• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

The Final Mr. Robot Rewind of Season 3 – Can We Fast-Forward to Season 4?

December 20, 2017 By The Editor

Mr Robot Episode 10 Season 3
USA Networks Photo

For a show that’s built its reputation on technical accuracy, Mr. Robot’s season three finale did not disappoint. As usual, WatchGuard Technologies CTO Corey Nachreiner analyzed the hacking accuracy or “hackuracy” of the final episode in his weekly Mr. Robot Rewind series on GeekWire. We saw Elliot use several realistic hacking techniques to recover the encrypted keyloggers that his old Fsociety comrade Romero set up to record Fsociety building the 5/9 hack malware. Hidden in these keyloggers is everything Elliot needs to accomplish his season-long quest of reversing the immense damage caused by the 5/9 attack.

First Elliot runs several Python scripts to pull lists of lyrics to Romero’s favorite music. While the exact script he runs does not exist in real life, several very similar scripts do and the concept is solid. Why does he do this? Here’s an excerpt from Corey’s article that explains how this information can help Elliot crack Romero’s keyloggers:

“One way to speed up brute-forcing is a dictionary list. Rather than randomly incrementing characters, a brute force program will start by using a list of words from a dictionary you define. They can even use combinations of these words. However, Romero is probably also smarter than normal dictionary attacks, and would pick a longer password, or a passphrase, or something totally random.

 This is where a custom dictionary might come in. Hackers that know a lot about their victim can cater their password dictionary to that specific victim. In this case, it appears Elliot is presuming that Romero’s password will involve music from his favorite artist. He downloaded these lyrics to use in a custom password dictionary.”

 The following scenes showing Elliot executing his brute force attack are 99 percent accurate. Even with a dictionary list, a real brute force attack would take longer than the show depicted. But that’s a very small concern. Without a dictionary list, a brute force attack against a password with more than 10-12 characters is a huge stretch even with today’s technology. Well done to the Mr. Robot team for showing a realistic way around this issue!

Read the season three finale article on GeekWire and learn more about the risk posed by insider threats like Dom here on Secplicity. If you’re already developing an evil split personality from the realization that one of television’s best shows is over for another year, placate you alter-ego by reviewing the hackuracy of season three here.

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use