Tag Archives: Mr. Robot

Mr. Robot Review: Eps1.2d3bug.mkv

Elliot, Mr. Robot’s anti-hero cyber-security engineer by day and vigilante hacker by night, has been having a life-style crisis. In episode 3, Elliot longs to live what he calls a bug-free life, otherwise known as a regular person.

“Was he drinking Starbucks?”

“Was he drinking Starbucks?”

However, he is quickly pulled back into F Society’s hold when emails exposed during the threatened data dump revealed that E Corp executives had knowledge about the circumstances which led to his father’s death. We will leave the intrigues and plot theories, especially if Mr. Robot is real or a figment of Elliot’s imagination, to the internet. Right now, let’s look at the hacks highlighted in this episode.

At minute 7:40, you see Elliot in the hospital after Mr. Robot had pushed him off the high wall they were sitting on in the previous episode. His psychiatrist, Krista, is in the hospital and explains that the police wanted to do a drug panel, but Elliot refused. Elliot admits he has been taking morphine. Krista says the only way she can approve his release from the hospital would be if he commits to a bi-monthly drug test. Elliot starts thinking about how he will get around this problem by hacking the hospital’s IT. The IT department is lead by one single person, William Highsmith, with a budget of just $7,000 a year. According to Elliot, he uses useless virus scans, dated servers and security software that runs on Windows 98. It’s one of the reasons why Elliot made that particular hospital his primary care facility, since he can easily modify his records to look average and innocent.

Stefanie: Wow, wouldn’t it be an unusual that a hospital would actually use old infrastructure and have little budget for their IT? I also found it a bit odd that they have just one IT guy, I mean healthcare data is REALLY sensitive and definitely one of the last things I would want to have accessed by hackers!

Walter MegoWell, unfortunately, this situation is a very real in American hospitals. Last year, the Healthcare Information and Management Systems Society (HIMSS), reported that one out of five hospitals indicates that a lack of adequate financial resources was a barrier to the implementation of new technology, and another one fifth said that a lack of staffing resources was a barrier. In the same report, 20% of hospital IT leaders indicated their organization had experienced a security breach in the past year. Now, if you think about hackers like Elliot – you can imagine that some breaches probably go unnoticed. The real number of data breaches and hacks affecting healthcare institutions are most likely higher – scary, right?

We learn more about Angela’s boyfriend Ollie and his sticky situation. Last episode Ollie received a music CD that turned out to have malware on it. The infection that resulted gave an unknown hacker access to Ollie’s laptop webcam which he used to spy on him and Angela. The hacker tells Ollie he has photos of his mistress, Angela, and even Angela’s and her dad’s banking information and social security number. He threatens to blackmail Ollie if he does not spread the malware within Allsafe’s systems.

Stefanie: This part creeped me out, despite all of the crazy stuff we have seen so far on the show! First, let me ask: How easy is it for someone to hack your laptop’s webcam? I have heard tons of stories like this in the news, but I want to believe this isn’t as easy as it may be…

Walter Mego: Unfortunately, you are right to be creeped out and afraid. Webcam hacking is relatively easy and it’s not only built in laptop cameras that we have seen being hacked and streamed to other online, it’s also baby monitors with cameras and CCTV cameras. In terms of laptops, all hackers have to do is get you to install hacking software, which is often easier than people maybe think. In this episode, we see that Elliot hacked Shayla by obtaining her login credentials using a phishing scam. Phishing scams can also be used to trick people into downloading software and once a hacker has installed certain software on your laptop they can control your webcam to watch your every move and even record via your webcam. To prevent this, you should change your CCTV, baby monitor and external webcam’s passwords. If your laptop has a built in camera, you can simply cover it up with a post it, but you should really make sure you have antivirus installed on your computer and make sure it’s always up to date to catch malicious software. 

Stefanie: The other part that also scared me about this situation was how the personal information the hacker collected not only affected Ollie, but Angela and her dad as well. Do you think people are aware of how much a hacker can do if they collect your personal information?

