The USA television network will soon air the finale of the debut season of Mr. Robot, whose popularity has already secured it a second one. This attention-grabbing program revolves around the members of a hacking group called F Society who are trying to bring down a fictitious villain company, named E Corp (or Evil Corp, to its enemies).
Mr. Robot’s main character is a young man named Elliot, a brilliant hacker who has emotional issues as well as social interaction problems. He works for the fictitious Allsafe, a cybersecurity company who has E Corp as a client. As hackers attempt to bring down the all-mighty E Corp, they produce online videos to criticize the company, expose information to get the company’s leaders arrested, and even approach a shadowy group of Chinese hackers for support. (There are various other subplots.) From a real-world standpoint, Mr. Robot is worthy of praise, as it properly exemplifies the complex world of cybersecurity.
One issue that Mr. Robot accurately portrays is how members of FSociety are able to exploit the lack of proper cybersecurity by the general population. For example, in one memorable scene, a policeman picks up a USB from the ground and plugs it into his computer at work. The USB displays a screen for free music, while in reality it is downloading a Trojan.
Luring unsuspecting victims into downloading a file from a website, inserting a USB, or clicking on a link in an email (maybe from an acquaintance or someone offering a one-in-a-million business transaction) is a common practice for cybercriminals. One recent example: Romanian banks being hit by the Tinba Trojan as it expanded via a maltervising campaign. The situation will become more problematic as Trojans appear in mobile apps, which many smartphone users download daily.
Clearly, Mr. Robot is accurate in that it does not portray its characters as omnipotent hackers who can penetrate a law enforcement network with a few simple clicks; rather, they rely on the naiveté of unsuspecting individuals who will infect their computers themselves. (An IT expert interviewed for this commentary explained how, as in the show, real-world police networks are offline systems referred to as air-gapped, and it is popular at IT-security conferences to find ways to break into them.) In fact, the use of USB sticks in the show is probably a nod to Stuxnet, a computer worm that crippled Iran’s controversial nuclear program and was delivered via a thumb drive.
What’s more, F Society’s main objective, to bring down a multinational corporation such as a bank or industrial conglomerate, has appeared often enough in the real world to be the inspiration for any number of Hollywood productions. For example, in 2013 the hacking groupAnonymous published “the login and private information from over 4,000 American bank executive accounts in the name of its new Operation Last Resort campaign, demanding U.S. computer crime law reform.” In other areas of the world, such as Brazil, hackers have attacked government websites. Moreover, Anonymous hacked Stratfor, a renowned global intelligence and security consulting organization. The group retrieved millions of emails, dated between 2004-2011, from the company’s employees as well as intelligence data. The information was then uploaded to the whistle-blowing site Wikileaks.
When it comes to carrying out its operations against E Corp, the hackers of F Society upload videos showing an individual with a top hat and a mask who explains, in a distorted voice, the wickedness that is E Corp. Creative yes, but also relevant. The rise of social media has increased the amount of platforms that hackers can use in order to disseminate their messages to the global masses. Anonymous regularly uploads videos in preparation for, or to report on, some of its operations; for example, in a June 17 video, the group announced its operations against the Canadian government in retaliation for the controversial Anti-Terrorism Bill C-51.
Finally, one notable aspect about F Society is its composition – the group has around half a dozen members, including four men and two women, with ages varying between early 20s to mid 30s. Curious if such gender diversity is present in real-life hacking organization? Not yet. My own research at least seems to show that hackers are predominantly male. Nevertheless, if theInternational Women’s Hackathon is anything to go by, this gap may close in the near future. (Read “Mr. Robot, Ms. Robot” for a discussion on how the show approaches gender norms.)
Motivations are another key element of the show: a few of the hackers question whether they are driven by a need for fame, the desire to bring about an “economic revolution,” or merely to embody the American dream as they perceive it? In real life, hackers’ motivations have been extensively analyzed (with one study dividing them into four categories: old school hackers; cyberpunks; professional criminals; and coders). Mr. Robot takes these nuances into account, rendering its characters more multi-faceted than the stereotypical Hollywood-hacker or socially awkward anarchist with a god-complex. USA’s surprise hit should not be placed in the growing ocean of television shows in which IT-savvy characters are drawn from stereotypical hacker clichés. On the contrary, Mr. Robot succeeds at displaying the complexities of the programmers behind the screen. Moreover, the show correctly portrays several issues of real-world cybersecurity, such as hackers attacking multinational corporations and boldly bragging about it online. In this way, it highlights the ongoing concerns surrounding personal online security. Hopefully, Mr. Robot’s season two continues to portray the intricacies of the hacker world. I, for one, will stay tuned.