June 11, 2015 By Pamela Cobb 4 min read

USA Network’s new show, “Mr. Robot,” is a fusion of hacktivism, outsourced managed IT security and a somewhat anarchistic effort to rebalance the wealth and power on the planet. As with other recent movies and shows that portray the mysterious world of high-tech hacking, there is often a separation of real-world methodologies and Hollywood glam. So how does “Mr. Robot” stack up, and what can we glean from it?

Perhaps the word refreshing is an odd choice, but that is the term that comes to mind. Rather than relying on shot after shot of frantic typing and electric pulses streaming through a circuit board to build suspense, the show brings a more realistic portrayal of hacking and cybersecurity, making the characters the focus and letting the technology support the story. It may seem counterintuitive, but by letting the security practices advance the story rather than be the story, it’s ultimately a more satisfying viewing experience.

The main character, Elliot, played by Rami Malek, is a white-hat cybersecurity practitioner by day and black-hat hacker by night. Against the backdrop of some questionable life choices, much of his black-hat work is small in scale and focused on righting wrongs — until he meets the mysterious Mr. Robot. And then things get interesting.

Social Engineering

One of the things Elliot excels at is social engineering, and the pilot episode shows at least three examples of how it works. Whether it was weak passwords made of combinations of the target’s favorite band and year of birth or terms like “123456Seven,” Elliot is a master of piecing together information from social media profiles to break into accounts. He borrows a cellphone under the guise of calling his mom to grab additional personal information and even makes calls posing as a representative of a fraud department at the target’s bank.

In real life, practices like these make it vital for corporate password policies to ban reuse between corporate and personal systems. It’s bad enough that your social media accounts could be compromised, but it also endangers your clients’ personally identifiable information (PII) all because you or your employees had difficulty managing a multitude of passwords.

Going beyond password reuse, user education to combat social engineering is a bit harder since of the fundamental human nature to be helpful. Well-intentioned employees can become inadvertent insiders with a few simple clicks in an email or by trying to answer questions from a “confused” caller. Rigorous corporate training can help, but it is a constant struggle.

Distributed Denial of Service

Distributed denial-of-service (DDoS) attacks have been in the top two most popular attack vectors for breaches in the past four years. Popular media would have you believe that DDoS is used only to slow network traffic and disrupt business, so it was a pleasant surprise in “Mr. Robot” to see DDoS used as a cover-up for network infiltration and for the cybersecurity team to come to that conclusion relatively quickly. The show also truly embraced the distributed aspect of the event by referencing attacks coming from multiple countries, not just implying one attacker sitting in his basement, typing and practicing his evil laugh.

While there are a number of security solutions and practices you can employ to protect your network, recovering and mitigating DDoS requires the right mix of processes, people and technology to defend your infrastructure from both volume-based and application-based DDoS attacks.

Tor and All-Powerful Encryption

Without revealing too many spoilers, at the start of the show, we see Elliot confront the owner of a local coffee shop about his illicit private Web server running in the Tor network. Tor is an anonymizing service that serves as a gateway to the Dark Web, a semiprivate Internet where illegal marketplaces and underground forums reside. In the show, Elliot monitors Tor exit nodes, or the servers where encrypted, anonymized traffic resurfaces to the public Internet. By doing so, he was able to intercept unencrypted traffic used to incriminate the shady shop owner.

We hear a lot about encryption, with respect to both the privacy benefits and the risk that it can obfuscate terrorist and criminal activity. There is also some misconception in movies and TV about magic of encryption. Sometimes encryption is seen as a silver bullet, impervious to detection or discovery, and sometimes it is seen as some elite marker where only a true cybercriminal can break through. In reality, it is a little of both.

As designer vulns like FREAK and LogJammer have shown, not all encryption was created equally. Older encryption methods can be easily cracked and are no longer secure. As also illustrated in “Mr. Robot,” even using modern updated encryption like that used by the Tor network still has weak points where data can pass unencrypted and be vulnerable to eavesdropping or attack.

Domo Arigato, ‘Mr. Robot’

Mr. Robot doesn’t treat the audience like they are idiots; the word “firewall” is never once uttered in the entire pilot episode. The show expects viewers to keep up with lingo like rootkits, IRL and Tor exit nodes, not to mention recognize the absurdity of executives running Linux. While that’s refreshing for those of us in the business of cybersecurity, it may turn off less savvy viewers. On the other hand, a cyber Robin Hood with a dusting of Chuck Palahniuk’s “Fight Club” and the ennui of Henri the Existential French Cat is a refreshing addition to this summer’s programming.

More from X-Force

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today