Trending: Windows dressing: Microsoft’s latest holiday ‘ugly sweater’ soft-wear pays tribute to XP
Rami Malek plays Elliot in Mr. Robot. Photo via USA Network.
Rami Malek plays Elliot in Mr. Robot. Photo via USA Network.

[Spoiler Alert] This article may spoil some of the surprises from the Mr. Robot season two premiere. Make sure to catch the opening two-part episode before coming back for the latest on the show’s technical “hackcuracy” and its many geeky Easter eggs.


Hacking and cybersecurity have been fairly engrained in our everyday entertainment for some time now. As an information security professional, I’ve always dreamed of a show that deviates from Hollywood’s tendency to depict hacking with unrealistic, oversimplified and flat-out false scenarios. USA’s award-winning, techno-thriller Mr. Robot, which kicked off its second season this week, is a perfect example of a show that gets it right. It impeccably captures the technical, political, and economical zeitgeist we currently live in while illustrating technology, hacking, and the hacker subculture more accurately than any other show ever has.

LATEST IN A SERIES: Corey Nachreiner, CTO at Seattle-based WatchGuard Technologies, is reviewing episodes of Mr. Robot on GeekWire. The show airs on USA Network on Wednesdays at 10 p.m. Join the conversation on Twitter using #MrRobotRewind, and follow Corey @SecAdept.

I started the Mr. Robot Rewind series last season to dissect the hacking and technology elements within each episode; assessing which aspects the show got right or wrong. This season, I continue the Rewind series to see if the popular TV show can live up to its well-earned, high “hackuracy” expectations.

Mr. Robot’s two-part premiere started as a slow-burn that ended with a literal bang. With only two new hacks (just one covered in any detail), the season opener wasn’t as blatantly focused on technology and hacking methods as many of the past installments. That said, even hack-free episodes of Mr. Robot include many subtle specifics that still illustrate how well the showrunners understand hacker subculture. Let’s dive in.

Elliot’s script-fu is legit

The premiere starts a bit slow from a hacking perspective. You had your first glimpse of a command-line in the opening scene that mostly revealed a missing chunk of Elliot’s past interaction with Tyrell at the fsociety arcade, during which we saw Elliot launch the Five/Nine attack.

Figure 1: Elliot's Five/Nine attack scripts.
Figure 1: Elliot’s Five/Nine attack scripts.

There wasn’t much “hacking” in this command-line interface (CLI) interaction. Elliot seemed to be coordinating with either Whiter0se or the Dark Army over IRC. He SSH’ed as root into an E Corp (Evil Corp) server (which he’d already backdoored last season) and eventually ran a python script, which started the process of encrypting Evil Corp’s files.

Though this small CLI interaction only got 20 seconds of screen time, it’s a perfect example of the meticulous diligence the showrunners put into each technical scene. None of it would really be considered hacking, but all of it is authentic. Every detail is technically genuine, even down to typing “./” to execute a program from the current directory.

Lots of hacker Easter eggs

Getting hacking right is just as much about the culture as it is about technology. No matter their motives, hackers tend to be inquisitive, detail-oriented and always up for a good puzzle. They like to seek out and discover things that the average person misses. Mr. Robot appeals to this nature by burying tons of visual and technical Easter eggs throughout the show.

The Easter egg that first jumped out at me in this episode was a QR code in Elliot’s diary. A QR code is simply a modern barcode that’s easily readable by any mobile device with a camera. For just a moment, we caught a glimpse of a handwritten QR code as Elliot flipped through the notebook. Try not to forget that even the minutia in Mr. Robot is deliberately placed.

Figure 2: A mysterious QR code in Elliot's diary. Visit it.
Figure 2: A mysterious QR code in Elliot’s diary. Visit it.

Most technically savvy folks realize that QR codes often point to websites, and websites have source code. The show has already established that Elliot likes to read source code… so you do the math. I won’t spoil all the fun here, but you can visit these subreddits to learn what others have found out about this QR code.

This episode doesn’t stop with that one secret. There are actually many small Easter eggs in the premiere episodes. Some are just fun visual shout-outs like the brief appearance of well-known cyber vigilante, J3st3r. Others are more technical and require a little puzzling. Pay attention to any domains, IP addresses, and telephone numbers you see on the show. Often times there’s more involved than meets the eye.

Figure 3: Collage of technical Easter Eggs in Mr. Robot S2EP1.
Figure 4: Website associated with one Mr. Robot IP.
Figure 4: Website associated with one Mr. Robot IP.

Hollywood typically has methods for fictionalizing certain information. You’ve probably seen phone numbers on TV that start with 555. Though some numbers actually do start with 555, the phone industry has specifically reserved a block of 555 numbers for fictional use. They use similar methods to portray fake IP addresses. Whenever you see IPs or phones number that look like they could be real, you might want to check them out.

For instance, visiting one of the IP addresses shown in this episode will lead you to a real web page (Fig. 4).

Figure 5: Hidden messages in the above website’s source code.
Figure 5: Hidden messages in the above website’s source code.

If you channel your inner Elliot and explore a bit below the surface you might find some fun and unexpected things (Fig. 5).

Many viewers won’t notice or explore each and every subtle hidden detail, but that’s exactly what makes the show so appealing to hacker types. Mr. Robot’s endless Easter eggs prove just how well the showrunners understand hacker and geek culture.

