Published on November 11th, 2019 📆 | 7219 Views ⚑0
Hackers Dissect ‘Mr. Robot’ Season 4 Episode 6: ‘Not Acceptable’
Episode 6 of Mr. Robot’s final season was pretty heavy, filled with coercion, kidnapping, and threats of violence. We discussed [SPOILERS, obvs] physical security, interrogation, vishing, ZRTP keywords, wiretapping, wiping phone data and more. (The chat transcript has been edited for brevity, clarity, and chronology.)
This week’s team of experts includes:
- Emma Best: a former hacker and current journalist and transparency advocate with a specialty in counterintelligence and national security.
- Harlo Holmes: Director of Digital Security at Freedom of the Press Foundation.
- Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as Director of Information Security at The Intercept.
Yael: My jaw repeatedly dropped during this episode. I think my two big takeaways were 1) social engineering is really hard to defeat when it’s in your personal life (as in, people you know and trust), and 2) there just aren’t a lot of defenses for real-world coercion.
Micah: The episode was called Not Acceptable, and the theme was pretty clearly people doing unacceptable things.
Yael: We start out with Vera kidnapping Krista.
Harlo: What a thespian. That’s some grade-A acting through that monologue.
Yael: How did he know she’d have anything to break Elliot?
Emma: He didn’t, but he knew that if anyone would, it’d likely be her. You don’t have to know the move will work, you just have to know that it’s your best move—and that you probably have nothing to lose but time by making it.
Harlo: Yeah. The relationship between shrinks and clients is incredibly strong.
Yael: I was surprised he didn’t kill Krista. I mean, he killed Shayla just to hurt Elliot.
Micah: We don’t know what he did to her yet. She called Elliot and convinced him to meet her, but it was a trap. Maybe she’s just hoping this will let her get away unscathed.
Yael: Client/patient confidentiality is important, but I guess it’s a lot to ask a therapist to risk them and their partner being killed just to maintain it. But I get super sketched out by therapists keeping notes.
Harlo: I WAS TOTES ABOUT TO BRING THAT UP!
Emma: Oh, for sure. Even without coercion… I just tweeted about this. The records being there mean they can be compromised.
Yael: I guess the records saved her because she would’ve had to explain it anyway (and maybe not be believed). Did Krista have a home office? I couldn’t remember. Otherwise, why are the records in her home?
Harlo: Is that HIPAA compliant?!
Micah: For real world people, if a therapist taking notes, or how they store those notes, is something you’re concerned about, they should be receptive to talking to you about it and maybe coming up with a system that works for you. I can see why notes would be helpful for a therapist if you’re working through issues over the course of years.
Yael: I have had conversations with therapists about what records they would have to release legally, which in Arizona at least is just the dates and progress notes, but I have never spent much time thinking about theft.
Micah: I think in general it’s better if your therapist has hand-written notes than digital notes, because at least an attacker would have to physically break in to get them, and can’t do it remotely
Emma: Absolutely. That was an issue I had with a therapist of mine. The notes were digital and in a shared system.
Harlo: Apparently, progress notes do not fall under HIPAA compliance, but the therapist’s session notes absolutely SHOULD. This is what frightens me so much about all these newfangled therapy apps.
Emma: Digital records encrypted with deniable encryption.
Yael: What can Krista do to avoid breaking compliance but also not get hurt or killed or have her partner hurt or killed?
Emma: The problem for Krista was that there’s no way to do both those things. Vera was a criminal and wouldn’t compromise. No witnesses, no liabilities. Resisting duress works a lot better when the duress comes from a system or an actor in a system. They’re predictable and controllable. Vera’s a rogue agent. Also actual physical defense and alarm/alert systems.
Micah: Honestly, there is no good solution. This is the problem with duress. She could design a system where she doesn’t physically have access to the notes without other people’s cooperation—encrypting them using Shamir’s Secret Sharing scheme for example—but that’s not going to prevent them from hurting her or her boyfriend.
Harlo: I speak to a lot of clients about this: you can definitely design lockout systems in the case of duress, but if your adversary is willing to end your life over it, should you?
