The new thriller “Untraceable,” about a serial killer who murders his victims in live webcasts, may be fiction, but it’s based on fact.

So says former FBI cyber-crime specialist E.J. Hilbert, who was a consultant on the Diane Lane film, which opened Friday, and now is head of security for MySpace.

“This movie is as technically correct as it can be while still being entertaining,” Hilbert said in a phone interview from Los Angeles.

Diane Lane plays an FBI agent tracking a serial killer through cyberspace in Untraceable.

Early in “Untraceable” the FBI agent portrayed by Lane identifies a teenage hacker who has stolen thousands of credit card numbers and used them to go on a buying spree.

She tracks him down to his suburban home (he’s using a neighbor’s Wi-Fi as a cover) and orders an FBI team to break down his door.

Absolutely how it really works, according to Hilbert.

“The only area in which we fudge is the time frame,” he said. “Real-life crime investigation isn’t as fast as what you see in the movie. In real life you’d get bored watching us.

“But as to the methodology, it’s very accurate. This is how the FBI monitors this stuff. It’s pretty realistic. We wouldn’t bust somebody for stealing one credit card, but in some of these cases we were dealing with people who had stolen hundreds of thousands of card numbers.”

As for the idea of a killer broadcasting his murders over the Web, it’s entirely possible, Hilbert said. In fact it has already happened with some jihadist Web sites providing live coverage of the execution of Westerners they’ve taken hostage.

One example was the murder of Wall Street Journal writer/editor Daniel Pearl in Pakistan in 2002.

“It’s not that far-fetched,” Hilbert said. “In fact, it’s very plausible.

“Would you get away with it? No, not if you’re U.S.-based or working in Western Europe. We’d catch you.”

Like the killer in “Untraceable,” many cyber crooks try to hide by using computer servers in Russia, Asia or other areas where local governments may not cooperate with the FBI. But that is changing, Hilbert said.

He was part of an FBI team that in 2000 sat down with representatives of the Russian government to battle cyber crime.

“We talked about getting them on board, helping them understand the significance of this kind of activity. And we’re at the point now where it takes about 24 to 72 hours to shut down a site or server in Russia. Last year it took a couple of weeks, so that’s a big improvement.”

What most of us don’t realize, Hilbert said, is that the odds of being hit with identity theft via the Web are much greater than of being mugged at gunpoint.

“Americans fear what we don’t understand. We turn a blind eye to it. We turn the computer on and hope.”

“For example, your e-mail password should be different from the one for your bank account. It may be a pain to keep a list of your different accounts but you’ve got to.”

Hilbert uses only one credit card for all his online purchases. If he’s compromised, it’s just one account.

And he doesn’t use debit cards to buy on the Net.

“They allow direct access to your bank account. The good news is that there are now safeguards so that you’ll get your money back. But it may take weeks or months.”