Hackers React to Hacking Scenes From Mr.Robot

Did we miss your favorite scene? Checkout Part 2 for even more reactions! ruclips.net/video/gue5MofILxY/видео.html

"Seems like this guy has revolved his whole personality and identity around his ability to hack." -Mr Robot Season 4 Episode 13

When hacking into Gideon's account with his 2 factor authentication, a possible reason it seemed like he didn't get in before Gideon arrived may actually be because he was lying. At various points in the show, he lies to his own internal spectator (us, the viewers) for various reasons. It's possible he was lying to us then, to make us think he hadn't made it in. Or maybe the producer/editors just made a mistake, idk.

Around 1:05:00 is hilarious where you say "he needs to take a break for his mental health". Anyone that has seen Mr. Robot.... His mental health is beyond FUBAR lmao

"He could use the hack to explode the Femtocell to make millions of dollars" , lol if you watched the show, you would know that he doesn't give a shit about money

Gideon actually does try to turn Elliot into the FBI but a Dark Army mole intercepts him and he gets shot a few days after.

Please make a series out of this, more of it. I always wondered why nobody want´s to explain how often they somehow shot a little over the top, what is realistic to do.

Thanks for this fellas, I was waiting on this lol

I think it might be possible to explode a Femtocell(assuming it runs Linux) by building a custom Kernel a messing arround with the frequencies of the hardware, or by adding a submodule to the hardware that would literally be a bomb. But that would require some finese to pull it off. Anyways great stream guys.

The explode he referred to is the function in unix to break the code apart and send the letters, numbers, and characters to append to other files and remove the logs. It will make it near impossible to find the full code and order that way. It is a pretty good way of doing it actually, since even if you find it all, what order does it go in? You use it for updates in hpux and other programs to do multiple edits simultaneously.

"the only thing that could distract this man from his heated eye contact" Lmao I'm fuckin dead dude

So much respect for Nick. Very genuine guy who knows his stuff! Great teacher man

as someone who is very interested in cybersecurity and has just started studying it, this is very educational while at the same time being entertaining and incredibly easy to watch- i just paused for a second and noticed i'm already at minute 45, while it didn't even feel like half an hour to me. great job, great content, thank you for this! :)

Vuln code injection in the save game function. The save files are crypt'd by knowing the single win board arrangement you would use it to determine the secret. Then use the secret to crypt/sign a save game file that exploits the save game code injection. Probably an overflow

I get what you're saying, but you can't look at this from the perspective of what an average hacker would do. You're saying these are the types of hacks that a nation state would employ, and neglecting to mention/realize that's kind of the point. Elliot as a character has dedicated his life to hacking as a means to combatting the system, and at this point in the series has gone full swing in his attempts to take it down. For all intents and purposes, the group he represents is a straight up digital militia thats declaring war on the financial and judiciary systems of the world. Think of it like Anonymous if Anonymous were worth 2 shits and actually had structure and skilled hackers.

Lmao, please do more of these. So much fun.