Micah: Yeah, I agree. It doesn’t apply to this specific situation, but in some duress situations, I’d probably rather just unlock my phone or whatever.
Yael: Yeah, the best defense is being willing to die for your beliefs, I guess. If Krista had a gun that maybe could’ve helped… but still, 3 vs. 1 and they’re hardened criminals. I don’t like those odds.
Emma: She could have had a canary with Kevin. Everyone should. “If I use this word or say this, then something is wrong.”
Yael: Well, she was also gagged.
Emma: I’m just speaking generally.
Harlo: “Bishop, it’s your mother!”
Yael: I can’t think of a single time I would’ve turned down peppermint mochas from someone I’d hooked up with. That is not a situation that would happen.
Harlo: Great to see Joey Bada$$ still cashing those checks.
Emma: Elliot didn’t have to drug her. He just had to make her think he did—or might have.
Yael: Elliot needs Olivia to make a call to her boss to get him to log in; he’s already on the proxy server and needs to swipe his credentials. How does that work?
Micah: Elliot can spy on everything going through the corporate proxy server, but he still doesn’t have the login credentials he needs from Olivia’s boss. Normally you’d just wait for a while and collect everyone’s usernames and passwords as they logged in, but Elliot was running out of time, which is why he needed to make Olivia’s boss login.
Harlo: And so he makes Olivia “vish” (voice phish) her boss.
Yael: Isn’t there another way he could’ve done that?
Micah: He would have needed to convince someone with the access he needs to log in quickly, somehow. So maybe he could have figured something out, but it is Christmastime and it’s unlikely anyone will be working unless there’s an emergency. He figured Olivia could provide a convincing “emergency.” The creds were firstname.lastname@example.org / c0nv3rg3nce37 by the way.
Harlo: what do you think the 37 is? Is Bugorsky a 37-year-old? Is that the number of a ball player?
Harlo: Probably NOT lol!
Yael: It’s nuts that Elliot thought he could drug an addict and be like “they’re hurting you” and “this won’t be traced to you” and everything would be dandy.
Emma: I don’t think he thought that, or anything about it. He didn’t have time to consider it and he didn’t have the experience to tell him to. And like she said, he could slip and be “okay.” It was part of his routine.
Yael: I mean he had the conversation about crossing a line with Mr. Robot, so I think he kind of knew but was pretending he didn’t know because he didn’t want to think about it.
Emma: The suicide attempt is something I want to address. It’s an extremely real worry. In intelligence and law enforcement, people management is a big job for handlers of assets and agents. They have to watch the asset’s status closely and make sure they’re getting the support they need and aren’t being pushed too hard. If an asset is willing, they’re usually safer in this regard but anyone can be pushed enough to break. Unwilling assets, of course, are a lot more susceptible. The things used as leverage can drive them to depressed or suicidal places, and the feelings of betrayal and losing control can drive someone to the brink very easily. Elliot has no experience in this sort of thing and didn’t even consider that happening. Realistic for his character, and also one reason why it’s a specialized position.
Yael: I’m trying to think what Olivia could’ve done differently. I suppose she could’ve called her boss and then warned him afterwards? I wonder if you can get a drug test exemption if you were drugged?
Emma: The best defense against blackmail is not being silent.
Yael: The Bezos approach.
Yael: I guess one defense for all the characters would be to have never done heroin or had clients or known anybody or hooked up with anybody. Like, if Krista hadn’t had clients and Olivia hadn’t ever hooked up with Elliot or done heroin. If Elliot hadn’t cared about Shayla then Vera never would’ve murdered her to get to him. So I guess the best defense is to shut down completely, which is impossible. You would have to exist outside of the world you live in, but what kind of life is that? And that’s what makes coercion so effective. Everyone cares about something. If you want to not care about anything or anybody, you have to have some form of mental separation which would probably be hard to maintain. Or be its own kind of hell.
Yael: I’m curious why the Dark Army thought Elliot was on their side or whatever
and wanted him alive.
