Sophos Cloud Optix
As this week’s wasn’t as security-heavy as previous episodes, there’s not quite as much to discuss. But nevertheless, let’s dive in to it, shall we?
WARNING:SPOILERS AHEAD – SCROLL DOWN TO READ ON
In these less tech-centric episodes, it can feel a bit nit-picky to dig too deep into concepts that are briefly shown on screen. So I admit upfront to some of these being mere mentions, and I’m digging in to them for the sake of discussion here. (And what would internet reviews be without a bit of pedantry, eh?)
Both sides of the social engineering coin
It’s interesting that most of the actual hacking we’re seeing lately comes from Angela, arguably one of the least tech-savvy members of the Mr. Robot character cast. Depending on who you ask, social engineering is either a field all on its own or an extension of hacking (“human hacking,” as some call it).
It seems to be the kind of hacking that Angela excels at, in any case. We’ve previously seen her talking her way into restricted areas and out of FBI scrutiny – some of it, anyway – and in this week’s episode, we also see how she reacts when she’s on the receiving end.
Perhaps the Angela of a few episodes past might not have recognized what was happening, but when the rather suspicious agent from the Nuclear Regulatory Agency tries to shuffle her in to a distant conference room, you can see her alarm bells go off.
Most importantly: she listens to her gut feeling.
The “agent” tried a number of coercion tactics, adding a sense of urgency and social pressure of not wanting to let other people down: “But my colleagues in the other room are eager to meet you!”
Combined with her growing suspicion that something already wasn’t quite right (how did the agent know she worked at E-Corp?), her paranoia kicked in and she got out of there as fast as she could.
There’s hope for her yet.
Other notes
- I did find it curious that the head of E-Corp’s risk management, as well as (it seems) the whole risk management team, allowed USB access on their machines. I would hope, especially after they’ve been so massively and publicly hacked, that at least high-risk departments would have some kind of device access policy in place. Or maybe that’s unrealistic?
- Real-life hacker tool cameo! This episode had an appearance by the Pwn Phone from Pwnie Express, which Elliot used so he and Darlene could keep tabs on Dark Army phone conversations. The Pwn Phone is usually used more as a penetration testing tool for security professionals to test defense flaws for mobile and bluetooth-enabled devices, but that doesn’t mean someone couldn’t use it for more nefarious purposes, of course.
Image courtesy of USA Network
Angela didn’t log on using her boss’s computer. She leaves his office and goes back to her office. She logs on using her own account to view the contents of the file with the passwords, logs off, then logs on as her boss. The way the scene was setup, this will come back to her in a later episode.
Yes, you are correct — sorry about this. We’ll correct this in the post. Thank you!
Yes, Angela used her computer and used her boss credentials, which was harvested using USB tools at the boss computer. Where were the security cameras? Isn’t she worried about them?
Anonymous is right. You missed a fundamental plot point that renders your articles points somewhat moot. You should rewatch the episode and rewrite this.
Angela made a lot of mistakes in her hack which was a point of this episode, paralleling the serious mistake Darlene made leaving a VHS tape in the house.
Mistakes Angela made:
1. She proceeded with the hack after someone saw her sitting at her boss’s desk, thus leaving a witness.
2. She logged in to his account from her computer using his credentials, which would show up in the workstation and server logs. This is the smoking gun.
3. She did the transfer from her computer, which wouldn’t necessarily show up in normal logs, but could show up in networking logs or in some kind of advanced protection.
4. She connected USB devices to her computer while logged in as her boss. Further proof that a leak occurs at her computer. For example, Sophos Enterprise Console would log that the same USB device was used at these two different workstations, moments apart, with the same user logged in: her boss. It would make no sense for her boss to use her computer, Occums razor would point right at her for this leak, time stamping it and basically explaining the mechanics of how it was done.
I don’t think this was an accident. I think this was intentional so that FBI or Ecorp can use this evidence later against her as a plot point. Just as Darlene’s VHS tape is a potential plot point.
The security experts who work on this show, know all of the points above. If they wanted her to get away with it, they wouldn’t have had the witness, and she wouldn’t have brought it back to her desk. They may have had her use a bootable os as they’ve done before. That would bypass endpoint controls, and would be trackable only at the network and server level.
I predict Angela will be arrested at the end of this season. I also predict she’s smart enough that she won’t talk to anyone besides her lawyer.
I don’t think the phone hack Elliot pulls of should be glossed over as insignificant either. His hack is possible, but difficult unless 1. He’s got a botnet to do processing for him, 2. He knows of an exploit against SIM that we don’t.
Mea culpa, commenters — you are all right and I got that wrong. We’ll correct the article to reflect this. Thank you!
Mimikatz was used by the rubber ducky to grab the plaintext passwords. This requires admin privileges to run. It’s no wonder e-Corp got hacked with such lax security allowing normal users to have admin access. It’s security 101.
Also, no AV was installed. When Angela right clicked to copy the folder considering e-corps poor attitudes to security I was expecting to see a red ‘M’ however there was no indication of any AV being installed.
You now have me wanting to go view this series …. Thanks
Ditto. Maria, I think you have missed your calling… your reviews are excellent.
I greatly appreciate the feedback, thank you! (And I do hope you check out the show soon!)