22:46 I assume you're referring to the Carbanak groups repeated penetration of the banking system. Although they did get rumbled, they were in 40+ banks systems, for months, and they have no idea how much money was moved. They're also as yet to be itentified, in my opinion. They claim to have caught a couple of them, but I'm not so sure.
The name Carbanak group comes from remnants of software found on the banks servers, but that's really the only thing that's known. It's the biggest bank heist in history and a bare handful of people have ever heard of it.
The average civilian would be dismayed to find out how banks work internally, but it certainly isn't a case of computers doing all the hard work, or loans being offset against savings. When a bank issues a loan, they create that money out of thin air, it's not backed by anything, and internally and between banks it's largely humans doing the money moving.
What the Carbanak group did was lurk on the server for months peering over everyone's shoulder and making notes on the felicity of style of individuals, so they could convincingly spoof transfer messages without arousing suspicion. For example; Jane sends a message to John in the transfer section asking that X amount of cash is to be routed from this account to this destination. John's job is the implementation of those transfer orders, so if it looks like Jane sent the transfer request, there's no reason to suspect foul play. Felicity of style is your personal style, mannerisms and vocabulary. As an extreme example, if Jane swore like a sailor in her transfer requests ordinarily, then you'd need to know the turn of phrase she might use, or any specific jargon. When colleagues have been communicating for years there's often a bit of banter back and forth, all these things need to be taken into account to successfully spoof the identity of another user on the network.
If you get it right, then no-one knows exactly what cash is missing as cash largely doesn't exist except as ledger entries, and if someone modifies those ledger entries, then you don't really know what goes where. A bank can hardly load a backup from several months ago, hoping that's far enough back to be before the time that the hackers took root. And the money moved in this manner is effectively untraceable, because of the delay in the bank being aware of the penetration, as well as not knowing the specifics of what was moved when and where.
There have so far been 2 people caught, including the alleged mastermind, a Ukrainian named as Denis K. I'm not convinced though, I suspect he was a cut out. The number of banks hit, and the frequency, makes me suspect it was more than one group of bad actors, and that someone was retailing or renting access to software and systems, which is how ransomware is often used. You pay a cut to the developer in return for using their software, or you rent it, or you buy it if you have enough money . I suspect the actual mastermind is very successful and hidden behind a veneer of wealth. This isn't something you'd do as a first rodeo!
34:40 If you're going to alt tab, have something to alt tab to lol. Sat at a blank desktop or blank browser homepage is a massive red flag!
39:00 Typically a honeypot is not just attractive looking, but keeps your intruder penned in a secure area, from which he is unable to break out and into your secure network. It's a tarpit, intended to trap you and keep you busy for as long as possible.
While on a modern broadband connection you can no longer render someone unable to hang up, as you could with an analogue modem if you injected the correct voltage into the line, there are still possibilities to backtrack the intruder, as long as they're not using a string of secured private proxies. There are certain identifiers in the logs, and if you can keep them from wiping the logs long enough, then you can start to enumerate them with a view to providing a portfolio for law enforcement.
45:54 Letter frequency analysis won't help much with a poly alphabetic cipher, that's effectively what Enigma and Lorenz were. Using a series of mechanical and electrical systems to create the randomness that made it so hard to crack. The pre-war Enigma could be done by hand, but although the mechanism behind Lorenz was cracked mathematically without anyone having seen the machine, it required the first ever computer, Colossus, to work the permutations. The versions of Enigma in use during the second world war had subtle variations and usually needed a crib to break, unless you were exceptional with the rods. But they too were mechanically sifted with a Bombe, a Polish invention, which comprised part of the multi-stage cracking process, which enabled the rods to be used to find real words, or names, in German. And prise open that particular message. Most of what was transmitted by German high command using Lorenz was broken, but depending on which version of Enigma was in use, there was significantly less success. Even after obtaining an actual machine from a sinking submarine, it couldn't be cracked easily or reliably. But any sort of cipher is child's play for a modern supercomputer, or even a vintage Cray II lol. Today's 128-2048 bit encryption is a different level of difficulty by some margin (although there's an issue with trapdoored primes with 1024bit DSA).
56:40 That is indeed an IRC client, if you were a little older you'd recognise the name of it in the last line of text. One of the most popular alternatives to Khaled-Bey's mIRC, this is an instance of BitchX. As a side note, having 119 opers, even for 23k users is excessive. You wouldn't need that many people with an O-line. On the p2pchat server we had all the javachat traffic from Morpheus and Limewire (if anyone remembers them lol) as well as our own users from the old Opennap and Musiccity servers, who migrated to IRC when those networks got closed down. In total we had something like 10k users at any given time, and that was with less than a dozen ircops. As long as you have a couple of opers around to relink servers and deal with the more persistent naughty elements, you're good. I'm guessing from the lack of hostmasks and number of users that it's meant to be connected to somewhere like Undernet, or Dalnet before it went downhill and lost all it's users.
58:05 Zero day used to mean exactly that, it was fresh and no-one was aware that there was a viable exploit. Although security researchers do responsibly report zero days when they find them, and give the company in question time to get it's house in order, it remains a zero day as long as the exploit is unknown, irrespective of how long it's been in use. And while white hats disclose zero days, there's an increasing trend in the commercial arena, especially in the area of "cyber munitions", to deploy them offensively in software sold to corporations and governments. RATS (remote access tools, otherwise known as Trojan horses) are a popular item with governments and security agencies. It's also worth noting that the single biggest haul of zero days in one program was found in Stuxnet, the joint Israeli and TAO (Tailored Access Operations) project that attacked the SCADA infrastructure in Iran's nuclear enrichment program, causing the centrifuges (sold to them by the French in contravention of sanctions, a common theme), to tear themselves apart at an accelerated rate, or ruin the enrichment process by messing with the speed and timing, as enrichment is dependent on specific ranges.
1:02:22 While finding zero days is non trivial, going through the latest white papers in the sphere you're interested in is an easy way to find an exploit you can code for, if there's nothing but a proof of concept online. Quite often the proof of concept isn't usable in it's current form, but it gives you something of a logical framework. Granted coding does take a while, but a small, specific, command line tool needn't take months to hack together. It doesn't matter if other people understand how to use it, so it doesn't need to be commented or organised, as long as it works, the very definition of a kluge lol.
1:04:07 With regards to the femtocell and "exploding" RAM, you'd need physical access, but you could wire a 9v battery, or splice from the transformer output, to the RAM slots and activate the circuit with a remote switch when you want the RAM to go bye bye. DDR3 runs at 1.5v, it wouldn't actually take a vast amount of voltage to blow the chips on the module, though probably not all of them, so it's still not perfect from a forensic countermeasure viewpoint. A small remote thermite package would probably be the best bet for total destruction.
Over a network though it would be easy enough to wipe RAM using an app, but as long as the computer wasn't switched off, there might still be fragments of information of interest to forensics. Same with your swap file, flash memory cards and USB sticks. You need to randomly overwrite the data in each sector numerous times, especially relevant with Windows due to the way file deletion works. If you were skilled at coding in Assembly then there are some possibilities of interacting with the hardware more directly. I don't know how hard it would be to overvolt the RAM by a significant degree, but with BIOS updating possible from within Windows now, it means that there is a direct path from software to hardware. A BIOS update that you've modified might be enough to physically damage the RAM and/or motherboard.

Dude im hooked w this series

I know this is pretty old but after paying attention to the programming language that Elliot was using to make the Android exploit was actually Ruby.

I love kody's facial expression when he hears something inaccurate or spotted a mistake.

QUOTE: "What Elliot has in cyber security skills it seems he is lacking in social engineering skills." /QUOTE ... LoL

The hospital record scene was a flashback. It wasn't present day hacking.

This was super entertaining and informational.

While appreciating your time for the analysis, you underestimate the extreme spectrume of exploits and real world ill user habits. Especially about the IoT stuff.. Respect and best wishes guys.

he's coding with ruby during the femtocell hack

great stream guys!

@2:45 in season 2 the FBI supposedly stepped in and said "let's tone down the shots on the laptop screens of them writing exploits"

Having completed many CTFs I would definitely rather open up Cyberchef and paste in than write up a Python script just for a Caesar or ROT13 cipher.

“Did he just type it from his mind? I didn’t see him using a computer the whole scene”. If you know the context of the show it’s clear that he’s in the hospital now, promises krista that he’ll be a good drug free boi, then proceeds to hack into the hospitals data records for subsequent drug tests. You even play the clip “I won’t do morphine again” signifying that he obviously can’t modify anything in his current state in the hospital room so she knows he did it in the first place. But he knows he can make sure she won’t be able to ascertain his continued use. You guys are smart as fuck and missed this it makes me lol

Crystal Castles shirt! Big fan of their music!

lol the phone drain thing would make you think twice about zero trust.. why on earth would a cybersecurity boss not catch that (:

On the Social Engineering attack with the phone.
*Attack Failed Successful*

3:40 "you explain capture the flag, I'll do my best Elliot not paying attention impression"

1:00:40
the most unrealistic thing is being able to single handedly type regular expressions without googling it

the thing with public hospitals is that they cant update their systems unless they update across the board i.e. every public hospital in the state same thing for law enforcement - they are literally running xp (i believe) in state police stations...yikes and you can only imagine their firewall and who is actually monitoring the network (underpaid and over worked admins)

You guys are kind of funny, and this video was entertaining, but honestly you have no idea what you're talking about in a good portion of this. Some of that is from not having watched the show so you don't have the context (like not getting that Elliot was showing how he hacked the hospital in the past, 2012, but was talking about it in 2015 from his hospital bed, somehow you couldn't figure that out, or that the people screaming and partying at the CTF hack scene were part of the nightclub section and not in the contest). It really showed that you were somewhat clueless when you're talking about the femtocell hack scene, not knowing what a logic bomb is, not knowing what Elliot meant by "explode" (self corrupt) and then going on about it for several minutes like you really thought he was talking about physically blowing up the phones, yikes that was very cringy that you didn't get it. And the comment about Elliot's identity being based entirely around hacking and it might be affecting his mental health....LMFAO - if you watch the show you will know exactly why I'm laughing (don't want to spoiler anyone here). And to think other people who are more clueless than you will watch this and think you guys know what you're talking about is just sad.

