Humans As Exploits: 'Mr. Robot' Episode 5 Reality Check

Rami Malek as Elliot Alderson (Photo credit: David Giesbrecht/USA Network)

Rami Malek as Elliot Alderson (Photo credit: David Giesbrecht/USA Network)


The following contains spoilers of the fifth episode of the first season of USA Network’s Mr. Robot, which airs at 10pm EST on Wednesdays.

Now five episodes into its debut season, USA Network’s rookie hacker drama, Mr. Robot, has failed to disappoint even the most skeptic of viewers when it comes to the show’s portrayal of cyber crime and security. Led by director Sam Esmail, the Mr. Robot team has dedicated itself to creating an authentic representation of modern hacking with intense scrupulousness. As a result of Esmail and company’s efforts—rather than throwing myself into the debate over Elliot’s delusions and what is reality—I have tasked myself with explaining the onscreen hacks. To do so, I have enlisted the help of Mr. Robot’s technical consultant and cyber crime expert, Michael Bazzell.

Proximity Card Clones

Early in the fifth episode of Mr. Robot’s first season, “Exploits” (S1.E5 eps.1.4_3xpl0its.wmv), Mr. Robot bumps into a fellow customer at a coffee shop in an almost cringe-worthy fashion as Elliot and FSociety crew members Mobley and Romero watch in anticipation. The impetus of this interaction is so that the FSociety can clone the man’s security badge and ultimately use it to gain access to Steel Mountain, E Corp’s data storage facility. These types of employee security badges—also known as proximity cards—are ubiquitous and countless companies rely on them as a security measure.

“Employees wave these in front of a reader, the reader verifies the unique number of the card through a networked database and the lock is released,” explained Bazzell.

One issue with proximity cards, however, is that they are easy to clone—as this episode illustrates. The beginning of this cloning process is shown in this coffee shop scene. Mr. Robot has a device in his backpack that activates the man’s proximity card, and then collects and stores the card’s data. With this data the team is able to create a duplicate proximity card, which Elliot uses to access Steel Mountain in the subsequent scene.

Pictured: Rami Malek as Elliot Alderson (Photo credit: David Giesbrecht/USA Network)

Pictured: Rami Malek as Elliot Alderson (Photo credit: David Giesbrecht/USA Network)

Humans Make the Best Exploits

Much like the episode prior, “Exploits” teaches viewers that an infrastructure is only as strong as its weakest link, which more often than not is a person. As the FSociety members arrive at the supposedly impenetrable Steel Mountain, Elliot reiterates this message.

“Nothing is actually impenetrable. A place like this says it is and it is close, but people still built this place and if you can hack the right person, all of the sudden you have a powerful piece of malware,” said Elliot. “People always make the best exploits.”

Elliot’s plan to destroy E Corp hinges on this concept and the use of social engineering, a non-technical method of hacking that relies on human nature and tricking people into breaking protocols. Bazzell said he believes that this is the most common way criminals manage to hack corporations today.

“Computers are programmed to only do what they are told. They cannot be ‘tricked.’ They may have vulnerabilities—created by humans—that may be exploited, however, they are never sympathetic, foolish or make mistakes. Humans have flaws. This makes for a big attack surface,”said Bazzell.

Elliot uses this to his advantage during his interactions with Bill Harper—a low level Steel Mountain employee—and Bill’s superior, Trudy Davis.

“Elliot is able to gain access to forbidden areas by manipulating people and exploiting the knowledge of their weaknesses,” explained Bazzell. “Most corporate employees post personal information on social networks. While it seems innocent, these details can be devastating in the wrong hands.”

Despite the fact that Elliot and his FSociety cohorts are thrown off when Trudy arrives rather than Wendy—another Steel Mountain employee—as they expected, they still manage to leverage human nature in their favor because as Mobley puts it, “People are all just people, right? When it gets down to it, everyone is the same. They love something. They want something. They fear something. The specifics help us but the specifics don’t change how everyone is vulnerable. It just changes the way that we access those vulnerabilities.”

Mobley then sends Trudy an ominous text message from her “husband” using a Linux operating system called Kali that allows users to send spoofed text messages, meaning they appear to have originated from a different source than in reality.

“As humans, we tend to trust details that appear to be from loved ones. Today, many popular online scams start as a spoofed message from someone that you think you know,” said Bazzell.

Roots and Payloads

“Exploits” culminates in Darlene’s interactions with her Dark Army contact and her learning that the hacker crew is pulling out of the plan to take down E Corp, even though Elliot managed to connect the Raspberry Pi to Steel Mountain’s HVAC system (see previous recap for explainer). There is a shot of the computer screen showing this conversation in which Darlene references “root” and “payload.” While I did not know what these two terms meant when I watched the episode, I knew that they were important. So I asked Bazzell to explain them to me.

Photo credit: USA Network

Photo credit: USA Network

“Having ‘root’ means that you have unlimited access to the machine,” Bazzell explained. “You have the most elevated rights and would not be limited on any function. A typical user on a network would have limited access with an individual user account. When a hacker gains root to your server, he or she basically owns the box.”

A payload in turn, refers to the “component of computer code that executes a malicious activity,” according to Bazzell. So by refusing to sync its payload, the Dark Army is throwing FSociety a major curve ball.

“Payloads are often created around vulnerabilities within operating systems,” said Bazzell. “Syncing the execution of payloads at the same time over multiple servers would have a bigger impact toward the desired attack. It would give network administrators [fewer] options for backups from the other servers and would create more havoc.”

In other words, Dark Army’s refusal to sync its payload with FSociety’s really screws over Elliot and company.