Jose Barbosa talks to Adam Boileau of Insomnia Security about hacking thriller Mr Robot, and New Zealand’s place in the info-war web.
The much anticipated Mr Robot season two is on Lightbox. To get everyone’s head in the right place José Barbosa talks to Adam Boileau, a computer security specialist for Insomnia Security. He’s also the owner/operator of Kiwicon and is the co-host of Risky Business, a weekly podcast about the information security industry.
The two bearded men talk about Mr Robot’s depiction of hackers; the current flap over the leaked DNC emails and the likelihood of Russia being involved; and NZ’s place in the info wars. Spoiler: if someone’s going to let the team down, it’s probably going to be us.
Stream or download the podcast below. You can also read on for a full transcript (edited for clarity and length). Also subscribe to our main podcast feed via iTunes or search for The Spinoff – Pop Up Pods in your favourite client
What are your thoughts on Mr Robot, coming from the cybersecurity industry? Does it get it right?
Compared to other portrayals of hacking and computer security in the mainstream media, it’s by far one of the better examples. There are some areas where they’ve had to make things a bit more friendly to TV, like how they all hang out together in the same physical space. Meeting each other physically isn’t really reflective of the hacker world. Naturally, we use the internet to communicate and a lot of hacker crews operate having never met each other, or even being in the same city.
The actual technical bits are, by and large, on point. The hacker community traditionally identifies more with the classic 1994 movie Hackers. The hacking sequences are complete rubbish, but the social aspects are more accurate. But the representations of how they go about doing their various things in Mr Robot is really the best representation we’ve seen in a mainstream show.
Beyond the technical aspects, I think the representation of mental illness and of drug abuse in that is really well done. Obviously that’s a thing that also affects the hacking community. Somebody once described it as a refuge of marginal personalities. Even in the New Zealand scene, we’ve seen some high profile examples of people who really have struggled with mental health and drug abuse and paid for it.
That is really fascinating, because that is one of the things I was going to ask you. They all come together in the show as ‘F society’ and they’re all very much together in the same space. I wondered about that and whether that was really the norm.
There’s more cases of people being linked by the internet, because a lot of people who grew up hacking didn’t really know people locally who were into it. Certainly in a place like New Zealand, which is a very small country, the few hackers that knew each other were a fairly tight clique. As a new person coming into the scene, often you didn’t even know there were other people doing it in the country. A city like New York, I suppose, is more believable. There have been geographically centred scenes in big cities like that.
Security-wise, if you’re some hacktivist doing some nefarious things, would it be advisable to actually meet up like that in one space?
On one hand, no. Obviously the people who are doing hacktivism are going to be well-trained in the kind of operational security you need to deal with actually carrying out physical conspiracy – like how a rented facility for ‘F Society’ can’t leave money trails and that kind of thing. Hackers aren’t necessarily well-versed in that kind of physical stuff.
On the other hand, you can talk to someone on the internet and you have no idea if they’re a dog, as the classic joke goes. And having hacker groups being infiltrated by the Feds. Meeting in person does have the advantage that you get a better feel for the people you’re dealing with, which might actually be advisable in some places.
Yeah, totally. You talked a little about the New Zealand scene, I’m sort of curious about where the scene here is compared to Europe or America or even Asia. Are there particular cultural differences in each country about, sort of, how the circles work? Is it interesting to go to another country and see how they do things?
There’s certainly the classic divide in the hacker scene between Europeans and Americans. The Europeans are more politicised generally, and much more aware of privacy. We’ve seen a lot of crossover between the pro-freedom and strongly political scenes in Europe, I’m thinking about the hackers doing Comms in former Yugoslavia during the Civil War there, to try and get people to communicate even when the main infrastructure was down.
There’s lots of crossover between the traditional hacking scene and politicised activism stuff. The Chaos Computer Congress hacker conference in Germany is famed for the presentations given there against surveillance technologies. Whereas in the US, until Snowden, we saw more of a bro culture. It was all about lols and getting pissed and having fun with your mates. It wasn’t such a politicised scene – there were pockets, sure.
In Australia and New Zealand, we’re in between. We have our European heritage, but a lot of grew up learning from the Americans, so there’s a little bit of both. And of course there’s the Asian influence. India has a very strong technical hacking scene, as does China.
I guess China leads because they have to, right? They have to be good at it.
Yeah, if you’re trying to do that sort of stuff in China you have to be very resourceful. Because you’ve got the oppression of the government, but also access to a very large manufacturing base in mainland China for electronics and computers and technology, so there’s a lot of engineering knowledge there. You just take a few of those people who have that background who also want to do security stuff, and it’s a really powerful combination.
One of the things about Mr Robot I like, as an outsider to that scene, is it seems to capture the feeling of where the world is at the moment. If you look at the headlines it’s all over the show. From Turkey having an internet blackout there, to the Democrats’ emails being plastered all over the internet and whether or not Russia might be involved. Did you think the show captures that as well?
