A Roundtable of Hackers Dissects 'Mr. Robot' Season 3 Episode 6: 'Kill Process'
Technologists, hackers, and journalists recap the latest episode of the realistic hacking show.
Episode 6 of Mr. Robot’s third season may have been tragic, but there were plenty of hacks and details for our team of technologists to pore over. We discussed key card swiping, Signal hardening, halon server rooms, PGP keys, and more. (The chat transcript has been edited for brevity and clarity.) This week's team of experts include:
- Bill Budington: a long time activist, programmer, and cryptography enthusiast, and a security engineer and technologist at the Electronic Frontier Foundation.
- Jessie Frazelle is an engineer on open source infrastructure tooling and secure by default infrastructure at Microsoft.
- Harlo Holmes: a digital security trainer at Freedom of the Press Foundation.
- Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as a journalist at The Intercept.
- Freddy Martinez: a technologist working on whistle blowing technologies. He serves as a Director for the Chicago-based Lucy Parsons Labs.
- Matt Mitchell: a hacker who leads cryptoharlem, which aims to teach basic cryptography tools in the inner city. He also trains newsroom journalists (at Global Journalist Security), activists & human rights defenders in digital & operational security.
Yael: This episode starts with Elliot doing his best to roll back phase 2. When he gets into the E Corp building, I thought it was really funny how he didn't clone the RFID card or do any kind of fancy hack, but just stole someone else's.
Jessie: That is the easiest way.
Yael: Don't people know they're supposed to keep out-of-use keycards in steel cages? Like, you immediately use it and then put it in your locked chainmail Faraday bag?
Micah: I do that with my own RFID keycards, only I put them in an RFID-blocking wallet.
Yael: But can your RFID-blocking wallet get stolen?
Micah: Yes, my wallet can get stolen, but probably it would be harder than if I were dangling my RFID card off my belt.
Yael: I had an RFID-blocking wallet type thing (the plastic kind that snaps closed), but I do travel hacking so I had too many credit cards and it broke.
Bill: I've had an experience with RFID wallets being a bit unreliable.
Micah: Well, it certainly doesn't scan through my wallet with the normal RFID readers. Maybe if you have the right equipment, the signals leak.
Yael: Dang, that's a $22 wallet.
Bill: It's a member gift that comes with a $22 donation to make sure your freedoms are defended!
Matt: I was wondering why he didn't just tailgate gatecrash in. Shuffle in behind someone. Pulling a tag is hard to do undetected. But the best hackers know when not to hack.
Yael: I think shuffling behind someone might have been more obvious.
Micah: The RFID card he stole sure did have a lot of access. He only came across one door that it didn't work on. That building has some lax ACLs.
Bill: Yeah, they should get two-factor in those buildings.
Yael: Isn't it way harder to clone key cards if they actually use modern-day protocols? I was just looking into that for an article. But most are broken, and businesses suck and don't upgrade them because $$.
Freddy: One thing I noticed is that many hackers don’t really talk about pickpocketing or whatever, at least in red team scenarios, or physical pen tests. There are discussions in pickpockets: is it a lost art due to the rise of card cracking? Card cracking=using stolen credit cards to buy stuff illegally online.
Yael: There's a whole industry around that! Shadow industry. Dun dun DUN.
Freddy: Crime pays.
Yael: Anything else on this? Don't put your keycard where it can easily be flag footballed?
Matt: When Elliot called Darlene on Signal it shows how even though encrypted, your call and text can be compromised by a bad actor in the same room as your friend. Good opsec means using a chill call/response tactic like safeword "pineapple."
Yael: Dom is working SO HARD on this case, and it turns out her boss is a Dark Army shill! WTF. What can she do? Everything is so hierarchical and slow in government that I don't know if there's anything?
Micah: And the FBI Dark Army shill's mom doesn't know about same-day delivery.
Bill: When we're old and grey, we'll be surprised about MicrosamazoNBC's transportation-delivery service.
Yael: I thought the FBI/Dark Army shilling was pretty funny. It's almost like F Society has a better structure than the feds do.
Jessie: They probably do.
Freddy: I find it very hard to believe Darlene’s CHSI (confidential human source of information) stats didn’t get back to the Dark Army.
Yael: Maybe the Dark Army doesn’t care?
Micah: Well, one thing is in common between the Dark Army, the FBI, and the remaining scatterings of F society: they all use Signal for encrypted messages and calls.
Jessie: Carrier pigeon.
Yael: Or an owl.
Micah: Here's a video I made, and a detailed article, about how to lock down Signal as much as possible.
Yael: Nice. Okay, shall we move onto ups_640_patch.zip?
Bill: I downloaded it, it's base64-encoded, and when you decode it, it looks like another b64 encoding (with exclamation points), but it's not. I was stumped at that point. http://18.104.22.168/files/ups_640_patch.zip. If you go to that URL, it redirects you to https://ycg67gca.bxjyb2jvda.net/files/ups_640_patch.zip. That's a base64-encoded string that decodes to another b64-looking string, but it isn't really b64. I tried decoding it; I couldn't figure it out. :/
Micah: By the way, the building in this episode that Elliot thinks they're planning on blowing up for stage 2 and that he sneaks into... in real life, that's an NSA building in Manhattan codenamed TITANPOINTE.
Freddy: I’m confused because in episode 1, I thought they alluded to it being their safe house, where Elliot got shot.
Micah: You know how Elliot and Mr. Robot are fighting with each other, and Mr. Robot is trying to foil him by just leaving the building, and he keeps coming back in? Mr. Robot could have ditched the stolen RFID card, or even just changed Elliot's password on the server he keeps SSHing into to one that Elliot doesn't know. That would have been way more effective.
Yael: But Elliot somehow makes it to the halon server rooms...
Matt: Those materials have been replaced. When I worked in the airline industry, I worked every day in a server room. We were told to put on a mask for oxygen and walk around and drag unconscious coworkers out the room if that gas goes off. It would knock you out. It sucks out oxygen. Elliott was just chilling with the door cracked open.
Freddy: Yeah, you can die if those go off. It removes all the oxygen from the air. He sets it off and just gets out of the room and shuts the door.
Yael: It was heart-breaking that Elliot "fixing" the hack led to 71 other buildings being destroyed. I feel so bad for Elliot. I didn't think that distributing everything everywhere would lead to more harm when he was trying to get them to just call it off. I guess it's hard to threat model terrorists.
Freddy: Do you think Elliot was set up to be a patsy like Lee Harvey Oswald?
Matt: When Elliot was in the computer lab fighting himself, on the screen is the script he is trying to execute. It says "contact: Matt Mitchell."
Yael: Nice! #lifegoals. Matt, would you have helped Elliot?
Matt: ...if he contacted me. (Hehe.)
Yael: What would you have told him? "Stop beating yourself up!"?
Bill: Do you remember what you were doing in 2015? Perhaps a little bit of your memory fails you?
Matt: It is all foggy.
Harlo: All we got was wget with a sorely needed -c flag, and a kind of beautiful Pina Bausch routine. The -c flag in wget means that if your connection is cut off in the middle of a download, you can continue from where it left off on the next try, rather having to start from the beginning each time, if the corresponding server you're downloading supports it. If your Sybil-esque alter ego keeps body slamming you into an iron pipe to sabotage your work, it might come in handy.
Bill: Also from that scene, seems like we know Elliot's PGP short key ID: 9C2FA3D1.
user@ssh:~$ gpg2 --search-keys 9C2FA3D1
gpg: keyring `/home/user/.gnupg/secring.gpg' created
gpg: searching for "9C2FA3D1" from hkp server keys.gnupg.net
gpg: key "9C2FA3D1" not found on keyserver
No such key exists in this universe, but it would be trivial to create one. You can generate vanity PGP key IDs.
Freddy: That’s why he failed to stop the DA. Was fucking around with GPG.
Matt: No key found when I did key lookup :(
Yael: Well it would have had to have existed back in 2015. Maybe White Rose can take you back in time to do that. Actually, Micah and I tried to send Elliot Protonmail.ch messages in the past (as in, first season), but he did not respond.
Bill: Elliot.Alderson@e-corp-usa.com is the new email address, apparently. I'll try to email him now. :)
Yael: I think he got fired, though…