It’s become a trope: the super-smart hacker, faced with a highly secure system, frantically hammers on the keyboard for a few seconds (if it’s a really tough job, with a few pauses to show a thoughtful face) then another burst of activity, and they’re in.

What is the factual basis for this trope?

Only the tiniest grain of truth. In the end, knowledge is power. There are some long-dormant bugs out there, called by at least one source Rare Unicorns. These are extremely difficult to spot, and once they’re found, difficult to keep secret for long. In this particular case, a bug present since Windows95 allows any attacker to run any code they wish.

So the fictional hacker character needs to have spent insane amount of time doing personal security research, and in so doing amassed a number of Unicorn bugs, and kept them purely to themselves (as opposed to, say, selling the secrets to Russian hackers and raking in millions) until the crucial moment in the story when this knowledge is needed.

There are several tools, including fuzzing, that a security researcher could use. But any vulnerability found against common software (like Windows) using common tools would be well-known, relatively speaking, and of no use to the plot. Instead, this mythical hacker would need to craft their own tools from the ground up and keep them purely to themselves (as opposed to, say, creating a security consulting firm and raking in millions)

So if you write a fictional hacker–what does their backstory look like? If it doesn’t involve tens of thousands of hours alone behind a keyboard, you might be falling for the same trap that causes screenwriters to put huge, flashing red “Access Denied” notices on screens.