Mr. Robot's biggest cyber attacks, and how to protect against them

Mr. Robot, Sam Esmail’s hit television series, has captured the attention of the security industry with its tech-savvy attitude to cyber security, excellent drama and mind-bending storytelling.

In the build up to the series finale this week, a number of security experts have chosen the major hacks featured in the show, compared them to dangers faced by real businesses and offered advice on how to defend against each kind of attack. 

Cisco’s malicious CD  – Michael Hack, SVP EMEA Operations at Ipswitch:

"When Ollie accepts a CD from a stranger on the street and places it into his computer, the malware planted on the CD enables an attacker to access his computer, extract sensitive data from the device and even hijack the webcam. Using this information the hacker blackmails Ollie and Angela, forces them to insert the CD into a corporate device at Allsafe, hacks their system and causes irreparable damage to the company.

"Unfortunately, these scenarios are all to common in the real world. Intel’s recent ‘Grand Theft Data’ report found that 43 per cent of data breaches were caused either accidentally or maliciously by employees. Whether by accident or design, news of employees inserting malicious devices, clicking on phishing links and downloading harmful files highlights just how difficult it can be to keep a handle on data.

"However, the right tools are available, and blaming human error or ignorance is no longer good enough. With the right secure file-transfer technologies, security systems, processes and, most importantly, staff training, organisations can eliminate the risk of malicious devices making their way into the IT system.”

Elliot and Angela: Social Engineering and the Insider Threat – Thomas Fischer, Global Security Advocate at Digital Guardian:

"Mr. Robot is seen by the InfoSec community as a rarity, because it actually portrays a relatively realistic hacker with a set of real world skills. No hyper-typing, no false tech, no weird jargon, just serious tech that match the seriousness of the drama. This is in great part due to the terminal work by a team of advisors lead by Kor Adana and Marc Rogers (aka CJunky). Even the episode names in season 2 reflect the level of detail achieved, as each name includes the file extension for a different encrypted file."

"The show demonstrates real world hacks regularly used to compromise people and businesses, and the use of social engineering and insider threats are by far the best repetitive themes throughout the show. From Elliot posing as a victim’s banker to extract information ( & more), to the insider threat seen most recently through Angela's hack of E Corp (S02E04-m4ster-slave.aes) and the FBI, these examples show how hard it is for companies to curtail these threats."

"Protecting against these types of attacks requires more that just the tech needed to monitor and control data egress in the infrastructure. It also requires a strong IT Security Culture in the enterprise that is adopted by all, and continuously reviewed through a strong training programme."

fsociety's DDoS attack against E Corp – Wieland Alge, VP & GM, EMEA at Barracuda Networks:

“When E Corp suffered a DDoS attack at the hands of fsociety, the fictional multinational’s critical applications were crippled. Even with Elliot’s expertise and a private jet to get the team direct access to the data centre, the attack lasted for at least 5 hours. This might sound like a relatively quick recovery time, but a 2015 survey from IDC found that the average cost of critical application failure was between £375k and £750k per hour, so every second of downtime really does count.

“The recovery time in the Mr Robot DDoS attack is quite realistic if the organisation is well prepared. In reality, DDoS attacks can be far more difficult to defend against. Typically, they are carried out to blackmail organisations and the attackers won’t stop after the first wave is blocked. In this case, the hacker launches a second wave, perhaps using a slightly different type of attack. This process goes on until the victim negotiates or agrees to the attacker’s demands.

“The key to effective DDoS protection is the ability distinguish real users from malicious requests, so that suspicious traffic can be blocked or challenged – but this is not easily done. The first challenge is to detect the nature of the attack. Then, organisations must respond in a way that blocks the meaningless traffic. 

“The three most important layers of defence are the ISP, the next generation firewall and the web application firewall, as each of these can protect against different types of DDoS attack. Unfortunately, companies have historically underestimated the importance of a web application firewall, which led to a spike in application-level DDoS attacks. They are extremely difficult to protect against without the right technology.”

fsociety’s ransomware attack on E Corp – Jason Howells, EMEA Director at Intronis MSP Solutions: 

“Mr. Robot season two kicked off with a ransomware attack on Bank of E. At the climax of the episode, all the computers in the Bank of E building displayed every SysAdmin’s worst nightmare – a locked screen and ransom demand.  

“While the ransomware attack might seem overly dramatic in the episode, the scenario is in fact very realistic. Ransomware development, like any other area in IT, is a hotbed of innovation and change. New variants are constantly being developed and cyber criminals are getting more sophisticated about selecting their victims.

“From our perspective, ransomware is at least helping to expose the soft underbelly of IT – how organisations often manage their data in a cavalier manner. Backup and recovery may not have always been the sexiest of IT topics, but thanks to the rise of ransomware it is now one of the hottest. The fact is, the single most effective defence against ransomware is an ability to recover an organisation’s data from an unencrypted data source. Otherwise, most businesses wind up paying the fee to recover their data.

"It’s not like these backup and disaster recovery technologies haven’t been around for a long time. It’s just that, in terms of overall priorities, it’s been hard to get businesses to focus on data protection when, at least until now, the true value of that data has generally been significantly under-appreciated.”

Elliot’s insecure public Wi-Fi hack – Shane Buckley, CEO at Xirrus:

“In the very first episode, we meet Elliot just after he’s hacked into a coffee shop’s Wi-Fi network. The ease with which he is able to do this doesn’t surprise us at Xirrus. Our own research shows that although 76 per cent of people know that public Wi-Fi is not secure, 62 per cent use it regardless of the security implications. Shows like Mr Robot only heighten the awareness of public Wi-Fi vulnerabilities and should make us all aware that every time we connect to public Wi-Fi, we put our data at risk and potentially open ourselves to identify theft.

“Businesses offering public Wi-Fi should be aware there are people out there - unlike Elliot - that hack Wi-Fi networks purely for personal gain, with the intent to commit fraud and to steal money from unsuspecting victims. And it seems users make it easy for these crackers. According to our research, 84 per cent of people use unsecured public Wi-Fi to access their emails, while over 66 per cent log onto social media, and over 40 per cent either work or shop online. In each of these cases we’re accessing and sending personal, sensitive and even financial data over unprotected networks.

“With this in mind, business owners should think about offering secure personal Area Networks (PANs) that significantly improve Wi-Fi security in places such as coffee shops, hotels, and transport hubs.

"PANs go beyond the encryption that you’d expect on a VPN and still allows customers to connect quickly and simply, without having to navigate a long list of technical steps. Trust me, I’m the CEO of X Corp”

Image source: Shutterstock/lolloj