[Spoiler Alert] This article may spoil some of the surprises from the latest episode of Mr. Robot. Make sure to watch S2EP3 before continuing on to learn about the hidden hacker references you may have missed.
LATEST IN A SERIES: Corey Nachreiner, CTO at Seattle-based WatchGuard Technologies, is reviewing episodes of Mr. Robot on GeekWire. The show airs on USA Network on Wednesdays at 10 p.m. Join the conversation on Twitter using #MrRobotRewind, and follow Corey @SecAdept.Welcome back to our weekly series on Mr. Robot’s technical “hackuracy.” This week’s episode contained no real hacks but did touch on enough hacker culture, cybersecurity, and technology-related topics that there’s still plenty to discuss. Let’s dig in and rewind the latest episode of Mr. Robot.
The drama kicked off with a flashback conversation between Mobley and Romero that explained how fsociety came by their arcade hideout (and their name). During the conversation, Mobley tried to recruit Romero for the team saying, “we need a phreaker.”
I suspect many viewers may not have recognized the term “phreaker.” It may have sounded cool, but probably came and went as fast as Mobley said it. However, this term carries historical weight to old-school hackers.
Phreak — a combination of the word phone and freak (frequency) — was a term used to describe original phone system hackers. Before digital networks took over, phone systems were controlled by a series of analog tones and pulses with different frequencies. Inquisitive phreakers figured this out as early as the late ’50s and started manipulating the phone system using these tones.
Though not the first, John Draper (a.k.a Captain Crunch) was one such phreaker and the story of how he got his alias is one of the most popular in hacker lore. The 2600 Hz tone was one of the most useful in a phreaker’s arsenal. It essentially told the phone switch that a call had ended, leaving an open carrier line that could be exploited to make free long distance calls (very expensive decades ago). Through a tip from fellow phreakers, Draper realized that a toy whistle included as a prize in a box of popular cereal produced a perfect 2600 Hz tone. This is how he got his alias. If you followed last season’s Rewind series, you may remember this tone was also behind the name of a popular hacker e-zine, 2600.
Phreaking became even more closely related to computer hacking in the ’70s and early ’80s when modems became popular. Hackers with modems wanted to connect to as many computers and BBSs as possible, but toll calls were expensive. Phreak boxes helped hackers connect to systems otherwise out of their reach.
In general, Mobley’s subtle reference to phreaking was fun, hackurate, and probably brought back fond memories for old-school hackers. But if I’m being pedantic, its use was slightly unrealistic. Why? Mr. Robot is set in the current day, and the term phreaking has long since fallen out of vogue.
In the ’80s, as telecommunications companies moved from analog tone systems to digital packet-switched networks, and as telephony exploitation became more about standard network hacking, the term phreaking mostly fell out of use. Don’t get me wrong; with cellular networks and protocols like SS7, telephony hacking is still a thing. You just don’t hear hackers or the underground refer to it as phreaking these days.
Technically, this episode didn’t have a single hacking scene. However, the one that came closest was the sequence involving Romero’s booby-trapped computer. As Dominique, or Dom (the depressed, millennial FBI agent) arrived at Romero’s murder scene, she noticed another agent plugging a USB device into Romero’s PC to begin a forensic examination. She asked if the agent checked for modified ports, but a second later the computer burst into flames.
There’s a lot of technical truth in this scene, but it got a tad Hollywood. Let’s break it down, starting with what it gets right.
In the real world, authorities have a number of software and hardware tools that help them do digital forensics. Some examples include the HotPlug Field Kit, COFEE, and mouse jigglers. Many of these tools are designed to help pull live data from an unlocked computer before it has a chance to shutdown or return to a locked state. It’s absolutely realistic for an agent to use specialized USB forensic devices in a cyber investigation.
Meanwhile, sophisticated criminals also do their best to evade these forensic tools. Besides implementing physical kill switches, encrypting data, or leveraging temporary virtual systems, many hackers design software to kill evidence and protect their systems. For instance, USBKill is an anti-forensic script that monitors a computer for any changes on its USB ports. If anyone plugs or unplugs a USB device, USBKill shuts down the computer, presumably relocking its encrypted hard drive and wiping the computer’s temporary memory. In using tools like USBKill or hardware hacks, it’s quite possible to rig a computer to automatically react when someone plugs a new device in.
The only “stretch” in this scene was the fire itself. Granted, white and black hat hackers have discussed techniques to physically destroy computer evidence (e.g. thermite strapped to a hard drive), I’m just not aware of any real-life incidents. That being said, it would be trivial to modify USBKill to trigger a communication to an external device that could cause this sort of physical destruction.
Besides those two scenes, this episode included the usual wealth of accurately-portrayed security and tech references. Here are a few examples:
1. Bitcoin-related hacks: This episode gave us more insight into Ray. For instance, we learned that he has a vested interest in bringing a Bitcoin service back online. During one dialog, we learned that unknown attackers keep stealing Bitcoin whenever Ray’s IT guy brings the Bitcoin service back up. Such Bitcoin hacks are not unusual.
The beaten IT guy also referred to hot and cold Bitcoin wallets. If you haven’t used Bitcoin before, owning crypto-currency hinges on having access to a private crypto key. In order for online systems to do automated Bitcoin transactions, they need direct access to private keys for the wallets they manage. These are called hot wallets, since the keys are exposed on Internet-connected systems, which puts them at greater risk. Smart Bitcoin users limit funds kept in their hot wallets and store the majority of their currency in cold wallets, which are offline and better protected.
2. Kernel panics and more: A primary plot point this episode was Elliot’s attempt to biologically hack Mr. Robot out of his psyche. In order to stay awake for multiple days, Elliot unintentionally OD’d on Adderall, which led to hallucinations and ultimately a mental breakdown that he described as a human “kernel panic.” In his narration, Elliot drew analogies between fatal errors, kernel panics, and mental breakdowns. These analogies aren’t only artistic, but they hold up technically as well. One of my favorite references was “setting a breakpoint to find a flaw in code,” which not only worked metaphorically, but is a reference security bug hunters will intimately understand.
As always, the episode includes many subtle technical Easter eggs for those looking:
If there’s a cyber security tip to be taken away from this hack-free episode, it’s that you should encrypt your hard drive and lock your computer whenever you walk away from it. Even if you’re not a criminal hiding from the authorities, this simple tip will help ensure that if thieves do steal your computer, they can’t access your private data.
That’s all for this relatively hack-free Rewind. Join me next week to see if the show resolves any of the many technical mysteries that remain unanswered. Meanwhile, be sure to share your own thoughts, theories and discovered secrets below.