Do you know the series Mr Robot? This series, a phenomenon in 2015, delves into the world of hackers and cybersecurity.
One of the most topical themes in the films and series we watch is digital protection. Cyber attacks are becoming increasingly common, inevitably leading to greater investment in cybersecurity.
With this, the hacker character has been appearing more and more regularly in the film industry, often portrayed as a negative element, but sometimes appearing as an element of hope against cyber-activism.
The protagonist of this series, Elliot Alderson (Rami Malek) is a cybersecurity engineer and vigilante hacker who suffers from social anxiety disorder and depression.
Elliot lives two lives in one. During the day, he protects the company from virtual attacks. At night, he uses all his skills to preserve justice.
But the protagonist’s life changes when he is recruited by a mysterious anarchist known as “Mr Robot” to join a group of hacktivists called “fsociety”, whose aim is to destroy E-Corp, a company that the group believes is controlling the world, and which is also a client of Allsafe, the company where Elliot works during the day.
Although Elliot is a very talented hacker, the series shows how fundamental it is for cybercriminals to use social engineering as a way of perfecting their attacks, i.e. psychologically manipulating their victims in order to obtain personal information. In today’s episode, Elliot uses these same social engineering skills to hack the mobile phone of his boss, Gideon Goddard, founder of Allsafe Cybersecurity, the company where Elliot works.
This is a key episode in demonstrating how human vulnerabilities can be exploited, even when technological defenses are robust.
Elliot’s plan
In order to obtain information that could help the “fsociety” in their plan, Elliot decides to access Gideon’s mobile phone.
How did he get to him?
- Observation
The protagonist needs to access Gideon’s mobile phone in order to obtain the MFA code he needs to enter an account with privileged access. - Distraction
As soon as Gideon places his mobile phone on the table, unlocked, Elliot creates a distraction with the help of the “fsociety” group, and this is how he gains access to his boss’s mobile phone. - MFA
During the moment of distraction, Elliot manages to go to the mobile phone app and see the code. After returning to his computer, he has 90 seconds to put the code into the computer and access what he wants, or another code is generated and he has to repeat the process. At that moment, Gideon looks for Elliot and intercepts him, almost discovering his plan, but Elliot manages to close the application quickly and still manages to put in the code that allows him to access the account.
And what lessons can we learn from this episode?
- Maintain Constant Vigilance: Never leave your devices unprotected in public or semi-public places, even in work environments.
- Opt for Automatic Locking: Configure your devices so that they lock automatically after a short period of inactivity.
- Protect Against Social Engineering: Opt for constant and recurring training to recognise and resist social engineering attempts.
- Use MFA: Implement additional verification techniques for access to sensitive information, even within the company.
- Opt for Strong Passwords: Choose strong and unique passwords for different devices and systems, as well as password management applications to create and store secure passwords.
This is undoubtedly a powerful example of how social engineering can be used to compromise an organization’s security.
Even with advanced technological security systems, human vulnerability remains one of the weak points most exploited by hackers.
By learning from these examples and implementing robust cybersecurity practices, companies can better protect their information and, likewise, reduce the risk of successful attacks.