In this article:
Mr. Robot is an interesting project trying to create a television series featuring accurate “hacking” techniques and real-life events, as opposed to most “hacker” movies and series which just project the general public phantasms on the screen.
I used to redirect people asking me for some “hacking trick” to this series, and several websites and blogs use it as a illustration to provide fundamental knowledge in IT security and help people take conscience of various risks.
As I write this post, we have now reached the middle of the third season, and while I was and still am very enthusiastic regarding the first season my feeling are now more than mitigated about its sequel.
Note
For those who haven’t seen this series yet, I won’t get into any storyline details here, except a bit when listing some season 3 issues. Most of this post should be spoiler-free, however don’t click on linked discussions and article as they openly discuss plot details.
Season 1
The season really manages to find the perfect recipe between a captivating plot and accurate IT security issues, and is really worth becoming a classic.
The plot
The plot notably focuses on these companies which are considered “too big to fail”, the impact of unfettered capitalism and the issue caused by near-monopolistic (just enough to avoid anti-trust laws) corporations both on people freedom and lives, on the economy, on the democracy and on the social fabric at a whole.
In Mr. Robot we follow a band of idealistic people, each with their own personal story and motivations, who ambition to press the reset button. More specifically they want to clear people’s debt records to allow everybody a fresh start, outside of E-Corp’s claws, E-Corp being the big corporation with interests in nearly everything and, therefore, getting people in their nets nearly right from their birth.
While designed as an introduction to the rest of the series by Sam Esmail (the creator and main scenarist), this first season can easily be seen as a standalone work as it finishes with a proper end.
The accuracy
I really enjoyed all the technical details featured in this season. The high-level strategy chosen makes sense, the steps also makes sense, both foreseen steps and the workarounds used to bypass unexpected difficulties. And what is very uncommon is that the accuracy is taken up to actual screen content: the tools used, the commands typed, everything just fits in.
Of course, this remains a fiction, so everything is very simplified, but the essential is there. We are far away from the myth of the magical hacker who can access any document or open any door just thanks to his super-powers.
In particular, this season strongly emphasizes on the importance of non-technical attacks, namely social engineering techniques. There is an adage saying that a system is only as secure as its weakest point, and in otherwise high security environments the weak point is often indeed the human factor.
Relying on human weaknesses, wrong perceptions and taking advantage of personal and professional interactions are things which can hardly be prevented on an automated basis, making it a tough challenge even for “too large to fail” companies.
Overall feeling
This season accurately shows the diversity of systems and people composing both the offensive and defensive sides of security: the software, the physical and hardware devices and systems, and the human psychology and processes. All of this being depicted in an entertaining form, with a well-thought scenario: if you are interested in the “underground IT security” culture, I can only recommend to watch this season.
Season 2
This second season seemingly tried to maintain the technical accuracy, but the plot suffered a lot.
The plot
It is not that the plot of this second season is bad by itself. On the contrary, I entered into it very easily and with a great pleasure.
But… I don’t know what went on (I did not manage to find any published explanation), but right in the middle of the season there is a sudden change in direction. It just feels like there was a sudden drop in the budget or a team turnover and that they had to rethink the scenario mid-way. They popped an artificial and awkward gimmick out of their pocket as a clumsy attempt to justify the fact of erasing most of what previously occurred and starting back from the beginning (there are even excuses presented to the public right as part of an episode).
Well, maybe this is “art”, maybe this was a “stylistic effect”, but for me it didn’t work and just broke the story. Even worse, it heavily weakens the trust to the scenario writer.
Imagine someone with the following discourse:
- Let me tell you a story: (telling you story A).
- Well, forget it, it was fake,what really happened was: (telling you story B).
- Sorry, forget this one too, what really happened was: (telling you story C).
- Ha-ha, got you! Forget it too, as what really happened was: (telling your story D).
These are not plot twist, these are just a plain boring stacks of raw and unfinished ideas.
As Siruzaemon-Dearo resumes it in an interesting Reddit thread:
Who cares if this is happening, it’ll probably get revealed as a illusion next week.
The article published in Forbes and the associated comments are also very interesting readings on the subject.
A possible cause is that it may be related to an issue the team encountered behind the scene. In that case they have all my support as I understand how it may be hard to manage to keep through difficult events and still manage to deliver in time. That was my hope when starting wih the third season, to find the new team or whatever now engaged in their new storyline (but sadly this didn’t happen).
