The Mr. Robot Hack Report: Don’t Fear the Rabbler

USA Network

USA Network

BY RUSSELL BRANDOM

Mr. Robot is back, and the C Y B E R is back, too. The show takes a special interest in showing off the details that usually get glossed over, often drawing on real hacks and real cybersecurity problems. So after every episode, I’ll be breaking down who got hacked, how, and with what. It turns out, there’s a lot more to each one than you can see on-screen.

This week was huge for Darlene, as she managed to talk her way out of a tight bind with Elliot and track Mr. Robot back to Tyrell’s secret hacking cave. Stage Two seems troubled, but still basically viable? Both Angela and Darlene came extremely close to getting exposed — Darlene for her FBI connect, and Angela for her Dark Army gig — but both were able to get through unscathed, at least for now.

At the same time, we’re starting to dive back into hacks after last week’s journey into the twitchy soul of Tyrell. So let’s take a look at what happened, starting with Elliot’s anti-bugging box.

RABBLE ME THIS

When Elliot talks to Darlene at the beginning of the episode, he puts a tiny noise box on the mantle to make sure no one can listen in. “The audio’s useless,” Dom’s partner tells her over the phone. “He’s using a goddamn voice protector!” We’ve seen this thing in a couple of earlier episodes, and it always has the same effect, blocking any sound that would be picked up by the FBI bugs. So what is it?

There are a bunch of sound-masking systems like this on the market, but the one Elliot’s using looks an awful lot like a Rabbler. It’s basically a speaker with a pre-recorded sound loop, but the loop itself is pretty interesting. The company compiled a bunch of overlapping snippets of different voices, as if dozens of people were quietly speaking just out of hearing range. As a result, it’s extremely hard for anyone listening in to pick out which sounds are coming from the rabbler and which sounds are coming from the people they’re trying to bug. The trick is placing it close enough to the bug that your voice is drowned out, which is hard because you don’t know where the bug is. Still, we played with one on the aftershow, and it does seem to work. They’re pretty cool!

It’s also interesting the way Mr. Robot drops it in. Elliot doesn’t have many recurring hacking tricks, but this has become one of his most persistent ones, suggesting he’s carrying around the voice protector on a regular basis. Which makes sense! F-Society was an FBI target long before Darlene flipped, and by the time of this week’s episode, Elliot knows something’s up.

YOU’VE BEEN BACKTRACED

It wasn’t all bad news for Dom this week; she was also able to track down and raid the person who posted one of the recent F Society videos. In fact, it was so easy that she gets grouchy and suspicious after they’ve brought the guy in. Here’s how Dom explains it:

We know you posted the F Society video — with a court order, we got the Vimeo connection logs for the account you used, which led us to your IP address and then your home address. That’s why you’re sitting here.

This is a really common way to find someone after they’ve done something illegal on the internet! Cops do it all the time, and you can even do it as a regular person in civil court if you think a commenter has said something defamatory, although it’s really expensive and probably not a great use of your time.

The basic principle is that when you visit any internet service, the service see your IP address (basically the string of numbers associated with your connection to the internet). That doesn’t identify you personally, but it identifies the company that set up your connection (probably your cable provider), which can then be ordered to give up your name. The result is that, if you post a terrorist video on Vimeo, it’s relatively simple for courts to order Vimeo to hand over the IP address of the person who uploaded it, and then get a name from whoever that IP address belongs to.

Dom is right to be suspicious that a seasoned techno-terrorist would fall for this! There are lots of ways to make this more difficult, like using Tor, or running the requests through a botnet. If you’re rad enough to be in F-Society, you must know all this stuff. And this guy didn’t do anything? I don’t have the answers, but after running through the tech, I’m every bit as grouchy as Dom.

That’s the hack report this week! We managed to charm Mr. Robot creator Sam Esmail into talking to us for next week’s episode, so you’ll definitely want to tune in — and as always, if you have any questions, hit us up on Reddit, or on Twitter under the hashtag #Robotaftershow. And stay robot out there!

Disclosure: NBC Universal, owner of USA Network, is an investor in Vox Media, The Verge’s parent company. Additionally, we are an independent editorial partner in the Mr. Robot Digital After Show, hosted by The Verge.

https://www.theverge.com/2017/11/2/16596214/the-mr-robot-hack-report-s3e4-metadata