Walter Mego: Absolutely not. People often say “here, look at my phone, I have nothing to hide” or do not protect themselves while connected to open Wi-Fi, because they think their activities and data are uninteresting. I think people underestimate the value of the data on their devices. This is the perfect example of that and the hacker didn’t even steal any of Ollie’s money while hacking, he just gathered personal information. Granted Ollie was having an affair (not very cool of him), which was what Ollie was unhappy about having potentially exposed, the hacker also got a hold of Angela’s dad’s social security number, because her bank account was linked to her dad’s account – something Ollie probably wouldn’t have thought he had on his laptop. If you hack someone and collect enough valuable and personal information, I am sure you can blackmail anyone to a certain extent using that information.

At minute 35:25 we see Tyrell do some simple Instagram stalking and he finds out where Anwar, the CEO’s assistant, hangs out. After an encounter with Anwar, Tyrell does something to Anwar’s phone that gives him valuable information.

Stefanie: We see on the cell phone’s display that Tyrell is rooting Anwar’s device. Why do you think he does this?

Walter Mego: We are not entirely sure of Tyrell’s motives, but it’s likely he targeted Anwar to gain access to the name of the candidate for the CTO job that he wants. Tyrell uses a backdoor in Anwar’s Android device to install an app that could allow remote access. It’s not strictly necessary to root the phone – just gaining physical access to the phone is all he needed.

Can’t get enough of Mr. Robot? Watch Avast’s Hack Chat video series.

Every week we discuss the hacks on Mr. Robot, plus current cyberthreats, nostalgic web tech, and Tips & Tricks on how to protect yourself and your devices. Subscribe to our YouTube Hack Chat channel and don’t miss a single episode.

Avast Hack Chat looks at the hacks on Mr. Robot

Anyone interested in computer security and how it is circumvented, will certainly enjoy the hacking that takes place on USA Network’s hit television show Mr. Robot. The show has been praised not only for its compelling story line but for its “accurate portrayal of cybersecurity and crime.

Every Wednesday night after the show airs, our host Ariana asks a security expert to help us examine the hacks and explor their ramifications in the real world. We record the conversation and share it with you in our video series, Avast Hack Chat. In addition to the discussion about hacking, we also take a weekly trip back in the Time Machine to revisit special people in the history of computing or how computers have been portrayed in popular culture.

Avast Hack Chat: Episode 2 “Ones and ZerOs” Program Notes

In episode 2 of Avast Hack Chat, Seth Rosenblatt, an independent security and privacy journalist, takes us through the hacks on Mr. Robot. He explains hacking a major corporation’s email servers, destroying your hard drive and SIM card to get rid of evidence, and if critical infrastructure like a natural gas plant can be hacked.

Alan Turing, who is referred to the grandfather of computer science, was recently portrayed in the movie The Imitation Game. Ariana and Pedram talk about his legacy and how the advances he made are still in use today. Plus, a computer bug.

Pedram brings us up-to-date on the celebrity photo hacking that took place last year. He shares why he thinks the hacker was an idiot.

This week’s Tips and Tricks tells you the safe way to go about sexting. Not that we want you to do it, but if you are there’s a way to make sure your messages stay secure and get to the intended recipient (who probably is not some guy sitting behind a desk at the NSA.)

Subscribe to the Avast Hack Chat YouTube channel and don’t miss a single weekly episode.

New Avast Hack Chat video series debuts

Remember when you used to make sure you were home at a certain time so you wouldn’t miss your favorite TV show? That was called “appointment television”, and those of you old enough to remember watching The X-Files or Friends when they originally aired know what I’m talking about. But, with the new USA Network show, Mr. Robot, it feels like those days are back again. Sure, I have my DVR set to record, but I will definitely watch it live. Since all my buddies are watching too,  I will be itching to talk about it the next day.

Avast’s new Hack Chat video series brings back that around-the-watercooler discussion. Watch our debut episode here (10:13).

Avast Hack Chat: Episode 1 “Hello Friend” Program Notes

In episode 1 of Avast Hack Chat, host Ariana welcomes special guest, security researcher and software developer, Pedram Amini.

