Welcome!

Cloud Security Authors: Yeshim Deniz, Pat Romanski, Elizabeth White, Zakia Bouachraoui, Liz McMillan

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Post

What ‘Mr. Robot’ Can Teach Us About Incident Response | @CloudExpo #IoT #Cloud #Security

It is not often that movies and television shows give viewers the opportunity to explore the world of hacking & digital security

It is not often that movies and television shows give viewers the opportunity to explore the world of hacking and digital security in a realistic manner. After two seasons, "Mr. Robot" has attracted its share of IT professionals as well as average citizens. The show has offered numerous depictions that are of particular interest to those who make their living by protecting their organizations.

The critically acclaimed television series offers fictional situations rather than documentary evidence. However, the plots and actions of both the security engineers and hackers are realistic enough that they can send a shiver down the spine of any professional responsible for safeguarding their organization's system and responding to incidents. This two-part post explores some of the most chilling incidents depicted on the show - incidents that are especially disturbing because they can and do happen in the real world.

People Are the Weak Link
Employees are walking, talking cyber-risks. Sometimes they commit breaches out of anger or because they have been offered payment for sensitive data. At other times, they are innocent pawns or fall victim to a phishing attack. For example, in one episode of "Mr. Robot," Elliot is able to gain physical access to Steel Mountain by manipulating an eager-to-please employee. Elliot himself is an example of an employee who is working to sabotage his employer. One of the worst things about insider hacking is that it can be months or years before it is detected. Controlling access and permissions by employee can help as well as keeping a log of everything that comes in and goes out over the network.

Passwords Present Problems
Users prefer to select passwords that they can easily remember and, in many cases, they use the same password or a slightly modified form of it for all of their sites. If the password is difficult to remember, the user will probably write it down. In one episode, an attorney kept the password to her email account on a sticky note on her desk. In case you're wondering whether users are still playing fast and loose with passwords, you need only check SplashData's list of the worst passwords found in 2 million leaked passwords. Despite compiling and publishing the list annually, the password "123456" still tops the list, followed by "password," "12345678," and "qwerty." Security professionals must be more proactive about training users in the selection of easy-to-remember but hard-to-guess passwords, keeping passwords private and choosing different passwords for every platform.

There Are Times When Being Social Is a Mistake
It is amazing what you can learn from many people's Facebook pages. Information such as their mother's maiden name, the users' date of birth, names of children, favorite pet and much more is often posted for all to see. In many instances, this is all the information that a hacker needs to respond correctly to a secret question in order to have the password reset. Hackers can also use the information to guess passwords. In one episode, Elliot is able to access his therapist's accounts by guessing that her password was a combination of her birth year and the name of her favorite musical artist. However, Elliot has also been able to glean information over the phone and in person by misrepresenting himself.

Never Expect Privacy from a Public Network
In the very first episode, Elliot exposes the manager of a coffee shop as the owner of a website featuring child pornography. He discovered the truth by observing the manager's activities through the coffee shop's public Wi-Fi network. With just a bit of free software and a little technical knowledge, intercepting people's activities is relatively easy on an unprotected network. Employees should be warned to avoid using public networks to access email accounts or conduct other activities that could leave their personal data exposed.

Skimping on Security Investments Is a Mistake
In one episode, Elliot winds up in a hospital, and it's revealed that he chose the hospital because of its one-person IT department that operates on an inadequate budget. He has no problem hacking the hospital's database to alter records. Organizations that do not make the necessary investments in personnel and hardware could suffer a similar fate, especially if they do not bother to keep software updated.

More Stories By Rishi Bhargava

Rishi Bhargava is Co-founder and VP, Marketing for Demisto, a cyber security startup with the mission to make security operations - “faster, leaner and smarter.” Prior to founding Demisto, he was Vice President and General Manager of the Software Defined Datacenter Group at Intel Security. A visionary and technology enthusiast, he was responsible for delivering Intel integrated Security Solutions for datacenters.

Before Intel, he was Vice President of Product Management for Datacenter and Server security products at McAfee, now part of Intel Security. As an intrapreneur at McAfee, he launched multiple products to establish McAfee leadership in risk & compliance, virtualization, and cloud security. He joined McAfee by way of acquisition in 2009 (Solidcore, Enterprise Security Startup). At Solidcore, he was responsible for Product Management and Strategy. As one of the early employees and member of the leadership team, he was instrumental in defining the company's product strategy and growing the business.

Rishi has over a dozen patents in the area of Computer Security. He holds a BS in Computer Science from Indian Institute of Technology, New Delhi and a Masters in Computer Science from University of Southern California, Los Angeles. He is passionate about new technologies and industry trends and serves as an active advisor to multiple startups in silicon valley and India.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...