White Rose And The Honeypot: 'Mr. Robot' Episode 8 Reality Check

        Rami Malek as Elliot Alderson (Photo by: David Giesbrecht/USA Network)

        Rami Malek as Elliot Alderson (Photo by: David Giesbrecht/USA Network)


In the wake of Shayla’s murder and the death of Sharon Knowles at the hands of Tyrell Wellick, it was hard to imagine a Mr. Robot episode that would throw more curve balls at viewers than the sixth and seventh episodes of the rookie hacker drama but the most recent episode managed to do so.

The reveal that Darlene is Elliot’s sister and that Mr. Robot is a mirror image of the duo’s purportedly dead father was undeniably the greatest plot twist in this week’s episode, but from Elliot’s meeting with White Rose to the realization that FSociety might actually pull off its plan, “White Rose” (eps1.7_wh1ter0se.m4v) was full of plot advancements from the very beginning. Unsurprisingly, this week’s disclosures have left me reeling and knee deep in questions, but rather than rattling off my personal harebrained theories—and in keeping my previous Mr. Robot recaps—I have written up another explanation of the onscreen hacks in “White Rose” with the help of Michael Bazzell, the show’s technical consultant.

Back On Track

In the fifth episode of Mr. Robot, FSociety hit a major snag in its plan to take down E Corp by destroying the corporate conglomerate’s tape-based data backup system when the Dark Army, another hacker crew, refused to sync its payload with FSociety’s. At the time, the major concern for Elliot and company was that E Corp had plans to incorporate four new storage locations in addition to Steel Mountain for its tape backups within the coming days. Fast forward to episode eight, however, and you learn that the company’s attempt to protect itself from threats ends up being futile.

Elliot manages to salvage his original plan because the HVAC systems at all of E Corp’s data storage locations are connected to the same network. According to Bazzell, this is not atypical for companies. In many cases businesses will enlist outside vendors to facilitate maintenance on heating and cooling systems and more often than not, these companies are contracted to handle systems across multiple locations.

“It is common for the vendor to be connected to all of the locations in order to monitor the systems and implement desired changes,” he added. “When this happens, it can create an environment where all systems are connected through some type of network. This type of scenario allows an attacker to exploit multiple locations at one time.”

This is the predicament E Corp is in after partnering with AirDream, a vendor of these types of services. The partnership makes E Corp’s multiple storage location plan essentially moot and leaves the company’s tape-based data backup system just as vulnerable as before. As a refresher, in the fifth episode Elliot connected a Raspberry Pi—essentially a micro computer that can be controlled remotely– to Steel Mountain’s climate control system so FSociety could increase the facility’s temperature to a point at which the tape backups will melt. Now, all he has to do is extend his control across the multiple storage locations via the single network they are connected to.

Mobley puts it best, “Man these AirDream guys are so dumb, who has all their thermostats phone home the same network?”

Now back on track, the greatest factor in the success of Elliot’s newly revamped plan is timing.

“This attack requires perfect timing in order for the execution to happen simultaneously. Any notification of a problem at one location would likely cause an alert at the other locations,” Bazzell stressed.

Of course, FSociety gets this and Romero and Trenton are tasked with making sure the execution goes as planned.

The Honeypot

On the heels of learning that Elliot’s Raspberry Pi plan is still good to go, however, another roadblock presents itself. In his meeting with Tyrell Wellick, Elliot’s boss Gideon Goddard shares the security precautions Allsafe has taken following the E Corp hack. His list includes: re-configuring E Corp’s firewalls, air gapping the company’s separate networks and implementing a honeypot. Bazzell explained the latter two items to me. When Gideon says that Allsafe air gapped E Corp’s network, what he means is that it has isolated the company’s networks.

“An air gapped network would have no connectivity to another network, such as the Internet,” explained Bazzell. “It does not allow the opposite sides of the ‘gap’ to communicate. It is a way to ensure that a network is not touching unsafe networks.”

It is, however, the honeypot that poses major problems for Elliot and friends because not only does it indicate that Gideon is suspicious of Elliot but it also has to be removed for Elliot’s hack on E Corp to work.

“A honeypot is basically a trap set up to detect unauthorized intrusion. There are many of them on the Internet at any given time,” said Bazzell. “They are often a type of bait to lure in an attacker. They may appear to contain valuable data, but in reality have worthless content. They are monitored in order to learn more about any attacks occurring on a network.”

In this instance, as Gideon explains in the episode, the honeypot within E Corp’s network is a decoy server that he set up to ensure that any hackers (Elliot) still in the network won’t be able to cause any damage but will be under the impression that they are in E Corp’s main network.

        Portia Doubleday as Angela Moss, Rami Malek as Elliot Alderson (Photo by: David Giesbrecht/USA Network)

        Portia Doubleday as Angela Moss, Rami Malek as Elliot Alderson (Photo by: David Giesbrecht/USA Network)

White Rose and Hacking Time

The honeypot reveal answers one plot question: why the Dark Army pulled out of the payload sync at the last minute in the fifth episode. It turns out that White Rose knew about Gideon’s honeypot, which you learn when Elliot meets with the mysterious leader of the hacker bloc.

While the show does not extrapolate how White Rose managed to discover the honeypot, Bazzell informed me that there are a few ways to determine if a system is a honeypot, but that “this can be difficult because the whole purpose of a honeypot is to appear normal. Sometimes, there is suspicion of a honeypot when it is easy to access or if something seems too good to be true.”

But at this juncture in the season all that matters is the fact that the honeypot exists and that White Rose gives Elliot 50 hours and 23 minutes to get rid of it. To do this, Elliot must access Gideon’s account and send out a service order request to remove the honeypot. Gideon’s email, however, requires a passcode that is sent to his phone.

“Many secure systems, such as email, internal reporting or other online accounts use two-factor authentication. This requires a password with a temporary code, which changes every 60 seconds on most devices,” said Bazzell. “Without the temporary code, one cannot log in. Elliot needed that code to submit the request from Gideon’s account. Knowing the password alone would not grant access.”

To make sure that Elliot has access to Gideon’s phone when the FSociety video plays as a distraction, Darlene floods the phone with MMS files.

“Sending a large number of MMS messages to a phone would cause the device to use more resources than simply maintaining a standby position. Hundreds of messages coming in would cause a larger strain on the battery,” Bazzell said. “This might cause the user to need to charge sooner than expected.”

Food for Thought

Though the eighth Mr. Robot episode is rife with plot twists and reveals, there were two scenes in particular that piqued my curiosity about Tyrell’s story arc that I think are worth highlighting. The first is immediately after Gideon leaves his office and there is a shot of computer screen with code. According to Bazzell, the code indicates that Tyrell is able to access the infected CS30 server (also the honeypot) but he is unable to access many files and directories. Coupled with the cryptic meeting between Tyrell and Mr. Robot in the car, one has to ask—what is Tyrell up to?