This week’s episode was a little confusing for me – and I’m not only referring to the trippy dream Elliot has while going through his drug withdrawals.
It seems I wasn’t the only one who had questions about the hacks in this week’s episode; Forbes published an interview they did with Michael Bazzell, Mr. Robot’s technical consultant and cyber crime expert explaining the hack attack on E Corp that Elliot comes up with at the beginning of the show.
In the article, Michael Bazzell explains how Elliot plans on destroying E Corp’s data storage facility, using Raspberry Pi. Sounds like a very yummy method – too bad there’s an “e” missing at the end of “pi”! Michael explains that Raspberry Pi is a very small computer that can be accessed via the Internet through its built-in cellular chip. Using this, Elliot wants to control the facility’s climate control system to overheat it, thus melting E Corp’s tape-based back up.
While Forbes focused on the more complex hacks that targeted large corporations like E Corp and Allsafe, I was intrigued by the two physical hacks in the show.
The first “IRL” hack is when two members of FSociety hack a minivan – keep in mind that FSociety does everything in their power to not leave a trail, so they need a stolen car to get to E Corp’s data facility center in order to prevent being caught.
The FSociety guys casually sit on a sidewalk and wait for someone to park and lock their car. Using what looked like an old radio to me but is more likely a transmitter, they were able to send a command to unlock the car – politely thanking “mom” for giving them the opportunity to steal her car. Once inside the car, they connect the car to their laptop using a cable and ran the code to get the car started.
I asked my colleague, senior malware analyst Jaromir Horejsi, what he thought of the hack:
All they needed was the cable and specialized control software for cars. This software can access data from sensors in the car and it can control the car’s behavior. With that, they just had to connect everything together and select their desired actions. – Jaromir Horejsi
The Avast Threat Report provides an overview of global threat activity.
Avast malware researchers and Avast customers work 24/7 to protect each other.
Avast protects 230 million people worldwide in more than 186 different countries — we are present in more countries than McDonalds and protect more people than any other antivirus security provider. We stream 250 micro updates a day that protect our users from attacks. This is made possible by the 230 million devices we protect that simultaneously act as de facto sensors. These sensors provide us with information about suspicious files to help detect and neutralize threats as soon as they appear. Once we identify a suspicious file on a single device, it is reported back to the Avast servers and all Avast users around the world are immediately protected. This is called our Community IQ – it not only lets us better protect our users but also gives us valuable insights into the current security landscape.
Last Friday, Adobe confirmed two new “critical” zero-day flaws in the Adobe Flash Player browser plugin 18.104.22.168 – and earlier versions – for Windows, Mac OS X, and Linux. Today, a third flaw was found. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages.
We recommend disabling Flash until the bugs are fixed.
Security experts say the two flaws were found in stolen files that were dumped earlier this month from Hacking Team, an Italian security firm that sells communication interception and surveillance software to governments around the world. The third one came from the same documents.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in their blog. “Depending on the privileges associated with the user account targeted, an attacker could install programs on the system, alter or delete data, create new accounts with similar user rights, or cause a denial-of-service.”
When your computer slows to a crawl, it is very frustrating. One of the worst things that people do when trying to restore the performance of their PC is to remove the security software. Getting rid of your protective barrier just opens you up to threats that could make things even worse.
So you know that you need a security product on your computer, but you don’t want any software to impact the speed or performance. That’s why an excellent choice is Avast antivirus products.
Avast provides high detection rates and good protection against malware, but it does not degrade system performance or annoy users by being resource hungry.
But don’t take my word for it.
AV-Comparatives, a well-known and trusted third party testing lab, recently tested 20 antivirus and internet security products. Avast Free Antivirus topped every single one of them – paid security suites and free antivirus protection – and received an Advanced Plus three star award for the May 2015 Performance Test.
Reasons why your PC may be slow
It is not always security software that is responsible for a slow system. Other factors can play a role, which means that with a few tweaks your systems performance can be improved.
Elliot, Mr. Robot’s anti-hero cyber-security engineer by day and vigilante hacker by night, has been having a life-style crisis. In episode 3, Elliot longs to live what he calls a bug-free life, otherwise known as a regular person.
However, he is quickly pulled back into F Society’s hold when emails exposed during the threatened data dump revealed that E Corp executives had knowledge about the circumstances which led to his father’s death. We will leave the intrigues and plot theories, especially if Mr. Robot is real or a figment of Elliot’s imagination, to the internet. Right now, let’s look at the hacks highlighted in this episode.
At minute 7:40, you see Elliot in the hospital after Mr. Robot had pushed him off the high wall they were sitting on in the previous episode. His psychiatrist, Krista, is in the hospital and explains that the police wanted to do a drug panel, but Elliot refused. Elliot admits he has been taking morphine. Krista says the only way she can approve his release from the hospital would be if he commits to a bi-monthly drug test. Elliot starts thinking about how he will get around this problem by hacking the hospital’s IT. The IT department is lead by one single person, William Highsmith, with a budget of just $7,000 a year. According to Elliot, he uses useless virus scans, dated servers and security software that runs on Windows 98. It’s one of the reasons why Elliot made that particular hospital his primary care facility, since he can easily modify his records to look average and innocent.
