Hacking Is the Least Ridiculous Part of 'House of Cards,' Somehow
Amber alert hacking, polyglots, and switching centers.
Mr. Robot may have set the bar for realistic hacking scenarios, but House of Cards isn't too far behind. Season 5 (WARNING: SPOILERS) includes somewhat realistic references to Wikileaks, creating credible intel to look like voting centers are targeted by terrorists (looks like Putin may be watching), a totally plausible Amber alert/SMS broadcast spoof, and even a Signal cameo. (I, for one, was excited to see government actors use a solid app rather than, say, Confide.) We've got government-supplied leaks sent along with birthday cards on flash drives, and a tech guy yelling at a journalist for putting said unknown flash drives into a networked computer. (I could totally see that happening).
And nestled amidst the racking number of extrajudicial killings (echoes of Hillary Clinton conspiracy theories) are creepy hacks that could actually work, such as getting into a room because someone holds the door when a "borrowed" ID failed, or getting into a partner's phone by using her finger while you think she's, y'know, sleeping. (Good thing she planned it all along). To look at a handful of the other hacks in the season, I spoke with security researcher Kenneth White.
The Walking Dead
The aforementioned SMS message, zapped out to multiple phones on Halloween, warned that the zombies have mobilized, and instructed people to check their local [sic] sematary. In fact, a similar hack has happened before, when poor password security allowed attackers to post a fake warning about the U.S. being under zombie attack on TV networks in Montana, Michigan and New Mexico. (The good news is that FEMA now requires alert originators to use an authentication key, so a hacker would need to get their hands on that key for it to be successful.)
In the real world, surveillance data that's supposed to help fight terrorist groups often seeps into use against ordinary citizens, and House of Cards is no different. Last season, data scientist Aidan Macallan used surveillance data intended to help fight ICO (the show's ISIS equivelent) to try to give the Underwoods an edge in the election, but the government took over his algorithm. This season, he tries to cover his tracks. In the process, he got his hands on an NSA computer and saw a bunch of waterfalls which were actually zero-day exploits. Macallan could use these to backdoor into social media sites. One would think that NSA would be more likely to at least have passwords on their machines, but as far making an executable 0-day that's also an image (of a waterfall, or anything else), White says that this is totally a thing. Attackers can indeed encrypt any input, including malware, into an image. Researchers refer to files valid on different formats as polyglots.
The Switching Center Hack
The biggest hack of the season was Macallan hacked into a Capital East Telecom switching center in an attempt to delete everything that could implicate him in 20 minutes (that's how long he had before the NSA got suspicious). "A Nintendo could hack into a switching center," White tells me. "All you need is a terminal." He also says that wiping logs is plausible, something any real pro would do.
White also gives props to the producer's technical advisor, since the entire disk volume ("/dev/sdb9") is erased, rather than just a single file. "That's exactly how you could do it with a mounted volume on, for example, a temporary Amazon or Microsoft cloud virtual machine," he says. "In this case, [Macallan] is instructing the operating system to overwrite any existing data with random characters seven times, and then perform a final 'zeroed out' final pass. For true pedants, while the 'verbose' option was specified, it wouldn't really be a graphical progress bar, but you have to indulge a little bit of creative flair/license. Lastly, the gibberish seen scrolling by in the background is what you might expect if inspecting (or monitoring) the disk destruction in progress; nice touch."
In the past, House of Cards had fairly accurate portrayals of hackers, but made elementary mistakes, like mixing up fingerprint readers and cameras and using the terms "deep web" and "darknet" interchangeably. While this season definitely requires some willful suspension of disbelief, the show's come a long way.
Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.