**This article contains spoilers for Season 4 Episode 2 of Mr. Robot**
Episode 2 of Mr. Robot’s final season didn’t have a ton of hacks, but we’re here to dissect the ones we saw. We discussed shoulder surfing, hacking encrypted cryptocurrency wallets, piecing together AlphaBay connections, and rejiggering Signal’s API. (The chat transcript has been edited for brevity, clarity, and chronology.) This week’s team of experts include:
- Emma Best: a former hacker and current journalist and transparency advocate with a specialty in counterintelligence and national security.
- Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as Director of Information Security at The Intercept.
- Trammell Hudson: a security researcher who likes to take things apart.
- Zachary Julian: Security Associate at the security consulting firm Bishop Fox.
Trammell: Mr. Corporate has a long voice-over monologue at the very beginning as he introduces us to the Deus Group and its many members in the world’s governments. The opening dialogue was quite a shift in tone from the previous seasons. Season 2 and 3 to me were about "what happens when the hackers catch the car?" This one seems to be setting off on the theme that F-Society, etc. were steered into place by the Illuminati. (I guess Season 3 was starting down that road as well.)
Micah: The first episode of Season 1 kind of referenced the Illuminati, too. The rich powerful people that run the world.
Emma: They went back to it with the season finale, as well.
Yael: I guess it's weird in that what Fsociety has envisioned is not nearly as bad as the real thing, whereas it's usually framed as "extremist" groups being "paranoid."
Emma: The (untrue) lyre story scene comes to mind. In the Season 1 finale, White Rose (as the minister) is at a swanky restaurant and tells the story of Nero playing the lyre while Rome burned. It's a popular story, but it's not true. Like most of the Caligula stories, it's a myth written by the Emperor's enemies.
Trammell: The larger concern I have about the "voluntary surveillance" narrative is that it has a bit of a "wake up sheeple!!!!!" sort of vibe, and moves the blame onto the individuals for not being wise enough to see The Truth.
Yael: It's complicated. Because yes, on the one hand, it's totally the corporations that are to blame, but on the other hand, a lot of people who are like, "but muh privacy!" will also declare very personal things very publicly and then be like, "isn't this supposed to be protected?" Like, no, your medical records are no longer protected if you upload them to your public Facebook.
Trammell: I feel that the security community has been far too harsh on blaming the users for not knowing which obscure setting has to be selected to turn on the privacy, rather than designing systems that have reasonable secure defaults and helping people understand the trade-offs.
Yael: Amen to that. So do you think the show is perpetuating that?
Trammell: The opening dialogue felt like it was, although maybe they'll subvert it later in the season. [Security and privacy expert] Bruce Schneier wrote a nice bit about "stop trying to fix the user."
Zach: I thought it was interesting they did the deep fake technique to have Zhang meet all the world leaders during the intro.
Zach: Did anyone notice the AlphaBay reference when they're interrogating the Irish guy? AlphaBay was a darkweb market that has since been shut down. They mentioned they were building a case against the Irish guy by “piecing together his Alphabay connections.”
Yael: How do you piece together someone's AlphaBay connections?
Zach: They don't really explain in the show, but it’s possible the FBI had compromised AlphaBay and were able to view associations that way, similar to how they hacked that child porn site in 2015. I don’t know of any confirmed cases of them doing the same to a darknet market, but I think it's a safe assumption. Either that or they could exploit OpSec mistakes among users to map those relationships.
Emma: Or they could snag their RSA keys in a raid and use them to ID handles on the darknet markets. They've seized the hardware of the people operating them and pieced together a lot from there. Those who transported [illicit goods] are vulnerable to being connected as well, unless they use a safe remailer that's not compromised in some way.