I think it does. It does have a lot of elements that do currently ring true, especially how we’re seeing that subversion of corporate technology being used by activists. It’s a very believable show. Almost scarily believable in some cases. At the end of the first season when we take out the big corp through hacking it and taking out all its stock… it’s all very doable. It wouldn’t be any more difficult than they portray. It’s very believable in terms of that aspect as well as capturing that feeling of people being powerless and of technology being everywhere that you don’t necessarily understand. You can only control so many aspects of life and of society, and I guess the desire is there to tell it to go fuck itself.
Yeah totally. And what do you make of the carry-on of the Democratic National Congress and the emails there? Is Russia involved?
The technical aspects of that investigation really do very strongly point towards Russia. The hacker that claimed responsibility has a very thin veneer, puppet-y sort of arrangement, he’s really not believable. Russia is not sloppy. If you put up an even slightly unconvincing front like that, and there’s plenty of other examples in recently history of this happening, they don’t do that by accident. It’s there to sow confusion.
Russia can’t come out and say ‘yes we did this’, and they can’t have us thinking anyone else did it. If they make it look like Iran or North Korea did it, then that would be a problem as well. From what I’ve read of the investigation I am quite convinced that it’s Russia. Exactly what they’re trying to achieve is another question.
If they get caught out it’s so flexible, they can just go to WikiLeaks, WikiLeaks will just release them, and they get their intended effect anyway. It just seems like such a flexible and adaptable kind of thing to do. Does the way they’ve rolled with the punches feel like a new kind of thing that’s happening, a new step change?
I don’t know whether they were under that much pressure. They kinda know what they’re doing. The theory that holds the most water is there is kind of a doctrine in Russian thinking which is about sowing confusion, about creating a society that’s left them paralysed. You can see that America is clearly heading towards political paralysis and that really plays into Russia’s hand.
We’ve seen them pull this kind of trick elsewhere. There was an example in France where a TV station, TV5 Mond, was hacked by some crew claiming affiliation with ISIS. They then took over TV channels and broadcast rubbish. It had very strong ties to actually the same group in the Russia, which really was just there to sow confusion. I think it’s the same kind of thing.
I’m not sure it’s necessarily them rolling with the punches as it is a case of sticking their finger in the pot and stirring it. They’re just adding to the mess that is the American domestic political scene at the moment. Whatever happens in that election, it’s going to result in a country that’s unable to make any decisions. America won’t be in a position to play global cop because they’re too busy fighting donkeys versus elephants.
In terms of the world stage, is New Zealand okay? It seems like we’re not really seeing this kind of thing happening in New Zealand. There have been some high profile things, mainly to do with emails. Or has the wool been pulled over my eyes? Is stuff happening down in the belly that we don’t know about?
We are tied into this by virtue of the Five Eyes arrangement. We’re part of that political block globally, so of course we are a target to a certain extent. I think if you were wanting to break into the Five Eyes intelligence community, the lesser players like us and Canada, are probably easier targets than the NSA or the Australian USD and the UK. We are the weakest link, so we would be a target in that.
Then there are our trading arrangements. Companies like Fonterra would be a target for Chinese economic interests, and we’re a big supplier in that industry. The only example of politicised hacking that you can actually point to on record in New Zealand is Rawshark and Dirty Politics during the last election. And it’s certainly not clear that that caused any significant influence in terms of the outcome of the election. We don’t have the kinds of examples they have in the US and South Korea or Saudi Arabia where we have seen politicised hacking.
Mr Robot seems, at least for me, like such a great introduction to that world. If I wanted to delve any deeper are there any other TV shows, movies or even books, dare I say, that you would recommend?
Certainly. The classic movie Hackers with Angelina Jolie is one of the classics of our people. Sneakers.
Oh I love Sneakers.
Those are ones that we in the industry have enjoyed as being authentic to a certain extent. In terms of books, the one that actually got me into this scene was in the ’80s, a book by Cliff Stoll called The Cuckoo’s Egg, which traces his story of investigating what turned out to be KGB breaking into American military installations across the 80s internet. That was a really fascinating, now historical, piece.
There’s of course a movie just come out about Stuxnet, the American-Israeli worm that infected Iranian nuclear enrichment. There’s also good books that have been written about that, for a more modern example. There’s a lot of great hacker history about, especially in the late ’80s, early ’90s. The rise of the phone freaks and people who are breaking into the phone companies back in the days.
Another one I would strongly recommend is Command & Control, a book about the history of the security of the American nuclear weapons programme. We developed the internet to be a nuclear command and control system, so that’s a really interesting read about how we got where we are and the extent to which that worked. It ties very much into security, risk and all the things that we worry about in terms of technology. That’s definitely on my must-read list.
Hack into Mr Robot exclusively on Lightbox, with new episodes arriving every Thursday night
This content, like all television coverage we do at The Spinoff, is brought to you thanks to the excellent folk at Lightbox. Do us and yourself a favour by clicking here to start a FREE 30 day trial of this truly wonderful service.
Subscribe to The Bulletin to get all the day’s key news stories in five minutes – delivered every weekday at 7.30am.