This post will contain a series of short articles with videos voice over to breifly go over the hacking scenes and tools done by Mr Robot so if you want to get notified about the new hacks, you can subscribe to my YouTube channel.
The DDOS Attack on Evil Corp Servers
In Season 1 episode 1 of Mr. Robot, Elliot received a night call from Angela telling him that Evil corp servers are under DDOS attack. Initially, they thought its just a DDOS attack but Elliot pointed out that there is a malware at the main server.
Elliot suggested that in order to stop the attack, the main server must be taken offline, an alternative backup server should be up and running and the legitimate traffic should be re-routed to the backup server instead. In the meantime, Elliot plans to inspect the main server for signs of malware presence.
Elliot just located the backup server by inspecting the network configurations and then used “ifconfig” along with other network tools to re-configure the DNS so that the backup server acts as the main server until the main server issue is sorted out.
To Elliot’s surprise, he discovered that the malware that triggered the DDOS attack was planted by him in an attempt to take down Evil Corp that’s why he left it and didn’t delete even after resolving the DDOS problem.
Today, DDOS attacks can be mitigated using firewalls, load balancers and CDNs to distribute the heavy load on the server.
Blue Team Cyber Security & SOC Analyst Study Notes
How Did Mr Robot Hack The FBI Cell Phones? | The Femtocell Hack
in season 1 episode one a Mr Robot Elliott didn’t like Angela’s boyfriend Oli Oli tried to have Elliot get along with him which spurred Elliot hacking Instinct Elliot decided to hack Ollie and find more about him.
Elliot started gathering information about ali by observing Ali’s activity on social media the music, he likes and the post he makes.
At the end of Elliott’s information gathering stage he decided to hack alli’s online accounts. First Elliot prepared a word list of passwords created using a popular tool named crunch Crunch allows you a specify minimum and maximum number of characters as well as a pattern think of a pattern where a password is composed of birthday pet name and cell phone number which altogether constitute a password.
With a word list ready Elliott launched a password dictionary attack using a tool named Hydra against one of alli’s online accounts which ultimately succeeded. Be aware though that most social media platforms use rate limiting and security measures against such attacks so this method may work only against non-secure platforms stay safe.
How Did Mr Robot Hack The FBI Cell Phones? | The Femtocell Hack
In season 2 of Mr. Robot. The FBI is tracking Elliot and his team due to the 59 hacks that severely impacted Evil Corp and the global economy. To gain information on the FBI’s investigation, Elliot needs to eavesdrop on their conversations. He devises a plan where Angela installs a femtocell in the Evil Corp headquarters, on the floor where the FBI is working.
Once connected to Evil Corp’s network, Elliot uses a modified version of the OpenWRT firmware. This setup allows all cell phone calls made by FBI agents in the vicinity to be routed through Elliot’s modified device, enabling him to divert and record the calls remotely.
A femtocell is explained as a small cellular tower designed to improve reception for people with poor cell signal. Phones automatically connect to it as the closest signal source, and the femtocell routes calls through the internet, providing improved service to users.
How Did Mr Robot Hack The Prison? | The Prison Hack
In season 1, episode 6 of Mr. Robot, where Elliot is blackmailed by the drug dealer Vera, who demands that Elliot hack him out of jail. Vera is holding Shayla, Elliot’s love interest, hostage, giving him until midnight to break into the jail’s computer system.
Mr. Robot suggests hacking the prison’s Wi-Fi, but it’s secured with WPA2, which requires time to crack. While scanning for networks with his phone, Elliot detects a Bluetooth keyboard being used by a correctional officer in a nearby car.
Elliot’s plan is to spoof the Bluetooth connection to the officer’s keyboard, tricking the laptop into believing that Elliot’s phone is the keyboard. This would give Elliot control over the cop’s laptop and access to the prison’s network. Once inside, he could upload malware to take control of the prison system.
Elliot uses a tool called BlueSniff to find the MAC address of the cop’s Bluetooth keyboard and then uses other tools, btScanner and Spooftooph, to complete the hack.
How Did Mr Robot Hack Ron’s Coffee Shop WiFi? MITM Explained
In season 1, episode 1 of Mr. Robot, where Elliot hacks the owner of Ron’s Coffee Shop due to suspiciously high Wi-Fi speeds. The hack Elliot performs is called a Man-in-the-Middle (MITM) attack. This type of cyber attack allows the hacker to intercept and monitor network traffic.
