Mr. Robot and you
IT’S difficult to watch Mr. Robot, the surprise hit TV series from USA Network, without feeling a sense of foreboding and unease that your private information isn’t all that private after all.
In case you haven’t watched it yet, the drama-thriller follows the exploits of Elliot Alderson (Rami Malek), a cybersecurity engineer by day and a vigilante hacker by night. Elliot struggles with social anxiety disorder and clinical depression, and connects to people by hacking into their e-mail accounts and Facebook pages. One day, he is recruited by a shadowy group known as “fsociety” led by the mysterious anarchist Mr. Robot (Christian Slater). Their goal is to bring down corporate America—including his employer’s biggest client, E-Corp.
As ambitious as this might sound, the consensus in the tech community is that Mr. Robot is the most technically accurate depiction of hacking and the hacker culture to come out of the movies or television so far.
“Not only does it entertain, with well-crafted, intriguing storytelling and well-developed characters, but it also nails most aspects of infosec, hacking, and the underground Internet culture dead-on,” writes Corey Nachreiner in Geekwire.
“In fact, the show gets these thing so right that I think you can actually learn from it,” adds Nachreiner, chief technology officer at Seattle-based WatchGuard Technologies.
“Mr. Robot doesn’t just get hackers right, it also gets hacking right,” writes Kim Zetter in Wired. “The team behind the show is clearly interested in technical authenticity and have made an effort to get the lingo, the tone, and the on-screen code right,” she writes.
There are no crazy GUIs or virtual reality flybys in Mr. Robot, adds Adam Fabio in Hackaday. “In this show, the command line isn’t hidden, it’s celebrated. We see every command the characters type, from netstat to CAN bus dumps.”
The secret behind Mr. Robot’s technical chops is the commitment of the show’s creator, Sam Esmail, to accuracy, and a team of technical assistants led by Michael Bazzell, who worked 10 years for the FBI’s cybercrime task force before signing on with Mr. Robot.
So given its technical accuracy, what can we learn from Mr. Robot?
The virtual private network company IP Vanish lists five cybersecurity lessons from the show:
1) Beware of unprotected public Wi-Fi networks. In the pilot, Elliot exposes a coffee shop manager as an online child pornographer by observing him through the shop’s public Wi-Fi network. “It only takes a little bit of technical know-how and some free online software to intercept people’s activities on open Wi-Fi,” IPVanish warns.
2) Don’t assume Tor will keep you safe from snooping. In the same episode, Elliot tells the purveyor of kiddie porn that just because he was using a Tor network didn’t mean his traffic was private. “What many users don’t know about the Tor network is that the traffic between the exit node and the target server cannot be encrypted. Virtually any exit node can capture the traffic passing through,” the IPVanish post says.
3) Phishing is dangerous. In several instances, Elliot uses phishing techniques to improve his chances of breaking a password. This, IPVanish says, has very little to do with computers and very much to do with human nature. “A phish, which is ultimately a hack, occurs when a user is baited with an email, phone call, or perhaps a text message and tricked into voluntarily responding with information,” the IPVanish post notes.
4) Malware can compromise your privacy. In Mr. Robot, a hacker posing as an aspiring hip-hop artist gives a free demo CD to Elliot’s co-worker, who tries to play it on his laptop. The CD doesn’t hold any music, however, but malicious software that raids private e-mails, banking information and, most notably, uses the laptop’s built-in webcam to spy on the victim and to obtain personal data. Moral of the story: beware of freebies, especially in the digital world.
5) Set a strong password. “If Mr. Robot can teach you but one thing, it should be the importance of a strong password,” IPVanish says. In the show, Elliot hacks into the e-mails, social media accounts, bank records and even dating websites of the people around him through a little social engineering (phishing) and sheer will (trying, trying, and trying again). Weak passwords make it seem almost trivial for Elliot to break into other people’s accounts. That’s why you should always use a complex password-- more than eight characters long, including letters, numbers, and symbols, IPVanish says.It’s also a good idea to use passwords that are not easy to guess, so don’t use information that is publicly available such as your birthday. And don’t use the same password in multiple accounts. That’s just asking for trouble. Chin Wong