Mr. Robot slowed down a bit in episodes 7 and 8, focusing less on hacks and more on Fsociety members Trenton and Mobley’s unsuccessful run from the Dark Army and Elliot coming to terms with their (spoiler alert) deaths. But despite the lack of digital hijinks, there was still plenty of background odds and ends of hacker culture and products for WatchGuard CTO, Corey Nachreiner, to analyze for technical accuracy in his weekly Mr. Robot Rewind column on GeekWire.
For example, in episode 7, Trenton cracks the combination to a four-digit bike lock to free herself and Trenton from a Dark Army hitman. Is this realistic? It would take about eight hours to “brute force” the lock by trying every possible combination, but Trenton escapes in much less time than that. However unlikely this seems; it’s actually plausible. Lock picking and other physical security tampering is often a part of hacker culture and if Trenton knew some of the most common password combinations for a four-digit pin (people are bad at choosing random passwords) or knew a trick to physically trip the locking mechanism, she could escape easily as seen in the show.
The Dark Army also attempts to frame Mobley and Trenton for the Stage 2 hack by setting up a scenario where it seems like the two of them have been researching a hack that was promised in a faked Fsociety video. The hack would (in theory) interfere with air traffic controls to crash a plane. According to Corey, the setup for this hack is plausible and realistic, but the hack itself is not.
Based on all that analysis, you can probably tell there is a lot of reality in this scene. The screens on the Dark Army’s staged computers tell the story of real-world hacker reconnaissance techniques. It’s true and verifiable that organizations like the FAA might have documents for public consumption that do hint at the technologies they use (which could help hackers target them). Furthermore, that specific remote WebLogic vulnerability did exist in 2015, and the exploit scripts they use are real too (though I wouldn’t call them malware like Trenton did – that term is typically reserved for the malicious payload, not an exploit script) …However, none of this suggests that this particular hack could take down planes in the real world.
Thankfully, it’s functionally impossible to crash a plane via hacking in the real world.
Episode 8 had no hacks at all, instead it focused on Elliot processing the death of his former Fosciety comrades. Despite that, the show accurately shows Elliot’s paranoid wipe down routine when he destroys all evidence of hacking on his computer (along with the hard drive and most of its chips), and includes some nice nods to social engineering hacker tricks and the ProtonMail encrypted email service.
There’s a good practical security takeaway about deleting your data in this episode. Here’s what Corey has to say about secure deletion.
However, realize that remnants of data on your storage drive still stick around for a bit if you delete data normally. Before you throw away or sell a computer with a hard drive, be sure to use various utilities (like Shred) to securely wipe all your data for good, so that even forensic data recovery programs can’t salvage it. Otherwise, the next owner might gain access to your files, personal photos and more. If you work for a business, do know there are services for hardware data destruction, which will take your computers and hard drives and wipe them clean, even using physically destructive methods like Elliot’s.
We’re getting down to the last few episodes of Season 3! Can Elliot find a way to reverse the Stage 2 hack using Romero’s keyloggers? Will he be able to continue fighting in the aftermath of Trenton and Mobley’s deaths? And what is the Dark Army up to now? Be sure to read Corey’s full articles for Episode 7 and Episode 8 over on GeekWire. And learn more about recent brute force attacks here on Secplicity.
Check back next week for more Mr. Robot Rewind.