FYI.

This story is over 5 years old.

Tech

Where 'Mr. Robot' Gets Inspiration for its Hacks

"It gets harder and harder each episode because I don’t want to repeat an attack from season one."
Image: USA

Besides a seeming never-ending procession of major hacks that have targeted everything from Sony Pictures and LinkedIn to the federal government's Office of Personnel Management and a message board for fisting enthusiasts, nothing has done more to raise the profile of digital security than Mr. Robot, USA's dizzying, uncomfortable hacking series. Part of what makes the show worth investing in is that it shows us, you know, hacking, and not a sexed up rocket launcher-and-flying-number-fueled approximation of it.

Advertisement

For that, you can thank Kor Adana, a former hacker and the show's tech consultant. Mr. Robot has won over even the most stubborn security researchers because the hacks Adana helps dream up for the show are modeled on real-world attacks.

Monday night, USA will premiere "Mr. Robot Decoded," a one-hour special that delves into how the show's team makes its hacks realistic. Adana couldn't give me specifics about what we'll see in season two, which premieres July 13, but said he and series creator Sam Esmail have been getting some inspiration from recent events.

"Part of my job is to be aware of cool and unique hacking techniques. I'm always on the lookout for new hacks," Adana told me. "There are a lot of things I've been wanting to use that'll show up in season two."

Hacks on his radar include one that allowed someone to bypass two-factor authentication to gain access to Black Lives Matter activist DeRay McKesson's Twitter, phone, and email. With two-factor, if someone tries to login to an account from an unknown device, the service will text a secret code to you to confirm it's you. In McKesson's case, someone managed to get Verizon to switch his SIM card to a device belonging to the hacker, essentially stealing his phone number from him and allowing the hacker into his other accounts.

"Sam and I were talking about that a couple weeks ago—if your SIM card can be intercepted and taken away and your pin code can be intercepted via security questions, you can be compromised," Adana said. "It's crazy."

Advertisement

Part of Adana's job is to painstakingly make sure that the scripts and screens protagonist Elliot Alderson runs on the show are accurate—in one case, an animator spent seven hours working on a screen that got a whopping one second of screentime in the actual show.

Adana says he thinks that by portraying hacking as being something closer to what it actually is, Mr. Robot has done a small part in educating people about what is and isn't possible and thus raises the level of cybersecurity awareness that viewers of the show have.

"I think that there's something to the idea that Mr. Robot is playing its part to educate, since every single attack we showcase is based on a real attack," Adana said. "To see how a phishing attack works or how a social engineering attack works, the normal layperson may be learning what these things are and how they work."

Adana wouldn't say if a hack like the one that targeted McKesson will show up in the second season, but said that his job—and protagonist Elliot Alderson's on-screen tactics—vary from real hacking in an important way: Alderson unleashes a barrage of different hacks in order to keep the show from getting repetitive. In real life, hackers will continue to abuse the same exploit over and over again against different targets so long as it works.

"The hacker's psyche is to do things as long as they work," Adana said. "But we're creating a television show and it's challenging—it gets harder and harder each episode because I don't want to repeat an attack from season one. I would say that Elliot has always been a better hacker than I was, but definitely in season two he's far surpassed me."