Apr 11
Mr Robot: lecciones de ciberseguridad a domicilio y desde el sofá

Mr Robot: cyber security lessons at home and from the sofa

Mr. Robot is, as many will know, a series about a cyber security expert named Elliot. And no, unfortunately you can not see it on Netflix.

Elliot is contacted by a group of ‘hacktivists’ who want to attack the multinational E Corp. Why do they choose Elliot? Because of his great knowledge about computer security and, above all, because the cyber security company where he works at collaborates with that same corporation.

If Mr. Robot has become one of the series of the moment it is, without a doubt, because of the realism of the stories. They all are dangers which we face each day in this digital age. And of course, companies have a relevant place here.

The series is a great source of knowledge on cyber security from which we can learn a lot. From how to protect ourselves as mere users of the Network, to what security measures we should implement if what we want is to avoid a cyber attack on our company.

Here is a list of some of the lessons that Mr. Robot has taught us:

BEWARE OF SPOILERS!

1. The greatest fear of a company: an internal attack

Elliot works at a cyber security company called Allsafe, which protects the assets of the multinational E Corp. This position allows him to attack the corporation from within, since he knows the vulnerabilities of the corporation and has access to a large part of its infrastructure.

Unfortunately, this is something that happens in companies: computer attacks perpetrated by the company’s own employees; with access to private information and without the limitations that an external attack would cause.

What is the solution? We must control the resources that employees of a company have access to and not give more permits than necessary. And of course, we must limit and monitor what enters and leaves our company through electronic or storage devices, such as USB.

2. Social Engineering, the art of gathering information

Episode 10 of the second season of Mr. Robot showed us a clear example of social engineering. Elliot pretends to be a police officer in order to find out where the phone of the vice president of E Corp is with the location of the last call he made. Following the procedure established for emergencies that Elliot managed to find out on the Internet, he convinces the operator that this information is necessary to prevent someone from suffering harm.

Another example that appears in the series is when Elliot gets the phone number of a completely unknown man and, pretending to be a bank worker, calls him on the phone and tells him that there is a security problem with his account. For this reason, he asks for very specific information (such as the answers to the security questions) so he is able to solve it.

via GIPHY

Although the man finally begins to distrust once the conversation ends, Elliot has the necessary information to hack their accounts.

So never, under any circumstance, give private information, either by email or by phone, to the people who ask for it. Because social engineering techniques include multiple types of manipulation with the sole purpose of obtaining information used to carry out any crime.

3. Do not underestimate the power of a password

In the pilot episode of the series, Elliot hacks the account of his therapist Krista, whose password is the name of her favorite singer along with her date of birth with inverted digits. Knowing a bit about the person or the information they publish on their social networks, Elliot is able to get their password.

Also, he also hacks the accounts of his co-worker whose password is “123456Seven”, and easily gains access to other accounts.

How does Elliot get these passwords? Using several methods, but the most visible in the series are these 2:

  • Brute force attacks: a program which uses all the possible combinations of characters until it finds the right one.
  • Dictionary attacks: a method of finding a password by trying all the words in the dictionary: the more common and simple the combination of characters and words in the password, the faster the password is
    obtained.

However, sometimes it is not even necessary to carry out such attacks: in the series Susan, the lawyer of E Corp, has her e-mail password written on a piece of paper on her desk.

When generating and storing passwords we must use unique credentials for each service with keys that are easy to remember but difficult to guess.

Password managers can help us with that task, and we can also add double factor authentication if we want to have an additional layer of security.

4. IoT, Internet of Terror?

The IoT is made up of interconnected devices, and can be used to carry out many cyber crimes.

In the series, the members of Fsociety take control of the home automation installation of the house of the lawyer of E Corp, altering the behavior of all the devices that are in it.

Another case in which IoT security would be compromised in the series is when Detective Dominique DiPierro has personal conversations with her virtual assistant Alexa. In the event that hackers wanted to obtain that personal information, they could easily get it.

There are many threats that can affect IoT devices, so the inclusion of these cases in the series is another way to show that there is still a way to go in terms of security.

5. Keep your electronic devices safe

In one of the episodes, Elliot asks his therapist’s boyfriend if he can use his cell phone to make a call. He calls himself to get his phone number, and accesses a large amount of information about him.

In another episode, Tyrell Wellick, the technology director of the E Corp office, accesses the main information of an employee with an Android phone (to take control of the system) adding himself as a privileged user after installing an application with a hidden icon when the employee leaves the room for a few minutes.

What is the conclusion? Do not leave your mobile or your computer unattended, check the programs installed on your devices and regularly scan your system. And, of course, be sure to set passwords to unlock all your devices.

But this does not finish here. USB are also mentioned in Mr Robot, since Elliot throws a USB in the parking lot of a prison, where a guard picks it up and inserts it into his computer. Luckily, the computer’s antivirus prevents malware from running.

It is a fact that USB devices can be used in targeted attacks and once you connect one of these devices to the computer of the victim, the attacker has free access.

What measures can we apply?

What measures can we apply from Mr Robot?

With all the examples we’ve seen, this list of tips can be helpful to avoid the situations that appear in the series:

  • Invest in cyber security: Mr Robot shows the problems and shortcomings suffered by companies when they do not have specialized personnel in cyber security, they lack the budget to protect their data and do not update their software on a regular basis.
  • Beware of data theft and cheating: Do not trust anyone who asks for personal and access data.
  • Use complex and secure passwords: You will avoid more than one shock, although, of course, you must change it regularly.
  • Update your programs frequently, or they will be vulnerable to cyber attacks: This weakness can cause cyber criminals to perform phishing actions, enter your email accounts or introduce malware into your system.
  • Be cautious about the use of public networks: Elliot is able to monitor the traffic of certain public WiFi networks, which means that your personal data is also at risk when you are connected to a network of this type.

Images from IMDB | http://www.imdb.com/title/tt4158110/

Latest posts by AranaM (see all)