[Spoiler Alert] This article may spoil some of the surprises from Mr. Robot episode nine. With all the twists in this series, you’ll definitely want to catch up before reading ahead.
If you’re loving Mr. Robot, but wondering how much of the show is Hollywood hype and how much is accurate, you’ve come to the right place. I’ve been analyzing each episode to separate fact from fiction and so far, Mr. Robot has stood up quite well, with plenty of hacks to analyze.
LATEST IN A SERIES: Corey Nachreiner, CTO at Seattle-based WatchGuard Technologies, is reviewing episodes of Mr. Robot on GeekWire. The show airs on USA Network on Wednesdays at 10 p.m. Join the conversation on Twitter using #MrRobotRewind, and follow Corey @SecAdept.However, it was bound to happen. This week was the first episode with literally no new hacks. It almost happened a few weeks ago during episode 7, but that episode at least included a reference to a new hack (Darlene pwning Cisco). This time there was nothing.
No need to fret, though. There’s still plenty of tech we can talk about. In fact, one of the things that makes Mr. Robot so technically authentic is its atmosphere. In this article, I’ll focus on some of the smaller details this episode gets right, which prove that the show runners really understand the IT and security culture that they portray. Also, while there were no hacks, there are still some information security related ideas we can explore.
Perfectly authentic techie atmosphere
One of my favorite things about Mr. Robot is all the subtle visual “shout outs” or easter eggs included, which let you know that the show runners truly understand geek culture—not only today’s geek culture, but historical geek culture as well.
This episode starts with a shot that pans across floppy and DAT drives, NES and SNES cartridges, and other well recognized computing and gaming paraphernalia. Soon the location is revealed as Elliot’s dad’s computer repair shop, which is called Mr. Robot (finally, an explanation for the name and logo on his jacket). We quickly learn, based on old computer advertisements, that it’s around 1994. Everything you see in these shots is period accurate and perfectly genuine technical memorabilia.
As the camera continues to move, we see Elliot’s dad peeling “Free” labels off 3.5” floppy disks. If you were around during the 90s, you might recognize this as a subtle reference to AOL disks. At the time, AOL mailed hundreds of thousands of 3.5” floppy disks to potential customers. Pretty much everyone from the time recognizes them. However, many technical people had no desire for AOL, so rather than install the software from the disk, they’d reuse these floppies (by coving the write protection hole) for their own purposes. This sticker removing shot barely lasted a few seconds, yet it immediately conveyed so much authenticity and nostalgia.
In fact, the episode’s accuracy is better than my own memory. At the end of the scene, an angry customer threatens, “I’ll just go to Best Buy.” Best Buy hadn’t made its way to my neck of the woods by the 90s, so I thought I’d caught the show in a mistake. However, it turns out Best Buy was around in the mid-west and east coast during that time, so even their business references are technically accurate.
InfoSec companies really do get hacked
Gideon already learned his company, Allsafe, was hacked in a previous episode, but this episode includes a scene where Gideon tries to express to his husband what a big deal it is for a security company to suffer a network breach. The damage to reputation caused by a hack is much more harsh for a company that’s supposed to provide security for other businesses.
This reminded me that I haven’t really commented on the accuracy of whether or not security companies get hacked. Unfortunately, this concept is all too real. Many well-known infosec companies, like RSA and Bitdefender, have suffered network compromises in the past. Most recently, Kaspersky has admitted that they’ve had sophisticated hackers in their network.
In short, any organization can get hacked. While security companies should implement more rigorous security practices than the average target, they aren’t invulnerable. That’s why you should remember good information security is not just about prevention, but it’s also about disaster recovery and business continuity.
A potential misstep, or a new mystery?
The closest we got to the subject of hacking during this episode was the last scene between Tyrell and Elliot, at the arcade. During this scene, Elliot shares how he’s hacked Evil Corp; how they gained access to the network with the infected server; how he got Evil Corp’s financial data, and how he removed the redundant backups from the equation by hacking the “Airdream” system.
That’s all stuff we already know, but one thing Elliot said rubs me the wrong way. The ultimate goal of this heist is to kill Evil Corp’s financial data, presumably so the poor 99% isn’t beholden to the debt held by Evil Corp’s 1%. However, Elliot says he is encrypting all of E-corp’s financial files with an encryption key that will “self delete.” I don’t really understand why you would encrypt files if your ultimate goal is to destroy the data. Why not just outright delete the files (using multiple overwrites to ensure they can’t be recovered). Either this is a small technical inaccuracy, or there is more to the story. Perhaps the goal is to extort Evil Corp, pretending to offer up the “encryption key” in return for something. Or perhaps Elliot is just aware that it’s more frustrating for a victim to see encrypted files that they can’t recover. In any case, I think it’s weird Fsociety is going through the steps of encrypting the data that they ultimately plan to destroy.
Great episode despite few hacks
Even with no real hacks in an episode, Mr. Robot gets the technical atmosphere and infosec culture so spot-on that I still geek out over the show’s accuracy. Furthermore, this episode was full of great story and plot elements, and even a twist of a twist. Rather than cover these story elements, let me quickly share a few of the quotes and moments that summarize my feeling about this episode:
- “Even though what you did is wrong, you’re still a good kid. And that guy was a prick. Sometimes that matters more.” – Robot (dad) to Elliot
- “I am Mr. Robot!” – Elliot
- “I thought I’d feel guilty for being a murderer but… I don’t. I feel wonder.” – Tyrell
- “I don’t know… I wanted to save the world.” – Elliot
- The ending scene’s haunting piano cover of The Pixies, “Where is My Mind” – proving that the show runners are fully aware of, and even acknowledging, their parallels to Fight Club.
Wait a sec! What can we learn from this?
You thought I forgot, right? Even without hacks, there are plenty of things this show can teach you about information security. In this case, the lesson in cyber security is more about data than systems—that’s why we call it information security after all. Elliot and Fsociety’s hacks often prey on weak technology, systems, and networks. This mistakenly convinces most people to primarily focus on protecting those technologies and systems, rather than directly protecting data. Ultimately, Elliot wanted the data. So, although protecting devices is part of safeguarding data, remember to take the necessary steps to directly monitor and protect information too.
That’s all this week. I can’t believe we only have one episode left this season. I don’t know whether or not to feel elated that we’ll soon learn more, or depressed that I’ll have to wait 9 months to get my next Mr. Robot fix. In either case, join me next week to finish up the series, and don’t forget to share your comments below.