Harlo: Whiterose is still convinced Elliot will join the team!
Micah: Oh yeah what’s all that math on that screen that Whiterose was looking at? It’s hinting at their endgame.
Yael: But what is the plan that Whiterose thought he’d be into? I guess we’ll find out. There’s a theory I’ve been reading that Elliot has a third persona but not sure it makes sense to me.
Harlo: That was also kind of foreshadowed in the beginning of the scene between Dom and her crazy handler. She’s listening to a podcast or something, and the narrator talks about a prophet figure with delusions of other characters.
Yael: The theory is that there’s a rich security researcher alter ego, which is how he has all this equipment even though he doesn’t have a job. Or something.
Emma: Very possible, but he also hacked enough people with big Bitcoin wallets that
I figured he got his money from that, and his job at All Safe. All his money was spent on drugs, housing and tech. He didn’t go out or socialize.
Signal’s Old Keywords
Yael: Dark Army made Dom go after Darlene, which was super interesting because she really really didn’t want to.
Harlo: Oh, don’t you miss the old ZRTP verification days of Signal? In the scene, Dom and that nutjob did it exactly the way you’re supposed to. You offer one word, then your partner offers the other, because that’s the only way you can be sure the other person isn’t lying. I really thought that the SAS [short authentication string] verification in Signal was super elegantly designed on a philosophical level. We can have all the crypto in the world, but you can’t code humans’ ability to trust one another.
Micah: It also makes you feel like a spy.
Yael: Plus it’s a nice icebreaker to talk about the odd word combos.
Emma: If it’s voice, what does it matter? You know it’s them. If they’d have to lie about it they could compromise it some other way just as easily.
Yael: Well, it could be man-in-the-middled.
Harlo: Yeah, it’s about providing assurance that no one is eavesdropping
Micah: Normally a signal call would be end-to-end encrypted like Alice < ==> Bob. But a MITM attack on the call would be encrypted like Alice < ==> Eve < ==> Bob, where Alice and Bob are actually talking to each other and could recognize their voice, but Eve is still listening in. The two word SAS would be different between Alice < ==> Eve and between Eve < ==> Bob, which is how you know it works.
Harlo: Although, it’s 100% possible to tap a signal call, even without attempting to undermine the encryption.
Emma: Undermining the encryption is the worst way to do it, anyway.
Micah: Yeah, and the hardest way. It’s much simpler to hack a phone and spy on its mic and speakers than it is to compromise Signal using a crypto attack.
Yael: How do you do that Harlo? Do you need the phone?
Harlo: Yeah, you just do it the analog way! Like record to a dumb recorder, and make use of a bunch of audio in/out splitters. I do it sometimes. FOR A GOOD REASON. I’M TOTALLY NOT WIRETAPPING YOU ALL BEHIND YOUR BACKS.
Emma: I assume even my encrypted comms are tapped. Everyone should. 🙃
Micah: Oh, I’ve done that, to record an interview on a Signal call. You can also do it even the lower-tech way: put the call on speakerphone and hit record in Audacity on a laptop.
Yael: I’ve put Signal on speaker and taped stuff, too, but I guess I don’t understand how it works if you’re trying to wiretap someone else’s phone, though.
Emma: You can either try to intercept it and decrypt it, or you can hack a device on either end of the call and gain access to the whole thing. The latter is simpler and gets you more.
Harlo: But if you want film-grade quality, you have to get geekier with the A/V.
Dom and Darlene
Yael: I was trying to figure out if Darlene was social engineering Dom by bringing up their night together. Which I totally support even if she was trying to avoid getting killed and all.
Emma: I don’t know her intent, but humanizing yourself is a classic move when dealing with captors or threatening actors.
Yael: I’m not sure what Darlene and Dom could’ve done differently, except maybe making a run for it faster.
Emma: Run away faster, prepared an ambush, staged a scene to send people away.
Micah: Right when Dom’s handler walked in, and Darlene was holding the gun, she could have shot her.
Emma: Dom should’ve had a plan to warn people as soon as the general threat became apparent..
