José Barbosa tracks down the man who once ran the internet in New Zealand, and asks him to assess Mr Robot, Lightbox’s acclaimed new hacking thriller. Listen below as a podcast, or read on for a text transcript of the package.
So there’s this scene in a movie called Panic Room. It’s directed by David Fincher, stars Jodie foster and Kirsten Stewart, at one point the camera actually passes through the handle of a coffee cup for literally no reason, but anyway.
Jodie and Kirsten are shut up in the panic room which lends the movie its title and the bad guys are trying to get them out. So they decide to flood the room with propane gas. In a moment of quick thinking Jodie ignites the gas. The propane burns up along the ceiling of the room, leaving them untouched lying on the floor. Clever stuff, right? Gas always rises, so good move Foster! Well, it’s not. It’s so not a good move. Propane gas is heavier than air, so if she’d tried that in real life both of them would have been burnt alive in a horrible, horrible death. And Kirsten would never have made Twilight and been dumped by Robert Pattinson.
We’ve all seen stuff in movies or TV shows that might seem fine, but we know they’re flubbing it either through our natural gift of observation or because they’re featuring something related to our profession and they’re getting it wrong.
One thing our pop culture seems to get wrong all the time, knowingly or otherwise, is computers and the internet. Everyone on screen is using them or hacking into satellites or breaking password codes or whatever. So if you actually know something about how the internet and computers work, imagine how peeved you must get with virtually every show or film.
My friend James is a network Engineer. He moved from New Zealand to take up a job with a huge pan-European fibre optic network. When he was still in New Zealand we used to joke that he basically ran the internet. That’s not actually that far from the truth.
“My job was to make the machinery that makes the internet work, work a little harder. I dabble in bits and pieces from security, to trying to stop people hacking other people. I try to stop large scale internet attacks – DDOS attacks, things like that. As well as designing and implementing little bits of networks.”
Trust me he knows what he’s talking about. after I interviewed him he sent me a snapchat from his desk at work and he had five computer monitors. So I figure that’s more than enough credentials. And like anyone who is in that deep with this stuff, he can’t help but notice when they get it wrong.
“One of my favourite shows when I was a little kid was SeaQuest DSV,” says James, “and there was a character on that who was some sort of computer whizz. And he was able to battle some sort of enemy using a computer. I remember reading in one of those crappy teen TV Guide magazines, an interview in which he admitted to not knowing anything about computers in real life. And I was actually heartbroken. I was like: what – no! He’s a phony!
“And things like Independence Day – where they just type some stuff into a keyboard and it uploads a virus into an alien. Well that’s famously complete horseshit. They try and make up for the lack of drama that’s actually going on, on screen, by making big animations – there’s always some sort of visual that they have to walk through on screen. And it’s never actually like that, mainly because the people who are actually doing that sort of thing are lazy – and just prefer a simple terminal,” he says. “I guess I’m sensitive to this sort of thing.”
Then one day James tweeted this:
The Mr Robot he mentions there is a TV show. Elliot, the protagonist, is a computer programmer who is secretly a vigilante hacker. The show’s been praised for accurately depicting the modern issues of internet security and hacking and James, the man who could only see inaccuracy where ever he looked, agrees.
“Honestly, compared to the other options we have, I’d give it a strong nine,” he says. “There are some parts of it that are a bit horseshit, but at the same time no one’s breaking 1024 bit encryption just by typing at it. When they upload a virus into the system, they do it by physically getting into the area and using it to phone home. It’s really a lot better than any other show that’s tried to do that.”
So what does the show get right where so many have got it wrong? Well, to start us off most pop culture depictions of hacking focus on the lone wolf in a basement who decides to hack into something like the Pentagon and bangs away at it until it works.
“That’s probably the most misrepresented thing about hacking on TV, is that you can just get access to any system. A really famous example of that was Terminator 2. Dude goes up to the ATM, puts in a computer machine and gets a password out of it. Um, nah. Doesn’t really happen.
“One thing that Mr Robot does, better than virtually any other show I’ve ever seen, is it shows the social engineering side of hacking. What works is hackers setting off something that distracts the security engineers working at a place. So a big attack. A DDOS attack is quite common these days, which is where you get thousands of other people’s computers to do your dirty work, smash a system, then you ring the helpline: ‘hey I’m from the engineering department – can you just chuck me the new password for such-and-such a server? It’s all down because of the attack’. And then usually, if the human’s slow enough, they’ll just say ‘sure – the password’s llama360, just chuck it in’.
José Barbosa: So what does Mr Robot get right that other shows get wrong?
“So he [Elliot Alderson] hacks someone’s password by using some known facts about them. He knows what year they’re born, he knows what some of their favourite things are, and uses that to hack their password. It’s a really good advertisement for having a strong password – that’s not just some things you like and some numbers.
“What you typically do is use some Trojan Horse-style way of getting in. You give some an app you know they want. You know they like horses, so you send them something with horses on it. You don’t read the terms and conditions, and before you know it you’re sending all your private information back to some hacker.
“They actually do that on Mr Robot. They mention using a CD that goes into a computer system, which is supposed to be music, but is basically just a way of letting hackers in. It opens the door.”
JB: So watching the show for the first time – the fact that someone’s using all that stuff correctly – did that make you feel warm and fuzzy?
“I’m embarrassed to say that it did. I was watching it with my wife, and I remember saying ‘look at it! They just used grep!’ She was just like ‘shut up’ – she didn’t even ask what it was. But I was like ‘yeah, that’s cool’. There’s been shows like NCIS, where they have a hacker-type character, who uses phrases like ‘owned’ and ‘script kiddy’ and things. But it’s never had any ring of authenticity to it. This almost seemed like it did. I know it’s all about hackers, so you’ve got to get the lingo right. But yeah – it seemed more authentic. And it made me think the show was being made by people who maybe even talked to someone who does this in real life.
JB: So in terms of capturing the zeitgeist – after Ashley Madison and Wikileaks and increased concerns about internet security – do you think it’s getting all that?
The Wikileaks stuff is primarily inside job stuff, and that’s just the way it’s being shared. The zeitgeist – it tries to tap into people who are mad at the ultra-capitalist society we live in, and there’s information gathering going on. Everything you put on the internet at one point will be exposed. It makes a pretty good go of that. It doesn’t really get too preachy – it’s more sort of ‘society’s screwed, these are the people who are wiggling around in the underbelly of that’.”
JB: At the very least they’ve given Christian Slater a job – so there’s that.
“I didn’t even really recognise that it was Christian Slater. But yeah – he’s back dressing like a hobo and scaring people on the subway.”