TV and film depict how hackers and scammers operate to move plots and raise stakes. But is Hollywood delivering stories of real fraud or pure fiction?
We like a good hacker story—and like the screens we watch them on, these stories come in wide array of shapes and sizes. Perhaps you’ve seen threat actors depicted as menacing, all-black-wearing, basement-dwelling villains aiming to destroy the world? Or maybe you saw heroic, tragically hip socio-conscious anti-heroes pushing back against corruption? In either case, and in many cases in between, the hacker has become a regular fixture in modern storytelling. Today, we’re examining hacktivities from the TV series Mr. Robot. In the full timeline of the series, the writing leaves it to the viewer to determine which characters serve good or evil (and who crosses back and forth). However, in the light of accurately depicting how cybercrime works, we feel this show scores amazingly high on the good list. Setup: In a ploy to break into a prison computer network, a character scatters several USB flash drives loaded with malware across the prison’s employee parking lot. A prison worker picks one up, thinking they found a new storage drive. When they plug the drive into their work computer, the malware makes its way into the system. This is an example of baiting – where a hacker or threat actor disguises the malicious intent with something that has perceived value. By preying on curiosity or greed, the scammer tricks a victim into infecting their own system. Working to gain access to victim’s email, a hacker calls an employee knowing only their name and phone number. Using social engineering, the hacker takes a position of authority and aggression over the victim, pushing them to reveal personal information. Hack or Hollywood: Real Hack Most of us rest easy knowing that if someone ever stole our credit card number and started a big spending spree, our credit card company would call us to stop it. That sense of ease is exactly what a scammer is exploiting when they call impersonating your credit card company. In the case above, the character simply tells their victim that they’ve detected fraudulent activity…but they need to confirm some account information before they can tell them more. By speaking quickly and keeping a high sense of urgency, the hacker gains the victim’s home address, pet’s name, favorite sports team, and mother’s maiden name. Remember, don’t provide or confirm any information when someone else calls you. A hacker steals banking information and pin codes by building and installing an electronic skimmer that copies card data when inserted into an ATM. Hack or Hollywood: Real Hack ATM card skimmers are extremely well known, but it’s worth calling out, as this is a very real problem. A small device placed over the cover of a legitimate ATM card slot can copy your card data. In an updated version of this theft technique, scammers are also building fake keypads or pinhole cameras above the machine to steal your PIN. After the hackers gain access to a prison network (see above), they execute a program to open all the doors in the prison at the same time. Hack or Hollywood: Mostly Hollywood Gaining access to a remote system, especially via a RAT or a rootkit, can potentially allow a hacker to execute programs on the remote system. Those programs are usually designed to steal information and help break down digital security barriers. However, opening all the doors of a security facility remotely is a little on the far side of plausible. A few things would already have to be in place: like the internet-connected system having the access needed to open all the secure doors in the facility, or that all the doors could be opened without local or multi-factor authentication to do so. This hack isn’t altogether impossible, but the ease with which it is carried out in the show makes this mostly Hollywood. It’s more likely that the network intrusion would result in… Later in the series, a hacker group gains access to a global corporate network and encrypts all of its corporate data, holding it ransom. Hack or Hollywood: Real Hack Ransomware is nothing you aren’t aware of, but the scale of attacking a global corporate network is impressive storytelling indeed. Especially since, in the story, the hacker group has gone to great lengths to destroy the corporation’s backup files. With a skillful execution combining social engineering and remote access, the encryption and ransom is pulled off successfully. In real life, ransomware is a common attack from hackers and threat actors. People normally get ransomware by allowing malware or malicious software to be installed on their machine, often using some of the techniques we’ve covered above. One of the best ways of protecting yourself is to be sure you have good antivirus software on your device, and be sure to make backups of your data. From our point of view, the series scores high marks for presenting a compelling human story while keeping to technical accuracy about hacks and scams. For those watching, it serves not just as entertainment, but as a window into the vulnerabilities that exist in a digitally connected world. Keep in mind that many of these hacks, as theatrical as they might seem, have a kernel of truth, and it’s never a bad idea to keep your personal cybersecurity in mind. Hack or Hollywood: Looking at the techniques
The USB Infiltrator
Hack or Hollywood: Real Hack
As for the flash drive? Whether found in the parking lot, or anywhere else, you should never plug in USB drives you don’t control into any computer. Hacks from USB flash drives are well documented. When plugged in, USB drives have a protocol for communicating with the operating system. Hackers have used that protocol to execute commands, install malicious software like ransomware, or even permanently disable your computer. Hello, can you confirm your information please?
Insert ATM card here
Jail Break!
Corporate data ransom