What <i>Mr. Robot</i> Can Teach Businesses About Security

By getting the underlying technology right, <i>Mr. Robot</i> producers understand they boost the show's credibility and give businesses and their customers a more realistic view of security, risk and the challenges of data protection.

3 Min Read

Hollywood too often treats hackers like deus ex machina devices who get called in to fix a plot problem and essentially do something magical – and technologically impossible.

But Tanium's Andre McGregor and Ryan Kazanciyan, both technical advisors to the hacker drama Mr. Robot, said their input is sought before, during, and after scenes are shot. By getting the underlying technology right, the show's producers understand they boost the credibility of the characters and the series, which has won general praise from the hacker community and earned six Emmy nominations in its first season. And they may be helping to give businesses and their customers a more realistic view of security, risk, and the challenges of data protection.

If you're just tuning in, Mr. Robot is the story of Elliot Alderon, a socially challenged infosec professional with a double life as a vigilante hacker. He gets recruited to join an underground group of hackers ("Fight Club meets Anonymous/LulzSec," McGregor laughed during Tuesday's Q&A event about the technical aspects of the show), which wants his help bringing down the company he works for – and other evil corporations.

The FBI is usually one or two steps behind; McGregor used to work for the Bureau, which has a more prominent role in Season Two, and he's advised how the FBI agent characters should hold a gun, interview investigation subjects, and deal with surveillance. The set design also looks a lot like the FBI's real cybersquad office, McGregor said Tuesday.

Then there's all that plot material to be mined from today's headlines, since retailers, banks, media companies, and political organizations too often treat security as an afterthought, Kazanciyan said at Tuesday's online Q&A.

"I'd like to see customers change their behavior when they see their data is no longer safe, so that organizations don't treat security as an add-on -- something you don't need to bother with when you're in a hurry," Kazanciyan said. Most organizations, he added, are still struggling to handle security at a basic level, much less build it in from the inception.

Rogue devices (Elliot plants a Raspberry Pi behind a thermostat), rogue wireless networks, ransomware, and USB-borne malware all turn up in various plot lines. But frequently, Kazanciyan or McGregor will field a call from Kor Adana, technology producer for the show, with questions and clarifications about how hackers behave and speak. Sometime dialogue needs to be changed to make a scene more accurate or realistic, or just to be more true to the character, Kazanciyan said. "I can't say anything more without giving it away."

"I'm afraid of spoiler alerts," McGregor added. "My contract says $1 million per infraction! Just kidding."

McGregor and Kazanciyan were quick to note that all of Elliot's coding tricks and social engineering are drawn from real cases. "We're not showing anything that's magical or hasn't been thought of – it's all been done in the private sector or already written," McGregor added. And they're not worried about copycats since all the hacks are essentially in the public domain already.

The technical advisors are also careful to show that hacking requires long, sometimes tedious hours and that code doesn't always work right – or in the way it was intended.

"Hacking, even when it's well planned and executed, is not without repercussions, which is a core theme for this season," Kazanciyan said. "Good offense informs good defense when it's done properly. But even the best-laid plans have some blowback," he said, referring both to real life and the hacks on the show.

Related Content:

About the Author(s)

Terry Sweeney, Contributing Editor

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.

In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights