Hollywood Finally Gets Hacking Right With Mr. Robot

Author’s note: I’m keeping spoilers out of this article, but they will surely show up in the comments.

A few weeks ago I started hearing about a new show on the USA network, Mr. Robot. The synopsis for the show was “Mr. Robot is a psychological thriller that follows a young programmer who works as a cyber-security engineer by day and a vigilante hacker by night.” Yeah, that sounds like another Hollywood crapfest. Cue crazy GUIs and virtual reality flybys representing hacking scenes. After watching the pilot though, I realized I couldn’t have been more wrong. I was hooked for the entire 10 week first season.

elliot-hacksLet’s start with the hacking, which is the whole reason this article is here on Hackaday. Show creator [Sam Esmail] isn’t a hacker himself, but he is tech savvy enough to see how poorly hacking has been portrayed on TV and in the movies. He knew he could do it better. The solution was good consultants, in the form of [Michael Bazzell] and others. The team helped shape the show into a rather realistic portrayal of hacking techniques. Elliot Alderson (Rami Malek), the main character, is the “vigilante” hacker described in the synopsis. Within the first 10 minutes of the pilot, he is turning a child pornographer in to the police. How does he catch the creeper? Tor exit node exploits, of course.

The onion routing protocol is not as anonymous as you think it is. Whoever’s in control of the exit nodes is also in control of the traffic, which makes me the one in control.

This is an accurate description of some of the exploits which have been demonstrated on the tor network. There aren’t any VR hacking scenes to be found either. In fact, several characters watch and make fun of the “flu shot” scene in Hackers. In this show, the command line isn’t hidden, it’s celebrated. We see every command the characters type, from netstat to CAN bus dumps. In one scene, Elliot even fires up a windows virtual machine so he can run DeepSound on his Kali Linux box.

The hacking isn’t all software either. Everyone’s favorite Linux single board computer is featured prominently in the first season. We can’t knock a show where a character looks at another and says “Ok, we all know what a Raspberry Pi is, what’s your point?”

Social engineering is also a recurring theme. We see everything from the old “dropped USB stick in the parking lot” attack, to a character thoroughly destroying the self confidence of a corporate drone as a method to get to his superiors. (Poor Bill)

evil-corpBeyond all this, it’s a damn good show. We learn early on that Elliot’s father died of leukemia due to an unchecked chemical leak at E Corp. E Corp is the mega-corporation Elliot’s day job is charged with protecting. Elliot sees E Corp as the ultimate evil. Intensive self-reprogramming allows Elliot to perceive E corp as “Evil Corp” every time it’s brought up – in print ads, in video, even in the dialogue of the other characters. Since we watch the show largely through Elliot’s eyes, we see it too. This leaves you guessing what is real, and what is part of Elliot’s imagination. Elliot is the classic unreliable narrator.

Elliot isn’t the only major character though. Tyrell Wellick (Martin Wallström) is a young ambitious senior VP at Evil Corp who wants power, and is willing to do anything to get it. Angela Moss (Portia Doubleday) is a childhood friend of Elliot whose mother died due to the same chemical leak that killed Elliot’s father. She also has a bone to pick with Evil Corp. Mr. Robot himself (Christian Slater) is a shadowy figure who leads Elliot down the rabbit hole to join F Society, a hacking group which is trying to destroy Evil Corp.

Without giving away too many spoilers, the show likes to mess with your head. If you liked Fight Club, or Donnie Darko, give Mr. Robot a try. The season finale is this Wednesday at 10pm Eastern on the USA network.

https://www.youtube.com/watch?v=Ug4fRXGyIak

114 thoughts on “Hollywood Finally Gets Hacking Right With Mr. Robot

          1. The pilot was so good it could have been a movie. However, without the short comings of movie length time they have made good use of the time a TV show season provides while pulling off the cliff hanger needs of a TV show episode without missing a beat in any episode. I’ve enjoyed this first season thoroughly. It’s hard to start off that well as it leaves unrealistically high expectations. Unless Sam Esmail had bigger plans and felt this show was going the distance before the pilot I don’t know where the end of this season will leave us going into season 2. I love predicting outcomes and Sam had me second guessing myself a lot so at this point of the series with the season finale tomorrow I honestly have no Idea what’s really in store. This is a must watch TV show. Season 2 will have a tough time filling season 1’s shoes I will say that much..

  1. I think Person of Interest deserves some credit for being pretty accurate over its run too. Although they rarely go into as much detail.
    So, thats 2 shows good. I think we need about 10 more to merely balance CSI:Cyber existence though.

        1. One technically accurate film dialogue is actually hackers (if you read the script). It was once the ridiculous 3D graphics for logging into a server or changing directories, that made it so bad. The scriptwriter was good job, but once he handed it over to the next people involved in the film making chain it just went down hill very very fast.

          1. Yeah, same thing happens with firearms in TV/movie scenes. You might have a good script (e.g., Justified) but when the scene plays, you get “Glock cocking” and other stupid firearm tricks that leave people who competently carry, handle, and compete with guns rolling our eyes.

            Since I’m also an engineer, I get doubly incensed over TV & movies: stupid hacking scenes AND stupid firearm tricks.

          2. Add to that hilariously bad sword-fighting and anachronistic or plain silly costumes/armor in historical productions and you will realize quickly why I don’t watch many movies/shows any more.

            Being a skill-hoarding hobbyist has made watching most movies a lot harder; can’t watch movies with guns, because holy hell trigger discipline and infinite “clips,” can’t watch techy movies because terrible hacking scenes, can’t watch medieval/fantasy because armor that makes no sense and terrible fight scenes…

            But the flipside is that it makes movies that really do their homework worth their weight in gold.

    1. Person of Interest was very good. It wasn’t completely 100% accurate, it had a sprinkle of hollywood magic ontop of legitimate things. Also, it kept up with current events a bit, after the silk road shutdown they sorta featured it on the show. Excellent stuff.

      Cant wait for the new season.

    1. Started watching.. This raises discontent with plutocracy.. Why would you make a show to make money that criticizes capitalism and hierarchy? The hacker guy is kind of interesting even though it’s obviously an extrovert acting an introvert..

    1. Having IP addresses with their individual digits greater than 255 is the equivalent of 555 in phone numbers. Me personally I’ve come to ignore it just like I do 555 phone numbers in films and TV. I’ve see it occur about 20 or 30 times at this stage, and I do not expect not to see it.

      I’m expecting to see this for IPv6 numbers when the jump from 32bit to 128bit eventually makes it way onto the screen:
      HHHH:IIII:JJJJ:KKKK:LLLL:MMMM:NNNN:OOOO

          1. I would argue against using non-routable addresses. Since they are going for acuracy, this bother would me more than above-255 octets since it’s obvious (to us) that it’s a not reachable. It’s obvious why they are going the route they have, it’s exactly the same problem with phone numbers but potentially worse. After the first time you have to explain to someone why you can’t get to their ftp server across the internet at 192.168.x.x it’s like getting slapped in the face by stupid ever time someone gives you a private IP to connect to. This is somewhat harsh, but I’ll never forget a guy sending me screen shots of his command line to assume me that was the IP I should connect to despite my explanation as to why I needed his router’s ip. But most people are teachable and want to learn. But I digress…

      1. I don’t think it’s a bad thing, really. Everyone with the phone number 8675309 has suffered from hundreds of prank calls asking for ‘Jenny’, so it makes sense not to use addresses that can possibly map to something in the real world.

      2. It is really shame, they have not money to buy a fixed IP address for 10USD/month for the next 2 years, and show that address in the film.

        With all these non-existant IP address undermines the whole movie on the technical level…

        1. I think they should have went with random numbers in the following ranges. I’d especially pick the last range as most people don’t seam to use it (as much).
          127.0.0.0/8
          or
          10.0.0.0/8
          or
          192.168.0.0/16
          or
          172.16.0.0/12

          1. Would have had an associated implication – “whatever this is, it’s location-specific and not routable”. “not a valid number” is probably a better approach, provided that people in the know realize that it’s present exactly and only as a way not to put a real address in. (OTOH, a /better/ option is to get the address… and then /put something there/. Those are amusing, and it’s not terribly expensive.)

    2. IP addresses that include numbers higher than 255 are Hollywood’s networking version of 555-1212. Saw one of those on last night’s CSI: Cyber. (Don’t they know cyber is sooooo 80’s?)

