Cyber Defense Review

Thank You Very Much, Mr. Robot

By CPT Brent Chapman | July 27, 2015

Recent headlines provide a virtually unlimited source of material for Hollywood’s latest trend: the cyber-thriller.  From the paranoia-fueled Person of Interest, to the widely-panned CSI:Cyber, these shows attract a huge audience and often inform a significant segment of the population on all things technical.  They also, as discussed in a previous Cyber Defense Review post, have the potential to educate users about the risks of information security on a very large scale.  USA Networks’ newest cyberpunk thriller, Mr. Robot is one of the newest entrants into the fray.  The show has already received rave reviews, not only for its immersive and dark tone, but also for its unusual technicaly accuracy.

The pilot for the new series Mr. Robot, cleverly titled “eps1.0_hellofriend.mov”, opens with our protagonist named Eliott Alderson narrating his thoughts of insecurity and paranoia.  It has a taste of the familiar: technically prodigious emo introvert drowns in social angst.  Thankfully, the clichés stop right there.  The episode quickly cuts to a scene where we see why Eliott is different.  He confronts Ron, the owner of a coffee shop whose network Eliott’s hacked and has been monitoring for several days.  Explaining what he’s done in a very matter-of-fact way, Eliott reveals his hack and also his knowledge of Ron’s illicit image sharing website.  Ron pleads and even offers money to Eliott for his silence, but Eliott refuses citing his disinterest in money.  Ron can only stand there, mouth agape as Eliott leaves the coffee shop – just as the police enter.

 

 

Eliott confronts coffee shop owner Ron, whose network he hacked, about his illegal file-sharing website “Plato’s Boys”.

 

There’s no question that what Eliott does is illegal, but he apparently does so with good intentions. We learn that by day, he’s a security engineer protecting powerful companies from hackers.  By night, he’s a digital vigilante taking down criminals with his technical talent.  His fog of cognitive dissonance follows him throughout the episode, and it’s beautiful.

The show does a tremendous job is covering technical themes without reducing itself to walking the viewer through with ham-fisted dialogue.  We get the sense of how impressive “gigabit” is sheerly through the conversation.  Rather than telling the viewer what social engineering is, for example, Eliott gracefully demonstrates how easy it is to do several times in setting up his prey for the takedown. Elliott, at one point, calls a target pretending to be a bank’s fraud prevention department in order to get personal information.  The questions Eliott pose seem legit, but the target only briefly expresses suspicion about who the caller really is before providing the information anyway.  Is this far-fetched?  Absolutely not.  The far-too-common trend of weak passwords and the dangers of oversharing on social media are also explicitly called out in the episode.  And they aren’t just mentioned once or twice – these concepts come up quite frequently.  Are the writers lazy?  No, quite the opposite: they’ve done their research and found that these are the most common causes of data breaches.

In terms of realism, Mr. Robot gets as close as any show I’ve seen so far.  Attacks are hard work.  Done correctly, they take time to properly plan and execute if the attacker wants to stay hidden and out of prison.  There is no ‘enhance’ button that Eliott presses to solve his problems, nor are there cutscenes into the computer internals to follow a pulsing red light representative of the malware that was just downloaded.  What is shown, rather, is Eliott’s methodological approach to overcoming his challenges.  He does his homework.  He makes mistakes.  He tries again.  He succeeds.  Sure, there are still shortcuts and continuity errors, but for a hacking show it’s comparatively minimal.  Mr. Robot also seems to play on current global and socioeconomic events to attract the non-techies.  The increasing tensions between conglomerates and hacktivists are a major focus in the pilot episode.  Though it’s not completely clear that there’s a ‘correct’ side, it’s quite entertaining to be completely immersed in the well-constructed world of online warfare, mostly from Eliott’s point of view.

I sense that many viewers will finish an episode not able to remember a command or specific technology that Eliott used, but will instead recall scenes of social engineering in action and how it can affect them.  This is what’s important.  As part of a security community, we should aim to raise the understanding of those around us.  Mr. Robot is just the type of show we need to inspire, entertain and educate us all about cybersecurity.

 

 The views expressed in this article are those of the author and do not reflect the official policy or position of West Point, the Department of the Army, the Department of Defense, or the US Government.