint and "Law & Order" fan, told TODAY.

Chris Petersen, co-founder of security firm LogRhythm, agreed.

"Mostly, it's adolescents pulling pranks," Petersen told TODAY. But with smart locks and other connected gadgets gaining popularity, he said it's not impossible to think that hackers might infiltrate them to commit more serious crimes.

As for those crazy graphic interfaces and holograms? Not everybody hates them.

"What's cool about the show is that it made the tools we use — which are pretty boring visually — look cool," Branden Spikes, CEO and founder of Spikes Security, told TODAY.

"Companies are getting hacked over and over, so I think mainstream TV highlighting security as an important thing is a pleasure."

Julianne Pepitone contributed to this report. Keith Wagstaff writes about technology for NBC News. He previously covered technology for TIME's Techland and wrote about politics as a staff writer at You can follow him on Twitter at @kwagstaff and reach him by email at: