On the show Mr. Robot, just started watching I'm on episode 9, are all the hacks or whatever actually possible in real life?

Comments

• CountVon@sh.itjust.works ⁨1⁩ ⁨week⁩ ago

  One of the show’s tech consultants addressed that in this interview:

  What are some of the challenges faced in presenting hacking and cybersecurity in both a realistic and an entertaining manner?

  I think the biggest challenge is time. We are only given seconds to demonstrate a hack that could take hours. While we are accurate about the details of the hack, we must fudge the time element.

  source
• panda_abyss@lemmy.ca ⁨1⁩ ⁨week⁩ ago

  Yeah, when the show came out it was very well regarded as being pretty accurate.

  Obviously it’s a TV show, but most of the hacks were real or based on real hacks and techniques. From what I recall most of the hacks were social engineering (dropping the USB drives trying to get someone to plug them in, using physical access to install a raspberry-pi on the network, etc.).

  Realistically, I think that raspberry-pi would be found pretty quickly today. And those USB sticks would probably now trigger a visit from IT (everything you do on your corporate computer is logged. If you plug in a USB stick your admins can/will know about it, I had a friend who’s employer threatened to sue them because they downloaded personal documents off their computer using a USB, and the employer threatened to sue them over stealing trade secrets, which sounds dumb, but it was basically blackmail to try and stop him from getting another job).

  source

  • SillyDude@lemmy.zip ⁨1⁩ ⁨week⁩ ago

    I remember being pleasantly surprised with it being appropriately “entertainment accurate”. Normie’s watching it see all the stuff and think hackerman. But for people who know anything about tech, it was good enough that you weren’t sitting there in agony knowing “that’s not how that works!”.

    I think they were just trying to fire your friend without paying UI, which is standard practice in the US. You can be fired at any time without cause, but then the employer is on the hook to pay your unemployment. As long as they can find some “cause”, then you’re fired and ineligible for unemployment benefits.

    source

    • ApathyTree@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago

      As long as they can find some “cause”, then you’re fired and ineligible for unemployment benefits.

      This is a common misconception, and everyone should apply for unemployment if they lose their job for any reason.

      They need an actual good cause, like actual damages to the company or something, and they need to be willing and able to back up their claim that you are ineligible, or the unemployment offices will side with you and award it anyway. They generally favor employees over employers in decisions, because they know the bullshit companies do to not pay out.

      Lose your job? Apply. You have literally nothing to lose.

      source
    • panda_abyss@lemmy.ca ⁨1⁩ ⁨week⁩ ago

      But he was quitting. They sure hassled him though.

      source
  • TheFogan@programming.dev ⁨1⁩ ⁨week⁩ ago

    Trying to remember a bit more of it, but wasn’t the usb stick a rubber ducky? I mean it could possibly trigger some alarms, but to note that I don’t think it would register as a flash drive. In short you can program them and make them appear to the computer however you want. (IE it could appear as a keyboard, and rather than copying a file from storage, and rather than copying a script off of itself, it could say open cmd or powershell and effectively run the commands itself (as if they are being typed really fast, rather than actually a script). Companies typically don’t log keyboards being plugged in.

    source

    • bamboo@lemmy.blahaj.zone ⁨1⁩ ⁨week⁩ ago

      IIRC, there was a plot where Elliot needed to break his drug dealer out of jail, and they left USB sticks in the parking lot of the police station, but when the cop plugged it in, it was obvious that it was malicious (command prompt pop up) because they didn’t have time to make it hidden, so that thread didn’t end up working out.

      source

      • -> View More Comments
  • Brkdncr@lemmy.world ⁨1⁩ ⁨week⁩ ago

    I pentest regularly and people plug those usb drives in, devices get ignored.

    source
  • WaxRhetorical@lemmy.world ⁨1⁩ ⁨week⁩ ago

    In regards to the Pi, I worked for a bank until recently that absolutely would not have discovered it. I was dealing with IAM, not network security, but the guys who were were drowning and the structures were not in place to automatically flag this, so I’m pretty sure it’d just live on… I think outside of big, solid corporate and very tech-heavy smaller firms, this kind of approach would rarely be discovered.

    source

    • erev@lemmy.world ⁨1⁩ ⁨week⁩ ago

      In most cases I would agree.

      In the instance of a heavily secured state-of-the-art datacenter with armed guards it should’ve gotten flagged immediately.

      Then again thats assuming the people in the SOC aren’t massively overworked and were paying enough attention of course

      source
  • Septimaeus@infosec.pub ⁨1⁩ ⁨week⁩ ago

    I’ve seen that scenario play out multiple times now.

    In every case management’s paranoia was a result of their inability to comprehend employee departure as anything short of personal betrayal and thus, drama ensued. Cringe-o-rama

    Practical takeaways (tips for non-IT knowledge workers)

    While avoiding toxic management in the first place is great, ultimately the best advice is to protect yourself in every case by learning better habits/hygiene: if possible, use only personal equipment for anything personal; otherwise, learn how to encapsulate personal activity/traffic effectively. Effective methods include portable or web-based encrypted remote to a home PC, lightweight virtual machine with a killswitched VPN that you run exclusively from an encrypted drive that travels with you, and so forth. Mistakes include: 1. Any personal web browsing — trackable in enough ways that it’s best to just assume no countermeasure offers complete privacy. 1. Storing personal data on disk — outside of security and privacy concerns, this has often been used by companies to claim employee IP as their own. 1. Personal use of workstation/client software — least problematic, but much of this is trackable at the system and network level.

    source
• Eric@lemmy.blahaj.zone ⁨1⁩ ⁨week⁩ ago

  Very plausible in theory, but also dramatized.

  source
• etherphon@piefed.world ⁨1⁩ ⁨week⁩ ago

  Amazing show, enjoy.

  source
• Covenant@sh.itjust.works ⁨1⁩ ⁨week⁩ ago

  The steps tyrel took to root a phone where correct. But where he does is in seconds it took me way longer!

  source
• GenosseFlosse@feddit.org ⁨1⁩ ⁨week⁩ ago

  Yes, but in reality you need way more preparation, figure out what software they use, which weak points it might have and how to take advantage of it.

  source
• Formfiller@lemmy.world ⁨1⁩ ⁨week⁩ ago

  Yeah it’s call data center bonfires

  source
• newton@feddit.online ⁨1⁩ ⁨week⁩ ago

  https://hak5.org/

  source
• qwestjest78@lemmy.ca ⁨1⁩ ⁨week⁩ ago

  Just wait until you get to that season where he is talking to Daryl from the office the whole time. They lost me on that one. Did not make sense.

  source
• bryndos@fedia.io ⁨1⁩ ⁨week⁩ ago

  TLDR; kali linux - 1337 h4x0r

  IIRC a lot of them involved hacking the user to get to the system which seems legit.

  i'm sure you've seen this by now

  But not many modern (work) pc should let you execute code off a usb or cd-rom (!) drive.

  Get the user on their personal compy though, then find something to blackmail more info out of them. I think they do that too.

  maybe-spoiler

  Crucially he was still able to be some sort of admin on some of the main hacks - this is also plausible.

  Did they do like a Reichstag fire to get him elevated emergency powers, and appear like a hero to the target?

  This was a long time ago for me.

  source