Mr. Robot eps2.5_h4ndshake.sme – the security review

robot_mediagallery_whiterose_ballet

We’re about halfway through season 2 of Mr. Robot, and we’re starting to see some major story lines either resolve or get even more complicated. So let’s dive right in to the latest episode and review security concepts that came up.

WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON

This episode was much more plot-heavy than tech-heavy, so this episode review will be shorter than our previous ones.

“You guys just got hacked”

Rather early on in the episode, we see tech-savvy FBI agent Dom very quickly determine that ECorp has just been hacked, likely by Angela. It was a matter of seconds: she saw the ECorp employee panicking over archives suddenly showing as gone or corrupted, and she’s ten steps ahead of it. “You guys just got hacked,” she says with some resignation. “I’m sure Angela erased all traces.”

It does follow logically that she put these things together. Dom was clearly suspicious of what Angela was doing and that she was up to some kind of insider attack, and the timing of ECorp archives suddenly being wiped seems to put it all together.

If only it was always that easy! The reality is that not only is attack attribution a tricky problem, but often companies don’t realize that they’ve been hacked for months or even years.

Given that most attackers will go to some trouble to erase (or at least minimize) their tracks, this means the defenders have to not only determine the scope of damage, but they have to do a lot of recon work to figure out how exactly an attacker got in and how long and long ago they got in.

So in this case, the stars all aligned and Angela happened to have all the right information at her fingertips, it can happen. But given she’s a security expert, I’m sure she realizes that this was lucky and not the necessarily the norm.

Angela joins the Risk Management team

It was an interesting lateral move to see Angela move to the ECorp Risk Management team. Risk management is something you tend to see at larger companies (like at an ECorp), and they’re usually a mix of legal, finance, project management, IT and security teams. As Angela’s new boss put it, the team makes “recommendations to management about how to address crises and course-correct.”

As we saw in the episode, there was a lot of discussion about contracts and liability, and information security teams are an important piece of the puzzle. After all, if a company is trying to prepare for the worst, knowing what their risk is of a hack, or a breach, and the possible implications or mitigations, are all crucial to determine.

The biggest question to me is exactly why Angela wanted to join this team. Potentially this is a great foothold for her to have as ECorp’s walking insider threat.

A throwaway birthday?

This is a minor note, but ECorp CEO Philip Price mentioned that Angela shouldn’t believe everything she reads in the news, and that his actual birthday is not the one that is disclosed publicly.

Did Philip make his public birthday fake for privacy reasons or is he purposely trying to throw someone off his trail? In any case, there’s a bit of a running gag that half of the information security community has a birthday of January 1 1900, so if he lied, he’s not the only one out there with a fake birthday.

This episode was really all about the huge plot twist at the end. Did you see that coming or were you completely surprised?