Hackers Dissect ‘Mr. Robot’ Season 4 Episode 7: ‘Proxy Authentication Required’

Episode 7 of Mr. Robot’s final season was hack-free, but we still managed to discuss [SPOILERS, obvs] the Cayman National Bank heist and the anonymity of cryptocurrency payments, as well as therapy, mental health, and, uh, surviving kidnappings. (The chat transcript has been edited for brevity, clarity, and chronology.)

This week’s team of experts includes:

Jen Helsby: SecureDrop lead developer at Freedom of the Press Foundation.

Jason Hernandez: Solutions Architect for Bishop Fox, an offensive security firm. He also does research into surveillance technology and has presented work on aerial surveillance.

Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as Director of Information Security at The Intercept.

Matt Mitchell: a hacker and Director of Digital Safety & Privacy at Tactical Tech. He founded cryptoharlem, which aims to teach basic cryptography tools in the inner city.

Yael Grauer (moderator): an investigative tech reporter covering online privacy and security, digital freedom, mass surveillance and hacking.

*

Jen: That episode was heavy. Poor lil Elliot.

Yael: YES, it was intense! It got me thinking about the importance of mental health in activism. You have to process your own traumas and motivations in order to be clear about your goals, especially if you have dissociative amnesia. So if you hack your therapist and they fire you, maybe get another therapist?

Matt: Get another therapist. 🙂 Yup.

Jen: I wonder what the deal is with therapists and reporting imminent crimes.

Yael: They make you sign something saying if you are about to kill yourself or others, they have to report, I think?

Micah: I know therapists also have to report if they learn anything about potential child abuse.

Jen: One thing I learned from this episode is that you can discharge a firearm in a luxury apartment and no one calls the cops. That’s what I call privacy.

Yael: I was just talking to Harlo about a HEFAT (Hostile Environment and First Aid Training) she was at where they did kidnapping simulations, and she learned how to escape handcuffs, zip ties, etc. I was not at the training, but I can speak to how powerful simulations are. I was just at the CyberMed Summit in San Diego, and they did all of these cyber attack simulations with doctors that we all got to watch. It was incredibly powerful and really drove home how people without awareness of certain situations would respond and what the stakes are in a way that you can’t get just from reading. In HEFAT it sounds like you’re actually participating in the simulations, not just observing them. Other than intensive training, anyone have tips for Elliot and Krista for their next kidnapping?

Matt: At GJS Security, we were taught that kidnappers need you to create a predictable pattern and make yourself vulnerable for them to be successful. Not easy when you’re up against Vera, but switching things up could have helped Krista not be found. To avoid that, blend in, take rented cars, and spend time with a travel buddy or in a crowded area. They also spoke about the benefits of humanizing yourself to your kidnappers and trying to understand their motivations. Difficult if you are gagged and strapped to a chair, but not impossible.

Jason: If you’re going to carry a firearm (which I don’t generally recommend), get familiar enough with it that you can tell whether it’s loaded or not based on weight.

Yael: Yeah, good call. Though depending on how much adrenaline you have, you can kind of lose sensation in your hands. I learned from self-defense trainings that you’re supposed to do everything you can to avoid getting taken to a secondary location, but Elliot was outnumbered, and it’s not like he didn’t try. Didn’t Elliot contact police from his laptop once when he was shutting down that coffee shop in Season 1, though?

Micah: That’s a good point. Elliot briefly had access to his computer. Maybe he could have called for help.

Yael: Though he’s also wanted by the police, so it’s less likely he would, right?

Jason: Elliot could have rigged up his laptop to send out some distress signals or have a dead man’s switch. That seems advisable and doable. He’s been kidnapped before.

Yael: Or he could have contacted Darlene, not that that would’ve helped. But yeah, FSociety should go to HEFAT training, as should FSociety members’ therapists.

Jason: I don’t think Krista had any real idea or shot at knowing the level of danger she was in until it was too late.

Yael: Also, she’s probably in more danger now. It’s not like Vera’s crew is gonna just let this go. Good point earlier by Jen that someone might hear gunshots and call the cops, though often these things happen so quickly that by the time the cops show up, it’s too late.

Micah: During the last scene, while Vera was opening up to Elliot, I kept hoping Elliot would pull the gun that was in Vera’s pants out and shoot him. So it was a nice surprise when Krista stabbed him in the back instead.

Yael: Elliot was so broken and raw in that moment. Plus his last shooting attempt failed. I wonder how much of dealing with kidnapping scenarios is not getting discouraged and figuring out how and when to plan escapes. No hacks this episode! Just lots of 1s and 0s. Stadium money. I wonder what he was actually showing them.

Micah: I think he was showing them actual documents from the bank hack, the money Elliot was actually getting ready to steal from Whiterose. This kidnapping took a lot of time, and time is running out. I wonder if they’re actually going to pull off the Cayman National Bank heist… err, I mean Cyprus National Bank. Cayman National Bank is that Phineas Fisher hack that was just released.

Yael: What are the differences and similarities between those?

Micah: Well, Elliot and Darlene are hacking Cyprus National Bank in order to cripple the Dark Army. Phineas Fisher wrote a whole manifesto about why they hacked Cayman National Bank, but basically, it was to steal from the corrupt and give to organizations fighting for social justice.

Yael: What was the aftermath of that hack?

Micah: I believe Cayman National Bank managed to keep the hack completely secret. Until Saturday.

Yael: 👀

Micah: Also, Phineas Phisher is offering a $100,000 bounty for other hacktivists to hack banks and oil companies now.

Yael: A.Lizard was tweeting about how paying winners in a way that’s untraceable might be difficult since cryptocash isn’t really anonymous against well-funded opposition.

Matt: Cybercriminals have no problem getting paid anonymously. There are so many ways. Chain hopping through various cryptocurrencies is a viable option. There are companies that track “anonymous” payments for law enforcement and businesses. Luke Wilson at 4iq, formerly of the FBI, and the currency tracker Elliptic, is an example of a cryptocurrency investigator. They have a hard time against some techniques and an easier time against others. The key is knowing which is which.