I don’t watch Mr. Robot the same way others do. 25 years ago I started a gathering of hackers that has become one of the largest in the world. I’ve watched people be seduced by criminal hacking, become hacktavists trying to change the world and start businesses doing security that end up selling for hundreds of millions. As such, I come pre-installed with decades of hacker history that most, fortunately for their sanity, do not. I’ve seen how books, movies and TV shows struggle to portray hackers plausibly, and I’ve come to cringe at these media that employ them as simplistic characters regurgitating technical jargon so the hero can get on with it. Blech. So it’s refreshing when a serious effort to do it right comes along—War Games, Sneakers and now Mr. Robot.
I watched the first two episodes of the second season (they’re available here). Here are my thoughts on the authenticity of the themes and where I think it is going.
Sometimes your attack runs away from you. Edward Snowden envisioned the American populace rising up and enacting sweeping privacy rules in reaction to his leaks about government surveillance, but instead Congress just passed laws to make it clearly legal. In Mr. Robot’s first season, the members of hacker collective fsociety see their devastating attack against the sinister E Corp succeed, destroying all of their back-ups and corrupting all their online systems. But at the start of the second season they feel that “we are in a war, and we are on the losing side of it…they are picking us off one by one.” E Corp is still operating, if wounded, and trying to recover. The rush of victory is morphing into the fear of defeat. I won’t be surprised if things don’t turn out according to fsociety’s plan—it rarely does.
Unfortunately for fsociety their operational security, or OpSec, kind of sucks. When the FBI was trying to catch the real-life members of hacker organization LulzSec, one of the problems they ran into is the members all used hacking handles, not real names, and hadn’t ever met face to face. There was no description of what anyone looked like. But fsociety is full of people all using real names and meeting in person. Pro tip: Don’t join an illegal hacking collective in person, using your real name, and continue to meet up. It won’t end well for you.
Another security problem: Everyone in the show has a mobile phone. Once any one of the members is identified, all the others will soon be as well. For example, let’s say the guy who cut the balls off the Wall Street Bull gets caught trying to eBay them. As soon as investigators figure out his mobile number (through a bill, credit card charge or whatever), it’s game over. Even without access to his phone, which hacker Darlene stomps to death once he took some group selfies, law enforcement can geolocate it. Oh Look! it’s been in a house with 20 other active mobile phones for three hours when the owner was away. Who are the owners of those 20 phones? Who do they call and who has called them? Where have they been these last couple of months? Let’s check any cameras near those locations at those times. Doomed!
Darlene tells her group to “Make it 4 hour SDR if necessary” when they are heading out. That’s a Surveillance Detection Run, tradecraft to tell if you are being watched or followed. A prudent move, but very difficult in a crowded city vs. a deserted highway, and useless if you are being tracked by your phone.
Speaking of which, prepaid phones don’t help if you still sleep in the same place because the pattern of behavior is the same. You turn off your real phone and then turn on your burner phone? That is detected as well. This is a really hard problem for actual spies, let alone a group of less experienced hackers, and should prove fertile ground for cat-and-mouse games on the show.
This leads to another concern hackers have: secrecy, and its twin sibling paranoia. Who knows your identity or what hacks you have pulled off? In the proto-cyberpunk novella True Names, Vernor Vinge’s hackers hide their identities from each other. Knowing a hacker’s identity is power. Knowing what hacks you’ve done and what mistakes you have made all leads to a level of paranoia most can’t relate to. You know all of the ways you could possibly be caught and worry about the ways you aren’t yet aware of. Did I wipe my fingerprints off the Rasberry Pi before I planted it in the data center? How long do they keep the video recordings for? Is the friendly guy an undercover cop?
This level of secrecy makes it incredibly hard to share much about yourself with anyone, knowing your mistakes could drag them down with you—or that they could reveal you, intentionally or not, at any moment. With Elliott, Mr. Robot’s hacker protagonist, this just feeds his pathology even more, and his dissociative disorder adds to his confusion and our own.
Mr. Robot gets a lot right, more than any other TV show that I know of. It starts at the top with show creator and director Sam Esmail and his obsessive dedication to authenticity. I’m betting by next year we’ll see more shows follow suit and at long last the hacker as complete person may emerge on the small screen.