The TV show Mr. Robot was nominated for six Emmys, winning one, and the season 2 finale is coming tonight. If you’re not familiar with the show, it’s a groundbreakingly realistic portrayal of computer security.
With all the hype around it—especially from the IT community—I knew I had to make a priority of watching it. It didn’t take long for me to see what all the hype was about. I’m now fully hooked! As fellow fans know, one of the reasons the show is so enjoyable is because of how realistic the hacks are in the show. In fact, sometimes I find myself hitting pause and reading man pages to understand what’s happening. The show is essentially a case study on hackers and how they work—required viewing for anyone in security.
As I watched Elliot hack friends, acquaintances, his psychiatrist, various lowlifes, and of course E Corp, I couldn’t help but think that some of the exploits featured in the show could have actually been prevented if only the individuals or the companies were using an IDaaS like OneLogin.
Warning: Season 1 spoilers ahead!
This is one of Elliot’s favorite tactics. He’s able to brute force his way into his target’s accounts mainly because they have bad passwords. Combined with social engineering, where he adds things like birth year, favorite artist, favorite sports team to his program, Elliot is able to get in within seconds.
For example his psychiatrist’s password was Dylan_2791 (favorite artist and year she was born backwards) and he cracked that in 24 seconds. Angela’s not-so-awesome boyfriend Ollie’s password was the easiest to hack: 123456Seven. And Tyrell’s password is his wife’s maiden name and Sweden’s independence date. As Elliot puts it, “bad noob practice”.
How OneLogin helps
When using an IDaaS solution like OneLogin, you can enforce password complexity, rotation, and uniqueness; and require Multi-Factor Authentication (all the time, or just for higher-risk situations such as logging in from outside the office) across all apps in your organization. Even better, apps with SAML capabilities don’t have a password, so password cracking is impossible.
One of the major climaxes of season 1 is when Tyrell gets fired from E Corp. After all he’s done to try to get the position of CTO, it’s quite remarkable to see him let go. We’re not sure exactly what happens after this, but needless to say Tyrell is angry, and potentially could wreak a lot of havoc with E Corp. When someone gets let go from a company, especially when they’re angry, you want to make sure their access to company data is revoked immediately. Otherwise you have “zombie accounts” that represent a potential backdoor into your organization. Now, in Tyrell’s case there’s probably not a lot you can do (he’s a hacker after all), but for normal employees there’s a lot you can do to prevent access once someone is terminated.
How OneLogin helps
OneLogin provides visibility into what apps the company has, who’s using them and how often, and allows you to automate user deprovisioning through our realtime offboarding, ending their active sessions and disabling future access. We take realtime incredibly seriously: our Active Directory Connector uses AD Change Notification Subscriptions, our AD connectors can be clustered for high availability and throughput, and we use sockets for blazing fast connections from on-premises AD to our Cloud Directory.
You can even connect HR apps such as WorkDay and UltiPro, so that when an employee’s status is marked from “current” to “former” in the HR app, their entitlements immediately change in OneLogin. For apps with provisioning APIs, OneLogin will then automatically deactivate accounts. And for those apps without provisioning APIs, OneLogin will soon provide an automatically generated offboarding checklist for each employee that an IT admin can follow to ensure no users fall through the cracks.
In season 1 episode 3, Elliot mentions that he hacked Shayla by using what he called a “simple” phishing attack. In classic Elliot style, he hacked her just so he could “know” the person next door.
Phishing can be a constant worry in corporate environments. Now matter how much you train employees to watch for phishing attacks, there are likely still going to be users that get tricked by them.
How OneLogin Helps
Many phishing attacks focus on stealing credentials by tricking the user into inputting them on a fake page. When your users use SSO through OneLogin to access their apps, they have no credentials they can use to login to any of the apps directly. The only allowed login is a trusted login via the OneLogin site, most often with no credentials ever going over the wire (i.e. with SAML or OpenID authentication). In this scenario, it is highly unlikely that a phishing scheme on any of these apps would be successful.
On top of that, integrations with SIEMs like Splunk, ELK, and SumoLogic enable security teams to see if users are accessing apps in a suspicious way — for example, a user accessing an app from New York and San Francisco with a five minute period — indicating that an account has been compromised.
In season 1 episode 5, Elliot pretends to be a Silicon Valley billionaire asking for a tour of the Steel Mountain backup facility that stores E Corp’s records. Once his tour is underway, he eventually makes his way to the controls for the HVAC and is able to install a tiny Raspberry Pi computer that can override the temperature controls, in the hopes of making the temperature inside the facility hot enough that all the backup tapes will melt. Later in that episode, Angela inserts a CD into Ollie’s work computer, infecting AllSafe’s network with malware and making it vulnerable to attack.
Physical access to systems always presents a potential security risk, since it provides additional ways to modify those systems as part of a larger attack.
How OneLogin Helps
Some people see on-premises systems as safer than cloud systems, but the reality is that they are often located in busy office buildings where a hacker can blend in, with plenty of employees who can potentially be conned into providing physical access to servers, routers, laptops, and other devices. As Elliot says, “people always make the best exploits”.
As an IDaaS cloud service, OneLogin runs in Amazon datacenters with high levels of automation and security, meaning fewer people that can be exploited to provide physical access. Even we, OneLogin employees, cannot get a tour of an AWS datacenter, let alone see the physical machines running our service.
One of the first times we realize just how brilliant Elliot is at his job is when we see him single handedly save E Corp from a very elaborate fsociety distributed denial of service (DDoS) attack.
How OneLogin Helps
If your company is using its own hosted login service, then you probably know how difficult it is to have it available 24/7, make it robust with support for different MFA vendors, and keep it safe from attacks such as DDoS. While OneLogin doesn’t protect SaaS apps themselves from DDoS attacks, OneLogin’s service has multiple levels of redundancy to address DDoS, starting with multiple Active/Active DNS providers, and multiple AWS Regions and Availability Zones on multiple continents. We know just how important it is for our service to be accessible at all times to your end users. (See our historical uptime)
Conclusion: Hacking is all about people
Mr. Robot does a great job of showing us that at the root of it, hacking is not just about sophisticated systems and software or flaws in code, but about flaws (or “bugs” as Elliot calls them) in people. Whether it’s flaws in the hackers, like Elliot, Darlene, and Angela trying to take down E Corp due to personal tragedies in their own lives; or flaws in those being hacked, like Ollie being blackmailed to give the Dark Army the ability to hack AllSafe.
As IT professionals, it’s our job to protect our customers from those that might want to cause our company harm, or by those inside the organization inadvertently exposing company data through poor security practices. Using an IDaaS solution is a simple step that can address a wide range of security risks.