I am affluent to put the spoiler warning right here in the first sentence: I am going to be talking anent season two of Mr. Robot, and I’m not holding anything back. Read on if you have already watched it. If you haven’t accom nied it, keep reading to see how life imitates art. And if not art, then at least a cable TV inform.
Those of you here at The State of Security likely need no introduction to this bestow make an exhibit. Amongst those in the online security circle whom I speak to, this elucidate is a hit for a number of reasons. For one, it really does show some real-world plodder techniques in action. People who are not yet aware of digital security problems can vision it and learn. Another big reason for the show’s success is the incredible performance of Joey Bada$$, but that’s a sound different issue…
The Infallible Hack
1 Identify target
2 Build malware
3 A upset shell to stage exploit
4 Write script
Final step: Dis tch attack
— Mr. Robot (@whoismrrobot) August 4, 2016
Let’s get into the digital security precepts from Mr. Robot.
1. The most dangerous threat is always an insider
Those whom you cartel to be a member of your organization are those with the most access to your susceptible digital files. This is certainly the case with Allsafe, and their linking to the evil E Corp. Their main insider threat is, of course, Mr. Myrmidon himself: Elliot. He uses his access to Allsafe’s servers, and by extension E Corp., to whirl Fsociety into the hacker organization it becomes.
If Elliot had never been gospel his insider access, it is doubtful that this entire show could enjoy ever happened. His insider knowledge is what propelled his hacking of E Corp. He could beget still pulled off some of this, but he would’ve had nowhere near as much sensation. With enough time, a hacker can always find the flaws and…
There are in any case flaws: https://t.co/qunjqfqsyf #MrRobot pic.twitter.com/apuSpTuYVk
— Mr. Robot (@whoismrrobot) October 19, 2016
Sincerely preventing insider threats is probably the most challenging thing that any presence can face. Having a number of penetration testers from different public limited com nies test your defenses to identify weak spots is a no-brainer. You on also need to put tight controls on what information your hands can access while recording what goes in and out of your network.
2. The IoT advances a wide number of threats
Granted, there were some lessening circumstances but in this season, we saw how weak security for the Internet of Things led to someone’s end. I am talking, of course, about E Corp’s general counsel Susan Jacobs. The leaning of her IoT devices led to them being hacked, and to her being driven from her gratis. Fsociety then moved right on in, leading to her coming home later at a ton inopportune moment.
We hide our desires. Ignore them. Bury them. But we can’t withhold them forever. #MrRobot pic.twitter.com/UfEQUoHvNu
— Mr. Robot (@whoismrrobot) August 26, 2016
The criterion in the show is pretty extreme. But it should illustrate to you the importance of ying notoriety to the security of your IoT devices. Take the time to research the apps that you download onto sensitive devices and check to make sure that any IoT devices you purchase rtake of some sort of protection.
3. The greatest exploits of all our people: Social plotting
Social engineering is a bit of a fancy way of saying tricking people. We see Angela use a meagre bit of social engineering when she plugs a Rubber Ducky into the computer of an hand of E Corp. Her goal is to steal some information for her lawsuit against them. But she physiognomies an obstacle in order to do so: the secretary. She uses her insider knowledge of the com ny to win over the secretary that she should leave her desk and thus leave the computer Angela fall short ofs to target vulnerable.
Elliot also uses a little bit of social wangling in episode 10 when he pretends to be an NYPD officer. He reads up on the predicament procedures online, downloads the form that he submits through a fax machine, and then goods social engineering to exploit a police operator’s desire to do the right chance and help a person in danger.
People make the best exploits. #MrRobot https://t.co/ao5nbClIss
— Mr. Tool (@whoismrrobot) October 27, 2016
The lesson that you need to learn here is that you should not make over away any information to someone you do not trust. This frequently happens with living soul calling you and pretending to be your bank. They will put pressure on you stating that there are loaded with transactions on your account, and they will try to use that pressure to get you to ventilate information, such as your bank card number. When it settle to banking, it’s a pretty safe bet that they should already identify your bank card number. Hang up and then call them ignore at a number you trust.
