Mr. Robot eps3.5_kill-process.inc – the security review

It feels like the entire series was leading up to this episode, and I’m hesitant to mention anything more in case someone gets accidentally and majorly spoiled…

WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON

We can pull out two small threads from this week’s episode to examine. Both deal with unauthorized access.

When we’re talking about information security, and not just cybersecurity, physical security is also part of the picture. We saw Elliot take advantage of small loopholes in the E-Corp NYC building security to infiltrate it rather easily. While employees were filing back in to the building after an evacuation, Elliot took advantage of the minor chaos and the crowds to steal a badge from a security guard, and then use it to get access to several different areas of the building – including rooms where he could connect directly to the (presumably secure) corporate network via ethernet.

At many larger corporate sites, the security staff is often subcontracted so there may not be an element of control over processes there, especially if they are hired by the building landlord. Sure, we can say that the guards should be more careful with their badges, as they are not unlike admin-level credentials with their higher levels of access, but enforcing this would be tough, to say the least.

But giving credit where it’s due: we saw a failsafe kick in when the badge owner (presumably) realized their badge was gone, as the card stopped working right before Elliot tried to get in to the server room. Though it took a bit of time for the guard to realize his badge had been taken, they took measures to revoke that card’s access quickly, which is the right thing to do.

The second thread is when we see Elliot try to roll back the battery server firmware updates, and Mr. Robot does everything he can to stop this from happening.

Picking up on blink-and-you’ll-miss-it action in Terminal when Elliot and Mr. Robot are duking it out, Elliot manages to SSH into the battery servers with full root access, which we assume would give him the access he’d need to change the firmware…

…and moments later we see connection refused as Mr. Robot kills SSH.

Prevention vs Cure

In both these threads, Elliot managed to get access he wasn’t supposed to have, but was thwarted nevertheless by timely (or perhaps just-in-time) intervention.

For those of us in the real world, this is a reminder that although prevention is better than cure, giving up shouldn’t be an option—with a prompt reaction to a security violation, there may yet still be time to head the attacker off at the pass.

By the way, in both these examples, 2FA (two-factor authentication) would have made things much harder for Elliot in the first place.

If the physical access system required a badge (something you have) and a PIN code (something you know), Elliot wouldn’t have been able to swipe someone else’s badge and immediately get in.

And if the SSH server had insisted upon both a password and a token code, Elliot would only have had half of what he needed to access the system.

Not that it would have prevented the carnage from Dark Army’s stage 2 in the end, alas.