Every week, a roundtable of hackers discusses the latest episode of Mr. Robot. Episode 11 of Mr. Robot’s final season had one last attempted hack, so we discussed [SPOILERS, obvs] rubber duckies, Stuxnet, text/graphics games, parallel universes, and more. (The chat transcript has been edited for brevity, clarity, and chronology.)
This week’s team of experts includes:
One More Hack
Yael: So I thought it was interesting that there was just one more hack. This is how criminals get caught: they just want to do one more job. And then one more job. And then another job.
Trammell: Yes, the “one more hack” thing is why I go to bed far too late many nights.
And how vacations without projects can turn into almost withdrawal experience. “I’m not good with computers, I’m just really bad at giving up.”
Yael: Right, like that except with the added risk and adrenaline rush of breaking the law. (Allegedly.) I think he really does think he’ll be done after this hack.
Trammel: He used a Digispark to sequence things. It is an Arduino compatible ATtiny85 system that can pretend to be USB devices. One common use is as a “rubber ducky” to store lots of keystrokes so that the attacker doesn’t have to carefully type the commands. That seems to be how he used it. He plugged it in and it started (slowly) sending commands while he watched. I didn’t catch all of them—some sort of power shell invocation and then the fuxor program to encrypt the /bin directory (after gathering entropy).
Harlo: Yeah, similar to a ransomware attack! Which is kind of prevalent nowadays, targeting civic infrastructure.
Trammell: When Mr. Robot said “that would take forever to write,” I was hoping that Elliot would reply, “I’ve reused most of the Stuxnet code.” (Although the Stuxnet virus targeted uranium refinement for nuclear weapons, rather than nuclear power plants.)
Yael: Is Stuxnet code public?
Freddy: Some of it is, other parts are not. I think some Stuxnet code is still technically classified.
Trammell: The NSA/CIA/Mossad were just giving away the Stuxnet binaries for free!
Freddy: Yeah, they were “giving away” the Stuxnet code; all you needed to qualify is an emerging nuclear enrichment program.
Trammell: Not only was it free, they even offered a complimentary on-site installation by a Dutch technician.
A Dutch newspaper featuring the Stuxnet attack. (Image: DeVolkskrant)
Yael: I thought the conversation between Whiterose and Elliot was super interesting, about who is more hateful. Because I think it’s easy to think you’re doing stuff to help people when you actually dehumanize big swaths of the population.
Trammell: Very few people seem to ask, “Are we the baddies?”
Yael: Haha, they should just go on Reddit. /r/AmItheAsshole? I thought it was problematic that the one trans character on the show decides mass murder is the answer due to gender dysphoria. [ed: Hey, don’t forget about Hot Carla! She is good and pure!]
Though in White Rose’s mind, it wasn’t mass murder. It was “helping people.” Or something. But also, it was funny for Whiterose to be like, “you are hateful, your name is FSociety” after killing dozens of people in the plant. Or ordering their killing, anyway. “No, actually, you are the real hater.”
The Hack Attempt
Yael: Can someone explain the tech to me? Does it matter at what point you start the program and the malware is put in? And how does this lead to a nuclear meltdown?
Harlo: This is not a Stuxnet-like attack, I don’t think. I think Elliot just encrypted /bin on some remote computer, which is nowhere near as sophisticated.
Yael: Anyone who wants to learn more about Stuxnet should read Kim Zetter’s book on it, Countdown to Zero Day.
Trammell: I think the meltdown was inevitable when White Rose switched on the machine; the malware didn’t have any effect.
Yael: Okay, so Elliot got there too late. Sorry, Elliot.
Harlo: Get Kim Zetter on the phone. I was just about to say, it was like bringing a knife to a gunfight. What Elliot was trying to do reminds me more of the rash of attacks against municipalities (see New Orleans just a few days ago, Baltimore last summer; countless school districts). Which is ridiculously effective, but nowhere near the sophistication of an attack like Stuxnet. Thus, knives at a gunfight. Yet, the scary thing is, these knives are proving HORRIFICALLY effective.
Trammell: On the rubber ducky: that’s bad opsec by the plant. Allowing random USB devices, even HID input devices, is a bad plan for security.
Yael: How do you disallow USB devices from getting plugged in?
Trammell: You can set up allowed-lists or banned-lists in most OSes so that only permitted devices can be used. You can still spoof it if you know what is allowed though; my homebrew keyboards all claim to be generic 101-key Microsoft or Dell keyboards so that they are likely to be permitted.
Freddy: At some companies, they have rules that will send an alert when a USB is plugged in, and then they have a security person who shows up to talk to you.
Yael: Maybe that person got shot, though.
Yael: I thought it was so weird that Elliot didn’t think it was strange that the people doing security for the site just, like, weren’t there.
Trammell: When it turned into a first-person shooter game with all of the empty rooms and unlocked computers, it seemed like Elliot should have realized something wasn’t quite right. White Rose totally pulled an Ozymandias on Elliot.
Yael: The game reminded me of one I played as a kid, but I can’t remember what it was.
Trammell: The game was very much inspired by the text/graphics games of the era, although the parser was much more sophisticated than the Z-machine of that time.
Harlo: I have an AWESOME BOOK FOR YOU TO PLUG. Twisty Little Passages by Nick Montfort. It’s a media archeology about interactive text-based games.
Yael: It seemed like there was no way for Elliot to win the game.
Freddy: As with all nuclear policy, the only winning move is not to play.
Trammell: The Apple //e in the episode came with a lowercase character generator built in, so that part was realistic. I wonder if they wrote the game and ran it on real hardware. A few years ago at the NYC Resistor Interactive Show, we had Flapple Bird, a real retro game for the Apple 2.
Yael: Did anyone catch the door code?
Trammell: The door code was 0509, the date of the hack.
Flapple Bird (Image: Trammel Hudson)
Yael: The episode ends with the weird parallel universe. Do you guys think that is actually happening? Or is it in Elliot’s mind? (I’ve been watching The Runaways, so it seemed so… redundant, lol.)
Harlo: I got a kinda Rick and Morty vibe.
Trammell: “Did you know that the first Matrix was designed to be a perfect human world, where none suffered, where everyone would be happy? It was a disaster…”
Freddy: It reminded me of the scene where Elliot becomes a normie.
Yael: I didn’t like preppie Elliot, to be honest. He was a little annoying.
Harlo: Maybe this is what Whiterose was talking about in her vision of the better life?
Notice there’s no Darlene? What does that mean?
Yael: IDK. I don’t want to be in a parallel universe without Darlene, though.
Trammell: Yeah, why didn’t she come along to the new world?
Yael: Even Tyrell was there.
Trammell: Tyrell in a hoodie, just like he wanted.
Freddy: Tyrell being a cool CEO like Mark Zuckerberg.
Harlo: Maybe because Darlene’s not dead yet?
Trammell: It seems that Tyrell knew that this was a reboot and was trying to figure out if Elliot knew as well. Was Elliot “forgetting his wallet” an attempt to test the new rules of the perfect world?
Freddy: I thought so too, Trammell!
Yael: If this is how Elliot really dies, it’s sad. And almost anti-climactic, to be honest.
Harlo: I just hope the next episode is a real-life Rick and Morty crossover.