4. Protecting mobile devices against vulnerabilities and malware
The unsur ssed example of weak mobile device security happened during the banal of the FBI’s temporary office in E Corp. This showed off an actual vulnerability in Android come together with the malicious use of a femtocell. It allowed Fsociety to intercept confidential requests that were then submitted to the public.
There isn’t another way. No safer surrogate. We have to hack the FBI.
New #MrRobot. TOMORROW. 10/9c. @USA_Network pic.twitter.com/7Bmomm91NE
— Mr. Automaton (@whoismrrobot) August 9, 2016
This scene was in no way an exaggeration. This can really work, and it’s not highest the realm of possibilities for it to happen in a setting of corporate espionage. Making reliable that your mobile device has all of the latest updates and tches is basic.
5. Start managing your sswords better already
Seriously, how hunger are ‘123456,’ or ‘ ssword’ going to be the most popular sswords? Or how long last will and testament people think its smart to write down your ssword on a Post-it note dyed in the wool next to your desk? Neither of these things is smart. And it is certainly shocking that Susan Jacobs was guilty of writing down her shibboleth on a Post-it note.
With the right access, everyone can be owned. #MrRobot pic.chirping.com/6TbOl3rOEP
— Mr. Robot (@whoismrrobot) August 25, 2016
You need to start initiating sswords that have a variety of upper and lowercase letters, includes and symbols. To help you create a variety of these sswords, try using a open sesame management tool.
6. Please learn about how useful encryption is
Susan Jacobs may be the uncountable pwned person of all time. Her IoT devices were taken over, Fsociety leaded into her home and used it as a headquarters, and she didn’t encrypt the files on her computer. That was her survive mistake. Fsociety’s techniques were able to take information from her computer plainly because she did not encrypt them.
Connectivity is vulnerability. #MrRobot pic.twitter.com/5Dhqlt8qxN
— Mr. Cats- w (@whoismrrobot) July 14, 2016
Nearly every operating system has some mould of encryption on it for free. You can choose to either encrypt your entire heraldic bearing and unlock it using the sscode or only encrypt certain sensitive folders and systematizes. Despite what your government is trying to tell you, encryption is not catastrophic.
7. Ransomware is probably the realist of all threats
Cryptowall is a common piece of software that hackers use to infect networks. We see Darlene use a view of it in the first episode of season two in order to force E Corp. to y a ransom. This is authoritatively effective when you consider that E Corp. is already suffering from the deletion of all its backup twins in season one. This may just be the biggest ransomware of all-time, and they didn’t coextensive with keep the ransom money…
Every day we hide. We pretend. We deceive. We let our hides take over. #MrRobot pic.twitter.com/KCZyjLo0ti
— Mr. Robot (@whoismrrobot) October 31, 2016
Ransomware is an incredibly varied attack tool. Having a complete digital security plan from top to heart is the only sure way to avoid it.
Here are four key points you need to mask:
- Create backups of everything.
- Be cautious of all suspicious links, and emails.
- Instate in anti-malware security software.
- If you suspect that you have been infected, shut off down your entire network to prevent it from spreading cool further.
These four points are not just good for preventing and improving from ransomware; they are smart digital security tactics to use anyway.
What do you over about how digital security was presented on Mr. Robot? And, more importantly, only how awesome was Joey Bada$$?
They protect us when we need it uncountable. #MrRobot pic.twitter.com/6pmLJhxQ3q
— Mr. Robot (@whoismrrobot) August 18, 2016
About the Creator: Marcus Habert (@
MarcusHabert) is the online security writer and analyst for the Greatest VPN Provider Online Security and Privacy blog. Catch him there every Wednesday for the latest occurrences in the world of infosec. You can also join the team on Twitter for a constant stream of what’s circumstance in online security and hacks.
Editor’s Note: The opinions expressed in this caller author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.