Serial hackers: Mr Robot


Many TV series show hack scenes with, most often, a young man in front of his computer, in the middle of a dark atmosphere. Behind these realization effects, do the hack scenes presented on the screen technically hold up well? We start our series with a classic of the kind: Mr Robot. Analysis by the Orange Cyberdefense Ethical Hacking team.

The plot

First broadcast in June 2015 in the United States, the Mr Robot series has already become a classic. Created by Sam Esmail, it features Elliot Anderson, a security engineer for Allsafe Security, but above all a hack virtuoso, as much in love with justice as disillusioned by the world. The young man joins the ranks of “fsociety”, a group of hackers who want to restore balance to society by bringing about the collapse of the most powerful conglomerates, including E Corp, Allsafe’s major client.

The construction of hack scenes

Sam Esmail, Mr Robot‘s creator and director, is a computer enthusiast: he received his first computer at the age of nine and learned to code a few years later[1]. However, he did not persevere in this direction; he told Rolling Stones magazine, shortly after the series’ release: I could come up with ideas for software. But to actually sit and write every bit of code, every command… I just didn’t have the patience.”  

This did not prevent him from being extremely rigorous in the construction of Mr Robot‘s hack scenes. He has surrounded himself with a team of experts, including Kor Adana, a former white hat (ethical hacker), now a consultant for major American companies. Kor Adana says: “I took a lot of risks and did a lot of things that I probably should never have done when I was exploring technology. Some of these things appear in the series, and I can afford to include them by saying,”I’ve done this before. […] How would I bring a company to its knees? Well, I worked for one of them, I know how to bring her to her knees,” explains Kor Adana to Konbini[2] before the broadcast of the second season of the series.

He is not the only expert involved in creating the scenario. Ian Reynolds, a former hacker who also became a consultant, Marc Rogers, then head of security at Cloudflare[3], Ryan Kazanciyan, chief security architect at Tanium, and Andre McGregor and Michael Bazzell, two former FBI agents[4] were part of the team responsible for creating the hacking scenes.

From the second season on, for even more realism, they were even imagined before the script. Marc Rogers will tell Wired magazine[4] in 2015: “In most cases, I think of the hack, build it at home and demonstrate it. From there, I record it and send it to Adano. […] One of the hacks took me two weeks to set up. Some of them were so busy that I had to ask Cloudflare for time off.”

The realism of hacks: analysis of a key scene

In episode 5 of season 2, entitledb0mb3_10giqu3.hc (eps2.3_logic-b0mb.hc)”, Elliot hacks into an FBI agent’s cell phone. Is his method realistic? Is the hack thus presented plausible? Response from the Orange Cyberdefense Ethical Hacking team.

What is Elliot really doing in the extract?

On the extract, we can see first that Elliot updates his packets[5] using official repositories[6], then connects to a VPS[7] attack in SSH[8]. He is about to use “Samsung Knox”, an encrypted container for Android, via a zero-day that he is developing, and coordinates his action with other hackers via an IRC channel[9].

To distribute his exploit, he chose to use a femtocell, a kind of antenna, as a vector.

Once the phone is compromised, it can access all the phone’s data.  He will then have rebound access to the various networks to which the mobile will connect via Wi-Fi, possibly the FBI’s internal network.

Are the actions chosen realistic?

The code, from Ruby, seems realistic. He’ll probably see some mistakes during the tests. As for the attack strategy, it is certainly extremely plausible but requires a very high level of expertise: the operation of browsers is one of the most demanding categories of hacking.

To achieve stable browser operation, it can take more than a year of work. Success in such a short period of time is still likely, because we are talking about 100 to 1000 lines of code, but it is still extremely difficult.

Most movies and series show hackers hacking into the FBI. Is it that simple?

The larger the attack surface, the more likely it is that vulnerabilities will be found. Generally speaking, it should be noted that no hack, which can be seen as a chain of attacks, is simple from start to finish, especially for a target of this type.

Notes

[1]https://www.rollingstone.com/tv/tv-news/mr-robot-inside-tvs-hacktivist-breakout-hit-195888/

[2]https://biiinge.konbini.com/series/kor-adana-hacker-mr-robot/

[3]Ian Reynolds is currently Vice President of Security Strategy at Okta, Inc. but also an advisor to Luta Security.

[4]https://www.wired.com/2016/07/real-hackers-behind-mr-robot-get-right/

[5]update its system

[6]Data repository

[7]Virtual Private Server. It is a system exposed on the Internet on which you can connect and execute commands.

[8]Secure Shell, a secure connection protocol, allowing commands to be executed remotely.