    1. He’s not an android from what I’ve seen.. Just a discontent introvert hacker using game-theory on global economics..

      They DO have the unrealistic hacking though to comply with the plot timing but it’s not as shite as most hacker shows..

    1. If you want a less resource intensive DWM and one more common, Gnome fits the bill. I’ve always liked KDE, but have had problems countless times with it whereas Gnome for the most part would just work, and work well

      1. I don’t know why people always chose between KDE and Gnome.

        I run Fluxbox.
        90% of my windows are xterms.
        If I want to run an application that links to Gnome or KDE libraries I just do that.

      1. I was just surprised Elliot wasn’t running Openbox, or AwesomeWM, or xmonad. Those would seem to fit the personality portrayed in the character better than, let’s face it, the Linux equivalent of Apple’s Aqua GUI.

    1. Yup. I’m not going to even bother watching because of that. I was intrigued, nearly enthused, while reading this HaD article until “…father died of leukemia due to an unchecked chemical leak at E Corp. E Corp is the mega-corporation Elliot’s day job is charged with protecting. Elliot sees E Corp as the ultimate evil.”

      Sorry. 50K thumbs down to the show for going to *that* dry left-wing plot well.

      1. Most of these types of plots are directly inspired by real life company’s doing dodgy things – pretty much all of Leverage was ripped of the headlines.
        Saying that all company’s are evil or led by crocks is bollocks, of course, but to say none are is equally bollocks – and that’s not “left wing” is just a fact. Bad people get to the top some time.
        And tv shows, given they want a villain, will only focus on the 1/100 or so “villain” company’s and not the 99/100 ones doing nothing wrong. Its the same when its with individual people.

        Unless a show outright says ALL company’s are bad, showing A bad company (or 10) is no different then showing a bad person (or 10).

    2. You are all missing the point. “Since we watch the show largely through Elliot’s eyes, we see it too. This leaves you guessing what is real, and what is part of Elliot’s imagination. Elliot is the classic unreliable narrator.” You are watching a fictional account of a fiction. And we all know an Elliott-type that is excessively anti-corporate and they likely see the world this way.

    3. If corporations dont want to be called evil, they can stop doing evil things, then laughing it off.

      Corporations are people too, my friend. (And as such they are open to criticism for their actions)

    1. Agree! I like how they are all file names including _ instead of spaces. Tho who is using flv anymore? seriously? also where is my ogv?!

      I went to google to find where i could watch the show online, and almost missed the hulu link because I thought it was a torrent…

  2. I liked hackers. I know it is cheesy. However, at that time period without the cheesy graphics 95% of America would’ve had no clue what was going on without constant chatter between characters.

    1. Yup. Re-watched it the other day, aside from the tech & fashion that’s changed the hacking techniques are basically the same – replace every occurrence of the word “phone” in the script with the word “wifi” and everything is basically bang up to date.

      The graphics didn’t bother me, you’ve gotta think of the non-techy audience trying to imagine WTF is going on “in software” while all this hacking stuff is happening, I thought they visualised it pretty well. Also top marks to the FX crew for rotoscoping it all, the irony of there basically being zero CGI in that film is excellent.

  3. Sadly this show is currently being ruined by idiotic censoring of audio.
    You can’t silence (nor bleep, but it’s silencing here) in drama, it’s rude to destroy a serious work that way and it takes you out of the suspense and story.

  4. But to the point: real hacking is what people think “real hacking” is…why ruin it for the rest of the audience? Was War Games anywhere near credible technology for its time?

    1. Was WarGames credible? It inspired me to write a demon dialer using the cassette motor relay on my Color Computer to pulse-dial every phone number on my campus, and list off all the modem numbers it was able to connect to.

      However, I was only looking for the unlisted “faculty modem” number which was purportedly much better served than the student modem bank, and much less susceptible to busy signals. I wasn’t trying to connect to the WOPR, or play a nice game of chess.

  5. It really is like hacker dexter, I wonder if writers or directors from dexter are on this or if they are using the formula?

    I predict they will drag out plot lines by second season and it’ll get boring. The tech stuff is boring sysop BS CS kiddies all knows.. No RCE etc..

  6. I’d like to add that Silicon Valley is ‘decently accurate’ on tech and tech culture.

    Halt and Catch Fire is more a character drama wrapped in nerd nostalgia, but also ‘decently accurate’ if you can get past the bench power supply electrosex scene. Made me throw it out for a few weeks.

