Sophos Cloud Optix
We’re about halfway through season 2 of Mr. Robot, and we’re starting to see some major story lines either resolve or get even more complicated. So let’s dive right in to the latest episode and review security concepts that came up.
WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON
This episode was much more plot-heavy than tech-heavy, so this episode review will be shorter than our previous ones.
“You guys just got hacked”
Rather early on in the episode, we see tech-savvy FBI agent Dom very quickly determine that ECorp has just been hacked, likely by Angela. It was a matter of seconds: she saw the ECorp employee panicking over archives suddenly showing as gone or corrupted, and she’s ten steps ahead of it. “You guys just got hacked,” she says with some resignation. “I’m sure Angela erased all traces.”
It does follow logically that she put these things together. Dom was clearly suspicious of what Angela was doing and that she was up to some kind of insider attack, and the timing of ECorp archives suddenly being wiped seems to put it all together.
If only it was always that easy! The reality is that not only is attack attribution a tricky problem, but often companies don’t realize that they’ve been hacked for months or even years.
Given that most attackers will go to some trouble to erase (or at least minimize) their tracks, this means the defenders have to not only determine the scope of damage, but they have to do a lot of recon work to figure out how exactly an attacker got in and how long and long ago they got in.
So in this case, the stars all aligned and Angela happened to have all the right information at her fingertips, it can happen. But given she’s a security expert, I’m sure she realizes that this was lucky and not the necessarily the norm.
Angela joins the Risk Management team
It was an interesting lateral move to see Angela move to the ECorp Risk Management team. Risk management is something you tend to see at larger companies (like at an ECorp), and they’re usually a mix of legal, finance, project management, IT and security teams. As Angela’s new boss put it, the team makes “recommendations to management about how to address crises and course-correct.”
As we saw in the episode, there was a lot of discussion about contracts and liability, and information security teams are an important piece of the puzzle. After all, if a company is trying to prepare for the worst, knowing what their risk is of a hack, or a breach, and the possible implications or mitigations, are all crucial to determine.
The biggest question to me is exactly why Angela wanted to join this team. Potentially this is a great foothold for her to have as ECorp’s walking insider threat.
A throwaway birthday?
This is a minor note, but ECorp CEO Philip Price mentioned that Angela shouldn’t believe everything she reads in the news, and that his actual birthday is not the one that is disclosed publicly.
Did Philip make his public birthday fake for privacy reasons or is he purposely trying to throw someone off his trail? In any case, there’s a bit of a running gag that half of the information security community has a birthday of January 1 1900, so if he lied, he’s not the only one out there with a fake birthday.
This episode was really all about the huge plot twist at the end. Did you see that coming or were you completely surprised?
Just a note here. Thank you very much Maria for writing these post about the series. My first thing after I see the show to check your post about it. Sadly this episode didn’t have any that’s worth mentioning, but can’t wait to see the next one.
(spoiler) It’s also worth mentioning how he let the evil website be accessed from out of the Tor network and also appear in search engines & ads, so that it is exposed to everyone and became a sitting duck for law enforcement officers.
I’m not surprised that a bunch of IT people have a birthdate of Jan 1, 1990. That’s the default for some software long ago if you did not provide a DoB, and many people did not. I just don’t remember what software it was. Either that or its the default date for files when time is not provided, as when imported from other file(ing) systems into Windows.
Are you thinking of Excel? This has (or had, it’s a while since I had Windows) an epoch starting 1900-01-01, which was designated “day one” and stored as the decimal number 1.0.
(A date of zero would display rather weirdly as the 0th of January 1900, not as New Year’s Eve 1899 🙂
I am assuming Maria is referring not to a software default, because most web forms I have seen don’t have a default DoB in order to force you choose something yourself, but to the techie habit of deliberately choosing bogus birthdays. You need to remember your fake birthday easily, so New Year’s Day is commonly used, at least by people who weren’t actually born on that day.
FWIW, I’ve found numerous sites that won’t allow you to be more than 100 years old (which is rather ageist), in the same way that they won’t let you have names that they think you just made up. (I bet Team USA athlete English Gardner has loads of trouble online.)