So would you say it's better than 2 people 1 keyboard?

wow great streammm

I recently watched Mr Robot for the first time. Heard the praise for it's hacking accuracy when it was newly released but I'm not interested in that so I passed on the show. Years later I tried watching and wow I love the storytelling, character development/revelation and psychological complexities. Mr Robot is a lot of fun and fascination for even non-tech people.

Can we have a 'Hackers React to Hacking Scenes from the Movie "Hackers"' please?

i know Symantec Endpoint when I see it.... wow what great attention to detail to the old software imagery. 19:14

That's hilarious about the soylent, it's amazing but yes it is a meal replacement, not meant to be chugged lol

MrRobot is more about the philosophy than the accuracy

just a possible subjet id love to see you guys discuss in a future video is the recent Pegasus 0 click exploit found by the isreal gov that affects all phones including iphones

Watch the whole series instead of just looking at the clips so you'll know the context.

Just put on the subtitles when you can't here it

I would enjoy your thoughts on the, Mr Robot, pwnphone..🙏❤️

the ctf scebe sounds like some sort of out of bound input attavk - pretty pld school but it stijj happens
hospiial scene: It is common in business to assign the IT boss position to a receptionist with MS Office training
ROT 13 was used in the Cuecat scanner
At 1:00:22 he appears to be coding JavaScript
A femtocell is a small fake cell tower emulatot basically a reprogrammed mobile hotspot device

You don't hack the world...you hack the planet :)

we love you man continue, i created this account to suport you.

well hackers werent screaming, it was from the party club lol, nice reaction tho

"Mr. Robot lied to us! they showed us something happen on the screen but then it turned out later what actually happened was different!"
Have I got news for you

If you can't hear it, why not add subtitles so you can read what they were saying

"i hate this lamp."

This was pretty funny but the guest its like "meh" doesnt add much to the video, still, it was a nice vid, love the way you explain things

Wow. This guy loves ciphers.

Wait? You don't know that ceasar cipher and shift cipher are the same thing?

37:00 - he could get log out cause of inactivity ??

I think it would've been a lot better if you had watched the show before going through this. As you only get little glimpses or few words about what he is doing, and it is easy to misinterpret what he is trying to achieve without the context of the story.
And also, I know you Americans don't like subtitles but it makes a lot of sense here. :)

Hacker doesn't know what the BitchX IRC client is, major yikes :)

I really like all FWD content but I don't really understand the language you speak, is it possible to add Indonesian subtitles?

Use subtitles guys if you couldn’t hear what he’s saying.

you guys need to watch the show

its astonishing how to wrote those bash scripts in kali... mr. Robot will be the main legend as him wins the underground hack tournament..
Ten minutes later:
Hello Elliot ?!
Its mitnick...
Kevin... mitnick..
No more telephone signal at there..

This video would be better if the scenes were with subtitles.

So ummm i need a doctors note for work 😆

shidded and farded @58:20

Anybody know nicks info 🥰

I hate not knowing that much English to listen to this gem, shit

The reason for Elliot centering his whole personality around hacking and being super obtuse is that this is actually a seperate personality from Elliot's DID. This personality has the goal of hacking (due to actual Elliot's skillset) its way to take down the leaders of the world. He was built out of Elliot's anger against society, and desperately tries to correct the entire world. Real Elliot only gains control at the very end of the show.

nice video

People filming this series were probably much more knowledgeble then these.

Dude, its a god damn ruby script :V how can u guys not know that

20:57 the reason it's more black is that it is selected to be edited

The second guy is soo bored with too much talking. 😂😂

Just use subtitles

Tbh nick seems a bit lost lol

***SPOILERS***
In this show Eliot has dissociative identity disorder.
It's revealed over the course of the show that Eliot has multiple personalities born from traumatic events in his life and the personality you look at here is the one that stores all of his rage and contempt for the world.
It's the personality that's decided it will get revenge on the "top 1% of the top 1%" that rule the world as he puts it and so him being a social outcast and completely obsessed with hacking kind of justifies his cockiness, if he's had overwhelming success with this activity.

1:00:20 Ruby

Bro blink

Funny

i love you guys, big fan. but you two did a total disservice to this show. literally crying about minor details. obviously its hollywood they have to make it dramatic and timeframes wont be perfect. they have to fit a lifetime into a few hours. but this show, by far, is the most accurate and realistic hacking show/movie of all time. easy. and it was a great show even outside of the hacking. legendary. i think you all came at it with the mindset that it was going to be just another fake hacker show so you looked for reasons to diss it. i hope you two get a chance to actually watch it all the way through. you'll have a whole new respect for it.

36:42 Maybe the password was the token he got off the phone?

I love elliot than u, sorry