No matter what, the second season started in a wonderful way, opening questions, creating suspense, and suddenly ruined itself mid-way. Moreover, be warned that unlike the first one, this second season ends on a cliff-hanger and can therefore hardly be seen as a standalone piece.
The accuracy
Beyond plot issues, accuracy is still there.
I don’t want to do any spoiler, but I’ve found the travel through the Internet’s underground economy very fascinating (even if, being seemingly a side-plot, it certainly should have been limited to a single episode: from the storyline perspective it creates a lot of tension with just no result).
Apart from that, we find the same attention to detail on offensive and defensive techniques, with realistic gotchas and workarounds, in the same vein as the first season without feeling repetitive in any way.
Overall feeling
If you are interested in the technical aspects, the second season will certainly interest you as it is well documented. As for the plot, I would not recommend to dive too deeply into it as you may go toward a large disappointment.
Though, taken as an artistic and experimental work, I must admit that Mr. Robot remains a beautiful object. As often highlighted in blogs and forum discussions the images are indeed well filmed, the music, atmosphere and acting are well made. However, while it could be enough for a film, personally I don’t feel like sitting for dozens of hours just to look at a slide-show of storyless beautiful images.
Season 3
Mr. Robot is fading away, starting with the technical accuracy which is not accurate anymore and continuing with the same poor writing which plagued season 2.
The (un)accuracy
The accuracy of previous seasons were not an accident: Sam Esmail heavily relies on external advises from security professionals to build credible scenarios and screenshots. I remember having read somewhere the astonishing amount of time they needed just to build a single screen display which would be visible less than a second, Just as an attempt to satisfy all the people who would pause the video at this exact image and look which software the actor is using and how he using it.
Ryan Kazanciyan is a technical consultant starting from the second half of season 2 (which strengthen me in thinking me that something happened then) and maintains a blog where he shares the original ideas behind what appears on screen. At least this blog allows to better expose the things that were actually thought in this season (and not involve supernatural luck or powers), and explains things which may not be understandable from simply watching the series.
But these accurate tools and screenshots just seem to me like a drop of water in an ocean of inconsistencies and messy shortcuts. For instance:
-
The CTF is indeed well setup, but won’t people have other preoccupations at that time than organizing such festive events? And I still don’t get the exclusive Internet access thing.
-
What is this world where policemen are not paired, respond to the FBI instead of their hierarchical superior, don’t bring arrested people to their central station but instead find it normal to transfer them in isolated places without any prior paperwork?
-
How come that a certain person who was really not computer savvy in the previous season, now can naturally do an HSM backup in high tension state relying simply on a post-it note?
As Corey Nachreiner says in a comment:
one instruction is to “plug in the remote PED”. How would […] even a fairly technical person know what a “remote PED” is if they haven’t worked with HSMs already?
That and the more than lax security of E-Corp personal.
-
The same way that for the sake of the scenrio people will suddenly gain advanced technical skills, accesses which were centrally closed in one episode will become wide open, and security will be set to more than lax level by leaving security key normally kept in safe unattended in the office, leaving newly hired build a rogue monitoring system collecting logs and data from production infrastructures, names of most wanted persons will be spelled out in phone messages, etc.
-
And no, halon-base fire extinguishers won’t “suck the oxygen in the room in 30 seconds, seal all the door and create a vacuum”. That’s precisely the point for halon-base fire extinguisher to allow to keep oxygen in the room. And even CO2-based extinguishers who indeed displaces oxygen from the fire source won’t create a vacuum.
-
No, short-cicuiting any sane badge reader (we are not dealing with a hotel room here!) won’t allow to bypass a door lock, the same way that short-circuiting a keyboard won’t allow you to bypass a password screen.
And I don’t even mention the awful way this was orchestrated:
- “Hmmmm, a high security lock, I need to apply real hacking magic there.”
(… undisclosed hacking magic happens …)
- “Hey, it worked, thanks!”I thought this was precisely the kind of gimmick this series promised to avoid. There are other ways to open such doors, and in this particular case I would have given a chance in using an heavy object (like a fire extinguisher, ironically) to break through the window.
In other words, while Mr. Robot still attempts to glue some real tools and techniques in often unnatural ways onto the scenario, it now tends to exhibits all the pitfalls, blunders and shortcuts of any other average series about hacking.
The plot
We currently are in the middle of the season, so things may still change, but I’m quite pessimistic. While it remains palatable, again it is not up to the standard shown in the previous seasons.