Yael: I guess Dom could’ve shot her, too. But she was worried about her whole family dying, no big deal. (Joking, obvs.) I feel weird talking so casually about this episode with how heavy it was.
Emma: Well, that was a known threat she had time to deal with and prepare for.
Yael: Dom could’ve tried to tell the truth to the police and get put in protective custody or something, IDK. But there’s Dark Army in the PD, so…
Harlo: And remember last season, when they massacred the entire squad in China?
Micah: I don’t know how you really prepare for that threat. Especially since her mom totally wouldn’t understand. If she could rely on her family quickly getting the seriousness of it maybe they could have figured something out
Emma: That’s what she would have had to spend time figuring out—how to communicate it effectively.
Yael: Darlene wiping her phone was a good quick move, though. How do you wipe your Android phone that quickly?
Harlo: FASTBOOT! Darlene’s pretty fast with the fastboot 🙂
Yael: What’s the quickest way to wipe your iPhone?
Micah: Settings > General > Reset > Erase All Content and Settings > Erase Now > type passcode.
Harlo: Yeah, that’s the quickest. You can set your iPhone settings to erase all data on 10 failed attempts to unlock, but those 10 attempts take forever to exhaust. So don’t rely on that under duress.
Yael: I wonder if you can set up a shortcut with iOS’s new shortcut feature.
Harlo: With Fastboot, you don’t have to decrypt your phone to wipe it, whereas in iOS you do. Pretty interesting from a duress standpoint. I noticed that Darlene had the default wallpaper on her phone. I can speak from personal experience that, in general, people who keep the default wallpaper on the phone are up to no good 🙂 Just speaks to a “yolo, this is a crime burner” logic. But ultimately, I don’t think Darlene’s out of the woods yet. Elliot’s still going to be pinging her over Signal.
Yael: Oh, it doesn’t delete your Signal when you wipe?
Harlo: Dark Army just has to SIM jack her, then install Signal themselves and wait for Elliot to start pinging again. And in 2016, we didn’t have registration lock!
Micah: That’s a very good point. Unless his modified Signal client detects that the safety numbers changed and doesn’t trust the new ones.
Yael: What’s registration lock?
Micah: Registration lock is a feature of Signal that prevents someone from registering an account with your phone number without knowing a PIN, so if someone calls your phone carrier and convinces them you got a new SIM, and takes over your phone number, they can’t take over your Signal without first knowing your registration lock PIN.
Emma: I’m wondering if the ping was automatic with the GPS. He’ll know her last known location, leading to the next encounter… maybe. Or vice versa. Elliot’s captured, anyway.
Harlo: I hope Darlene had that backed in, or else Elliot’s toast!
Vera Kidnapping Elliot
Yael: Elliot knew he was walking into a trap and still walked into it.
Harlo: When I was a kid, and about to go out with my friends, my mom used to yell after us, “if one of you gets kidnapped, you ALL better get kidnapped.” This episode made me think about that awesome phrase…
Yael: I don’t knowDK what Elliot can do now. Kick out the back light, I guess. But he’s far less of a sympathetic character after the Olivia thing.
Micah: Yeah I agree, that was fucked up.
Emma: Is it really a new line, though? Elliot’s “you should have thought about that before you worked for them” logic was there from the beginning.
Yael: I think it’s different. Iit’s so personalized. it wasn’t just her losing money.
Emma: Losing money makes people lose their children, too. It causes them to relapse. It ruins their lives. Costs them their homes. Ends marriages.
Yael: This still seemed worse, though.
Emma: Yes. One person instead of 10,000. Tragedies and statistics.
Yael: Well, before he was CANCELING debts. Sso the only people who would lose money were banks, corporations and rich people. It would SAVE marriages etc. if people had no debt, at least in their perspective.
Emma: Random people working for eCorp. Every single employee had their livelihood put at risk. “You should have thought of that before you worked for them as a receptionist.”
Yael: So, uh, the Vera vs. Dark Army showdown next episode is sure gonna be interesting. I mean, I’m assuming they find Elliot’s location…