English

Multiple Options, Various Color Selection, Oem/Odm Designing

View All Products

Fully Customizable

View All Products

Build A World Brand And Let Us Go Global

View All Products

Mr. Robot Season 2, Episode 9: Rubber Duckie, You're The One

2022-08-12 21:14:06 By : Mr. Abel Yang

Not only does Mr. Robot set the bar for dystopian hacker suspense thrillers, it’s also a great hacking show that’s true to the culture and portrays technology authentically. So I gathered some of the smartest hackers I know in a Semaphor channel to talk about the show. (The chat transcript has been edited for brevity and clarity.)

Our hacking experts, in alphabetical order:

This week we discussed whistleblowing, the Pwn Phone, and more.

Yael: We finally find out why Elliot’s in jail!

Matt: That therapist hack and stealing the adorable dog.

Yael: Even if you want to plead guilty, aren't you supposed to pretend you're not going to in order to negotiate a better sentence? Any guesses why he pleaded out so quickly?

Micah: I think Elliot wanted to get rid of Mr. Robot, and he thought prison would be good for him to do that.

Bill:It also seems like the regimen that he was going through was suggested by his prison friend (Leon), and that it was voluntary. So part of the strictness of his schedule wasn't just that it was the prison system, but also self-imposed.

Yael: Grand larceny for stealing a dog, unauthorized use of a computer, computer trespassing… do you think 18 months would be standard for all that?

Bill: I figure for a first-time offender... maybe. It seems like it's pretty light compared to what a lot of people get.

Matt: I know first time hacking offense and not being a person of color means a light sentence. Most those suburban high school grade changer hackers get light sentence. But people like "corrupt" (John Threat) they do big bids.

Micah: I think sentencing can differ wildly, and whether or not the prosecutor or judge wants to make an example out of you. In this case, it seems like they weren't trying to make an example out of Elliot.

Matt: The court-appointed lawyer was like, just plead not guilty.

Yael: I mean, you can always switch to guilty later.

Bill: Also, if he was in for some part of 18 months (it was an early release, which Elliot speculates might be due to his Dark Army connections), the time since the first season has elapsed would be some matter of months.

Yael: Yeah, he got out in 86 days.

Matt: The c.o (correctional officer) said states can't afford non-violent offenders being locked up, and record numbers were being released.

Yael: Who was it that called it re: Ray being the prison warden? I got emails and a comment saying we know Ray is an inmate because he was sitting in front of Elliot in a jumpsuit. But they were wrong.

Bill: That was Jen. Jen said, "Maybe Ray isn't a prisoner at all." Totally called it.

Micah: Ray is the warden, and the guy who beat the crap out of people for Ray is a prison guard.

Matt: Someone else called the dog, right?

Yael: I mentioned the dog. :) And I think Micah did, too.

Bill: It's interesting, this season (since the alliance between Mr. Robot and Elliot) it seems Elliot can switch into Mr. Robot almost at will.

Micah: I think their alliance is brittle. Mr. Robot has been lying to Elliot; he hasn't been telling the full truth.

Matt: Well with the “let me take a punch for you” scene we learn more about "how it works."

Bill: He says, "I won't talk to them... Mr. Robot will" when he's going to talk to Cisco's Dark Army contacts in the library.

Yael: And he managed to take a leak and be Mr. Robot at the same time; impressive.

Micah: Well, clearly stage 2 was Mr. Robot's plan, and Elliot doesn't even know about it. And I think Mr. Robot lied when he said that they killed Tyrell. I think he's still alive somewhere.

Bill: Yeah, an uneasy alliance might be more appropriate. Not unlike the uneasy alliance between Whiterose and Price.

Matt: But in prison I wish they explained the computer but I guess prison phone or wardens machine.

Yael: Yeah, I think he was on Ray's machine. So what's the deal with Elliot's mom? She was completely unresponsive when he visited her.

Bill It reminds me of the scene in Daredevil last season when they go to visit the Kingpin's mother.

Yael: So Angela gets to use her rubber ducky to get a password and then use it to log into someone else's box and get documents...Does she have a backup copy of those docs? Because I think she just sort of handed over her drive.

Jen if only there were some kind of document leaking system for this sort of situation.

Bill: Some secure portal, a dropbox, perhaps.

