Mr Robot is a fictional TV drama following the life and times of security engineer, hacker and cyber-vigilante Elliot Alderson. The show has won plaudits for turning hacktivism and cybersecurity into exciting television — but is any of it accurate? During a recent Reddit AMA, Kasperksy Lab’s global director Costin Raiu weighed in on the authenticity of the show. Read on for his opinion.
The Russian-based security software provider Kasperksy Lab recently appeared on Reddit AMA to field questions about all things security. (You can read the full thread here.) One of the first questions centered on the TV show Mr. Robot; specifically how accurately it depicts the reality of IT security and hacking on a scale of 0 to 10. Here is Raiu’s response:
Mr Robot is a strong 9.5 for me. Most of the scenes are top class and the usage of tools, operating systems and other tiny details, from social engineering to opsec is very good. I guess having help from some real world security experts helped (the folks at Avast did a great job!)
I particularly enjoyed some of the quite realistic scenes, such as the poor developer who can’t help fixing the broken Bitcoin bank, the parking lot USB key attack [and] their depiction of how quickly a phone can get backdoored with the right preparation (less than the span of a shower).
Of course, this doesn’t mean that the show isn’t guilty of stretching plausibility — it’s a TV thriller, after all — but it’s nice to know they’re getting the little details right. (See also: The Martian.)
In the same AMA, Kaspersky was also asked to rate the accuracy of this infamous NCIS “I’m being hacked!” scene out of ten:
Here’s Kaspersky response:
Up to eleven!
Bless.
[Via Reddit]
Comments
One response to “How True To Life Is Mr Robot?”
Most of it is “fairly accurate” hence why SET named on of their versions “mr robot” ,etc.
That said I have a few gripes…
When Elliot discovered that the wifi network at the prison was WPA2, he should of automatically jumped to the conclusion that it would had 802.1x authentication of somekind, this was not mentioned to rule out an eviltwin attack.
Elliots sister (supposed to be some master malware coder)…. Didn’t even encode her payload to avoid Anti-virus scans. MSFvenom and/or VeilEvasion could have easily hid the malicious payload from the AV. that’s just two tools, there are many to evade malware detection.
One thing i did find a little inaccurate was the password cracking used by Elliot. I’m not debating that he was able to download a hash of somekind and use it to get the password of people like his therapist ,etc. However this still would of taken quite a while. There are tools to help you profile a victim to generate a list of feasible passwords, still this list would of been 1000’s of lines long and would of taken substantial time. Thats if he even managed to download a hash and wasn’t trying to brute force the remote logins which would of no doubt be blocked after a few tries.