Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Security Authors: Nitin Donde, Daniel Joseph Barry, Elizabeth White, Kevin Benedict, Rishi Bhargava

Related Topics: Cloud Computing, Security Journal, CyberSecurity Journal

Blog Post

What ‘Mr. Robot’ Can Teach Us About Incident Response | @CloudExpo #IoT #Cloud #Security

It is not often that movies and television shows give viewers the opportunity to explore the world of hacking & digital security

It is not often that movies and television shows give viewers the opportunity to explore the world of hacking and digital security in a realistic manner. After two seasons, "Mr. Robot" has attracted its share of IT professionals as well as average citizens. The show has offered numerous depictions that are of particular interest to those who make their living by protecting their organizations.

The critically acclaimed television series offers fictional situations rather than documentary evidence. However, the plots and actions of both the security engineers and hackers are realistic enough that they can send a shiver down the spine of any professional responsible for safeguarding their organization's system and responding to incidents. This two-part post explores some of the most chilling incidents depicted on the show - incidents that are especially disturbing because they can and do happen in the real world.

People Are the Weak Link
Employees are walking, talking cyber-risks. Sometimes they commit breaches out of anger or because they have been offered payment for sensitive data. At other times, they are innocent pawns or fall victim to a phishing attack. For example, in one episode of "Mr. Robot," Elliot is able to gain physical access to Steel Mountain by manipulating an eager-to-please employee. Elliot himself is an example of an employee who is working to sabotage his employer. One of the worst things about insider hacking is that it can be months or years before it is detected. Controlling access and permissions by employee can help as well as keeping a log of everything that comes in and goes out over the network.

Passwords Present Problems
Users prefer to select passwords that they can easily remember and, in many cases, they use the same password or a slightly modified form of it for all of their sites. If the password is difficult to remember, the user will probably write it down. In one episode, an attorney kept the password to her email account on a sticky note on her desk. In case you're wondering whether users are still playing fast and loose with passwords, you need only check SplashData's list of the worst passwords found in 2 million leaked passwords. Despite compiling and publishing the list annually, the password "123456" still tops the list, followed by "password," "12345678," and "qwerty." Security professionals must be more proactive about training users in the selection of easy-to-remember but hard-to-guess passwords, keeping passwords private and choosing different passwords for every platform.

There Are Times When Being Social Is a Mistake
It is amazing what you can learn from many people's Facebook pages. Information such as their mother's maiden name, the users' date of birth, names of children, favorite pet and much more is often posted for all to see. In many instances, this is all the information that a hacker needs to respond correctly to a secret question in order to have the password reset. Hackers can also use the information to guess passwords. In one episode, Elliot is able to access his therapist's accounts by guessing that her password was a combination of her birth year and the name of her favorite musical artist. However, Elliot has also been able to glean information over the phone and in person by misrepresenting himself.

Never Expect Privacy from a Public Network
In the very first episode, Elliot exposes the manager of a coffee shop as the owner of a website featuring child pornography. He discovered the truth by observing the manager's activities through the coffee shop's public Wi-Fi network. With just a bit of free software and a little technical knowledge, intercepting people's activities is relatively easy on an unprotected network. Employees should be warned to avoid using public networks to access email accounts or conduct other activities that could leave their personal data exposed.

Skimping on Security Investments Is a Mistake
In one episode, Elliot winds up in a hospital, and it's revealed that he chose the hospital because of its one-person IT department that operates on an inadequate budget. He has no problem hacking the hospital's database to alter records. Organizations that do not make the necessary investments in personnel and hardware could suffer a similar fate, especially if they do not bother to keep software updated.

More Stories By Rishi Bhargava

Rishi Bhargava is Co-founder and VP, Marketing for Demisto, a cyber security startup with the mission to make security operations - “faster, leaner and smarter.” Prior to founding Demisto, he was Vice President and General Manager of the Software Defined Datacenter Group at Intel Security. A visionary and technology enthusiast, he was responsible for delivering Intel integrated Security Solutions for datacenters.

Before Intel, he was Vice President of Product Management for Datacenter and Server security products at McAfee, now part of Intel Security. As an intrapreneur at McAfee, he launched multiple products to establish McAfee leadership in risk & compliance, virtualization, and cloud security. He joined McAfee by way of acquisition in 2009 (Solidcore, Enterprise Security Startup). At Solidcore, he was responsible for Product Management and Strategy. As one of the early employees and member of the leadership team, he was instrumental in defining the company's product strategy and growing the business.

Rishi has over a dozen patents in the area of Computer Security. He holds a BS in Computer Science from Indian Institute of Technology, New Delhi and a Masters in Computer Science from University of Southern California, Los Angeles. He is passionate about new technologies and industry trends and serves as an active advisor to multiple startups in silicon valley and India.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.