BY ABIGAIL TRACY
The following contains spoilers of the tenth and finale episode of the first season of USA Network’s Mr. Robot, which aired at 10pm EST on Wednesdays.
The finale of rookie hacker drama Mr. Robot on Wednesday did not disappoint. Aptly titled Zero Day—for a computer system vulnerability that, once exploited, leaves administrators zero days to correct—the episode struck an exciting balance between answering a handful of the show’s most distressing questions and leaving fodder for the second season of the USA Network series.
Before I transition into the hacks and technology references in Zero Day (eps.1.9_zer0-day.avi), I must stress how important it is that you watched the entire episode through the very end, past the credits like in a Marvel movie. If you’re reading this now and didn’t–you missed out on a lot. Go rectify your mistake. You can thank me later.
Now for the tech. Much of Zero Day puts the viewer in the (often unreliable) mind of Elliot as he tries to piece together the E Corp takedown he doesn’t remember orchestrating. Subsequently, the hacking action is minimal, but as in every Mr. Robotepisode, there are references that warrant exegesis. To provide this, I yet again tapped Mr. Robot’s technical consultant and cyber crime expert Michael Bazzell for help.
Prosecution and Proxies
“Zero Day” opens with a meeting between Elliot’s therapist, Krista Gordon, and her adulterous ex-boyfriend, Lenny. Though summoned on the pretense that Lenny has been diagnosed with cancer, Krista learns that he actually wants her help in building a case against Elliot. But despite the fact that Lenny was able to identify Elliot as his hacker after the protagonist brought the micro-chipped Flipper to the vet, he apparently has no real evidence against Elliot and even calls out the Computer Abuse and Fraud Act for being notoriously difficult to prosecute.
“Most hackers cover their tracks well and leave no evidence behind,” said Bazzell, who spent 10 years with the FBI’s cyber security crime task force. “In ideal cases, one would need connection information from the suspect including an IP address, with the exact date and time. This can easily be anonymized, which would make for difficult prosecution. However, most hackers will make a mistake eventually, which we have seen in several hacker busts.”
If viewers have learned one thing over the season’s ten episodes it is that Elliot knows what he is doing, or as Lenny says: “This kid is good, Krista. He was routing through something called proxies or something out in Estonia. He is untraceable.”
Proxies are technologies used to mask someone’s true identity online. One of the most common is the TOR network, which if you recall has been mentioned several times throughout Mr. Robot and was used in the Ashley Madison hack that has been gracing headlines for the past week (and got a nice shout out in this scene). Bazzell explained exactly how the TOR network and other “onion routers” work.
“A user connects through the TOR browser and is routed through several connections all over the world. When using TOR within the United States, your connection will most likely appear to be coming from another country,” he said. “The evidence left behind, such as an IP address, will not be your own. It will be an anonymous IP address attached to the TOR network. TOR alone will not protect you 100 percent—as we saw in the first episode—but it will confuse the majority of the services that you use.”
Puppy Incinerators and Destroying Evidence
The Mr. Robot season one finale is set in the aftermath of FSociety executing its long awaited hack on E Corp. Elliot spends most of the episode trying to piece together what happened but the remainder of the hacker coalition busies itself destroying evidence. According to Bazzell, hard drives are the most vital items to destroy, since they contain the bulk of the information of FSociety’s activities.
“The majority of other computer components save no information about use. However, some details can be found within BIOS and Network hardware found on the motherboard. Routers, flash memory devices and cellular phones can also disclose a lot about you,” Bazzell explains. “FSociety takes the safe route and incinerates everything.”
They sure do. The episode contains a handful of scenes that show the hackers in full “wipe down mode” in the words of Darlene—drilling hard drives, pulling fiber taps and ultimately tossing everything in a incinerator used to cremate puppies.
Mobley characterizes this culmination best: “You know, I have run all the scenarios of our little revolution here but using a dead puppy oven was not on my list.”
All It Takes To Destroy the World
In the wake of the E Corp exploit—and between delusions—Elliot goes into greater detail about the specific malware Darlene wrote to take down the corporate conglomerate.
“A simple program, a worm that can make data unreadable, malware that took Darlene maybe two hours to code—is that really all it takes to destroy the world?” he says.
As mentioned in the ninth Mr. Robot episode, FSociety planned to hack the E Corp network by way of the infected server involved in the original All Safe hack earlier in the season (after Elliot managed to get Gideon’s honey pot removed) with malware written by Darlene.
“This was custom malware created from scratch. Something of this magnitude could be compromised if using something created for another purpose. That could trigger alarms from computer security software solutions (as we saw in a previous episode). Creating something new without recycling known code will provide a lesser chance of detection,” said Bazzell.
Bazzell was referring to the sixth episode, in which Elliot tries to break Vera out of jail and his first attempt to infiltrate the prison’s network fails because Darlene ripped known code from the Internet that was detected by the network’s virus protection software. As covered in the penultimate episode, FSociety’s ultimately successful hack hinged on Darlene’s malware encrypting all of E Corp’s financial records and a self-deleting encryption key (see previous recap for an explanation of FSociety’s plan in its entirety). Basically, FSociety wanted to permanently prevent E Corp from accessing its files, which it apparently managed because as Elliot says, “have they come to the realization yet that Darlene encrypted everything with 256-bit AES and it would take an incomprehensible amount of time to crack, that all their data is actually gone for good?”
I asked Bazzell to explain what “256-bit AES” means, and he directed me to a Reddit post by user INCOMPLETE_USERNAM, which he says describes it best:
AES-256 is the standardized encryption specification. It’s used worldwide by everyone from corporations to the US government. Its largest key size is 256 bits. This means that the key, the thing that turns encrypted data into unencrypted data, is string of 256 1s or 0s.
With each character having two possibilities (1 or 0), there are 2256 possible combinations. Typically, only 50% of these need to be exhausted to yield the correct key, so only 2255 need to be guessed. How long would it take to flip through each of the possible keys? …The universe itself only existed for 14 billion (1.4e10) years. It would take ~6.7e40 times longer than the age of the universe to exhaust half of the keyspace of a AES-256 key.
In other words, E Corp has no hope.