December 26, 2019

Philosophy of Mr. Robot, 101

Control is about as real as a one-legged unicorn taking a leak at the end of a double rainbow.

The sage words of one Elliot Alderson, aka Mr. Robot. Of course, he also said “control can sometimes be an illusion. But sometimes you need illusion to gain control”. Control, therefore, or the semblance of control, is key to preventing and fighting a cyber-onslaught. Mr. Alderson has much wisdom to impart to us on this topic. Together, let’s take a brief Fsociety University ‘Wresting back Control’ class to gain a better understanding of these insights.

Module 1: Recognizing the dangers of the insider

With enough time, a hacker will find the flaws and there is no one with more time to uncover these flaws than someone already on the inside, just ask Elliot Alderson. Most organizations still focus on developing safeguards against external online attacks, using defensive tools like anti-malware, external firewalls, DDoS attack mitigation, external data loss prevention, etc. It’s a frightening but all too real fact that the majority of cyber attacks come from trusted employees or former employees or associates. Whether it be for financial gain, reputational elevation, or bad blood, insider attacks are the most common and the most damaging of all malicious offensives. So how do we spot and ultimately prevent them?

  • Have external and internal penetration testers examine your defenses to identify weak spots.
  • Provide regular training to employees on safe data management and internal cyber risk mitigation.
  • Put tight controls on what information your employees can access.
  • Carefully record what goes in and out of your network.
  • Take extra notice of the actions of any employees who may have just received termination notices and feel they have nothing to lose.
  • Watch for employees that suddenly become extra enthusiastic in their work, volunteering for extra duties, expressing sudden expertise in areas other than their core role. Hey, we’re not saying shoot volunteers, just be savvy!

Module 2: Protecting mobile assets

As seen during the hack of the FBI’s temporary office in ECorp during season 2, it is imperative that we pay attention to the vulnerabilities of mobile devices, which provide a conduit to access sensitive data and inject malicious actors into our systems. Some simple measures to help shore up mobile defenses include:

  • Keeping an up-to-date inventory of devices and who uses them.
  • Ensure that devices, particularly laptops/tablets, etc. have up-to-date firewall and antivirus protection installed with personnel designated to manage this throughout the year.
  • Use encryption software and implement a top-down data encryption/decryption program for all sensitive company data.
  • Use biometrics and identity control software to ensure that only assigned personnel can access mobile devices.
  • Install mobile security applications on all mobile devices to constantly run security checks throughout the operation of that device.
  • Ban the use of public WiFi networks.
  • When you retire devices wipe them clean of all data before disposal.
  • And, seriously, stop using 12345 as company passwords!

Module 3: Don’t forget the mundane

We can get hung up on the intricate and elaborate cyber violation and how to defend against them, forgetting that our most sensitive data often resides in very ordinary and very exposed places. Data-loss prevention (DLP) providers estimate that almost 90% of an organization’s intellectual property resides in email. With another 90% of business data loss occurring through phishing and social engineering scams, it’s clear that email is another key area. Moreover, as we saw in Season 4 of Mr. Robot (and the real-world Panama Papers), valuable data can also reside with our business partners and suppliers.

So, what to do?

  • Train your staff, partners, and suppliers best practices in email security
  • Push your encryption policies to your business partners and suppliers, making it a mandatory element of communications.
  • Train your staff not to hoard unnecessary or sensitive emails.
  • Warn employees to keep an eye out  for scam emails that request a password change as part of a security shakeup. Tell them if there’s any doubt they should visit the provider’s website for accurate security updates.
  • Use identity verification software to ensure that the sender is who they claim to be.
  • Be wary of Web-based email. If you use a Web-based browser, encrypt the connection with Secure Socket Layer (SSL) protection and always check for an https URL.

Module 4: Tempus fugit

The DDoS attack in Season 1 demonstrated the importance of a stealthy response. Employing a well prepared, masterful strategy to counter the attack, the team was back on track in 5 hours. This is a realistic recovery period if you are well prepared but with the typical DDoS strike manifesting in wave after wave of individual, disparate attacks, it can be difficult to know what to prepare for. Let’s take a look at how to establish a basic line of defense:

  • Spot the signs:
  • A sudden, sharp increase in website traffic
  • Slowing of performance
  • Scrub the ISP. Deal with the attack in a remote environment, removed from your main infrastructure. Reach out to your internet provider, who may have the means to scrub the originating IP and block further malicious attacks.
  • Set up routers and firewall policies to filter non-critical protocols, block invalid IP addresses, and cut off access to high-risk areas of your network. Many firewall providers provide anti-DDoS technology that lives on the perimeter of your network, detecting and dealing with DDoS attacks quickly and effectively. Definitely worth the additional investment.
  • Route malicious traffic into a black hole until the situation abates. The difficulty with this approach is that this blocks all traffic, good and bad.
  • Investigate using a Content Delivery Network to create replicas of your website for different locations.

POP quiz

  • Did you study all modules carefully?
  • Did you examine your cyber-threat policies in light of this new information?
  • Did you add Mr. Robot Season 4 to your watchlist?

You have successfully completed this ‘Wresting back Control’ class. You are now ready to infuse your cyber-threat defense strategy with the wisdom of Mr. Robot.  And remember, 'the devil is at his strongest while we're looking the other way.'