Stefanie: Wow, wouldn’t it be an unusual that a hospital would actually use old infrastructure and have little budget for their IT? I also found it a bit odd that they have just one IT guy, I mean healthcare data is REALLY sensitive and definitely one of the last things I would want to have accessed by hackers!
It usually happens after you download something free. You go back online and your browser suddenly looks unfamiliar. There’s new buttons and weird icons in the place of what you used to have. A strange search page from a company you have never heard has taken the place of your homepage.
How did I get that annoying toolbar?
You have inadvertently downloaded a browser toolbar that came bundled with other software.
Free programs, like Adobe Reader, often include add-ons like toolbars or browser extensions. Most of the time, during the installation of the software, an opt-out option will be presented for the add-on. But, lots of people click through without reading, and when they’re finished they discover they have downloaded something they didn’t intend to.
To keep this from happening in the first place, slow down and read the screens. You could save yourself lots of time and headaches if you do.
This morning, our colleagues who work on our Avast SecureLine VPN product informed us that there was a significant increase in downloads in the U.S. This made us curious, as we didn’t have any specific campaigns running that would explain this dramatic spike in downloads. In the App Store, we jumped tothe 6th spot in the utilities category (and as we were coming from the 200th spot, this says a lot)!
We decided to turn to Twitter to see what was going on and discovered that teenagers were the cause of the trend. This shouldn’t have really surprised us, as teens are trendsetters and experts at dispersing viral content via social media channels.
Most Internet users are familiar with this problem all too well: After downloading a video player, Java, Flash updates or other software, the browser has suddenly changed. New buttons and icons in all colors and sizes along with an URL entry bar take up valuable real estate on your browser. The browser runs noticeably slower – and the results look different. Most annoying is that the advertising becomes more prominent.
Over the past two years, Avast Browser Cleanup has identified more than 60 million different browser add-ons which are often bundled with other free software, such as video players, Java and Flash updates. These toolbars typically occupy the horizontal space below a user’s browser and can include buttons, icons, and menus. Despite removing and re-installing a browser, toolbars will often remain, which is a behavior similar to malware.
Another week, another Mr. Robot episode! Last Wednesday the second episode of Mr. Robot aired (Ones and Zer0s). This episode did not disappoint! It was dark, gloomy, but also included lots of technical things that made us once again question: How can this affect me?
This week I sat down with freelance security and privacy journalist, Seth Rosenblatt, to discuss the episode.
At the beginning of the show, Elliot has a bit of an involuntary meeting with E-Corp now interim CTO, Tyrell Wellick. After this meeting, Elliot goes home and hacks Tyrell. What he notices is that E-Corp mail servers haven’t been patched since “Shellshock” and that Tyrell does not use two-factor authentication nor does he have a complex password. Elliot realizes that this was all too easy and that Tyrell must have wanted Elliot to hack him. He then goes nuts and burns his chips and SIM cards in the microwave, tears apart his hard drive, destroys his mother board.
Stefanie: Lots of interesting stuff happened in this scene! Can someone hack me like Elliot hacked Tyrell? What is the Shellshock vulnerability and can it still affect me as a personal user?
Seth: If Tyrell wanted Elliot to hack him, he made it pretty easy for an experienced hacker like Elliot. I bet many people, who do not put a lot of thought and effort into their online security, can be easily hacked. The fact that E-Corp hadn’t patched their servers since Shellshock seemed a bit odd, but again this was maybe intentional to make it easy for Elliot to hack, in the hopes of blackmailing him later on. In terms of the average user, Shellshock is a vulnerability that affects systems using BASH (a Unix based command processor used by Unix- based systems such as Linux and Mac). Patches for Shellshock have long been issued, so if you update your operating system regularly you have nothing to worry about.
Anyone interested in computer security and how it is circumvented, will certainly enjoy the hacking that takes place on USA Network’s hit television show Mr. Robot. The show has been praised not only for its compelling story line but for its “accurate portrayal of cybersecurity and crime.”
Every Wednesday night after the show airs, our host Ariana asks a security expert to help us examine the hacks and explor their ramifications in the real world. We record the conversation and share it with you in our video series, Avast Hack Chat. In addition to the discussion about hacking, we also take a weekly trip back in the Time Machine to revisit special people in the history of computing or how computers have been portrayed in popular culture.
Avast Hack Chat: Episode 2 “Ones and ZerOs” Program Notes
In episode 2 of Avast Hack Chat, Seth Rosenblatt, an independent security and privacy journalist, takes us through the hacks on Mr. Robot. He explains hacking a major corporation’s email servers, destroying your hard drive and SIM card to get rid of evidence, and if critical infrastructure like a natural gas plant can be hacked.
Alan Turing, who is referred to the grandfather of computer science, was recently portrayed in the movie The Imitation Game. Ariana and Pedram talk about his legacy and how the advances he made are still in use today. Plus, a computer bug.
Pedram brings us up-to-date on the celebrity photo hacking that took place last year. He shares why he thinks the hacker was an idiot.
This week’s Tips and Tricks tells you the safe way to go about sexting. Not that we want you to do it, but if you are there’s a way to make sure your messages stay secure and get to the intended recipient (who probably is not some guy sitting behind a desk at the NSA.)
Subscribe to the Avast Hack Chat YouTube channel and don’t miss a single weekly episode.