[Spoiler Alert] Have you finished the first season of Mr Robot yet? If not, why not? In any case, this article details many scenes from the season finale, so I recommend you watch it before reading further.
LATEST IN A SERIES: Corey Nachreiner, CTO at Seattle-based WatchGuard Technologies, is reviewing episodes of Mr. Robot on GeekWire. The show airs on USA Network on Wednesdays at 10 p.m. Join the conversation on Twitter using #MrRobotRewind, and follow Corey @SecAdept.I’m sad to say that the first season of Mr. Robot has ended. We’ll have to wait a long six to nine months to get our next fix. We might as well have an “end of the world,” or at least “end of the season,” party!
Over the past few months, I’ve analyzed each episode of Mr. Robot to share the hacking accuracies and occasional missteps within the show. And so far, the show has been pretty dang accurate.
This episode was mostly about tying up loose ends from Fsociety’s Evil Corp hack, and introducing a few new mysteries for next season, so it doesn’t contain any hacking. However, the show still covered quite a bit of tech. So let’s dive in.
Proxies and pet chip predictions
The finale opened with Krista, Elliot’s therapist, meeting with her cheating ex-boyfriend “Michael,” whom we’ve learned is really named Lenny. He tricked her into the reunion under the pretense of terminal illness, but he just wanted to talk to her about Elliot’s hacking. The scene didn’t reference new hacks, however, it did discuss technology and cyber crime.
First, remember my prediction about Flipper—the micro-chipped dog—being Elliot’s downfall? It turns out that Lenny was ultimately able to identify Elliot through Flipper. Since Lenny is registered as the dog’s rightful owner, he’d have access to the records of Elliot’s visit in episode 7, so all of this is pretty accurate.
Despite having Elliot’s name, the police have no real evidence of Elliot’s hacking, which they’d need in order to prosecute him under a law Lenny called the “computer abuse and fraud act.” This is a slight mistake, as the Computer Fraud and Abuse Act (CFAA) is the actual name of the primary law used to prosecute hackers in the US. Those familiar with the act know that the “fraud” comes before the “abuse,” and would notice this as a minor flub on Lenny’s part.
Lenny also mentioned that it is hard to prosecute criminals against CFAA without evidence. Not everyone agrees with this. In fact, many think the CFAA has overly broad definitions of cyber crime that do not entirely match today’s modern attacks. If you’re interested, Aaron’s Law was an attempt to reform the CFAA a bit.
CFAA aside, the need for more evidence is what brings us to the next technical point. Lenny mentioned that there is no real evidence tied to Elliot because he used proxies to hide his real location. Proxies are intermediary servers you can go through before making a connection somewhere else. We’ve already discussed them a bit in the intro to this series, when we covered the TOR network. Hackers like Elliot would definitely use multiple proxies, whether TOR or just their own botnet, to hide their true IP address from the authorities. So this point is right on.
I’ll also give the show runners extra credit for the last minute addition of the “Ashley Madison dump.” Lenny (clearly an unfaithful scumbag) mentioned this to Krista, but his face was not included in the shot. I’m sure this was a last minute addition that they edited in. This recent breach fits well with the show’s story, and the way it fits seamlessly into the narrative illustrates just how well Mr. Robot portrays today’s cyber zeitgeist.
However, there is one part of this scene that I think is somewhat inaccurate—the reference to police cyber crime units. The problem is, actual police cyber crime units are quite rare.
GeekWire Radio with Corey Nachreiner: Behind the scenes of Mr. Robot — understanding the tools and tactics of a hacker
A friend of mine recently suffered from a hack and identity theft, where attackers stole her information and used it to file her tax return and create financial accounts. Among other things, she called the local police and authorities for help, but found that here in Washington there are no real cyber crime units. Rather, the police just took her statement so that there would be an official record of the crime. The only authority she could report to was the FBI’s IC3 center, which is likely so behind that it can’t respond to small incidents of this nature. In most states in the US, you will be hard-pressed to find a police cyber crime unit. They do exist, but in very small numbers, and primarily as task forces for crimes against children.