In the first half of the show, they discuss the pilot episode of USA Network’s new show, Mr. Robot. Ariana walks us through the highlights of the cyberthriller, and Pedram explains if these hacks are real-world or just Hollywood magic. You can also read our interview with Pedram on Are the hacks on Mr. Robot real?

One of the earliest hacking movies, War Games, starred Matthew Broderick as a young computer wiz who inadvertently finds a backdoor into the U.S. military’s central computer. The technology he used is intriguing even now, and Ariana and Pedram discuss this old-school method in the Time Machine section.

Back to current day, Pedram answers Ariana’s question about why the NSA would want to reverse engineer Avast software and if the I-have-nothing-to-hide attitude is the wisest one to take. You can also read what Avast’s CEO, Vince Steckler has to say on the subject on Avast CEO speaks out about U.S. and U.K. spy agencies.

Subscribe to the Avast Hack Chat YouTube channel and don’t miss a single weekly episode.

Weekend wrap-up: Cyber security news from Avast

Here’s your wrap up of security and privacy related news from the June 17 – 27 posts on the Avast blog:

 

cruise shipIt’s summertime in the Northern Hemisphere and many people are going on or planning their vacation. Beware of fake vacation packages and beautiful rental properties that are not as they seem. These Vacation scams can ruin your holiday, so read up before you become a victim.

samsung_swiftkeyMore than 600 million Samsung phones were reported to be at risk because of a vulnerability found in the keyboard app SwiftKey. The best way to protect yourself is to use a virtual private network (VPN) when using an unsecured Wi-Fi hotspot. If you have a Samsung S6, S5, or S4, you need to read Samsung phones vulnerable to hacker attack via keyboard update.

Hola logoAs we learned from the Hola VPN service revelations, any old VPN service will not do. Hola was selling their users’ bandwidth and installing and running code on their devices without their knowledge or permission. Find out the details in Hola, Hola VPN users, you may have been part of a botnet!, and please share with an Hola user.

1Mobile developer Martin Banas, attended Apple’s Worldwide Developers Conference in San Francisco. Besides spending lots of time standing in lines, he enjoyed meeting other developers and hearing the latest news about OS X El Capitan and Apple Pay. Weren’t able to attend, bit wish you could have? Martin’s conference report, Looking back at WWDC 2015, describes the event.

Jennifer Lawrence was victim of iCloud hack

Remember the iCloud celebrity photo hack? There have been many theories bandied about since nude photos of female celebrities were posted on the web. We add our own two cents into the conversation. Avast security researcher Philip Chytry explains what he thinks the origin and motivation behind the hack was in iCloud celebrity photo hack: What’s happening?!

Major cybercrooks get arrested

Major cybercrooks taken down

While the cybercrooks behind the iCloud hack have not been discovered, authorities had big wins this past week in other areas. The author and distributor of Blackshades malware was sentenced to nearly five years in a New York prison. A major cybercriminal organization responsible for banking Trojans Zeus and SpyEye was taken down. Read Businessman hackers brought down in USA and Europe.

Avast CEO Vince StecklerMore from the Edward Snowden files. It was revealed this week that U.S. and U.K. spy agencies were attempting to reverse engineer major antivirus companies software, including Avast’s.  CEO Vince Steckler spoke to RT News about government spying in the computer age. You can read the article, Avast CEO speaks out about U.S. and U.K. spy agencies, and watch the interview here.

Mr Robot TV shows about hackersAnd if the real world of cybercrime is not enough, our favorite new show of the summer Mr. Robot debuted on the USA Network this past week. We excitedly watched the first episode then talked to Avast security expert, Pedram Amini,  to find out Are the hacks on Mr. Robot real? or just Hollywood magic.

Follow Avast on FacebookTwitter and Google+ where we will keep you updated on cybersecurity news every day.

Are the hacks on Mr. Robot real?

Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.

The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.

I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.

In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.

Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?

Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.

Stefanie: Wow! That’s a bit frightening… How can I protect myself then?