Jen: Hmm, yeah! Someone should do that.

Yael: But I think she has to go through official means first to be protected by whistleblower laws?

Bill: I don't think this is a universe where the law protects whistleblowers very much. I mean, she went to the very agency that is tasked with protecting public health, and she gets a visit from the FBI for her diligence.

Micah: I think this episode does a good job of showing how risky it is to trust people to grant you anonymity when you're trying to blow the whistle. It's so much safer, in all sorts of situations, to use technology to enforce your anonymity.

Matt: She used two USB devices. The rubber ducky and a large USB to copy the docs to. She got the domain login and was golden from there.

Micah: The USB Rubber Ducky scene was excellent. But honestly, I think it was a little foolish of her to login to her own workstation and look at the data, and then copy it to a USB stick. She should have waited until after work and used a personal computer. Evil Corp probably has at least some sort of spyware on their workstations. Oh -- did she not actually get the data on the rubber ducky? She just got credentials she used to access a network share?

Matt: She got the rubber ducky to pull usernames and passwords. The personal computer wouldn't be on the same domain. Identity management, active directory and network shares loose in the office. From a VPN on work machine is the best bet from home. That connection usually has more auditing and security and obviously you.

Kevin: It seemed like she extracted the credentials out of the Windows SAM (Security Account Manager) registry, basically NTLM hashes that can be cracked, or LM hashes.

Matt: Then logged in as that person after some bawse level social engineering.

Bill: I wonder if she'll use John the Ripper to crack the LM hash?

Yael: So there's a record that the file was copied it external storage from her terminal, while logged into someone else's account...Even if the FBI wasn't onto her, that seems...risky.

Matt: Machines with good security alert on USB insertion, type of device, if storage how much, etc.

Micah: Windows logging is vast, complex, and configurable. But I'm not sure if there are logs each time you copy a file from one disk to another. There's likely a log that she connected to the shared folder using someone else's credentials from her workstation though

Bill: Insert plug for Qubes here.

Matt: But if her USB was designed to say it was a keyboard, then Angela might be okay.

Yael: It looks like the Dark Army (and also Evil Corp) wanted her to drop docs for some reason? I was surprised that Dominique just walked into Angela's house later. I thought FBI agents without warrants were like vampires and had to be invited in.

Kevin: She's obviously trained in interrogation tactics.

Micah: Angela did try to kick her out, but after she walked in.

Matt: They can say they assumed you let then in cause you didn't ask ‘em to leave. Opsec vs. trained intelligence community.... IC wins. Training is high level. Don't think you have the upper hand as a hacker; you don't.

Yael: I kind of feel like if Darlene were an FBI agent, she'd be Dominique.

Bill: Yeah, it seems like she was a little more savvy than this FBI officer: https://www.youtube.com/watch?v=iiT1g7hiRiE

Yael: Why are the feds taking over the Washington Township plant?

Micah: The Evil Corp CEO was trying to convince his Congress buddies to give them a bailout, but it seems like that effort failed. And without a bailout, maybe they can't afford it anymore, but it's critical infrastructure so that's why the feds are taking it over?

Yael: So someone tell me about this magical Pwn Phone Elliot used and why he was willing to spend $1200 on one.

Matt: Elliot needed to eavesdrop on the Dark Army. It’s a pentest device for mobile hacks. Kind of like Santaku is to Kali Linux, but hardware.

Bill It seems like already the Pwnie Express site is advertising the Pwn Phone with Mr. Robot. That was quick: https://www.pwnieexpress.com/mr-robot-pwn-phone.

Yael: Yeah, they're raffling one off. :)

Matt: The company is really loving the attention. They changed the store to talk more about that specific hack.

Bill: So according to this page, he uses Cracksim, a custom script that he's written, to crack the DES encryption of the SIM card for the Dark Army contacts.

Yael: Yeah, smart. Do you need a Pwn Phone to do that? I mean, I'm sure it'd be easier. It's built on Kali Linux and has a ton of built-in tools (in addition to the scripts you write yourself).

Micah: I don't think you need one, but I think it helps. I don't understand how that attack worked, but one nice thing about the Pwn Phone that you don't often get in a normal laptop to cellular hardware. You can take any laptop and boot to Kali to start hacking Bluetooth and Wi-Fi, but it takes some custom stuff if you want to hack GSM, CDMA, etc.