That said, New York is one of the few places that actually does have a new police-based cyber crime unit (in partnership with the FBI). I‘ll give the show a pass on this point, since it’s set in New York. Personally, think it’s disappointing that we don’t have nationwide police cyber crime units.
Fsociety wipe down
One major theme in this episode was the Fsociety team trying to dispose of all the evidence used in their attack. They ripped out computers, drilled into hard drives, and pulled all their fiber links. This is all very “real world” when it comes to sophisticated hackers. They know the danger of leaving digital fingerprints, and would want to dispose of such evidence with prejudice. Even the quick shot of the HD Shredder 4 software, was an accurate example of the type of secure delete software hackers might use.
Of course, I’m not sure that you’d necessarily need to go to the extreme of incinerating your gear. Once you’ve done a secure delete and drilled into your hard drive platter, you would probably be pretty safe. That said, those incinerators can hit temperatures of up to 2000 degrees Fahrenheit. While hard drive cases are made of stainless steel, the actual platters are aluminum, and would melt at around 1200 degrees. An incinerator like this would probably destroy digital data quite effectively.
In short, Fsociety’s paranoid quest to completely wipe their computers fits with hacker culture.
Encrypting rather than deleting is still weird
In this episode, Elliot referred again to the encryption of Evil Corp’s files. He specifically mentioned Darlene’s new, custom malware program (zero day malware) that used 256-bit AES encryption to encrypt the files with a self-deleting key. In concept, all of this is technically sound. In fact, today’s ransomware uses this same type of encryption, which, with today’s computing power, makes it nearly impossible to crack the files within a reasonable time.
However, as I discussed in my last article, I still find it suspect that Fsociety would encrypt files rather than just delete them, or at most replace the originals with dummy files. If their goal is data destruction, the act of encrypting is a waste of time. One may argue that you can encrypt faster than you can delete, but even if you can encrypt quickly, you still have to delete. Encryption doesn’t happen over an existing file; it creates a new file in memory and you’d still have to get rid of the old one by overwriting it or deleting it.
Needless to say, the encryption seems out of place to me. But my guess is that the show runners are using encryption on purpose so that it can become an issue next season. The only reason you’d encrypt rather than destroy, is if you wanted to offer a chance that the data could be recovered. I guess we’ll see.
A great ending with new mysteries
To summarize the “hackuracy” of the first season of Mr. Robot; this is the most accurate portrayal of information security and hacking that I’ve ever seen in pop-culture entertainment. I’ve had to nitpick very small things in order to have any real “mistakes” to talk about. Even then, I’ve felt the show runners knew the truth, and simply made choices to drive the narrative more quickly, or to keep the show interesting to non-tech savvy viewers.
Mr. Robot has a smart story, deliberate construction and high production values. The hardest part of writing this series has been to keep the focus on tech, rather than the mind-blowing plot. So let me end by leaving you with a few musings on the narrative:
- Three days is a long time. What the heck were Elliot and Tyrell up to?
- The show wants us to think that Tyrell is dead. That’s why I doubt it. In fact, perhaps Tyrell isn’t even who we think he is!?
- Oh no! Angela has joined Ecorp. Is she going to become an evil mastermind, or is she just undercover? Her interaction with the salesman makes me think the former.
- Will the world continue to fall apart in season two?
- Who was banging on Elliot’s door? Was the knocking even real?
- Did you watch the scene after the credits? The Ecorp CEO knows Wh1ter0se! I suspect the Dark army is the real enemy, and perhaps even associated with a nation state.
- Wh1ter0se’s watch alarm went off. That will surely be relevant later.
In previous articles, I’ve shared what you can learn about security from this show. Build your general information security awareness. Keep in mind that social media may leave you vulnerable. Understand the potential ramifications of your online activity. And above all else, understand that threats are out there.
I hope you enjoyed this Mr. Robot tech analysis series. Season 2 is sure to be thrilling to say the least. In the meantime, please share your thoughts in the comment section below.