Yael: I was surprised that Elliot is such a l337 hacker but so susceptible to shoulder surfing. Like, maybe cover your phone with your hand or don't check stuff you don't want people to see in front of them or on the bus when they're half an inch away? Get a privacy screen for your phone? Here I am, blaming the user. ;)
Micah: Privacy screens are excellent. For anyone who doesn't know, they make them for laptops as well as for smartphones, and they basically reduce the viewing angle so it's hard to see what's on the screen from an angle, so only the person looking at it straight on can see it. I've definitely noticed people bend over sideways trying to see my phone's screen on the train because they're used to being able to just easily shoulder surf and are wondering what's up with mine.
Trammell: I loved this ad for them from years ago.
Ecoin Wallet Hacking
Yael: So, uh, how do you hack a dead person’s ecoin wallet? I thought people freaked out about cryptocurrency BECAUSE it's so hard to get into it after someone dies, so their wealth just dissipates into the ether.
Trammell: Most wallets are password protected, so guessing. Since most passwords have relatively low entropy.
Yael: Darlene had access to all of Susan Jacobs' passwords, IIRC, but not sure how Elliot got them. Though he did tell Mr. Robot he was running a password cracker on it...
Micah: A cryptocurrency wallet is really just an encryption key, sort of like a PGP key. And yeah, they're normally protected with a password. Elliot would have to have gotten a copy of the encrypted wallet and then attempted to guess the password, probably using a tool like hashcat on a computer with a GPU.
Trammell: Although we don't know what the UI for Ecoin is like; if it is tied to a mobile device, then a strong entropy key could be used on the device itself.
Yael: How would Elliot have gotten a copy of the encrypted wallet?
Trammell: I'm also not clear on exactly what he was going to do with it once he cracked it, since he needs her contacts at Cyprus Bank, not the value stored in the wallet.
Micah: That part's kind of confusing. He'd basically have to steal it from her—maybe hack her computer or phone, but that would be hard for someone who is dead and thus hasn't turned on their computer or phone in a few months. Or, maybe she stored it in the cloud—maybe this is how all Ecoin wallets work, in which case he'd just have to compromise her account on Ecoin's website.
Emma: That seems likely. Remember the plan to let U.S. government look at everyone's wallet and all the info? Cyprus banks were very interesting places at that time. 2012-2015 was a total collapse of their banks due to money laundering and overleveraging.
Yael: I don't mean to be rude, but I think this episode could have used some Kor Adana.
The Bank Heist
Yael: What is this bank hack thing Elliot has planned?
Trammell: I think he wants to somehow shut down the Deus Group through somehow stealing their money. Not sure why they all had to be in one place, but it sure is convenient that they can only appoint a new head of E-Corp if they are all together in person.
Yael: I just wish Angela's dad had this change of heart before they killed her.
Micah: Yeah... but I think killing his daughter is what pushed Price over the edge.
Yael: At least nobody hugged the murderer.
Trammell: Maybe she comes back if White Rose's time machine works.
Signal Location Sharing
Yael: How did Darlene rejigger Signal's API for GPS location sharing?
Micah: Signal is open source. The code for the Android version is on GitHub. So it seems all Darlene did is download the code, add a feature (GPS sharing), and make a new APK, which is how you can distribute Android apps. Then she installed the app on Elliot's phone. Although it's totally possible she added other sneaky stuff in there and is now spying on Elliot's Signal messages. It's not like Elliot checked what the patch was. Also, reinstalling a modified version of the Signal app would have caused Elliot's safety numbers to change.
Trammell: Darlene was also obviously a shoulder surfer—she knew his unlock pattern. Minor OpSec note: she is listed in Elliot's contacts as Dolores Haze, not her real name. According to the internet, that was her handle on the chat room where she "met" Elliot. It was also the name of the APK, so maybe she uses the Lolita reference as her online identity. The URL for the Signal APK that Darlene downloads, REFSTEVORQ, was part of the 2017 ARG, and is base64 for "DARLENE."
Yael: Anyone else have any thoughts about the episode? I wanted more hackkkssssss.
Trammell: PLZ SEND MORE HACKS.