The first seasons plot has been widely and rightly described as developing on “anti-consumerist, anti-establishement and anti-capitalist” (Wikipedia) ideologies. I mentioned when describing the first season how it highlighted the potential threat caused by large corporations and the economical system sustaining them. I described how it relied notably on social protestation events, like the Occupy Wall Street movement, to build a credible scenario bound to real-life events.
Now all this is fading out and we are progressively switching into the classical conspiracy cliché, where bad people unite in secret to pull the strings of the whole world while good people suffer and despair until a super-hero will raise and fight the villain.
As discussed in season 2, the twist over twist over twist dance still continues. I loved in the end of season while this guy (trying to avoid spoilers) finally appeared to be some kind of Greek’s daemon: a subconscious intermediary between oneself and the gods. In this series talking about “The top 1% of the top 1%, the guys that play God without permission”, it just fitted in.
But:
- Now, plot twist: this alter-ego is actually an enemy.
- No, wait: it is in fact an helping and protecting friend.
- Ah, no: in fact it is an enemy.
- Oh surprising: we are now about to discover it was actually a friend!
It just becomes boring, there is not real move anymore, no real and tangible progress in the story line, no real goal to pursue as there was in season 1. Just a bunch of people running more or less in circles.
And all of this may very be just an illusion, the main character may finally wake up at home surrounded by his family and nothing really happened, what a twist! In fact, due to an accumulation of odd facts some people are starting to foresee a Matrix-kind twist. The reasoning behind this conclusion makes sense, but this would definitively kill this series IMHO (“I will show you real hacker tricks: in fact we all are inside a matrix which controls our mind, and blah-blah-blah…”).
An example of what it could have been
I can easily imagine how things could have evolved differently. For instance, social medias are a major part of todays world. In Mr. Robot world, I can easily imagine that the equivalent of Facebook and Twitter would be owned by E-Corp (or at the very least controlled by them).
Given the situation in the beginning of season 3, the most logical move for E-Corp would be to rely on these social medias for two line of actions:
-
Lift up the population morale.
-
Cooperate with law enforcement agencies to unravel terrorist organizations and locate wanted persons.
There has been enough leaks and scandals to build interesting scenarios:
-
On how the perception of reality of a whole population could be forged by private companies when people rely mainly on social medias and buzz feeds to inform themselves (filtering of trending subjects, relevant search results, etc.).
In season 3 Sam Esmail try to clumsily evoke election-related issues by showing television shows. IMHO he just misses the point.
I don’t know in the US but here, in Europe, there is a noticeable drop in television audience: the real power is now switching to the hand of private companies handling social medias and certain search engines who filter proposed content (and therefore shape your vision of the world) based on “relevancy” algorithms, business partnerships and undisclosed editorial choices.
-
Social medias, and the Internet activity in general, provides a huge amount of information that certain companies such as Palantir take a pride to digest through so-called big data algorithms and provide intelligence services to governmental and private entities. The company I name is for instance rumored to have helped to locate Osama bin Laden. For the rest, leaks such as Snowden’s document are self-descriptive.
Here again, Sam Esmail mentions metadata but reduces it to dumpster diving. Here again, he just misses the point.
The power of such technology is their ability to go beyond what people are actually saying. By correlating a large amount of information, it is possible to draw patterns allowing to deduce new information which was not there in the first place, information that people either did not provide or actively attempted to conceal.
For instance, the fact that a particular person may intentionally remain out of any social network does not mean that he cannot be tracked through them. It is sufficient that some of his relatives, of the persons he encounters, or of the people participating at the same events as him post on such services to still collect information on the target and get a starting point to draw profiles and patterns around the him.
A very basic and low-tech example was the discovery that ISIS people were following soldiers relatives on Facebook. Posts announcing the upcoming return of the dear husband were indeed very useful to determine US military forces movements and activity. This is a simple yet concrete example of deducing undisclosed information from public information sources through social medias.
There are just countless story lines opening there which would still allow to keep high storyline and technical standards while showing different aspects of IT security, and avoid falling into the archetype of the good hacker using his magic against the mighty conspirators hidden behind wars and explosions.
It would also have allowed to give a better focus on people lives during the crisis. As often and rightly mentioned in the linked threads, we see all those lives very remotely in the show, what the people are now living and feeling is never really covered. They are just shadows in the streets, like some sort of distant dream. The series would really have gained in depth in passing more time showing us concrete consequences of the events in personal lives than staying high-level as they did.
But I fear that, as often, there are budget and ROI reasoning behind such choices: it is not because something works and generates money that there is no way to extract even more money from it. Precisely the greedy capitalism that Mr. Robot attempted to denounce in its first season.
How ironical.