Pedram: You can stay safe while using any public Wi-Fi network by using a Virtual Private Network (VPN). A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects your personal data, thus preventing hackers from accessing your files and other sensitive information stored on your device.

We actually found that more than half of Americans connect to free and open Wi-Fi networks and that of the 55% who do, 76% prefer networks that don’t require registration or a password to connect, yet only 6% use a VPN or proxy while connected to open Wi-Fi.

Fast forward to minute 10:55. We see Elliot with his therapist Krista, whom he hacked (hacking people is clearly his hobby ;) ).

Stefanie: Elliot says that hacking Krista was simple, because her password was her favorite artist and her birth year backwards. We know that you should always use a complex password, more than eight characters and that your password should include letters, numbers, and symbols, but do most people really have complex passwords? Could having simple passwords really put you at risk?

Pedram: Most people, unfortunately, do not have complex passwords. For example, we found that one-third of American’s router passwords contain their address, name, phone number, a significant date, and their child’s or pet’s name. Not only that, but last year we found that most hackers’ passwords were only 6 characters long and that the most frequently used word in their passwords was the word “hack”.

Having a simple password that is either a dictionary word or that is comprised of personal information can put you at risk

If you think about it, bits and pieces of our private lives are scattered on the Internet. Someone can easily do a quick Google search, check out some of your social media sites and with a little time and patience, they can figure out your simple password. Even worse, if you use the same password for multiple sites, you really make it easy for hackers to hack all of your accounts.

Moving forward to minute 25, Angela, Elliot’s friend and colleague, calls him for help because their client, E Corp, a multinational conglomerate, has been hit with a DDoS attack.

Stefanie: What is a DDoS attack? Can this affect the average computer user?

Pedram: DDoS stands for distributed denial of service attack and is used to make a service unavailable. In the end we discover that the attack on E Corp was actually based on rootkits that had subverted a variety of servers, but I’ll continue to describe a DDoS attack.

DDoS attacks are sent by two or more people, but more often by an army of bots AKA a botnet. These bots send so many requests to a server that the server becomes overloaded and cannot provide its service anymore. DDoS attacks target large businesses, so the average computer user does not become affected, unless the service they want to use is not available because it has been hit by a DDoS attack.

However, the average user can help facilitate a DDoS attack unknowingly. We researched home routers and found that millions are vulnerable. Routers are connected to the Internet 24/7 and can be easily exploited and used as a bot, which, as I explained, can be used in a DDoS attack. A famous example is the hack of the Sony Playstation Network and Xbox Live last Christmas – the hacker group claimed they used a router botnet for the attack.

To prevent this from happening, people should make sure their router firmware is always up-to-date and perform a router scan to check if their router is vulnerable or not.

In minute 55, Elliot tries to hack Krista’s new boyfriend, Michael. He calls Michael pretending to be a from his bank’s fraud department, confirming his address and asking him security questions to verify his account: what his favorite baseball team is, his pet’s name. Using the information he gathered combined with a dictionary brute force attack he attempts to get Michael’s password.

Stefanie: What is a brute force attack? Can this happen to the average user?

Pedram: A brute force attack is password guessing which systematically checks all possible passwords until the correct one is found. Think of it like a machine going through a huge dictionary of passwords that types each one into an account to unlock it.

Brute force was likely one of the techniques used in hacking the iCloud accounts which eventually lead to the nude celebrity pics from stars like Jennifer Lawrence and Kirsten Dunst being distributed over the Internet. This type of attack is not exclusively used against celebrities. Hackers can use brute force attacks to hack any user accounts, given they have account email addresses. Typically, they would target accounts that hold credit card or other financial information they can abuse for financial gain. This is why, again, it is vital you use strong passwords for all of your accounts.

Stefanie: Thank you for the chat Pedram. I look forward to discussing Mr. Robot’s next episode, Ones and zer0es with you next week!

You can watch MR. ROBOT on USA Network Wednesday nights 10/9 central.

Follow Avast on FacebookTwitter and Google+ where we will keep you updated on the new Avast video podcast hosted by Pedram Amini.