Inspired by Mr. Robot: Hacks from the series and how to prevent them
10 min read
15 September 2016
Critically acclaimed series Mr. Robot has been taking the security world by storm – receiving praise for its accurate depictions of cyber attacks and its compelling characters – especially our unreliable guide, Elliot Alderson.
As the finale of the show’s second season approaches, security experts from across the IT industry have picked their top hack from the series, and offered some advice on how to protect against it.
“Every second counts in a DDoS attack” – Wieland Alge, VP and GM, EMEA at Barracuda Networks:
When E Corp suffered a DDoS attack at the hands of fsociety, the fictional multinational’s critical applications were crippled. Even with Alderson’s expertise and a private jet to get the team direct access to the data centre, the attack lasted around five hours. This might sound like a relatively quick recovery time, but a 2015 IDC survey found the average cost of critical application failure was between £375,000 and £750,000 per hour – so every second of downtime counts.
The recovery time in Mr. Robot’s DDoS attack is quite realistic if the firm is well prepared. In reality, DDoS attacks are far more difficult to defend against. Typically, they are carried out to blackmail organisations and the attackers won’t stop after the first wave is blocked. In this case, the hacker launches a second wave, perhaps using a slightly different type of attack. This process goes on until the victim negotiates or agrees to the attacker’s demands.
The key to effective DDoS protection is the ability to distinguish real users from malicious requests so that suspicious traffic can be blocked or challenged – but this is not easily done. The first challenge is to detect the nature of the attack. Then, firms must respond in a way that blocks the meaningless traffic.
The three most important layers of defence are the ISP, the next generation firewall and the web application firewall, as each of these can protect against different types of DDoS attack. Unfortunately, companies have historically underestimated the importance of a web application firewall, which led to a spike in application-level DDoS attacks.
“Smart homes without identity management open your doors to havoc” – Simon Moffat, senior product manager at ForgeRock:
Imagine coming home after a long day at work to your ultra-modern smart home, ready to unwind, only to be driven out by a hacker who has taken control of your house. This was a reality for Mr. Robot character Susan Jacobs, who had her thermostat, lighting, TV and audio system and garage doors hijacked by malicious attackers.
Like most consumers, Jacobs probably thought connected devices empowered her to have more control over her home life. In reality, modern IoT continues to be defined by complexity, which leaves it open to cybercriminals and privacy intrusions. While manufacturers focus on end user experience, there needs to be a more joined-up approach to security and privacy, including a strong focus on device, service and user identity management.
Without device focused identity and access management, the Mr. Robot scenario could become closer to fact than fiction. The major problem facing the smart home is that there is no correlation between the identity of the homeowner and the identities of the various smart systems, if those smart systems have identity capabilities at all. It is essential that connected systems have the necessary registration, sign in and pairing processes that people have.
In terms of security, the pairing relationship between a device, a person and a cloud service must be continually monitored, so that only the homeowner, or a third party trusted by the home owner, can control the devices and the data they hold.
Continue reading to find out why you should never accept CDs from strangers on the street, and why a “candy drop” is never as sweet as it sounds.
“Unknown external devices can cause serious damage” – Michael Hack, SVP EMEA operations at Ipswitch:
When character Ollie Parker accepts a CD from a stranger on the street and places it into his computer, the malware planted on the CD enables an attacker to access his computer, extract sensitive data from the device and even hijack the webcam. Using this information the hacker blackmails both Parker and Angela Moss, forces them to insert the CD into a corporate device at Allsafe, hacks their system and causes irreparable damage to the company.
These scenarios are all to common. Intel’s “Grand Theft Data” report found that 43 per cent of data breaches were caused accidentally or maliciously by staff. Whether by accident or design, news of people inserting malicious devices, clicking on phishing links and downloading harmful files highlights how difficult it is to keep a handle on data.
But the right tools are available, and blaming human error is no longer good enough. With the right secure file-transfer technologies, security systems, processes and staff training, firms can eliminate the risk of malicious devices targeting the IT system.
“A ‘candy drop’ is not at sweet as it sounds” – Thomas Fischer, global security advocate at Digital Guardian:
Mr. Robot is seen by the InfoSec community as a rarity because it portrays a relatively realistic hacker with a set of real world skills. This is in great part due to the terminal work by a team of advisors lead by Kor Adana and Marc Rogers (aka CJunky). Even the episode names reflect the level of detail achieved, as each name includes the file extension for a different encrypted file. s such it demonstrates real world hacks used to compromise businesses, and the best tech hack so far has to be the use of a USB Candy Drop to deliver a payload. Why? Because it’s plain and simple – just a play on curiosity.
While simple to protect against by controlling the use of USB drives or teaching users not to plug-in unknown drives, it still works because of user curiosity and can be delivered with different tech as well (e.g. the rubber ducky in S02E04-m4ster-slave.aes). It reminds me of a meeting I had where a colleague entered the room and said: “Guys, I just found a 4Gb USB drive in the boot of the rental car I just got” (4gb at the time was big and rare). I would just chuckle under my breath.
Protecting against these types of attacks requires more that just the tech needed to monitor and control data egress in the infrastructure. It also requires a strong IT Security Culture in the enterprise that is adopted by all, and continuously reviewed through a strong training programme.
“Backup to mitigate the damage done by ransomware” – Jason Howells, EMEA director at Intronis MSP Solutions:
Mr. Robot season two kicked off with a ransomware attack on Bank of E. At the climax of the episode, all the computers in the Bank of E building displayed every SysAdmin’s worst nightmare – a locked screen and ransom demand.
While the ransomware attack might seem overly dramatic in the episode, the scenario is in fact very realistic. Ransomware development, like any other area in IT, is a hotbed of innovation and change. New variants are constantly being developed and cyber criminals are getting more sophisticated about selecting their victims.
From our perspective, ransomware is at least helping to expose the soft underbelly of IT – how organisations often manage their data in a cavalier manner. Backup and recovery may not have always been the sexiest of IT topics, but thanks to the rise of ransomware it is now one of the hottest.
Elsewhere, when we think of cyber attacks what springs to mind tends to come in the form of exterior threats. We envision far off criminals hacking systems and alien malware invading from afar – but often the biggest threats to the security of our businesses and industries come from within.