This is the third and last blog I will write for State of Security on the topic of the groundbreaking, maverick TV series ‘Mr Robot.’ As this week, the credits rolled one final time on the show's mind bending and utterly bizarre (even by its own standards) conclusion. A lot has changed since the first season aired, both for cybersecurity and the show itself. Not least in terms of the then lesser-known talent of Rami Malek. His compelling if often harrowing depiction of the talented but troubled, paranoiac hacker Elliot Alderson could easily have left him ‘typecast’ in such a role and resigned to some niche status. Malek of course soon proved versatile enough to make himself far better known to millions through his Oscar-winning lead role in the Freddie Mercury biopic “Bohemian Rhapsody.’ He is also now set to become one of the most highly anticipated Bond villains ever in the forthcoming 007 blockbuster ‘No Time to Die.’ Whilst Malek may have reached new heights of stardom and recognition during the time the show has been around, there were plenty of equally outstanding character performances in Mr. Robot from Carly Chaikin & Martin Wallström, to name but two, that shouldn’t be overlooked. Comparative veteran Christian Slater managed to reinvent himself as both actor and co-producer to rightful critical acclaim. Simultaneously, the engaging appearances of Brooklyn’s own Joey Bada$$ must also be acknowledged as far more than just the usual novelty ‘rapper as actor’ type cameo. It will now be very interesting to see what Sam Esmail, the show's creator, executive producer and head writer, goes on to achieve in the future. He should certainly be applauded for not only pushing the boundaries of what contemporary TV can be with 'Mr. Robot' but also for making sure the show didn’t outstay its welcome to become a parody like too many other ‘cult series.’ With its use of prolific profanities, narcotics and violence (at times implied, at others quite graphic), the show is not to everyone's taste. The last season in particular delved into some particularly dark and disturbing themes with views expressed by a cast of deeply damaged characters who still remain far from my own opinions or beliefs. Yet these forces formed the basis of much great and challenging drama that ultimately reflects the times in which it was created. Or to paraphrase the altogether different fictitious figure of Nick Fury, “to take the world as it is, not as we'd like it to be.’ Away from its often claustrophobic sense of social anxiety, conspiracy theory and dystopian darkness, all of the cybersecurity, technology and hacking made 'Mr. Robot' stand out from any other TV drama before or since in my view. That’s also the reason why I previously blogged about it on State of Security. That's despite the fact that these elements weren't always graphically obvious or apparent in Season 4 as in earlier seasons. It's likely that this was a conscious decision (at least at times) to avoid simply churning out ‘more of the same.’ Episode 7 (‘Proxy Authentication Required’ in particular stands out here. Performed in separate ‘acts’ within a single setting that was like a play, the episode focused purely on highly intense character role play and dialogue rather than any technology at all. As ever in Mr. Robot, it’s hardly as though those themes were ever that far away or in any real shortage. Assuming you can excuse the lack of formal grammar, here's a continuous ‘rapid-fire’ stream of consciousness recap of a but few examples of the security, tech and hacks that occurred over the last season and/or that duly bombarded our senses:
The ‘Dark Army’ owning of CCTV and bluetooth tracking throughout Grand Central station in the opening episode, following the blackmail of a sleazy, corrupt lawyer into plugging a malware loaded USB device into his firms workstation to then download an Outlook PST file of his corporate contact list - über villain Whiterose’s meeting with (a purely fictionally depicted of course) IBM in 1982, making his views on the imminent world of software licensing copyright quite clear “He thinks we’re going to pay to use this technology? That’s awfully cute of him!” - the degrading ‘hack the human’ lengths Elliot has to go to access a banks systems (all because they used well implemented MFA it should be stated) even after retrieving credentials from a female bank workers laptop using ffpass - gathering #osint on the same fictional bank, then creating a bluff staff pass using an entry level AlphaCard Pilot ID card printer, followed by a biometric hack to elevate physical access through socially engineering a security guard to leave his fingerprint on Darlene’s ‘accidentally left’ phone which was then carefully transferred to a 3D printer to create a replica of his finger to gain access to a server room to install rogue ‘firmware updates’ in order to access their systems via direct console - all leading toward the ‘Robin Hood’ style re-allocation of criminally acquired funds in the bank through crypto tumblers and clearing programs to distribute even amounts of welcome wealth into everyone in the worlds eCoin wallets - that’s without even mentioning details of SS7 exploits for location tracking, exploiting of insecure passwords, use of a digispark microcontroller as a command generating ‘rubber ducky’, Darlene’s fastboot wipe of her phone when captured by the dark army, the doxxing of the criminal Deus Group running the world, Elliot’s hacking of his own alternate reality alter-ego’s Mac, the continued use of Signal for calling and messaging as well of course as the trustee Kali Linux.
Phew! Yes, plenty of it was rather far-fetched, and you had to suspend belief whilst granting generous artistic license at times (particularly perhaps to workings of the eCoin cryptocurrency.) But more often than not, the actual tools, commands typed and techniques used were all very real and routine by today's standards. Plus, I challenge readers to name me one other contemporary show that deals with any of that at all, in a half way convincing manner. Which was another question about the show I asked in my first Tripwire blog about it: did the clearly well-informed depictions of both cybersecurity and cybercrime represent a wider change in TV and movies, or did they remain unique to the show itself? With few exceptions, it would still appear to be the latter, perhaps until younger and more tech-savvy writers emerge. Somewhat understandably, that level of attention to detail is most probably completely lost on most audiences as well as beyond the comprehension of many writers and directors. But for that reason alone, it will be sorely missed by many security professionals, enthusiasts and geeks. As a final personal twist, given my fascination with the show, it was with some bizarre coincidence that I stayed in a midtown Manhattan hotel earlier this year, where completely unbeknown on arrival, some of this final season was being filmed. Imagine my sense of surprise therefore when returning one evening to unexpectedly find the hotel lobby fully decked out for Christmas...in April! Then identifying 'Mr. Robot' cast members finishing their shoot in that same lobby the next day! That experience in itself sums up 'Mr Robot' one final time here for me: surreal, somewhat disorientating at times, but rarely what you might expect to find. Farewell, Mr. Robot. Monday TV will be a duller place without you.
About the Author: Angus Macrae is a CISSP (Certified Information Systems Security Professional) in good standing, a CCP (NCSC Certified Professional for the IT Security Officer role at Senior Practitioner level) and PCIP (PCI SSC Payment Card Industry Professional.) He is currently the IT security lead for King’s Service Centre supporting the services of King’s College London, one of the worlds’ top 20 universities Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
