When hacking was first introduced in film and television, it was nowhere near as prevalent as it is today. The threat landscape was years away from becoming what it is now, so hacking and cybercrime wasn’t quite the household name it is today, therefore, there was a wide unfamiliarity of it within the public eye.
Directors and writers have struggled with how to portray hacking in film simply because the act of hacking in real life is not very interesting or visually compelling. It’s just lines of code scrolling down a computer screen. In order to keep the viewer entertained they used cheesy visuals and animations to portray the mysterious act of hacking. Unfortunately, the viewer didn’t really learn anything, and hacking was used more as a device to help move the plot forward.
As cybercrime is now grabbing major news headlines, the entertainment industry is trying to jump in on the popularity of the subject, however it’s still not terribly accurate. As a result, we have seen an influx of hacking-centric television shows popping up across our screens. In the past few years we have seen television shows such as CSI: Cyber, Person of Interest, Scorpion, Numb3rs, Mr. Robot and more. While many of these have stepped away from the cheesy visuals, and have accepted the fact that hacking is what it is, most still don’t portray the real reality of cybercriminals- it’s much more than frantically typing keystrokes across a computer keyboard.
Then, the overnight sensation Mr. Robot showed up on the scene. If you’re not familiar with the show, the premise is about a group of hackers trying to take down an “evil” mega-corporation to help save the world from the clutches of crippling debt. However, the show is so much more than that.
Why It’s Important to Get Hacking Right in the Media Now More Than Ever
I recently attended DefCon 24 in Las Vegas, where there was a panel featuring the show’s cyber-consulting team. The discussion was centered on how the show is made, and the hacking behind it. The show’s creator started out with an interest in computer science, and even attended university for it. However, he ended up trading cyber security for film and television, and years later, Mr. Robot was born.
The cyber consulting team consists of Kor Adana, who is a writer & technical supervisor for the show, Dark Tangent who is the founder of DefCon, Marc Rogers head of information security at CloudFlare, Ryan Kazanciyan Chief Security Architect at Tanium and Andre McGregor, former FBI agent with a computer engineering background and current Director of Security for Tanium.
Two of the main inspirations for the show was the fact that the show’s creator is from Egypt and visited relatives in Egypt who were involved with the Arab Spring. He was inspired by seeing all the young people who wanted to change their world and were doing so with technology. Secondly, considering his computer science background, he shared the frustration with the hacking community on how terribly wrong it was portrayed on film. He decided that he wanted to do it right and in a realistic, yet compelling and authentic way.
The show has many complex layers to it- the main character is portrayed as extremely brilliant, yet suffers from social anxiety, depression and other mental issues, which are actually quite rampant within the hacking community. Many hackers spend hours alone in front of their computers, isolated from the real world, and as a result suffer real, mental health issues that can even lead to suicide within the community. To the consultants on this show, it isn’t just about getting the onscreen hacking accurate; it’s about expanding the universe into the very real hacking community and diving deep into the complicated mind of a hacker. The main character, Elliot, is an excellent example of a Grey Hat Hacker. His intentions for his actions are nothing but good, and he views himself as changing the world for the better. However, his actions are highly illegal. Adding the element of humanizing the hacker makes it very real for the viewer, and in some ways, very relatable as well.
Hacking for Realz and How It Can Educate People
The attention to details that go into the technical aspects of the show are so accurate that if the consulting team is unable to successfully perform the proposed hack, then the script is rewritten around one that they can. A lot of the hacking is true to life, mirroring real life headlines. Other hacks were proof of concept hacks that were performed at DefCon and BlackHat conferences.
In addition to the ornate detail put in to the hacking, one of the other great aspects of the show is that it demonstrates different versions of cybercrime that can happen to the average person, it in a realistic, yet simplistic way that any viewer can understand. The show covers data breaches, social engineering, insecurity of personal information online, and more.
There is a scene in the show where the group is trying to gain access to a company’s network. One of the characters drops some stray USB drives in the parking lot, with malware embedded on it, in the hopes that it will attract someone’s curiosity and they’ll plug it in to see what is on the drive. There’s another scene where Elliot explains how he knows everything about his therapist, down to who she is dating. It was all based on what he found out by searching online, only knowing her full name and profession.
During the panel, I had a chance to ask the team what their hopes were for the normal user to get out of the show. There is an extreme highlight on education, however it’s subtle on the show. They teach by example instead of just throwing inaccuracies into the script to try to prove a point.
The team expressed a growing concern about the fact that a lot of people know how to use their apps on their devices and browse the Internet, however, they don’t know the multitude of ways that they can become vulnerable to cybercriminals. They hope that the show can shine a light on those vulnerabilities in the hopes of increasing levels of awareness.
The show also brings an awareness to how companies handle consumer data and that they should be held accountable for insecure data practices. The team hopes that the show inspires consumers to expect more out of the companies that handle our data, and to even put pressure on those companies to implement better security standards.