Bill: I think a Pwn Phone is most useful in situations where you're doing street-level hacking, "warwalking" for instance. It looks a lot less suspicious if you're walking around looking at a phone (even if it does have an antenna poking out) than walking around the streets on a laptop. But in this case he was just at his apartment. Or…Darlene's apartment

Matt: Cisco's apartment. Darlene is too badass for apartments. I feel the show needs more black hat and cybercrime consultants, but then again those tools are like having a show teach you to build a gun. Pentest heavy for a reason I suppose.

Yael: It's funny to me that he's on Zhun's phone but they still don't know what Stage 2 is. Elliot is totally losing it with the Mr. Robot merger. Even Cisco thinks he's being creepy.

Bill: You mean the way he heard Mr. Robot talk to the others even though he was in the bathroom? And not knowing that Mr. Robot was behind Stage 2?

Yael: Yeah, and just...apparently looking like he's blanking out when all this happens. It's hard to watch.

Kevin: I often describe Mr. Robot as the Fight Club of television, and I think that's kept bearing itself out. He's clearly suffering from depersonalization and dissociative identity.

Matt: He never made mistakes like referring to Mr. Robot like that, but I think he now is aware if the situation and dealing with it while sharing the physical form is difficult. Darlene caught the slip. But like earlier in the season when she says, "we need HIM." she is doing what's best for the mission. Not what's best for her brother. I like that they hack differently, Elliot and Mr. Robot.

Yael: Oh! Bill, you mentioned cringing at Darlene's bad opsec when her actual face was on FSociety tapes... well here we are.

Matt: Okay, so Cisco goes back to the house to get the tape. And he sees something and has a "holy shit" look on his face.

Yael: Why did she send Cisco?

Matt: Cause she doesn’t trust him to listen to the decrypted cell calls And Elliot can barely take a piss without slipping.

Bill: It's interesting that at some point they zoom into the audio icon on Darlene's computer. What do you think they're trying to indicate there?

Kevin: Well, Darlene had a knock at the door.... maybe someone's listening to her listen.

Yael: So where is Tyrell?

Kevin: Tyrell is wanted for the 5/9 hack; he's probably on the run, off the grid. Probably in another country.

Yael: Why is Joanna Wellick after Elliot? Maybe she thinks he knows something...

Kevin: Joanna seems to know where Tyrell is and to be unfazed by his absence. She knows more than the audience for sure.

Bill: After an entire month, you'd think ECorp would notice that their GC has gone missing. The tape would definitely be gone by then, and probably under surveillance.

Yael Has it been that long?

Bill: Yes, Cisco mentions that "that was a month ago.”

Micah: She did have an autoresponder email.

Yael: But that was just for two weeks.

Matt: The knocks at Darlene door sound like the Mobley knocks. FBI? Trenton AND Mobley missing, dead, detained?

Yael: Or on the run. Eating tofu scramble with Tre Arrow.

Bill: You and your Tre Arrow references.

Matt: Tofu scramble with Tre Arrow is the goal.

Yael: He's a good escape artist! Anyway, I liked this episode a lot. I feel like it advanced the plot pretty well.

Bill: Other than the Pwn Phone a little light on hax, though.

Yael: There was the rubber duckie!

Matt: The social engineering to rubber ducky was advanced and appreciated. We had our first No Elliot episode last one. I am happy he is back. But the show is bigger than Elliot.

Check out our other chats for this season:

Episode 1: Society’s OPSEC Is Lacking

Episode 2: Ransomware, Burner Phones, And Setting Cash On Fire

Episode 3: Stolen Bitcoin, Exploding Computers, And More Bad Opsec

Episode 4: When the FBI And Dark Army Are On Your Trail…

Episode 5: 5/9 Truth: Wake Up, Sheeple!

Episode 6: Angela Moss Becomes A Skiddie

Episode 8: Darlene Takes Off The Heart-Shaped Glasses

Episode 9: Rubber Duckie, You’re The One

Episode 10: The Chickens Come Home To Roost

See also:  Interview: Meet Kor Adana, The Man Who Keeps Mr. Robot’s Hacks On Point

Featured Products

News & Blog