‘Mr. Robot’ Rewind: A security geek analyzes the popular new TV show

Mr. Robot (Christian Slater) with Elliot Alderson (Rami Malek) in “Mr. Robot” on USA Network.

Mr. Robot (Christian Slater) with Elliot Alderson (Rami Malek) in “Mr. Robot” on USA Network.

BY COREY NACHREINER


If you’re a passionate information security (infosec) geek and a pop-culture nerd like me, you’ve probably been waiting impatiently for Hollywood to get hacking right. Sure, old movies like WarGames were a pretty good start for their time, but lately Hollywood has “jumped the shark” as far as cybersecurity goes. Cyber attacks have either been portrayed in overly flashy ways, with cartoonish impacts (e.g.Swordfish, Diehard 4, CSI Cyber), or some technical details are actually right, but the story, characters, and motivations are all wrong (e.g. Blackhat).

I’m happy to say that Mr. Robot bucks these trends. If you haven’t heard of Mr. Robot, it’s a popular new cyber-thriller TV series on USA Network. Not only does it entertain, with well-crafted, intriguing storytelling and well-developed characters, but it also nails most aspects of infosec, hacking, and the underground Internet culture dead-on. In fact, the show gets these things so right that I think you can actually learn from it. Most of the “tech” in this show, from the lingo, the culture, and even commands used in terminal windows, are fairly accurate.

For the remainder of season 1, I’ll be dissecting each week’s episode on GeekWire and analyzing what the show gets right and wrong from the infosec world, and hopefully extracting some security tips you might use to make sure you don’t become the next victim to the Elliots, Fsocieties, or more nefarious cyber criminals of the world.

On Episode 1

A scene from “Mr. Robot.” Photo courtesy USA Network.

A scene from “Mr. Robot.” Photo courtesy USA Network.

The first episode jumps right in with a TOR hack. We see Elliot confront a café owner, and tell him how he stumbled onto the owner’s Dark Web child pornography site (Elliot was curious why the café’s WiFi was so fast, so he did a little snooping).

Although this scene doesn’t go into the nuts and bolts of how the café owner usedThe Onion Router (TOR) network for criminal activity, it does accomplish two important things:

  1. It uses enough genuine technical lingo to show the security crowd that the show runners know what they are talking about (in fact, controlling exit nodes, like Elliot mentioned, is really how three-letter agencies snoop on TOR users to catch cyber criminals). Despite the fact that this scene doesn’t share too much technical detail, it quickly establishes this show as authentic to security experts, both its understanding of modern technologies and threats, and even in the motivations and attitudes of “hackers” like Elliot.
  2. The scene also shares enough context to allow less technical folks to keep up, without succumbing to boring or condescending exposition.

Some other aspects of the show that represent huge technical wins:

  • Clear understanding of social engineering. Hacking is not always just about exploiting technology; it can also be about exploiting human beings. There are many great examples of real-world social engineering in this series. For instance, Elliot learns someone’s phone number by asking to make a call on their mobile device. He also pretends to be a bank employee to get personal information. Finally, another hacker “gives away” a free demo CD that really installs a webcam spying trojan. The focus on these kinds of realistic social engineering scenarios as big part of certain cyber attacks makes the show even more authentic.
  • Authentic password cracking (with technically accurate easter eggs).When attackers breach networks, they often dump hashed password databases and try to crack passwords. There are lots of ways to do this more efficiently. In one episode Elliot customizes his “brute force” database with information he knows about his target. This is a great way to speed password cracking up. In fact, if you look closely at Elliot’s terminal window during one of these scenes, you’ll even see a pretty accurate hash dump output – a nice easter egg for us infosec geeks.
  • Accurate hacker culture and motivations. This is less a technical win, and more just goes to show that this series has developed an authentic atmosphere and realistic characters. While Mr. Robot does have a few cliché characters, they portray the most important individuals, like Elliot, right. His personally-defined moral code, feeling of alienation from society, logical mind, and potential Asperger’s syndrome all ring true for many of the folks I’ve met in the infosec or hacker community. Furthermore, many of the “threat actors” the show represents, like Fsociety and “nation state hackers,” have direct correlations to real hacktivist groups like Lulzsec and Anonymous. The show even shares subtle atmospheric easter eggs that make it feel even more authentic to people that follow hacker communities. Sharp-eyed viewers may have noticed the 4chan homepage on Elliot’s computer during one shot. While I don’t encourage anyone to visit this particular web site, it does have historical connection to groups like Anonymous, making the show even more genuine.

A Slight Falter

Photo courtesy USA Network.

Photo courtesy USA Network.

There was, however, one scene in the first episode that was technically wrong. Angela asks, “What is a rootkit?”

While the initial joking answer was quite funny, the real answer was off. First, they generically described it as malicious code that takes over the system, and then they say it can delete files and stop programs. Both of these are pretty generic descriptions of any malware.

A rootkit is actually a component that allows some malware to hide itself from your operating system and other security programs—it’s like a “Jedi mind trick” that makes malware files and network connections seemingly disappear. Rootkits can be hard to quickly describe to less-technical audiences, so I don’t think this small inaccuracy is a huge fault, but it was the first bit of dialog that triggered my “BS meter.”

There you have it; my take on some examples of real infosec topics we can explore after every episode of Mr. Robot. If you like the show, and are interested in learning which security details are true and which are fiction, please join us each Friday to analyze and dissect this exciting, yet technically grounded show. If you have questions about hacking or about terminology and jargon used in the show, leave your comments below!

http://www.geekwire.com/2015/mr-robot-rewind-a-cybersecurity-geek-analyzes-the-popular-new-tv-show/