  7. I’ve decided not to watch it just in case I wind up enjoying long enough to see the
    Network jack it up or cancel it after I’m invested in it. I’m just gonna read
    A book instead

  8. Step 1
    Download IT sec audit tools, and scan IP space

    Step 2
    Morons live in fiction, and become deluded asshats who think they’re security researchers…
    Note, ignorant people with a camera can’t tell the difference…
    Hint: if its been done a plethora of times it is no longer an interesting hack.
    https://www.youtube.com/watch?v=tyBUMntP6DI

    Step 3
    Profit

    So fake, real Hackers will use a TV for parts…
    ;-)

  9. “Algorithm” was nice, except that the lead turns to the dark side in the end indulging in murder, corruption and misuse of public funds. Feels like a NSA recruitment flic after watching it.

    Mr. Robot looks like The Matrix meeting occupy Wall street? Maybe Steven Seagal is in it too, jarring about global warming and government conspiracies?

    Nice plot however. Will watch it.

  10. I watched the whole series in a red eye session and the first thing that hit me was the command line and other actions being accurate. The second thing that hit me was how much the character was based on Lisbeth Salander from the Steig Larsson novels. Socially inept genius at work.

    1. I never got where the ‘quiet type’ or ‘social inept’ thing comes from with hacking stereotypes.. It’s actually the opposite.. I’ve actually never seen a known hackers who wasn’t in to parties and sports..

        1. All hacking activity is accounted for.. The only people anonymous these days are some TOR and botnet based attackers and I’ve seen their personalities. They are mostly marketing types who contract career coders who are ripping and buying exploits to push profit models with botnets and defense data. They are also not mostly Russian like the US keeps telling people..

          There are no people moving invisibly on the net. You’d see evidence on malware-honeypots or in the losses themselves.

          I AM curious about the China and US stock fluctuations, but I think those are plutocrats encouraging trends..

  11. I (and many others) suspect the badly botched tech scenarios in tv and movies have become an intentional form of crypto-humor to attract more technical minded viewers. One of my favorite faux-tech scenes is at the beginning of an e[episode where the cute asian cop demonstrates a combination 3D scanner/printer which replicates a random cellphone in about a minute.

    1. That’s more or less a hard requirement of the movie/TV industry, similar to the 555 phone number exchange. At some point you have to accept that you’re not seeing 100% reality no matter how close they get sometimes. Fiction is supposed to be an escape; if it were 100% realistic it would be boring.

  12. Frankly I thought Hollywood got “hacking” right with “Sneakers”. Dumpster diving, social engineering, lots of research and a bunch of people who were not physically perfect and beautiful, with annoying personal quirks. Other than their “magic box” device, the whole movie about how they got it, the “navigating by ear” scene, the ever-awesome “secure door hack” and finally the “no matter how clever you are, someone is a bit more clever and probably working for someone who sees you as competition” ending.

    If the magic codebreaker box was replaced with a realistic device, the movie would have been as close to perfect for hacking depiction as is possible without breaking laws.

  13. “The onion routing protocol is not as anonymous as you think it is. Whoever’s in control of the exit nodes is also in control of the traffic, which makes me the one in control.”

    Not if the site in question is a .onion itself. Exit nodes are for anonymous access to clearnet sites, which the site in question almost certainly wasn’t. Exit nodes aren’t used at all for .onion sites.

    That said, overall it’s several orders of magnitude better than typical depictions of hacking.

  14. having been prior military with security classification i know full well what can happen and what does happen behind the scenes.

    the act of making the actual hacks published in the show only opens up a can of worms that could blow up in our faces. the wrong people(i.e. ISIS and terrorists) will use these techniques for their own evil ends. it has been the practice of obfuscating that sort of content in other shows to lessen those sorts of problems. i already know your response; it is already all out there for anyone to grab hold of it. true, but by putting it on a tv show just makes it easier access.

    better safe than sorry folks

    my two cents == my two dollars

  15. i loved that the show was very realistic, using real hacking tools and real code.
    it is worth knowing that Offensive Security (the creators of Kali Linux) have online courses and certifications for information security, ethical hacking, and more:
    https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/
    https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.