IoT devices and Smart Homes can own US 

Mr. Robot himself claims, “Control is an illusion.” In the first real hack of the season, Darlene and the fsociety crew proved that this is definitely the case, by taking over the smart-home of Susan Jacobs, general counsel for Evil Corp (Evil Corp). The technical details behind the hack weren’t revealed, but there were some subtle clues for the eagle-eyed viewer.

The scene began with Jacobs jogging through New York. When she arrived home, her fitness app crashed on her smart-watch (Fig. 6). Once inside, the home’s “smart” alarm system, media player, thermostat and lights began to malfunction, causing her to temporarily move out. Her smart-home had been hacked.

Figure 6: Could an app crash be the sign of a hack?
Figure 6: Could an app crash be the sign of a hack?

Yes, this scenario is entirely possible. Although few smart homes are as integrated as that one, many of the home automation systems highlighted are available on the market. Security researchers have found vulnerabilities in everything from network-connected light bulbs to Internet-connected thermostats. In general, these devices fall in the Internet of Things (IoT) category and the risk they pose is something the security community has been concerned about for years.

Here’s the problem. IoT devices are essentially embedded networked computers with the same security flaws as any other computer. And many of the companies creating them aren’t traditional computer or software companies. As a result, many of the latest connected devices aren’t designed with security in mind, so they ship full of flaws that hackers might exploit. The issues range from bad default passwords to software bugs that could allow attackers to hijack them. Check out HP’s annual IoT study to see just how vulnerable these devices can be.

As far as how Darlene pulled off the hack, that’s left mostly to our imagination. However, remember Jacobs’ fitness app crashing? When hackers exploit certain software vulnerabilities, they often corrupt memory in a way that can cause an app to crash. Could the crashed fitness app indicate that fsociety gained access to her smart-watch? Consider an even subtler visual clue; the blurred image of a girl sitting on the fountain (Fig. 7) as Jacobs jogged through the park.

Figure 7: Darlene wirelessly hacking in the park.
Figure 7: Darlene wirelessly hacking in the park.

To me, that sure looks like Darlene, a laptop and some sort of wireless device with antennas. Could she have hacked the smart-watch while Jacobs jogged by? It’s certainly technically possible.

Realistic ransomware, with a slight inaccuracy

In the second and final hack of the episode, Darlene and Mobley delivered CryptoWall, a real-world ransomware threat, into the bowels of Evil Corp. After delivering her “George W. Bush” speech to inspire the fsociety troops, Darlene spoke with Mobley while working on her computer.

Her screen showed that she was using an authentic hacking tool called the Social Engineer Toolkit (SET) that we covered last season. The SET provides many methods that help attackers trick victims into installing malware. Some of its options include delivering malicious emails, send luring text messages, hosting tainted websites and creating infected USB sticks. Ultimately, Darlene used the toolkit to create a USB stick designed to install ransomware onto an Evil Corp computer. She handed the stick to Mobley, who we later learn works at a branch of Evil Corp.

Figure 8: Using SET to create ransomware USB sticks.
Figure 8: Using SET to create ransomware USB sticks.

Overall, this scene is fairly accurate, but I do think it makes one small mistake. Darlene appeared to be using SET’s “webattack” module (Fig. 8). Hackers use this to set up malicious websites that deliver their malware. Darlene even entered an IP address and port for an evil web server. But it’s clear that Darlene and Mobley were creating an infected USB stick to use on Evil Corp, so it doesn’t make sense that she’d be messing with SET’s webattack module rather than the USB tool.

One last slightly humorous detail. Mobley was later shown playing the role of the IT guy “troubleshooting” Evil Corp’s ransomware infection (that he presumably installed). If you didn’t pay close attention to his fingers (Fig. 9), you may have missed a little inside IT joke about standard troubleshooting techniques. He was pressing Alt-F4 (close program) and Ctrl-Shift-Esc (open TaskMgr), while innocently pretending he had no clue why the ransomware was not going away. A small detail, yes, but one that makes the show even more technically authentic.

Figure 9: Alt-F4 and Ctrl-Shift-ESC always work.
Figure 9: Alt-F4 and Ctrl-Shift-ESC always work.

Some practical security advice 

While enjoying the captivating videography and twisted narrative of Mr. Robot, viewers should also take note that the hacks portrayed in the show represent some of today’s most serious security risks. There are several relatively simple things everyone can do to guard against the kinds of ransomware attacks and IoT device vulnerabilities present in the show.

Ransomware is one of the top cybersecurity threats this year. Protect your data by regularly backing up – if Evil Corp maintained frequent backups, fsociety’s ransomware attack wouldn’t have been so successful. Use and update your antivirus, don’t underestimate the protection new software patches can provide, and avoid suspicious emails and web links. 

IoT devices present a very real security threat if they aren’t properly managed. Always change each device’s default password. Use firewalls and other security controls to limit access to your IoT devices and upgrade your smart devices whenever new software becomes available.

Whether you’re fascinated by security and love to geek out over Mr. Robot’s depiction of hacking culture, or a die-hard fan of the drama wanting to learn more about the technical side of the show, I invite you to join me each week for a new Mr. Robot Rewind. Feel free to share your thoughts, feedback and theories in the comments section below.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline


Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.