Elliot uses tools like Wireshark and Ettercap to accomplish this. These tools enable him to monitor the network activity and find out that Ron, the coffee shop owner, was involved in suspicious activities using the Tor network.
Elliot explains that he was able to view Ron’s activity by controlling the exit node of the Tor network. In cybersecurity, the exit node is where data packets leave the Tor network and reach their destination. If a hacker can track packets up to this point, they can decrypt and see the previously encrypted traffic.
The Steel Mountain Hack Explained | Mr Robot
In season 1, episode 5 of Mr. Robot, where Elliot and the F Society attempt to infiltrate the Steel Mountain facility in upstate New York to destroy Evil Corp’s data tapes. The team uses sophisticated hacking techniques to gain access to the premises, which are heavily guarded.
The first stage of the plan is to find a Steel Mountain employee wearing a key card around their neck. The goal is to copy the employee’s card using a technique called RFID card cloning. Christian Slater’s character bumps into the employee and manages to get the card reader close enough to the employee’s card to capture the necessary data.
Once the data is captured by the card reader, they plan to clone the card and use it to pass through security checkpoints inside the Steel Mountain facility. The best tool for RFID hacking and cloning, as mentioned in the video, is the Proxmark 3, a device available for under $100.
How Did Mr Robot Hack The Hospital?
In Season 1 episode 3 of Mr. Robot, Elliot was admitted at the hospital where he usually receives healthcare and that’s because he was pushed by Mr Robot off a railing and fell on some rocks which resulted in minor bruises.
After Elliot was admitted to the hospital, they called his emergency contact which happens to be his therapist, Krista Gordon. Krista was informed by the diagnosis team that Elliot had this accident due his Morphine use therefore Krista didn’t recommend Elliot release unless he agrees to a bi-monthly drug test which Elliot softly denies. It was revealed that Elliot hacked the hospital computer network by crafting a malware that enabled him to access health care records and have the ability to modify it.
This hack was not technically clear in the show but I believe Elliot used a tool named “msfvenom” or “shelter” to create his malware and then applied some encryption and packing to hide it from Anti Virus solutions.
This hack was one of the easiest hacks Elliot did because the hospital uses outdated versions of Windows OS as well as outdated AntiVirus which failed to flag Elliot’s malware thus he was able to modify his records to state that he is drug free and can be released.
How Did Mr Robot Hack FBI’s Samsung Android Cell Phones?
In Season 2 episode 5 & episode 6 of Mr. Robot, Elliot’s goal was to own Evil Corp network as well as taking control over all FBI’s communications and that includes having access to the calls they make, text messages and applications, So how Elliot did that technically?
Elliot developed a custom zero day exploit for Android devices that the FBI used at the time. The exploit targets a vulnerability in Android’s KNOX security component of the Samsung Galaxy firmware which allows the installation of malware by just visiting a web page delivered by the attacker.
Ironically, the real exploit for this zero day was developed by Rapid7 who create Metasploit.
Next, Elliot wrapped the exploit and delivered it to Darlene and Angela who injected the exploit in the modified firmware that they used to run the Femtocell. Once the femtocell is connected to the wired network of Evil corp, Elliot can connect to the femtocell firmware through the exploit and start listening to calls, text messages and launch further attacks.
How Did Mr Robot Accessed The Dark Web?
In Season 2 episode 5 & episode 6 of Mr. Robot, Elliot unexpectedly stumbled upon a hidden website in the dark web while doing a site migration job for his friend new Ray. Elliot discovered the hidden website after a conversation with the old IT guy who got beaten by Ray’s men so Elliot wanted to find out why that happened to him.
Elliot discovered disturbing things about this website such as the fact it is a business hidden in the dark web, sells illegal stuff such as weapons, drugs, women and children.
This hidden website can only be accessed by a link that is shared between the owner and the visitors. Additionally, these websites can’t be found on the normal web that you can access with search engines.
However, these websites are found in what’s called the dark web and can be reached using the “TOR” browser and the URL of the website which usually ends with “.onion”
How Did Mr Robot Track A Cell Phone Location Using Social Engineering & OSINT?
In Season 2 episode 10 of Mr. Robot, Elliot was asked and ordered by Tyrell’s wife to track his location using his cell phone number.
Elliot used a combination of social engineering and open source intelligence techniques to track Tyrell’s physical location.
Social engineering attacks are considered the most efficient form of cyber attacks that aim to steal sensitive information.
Elliot decided to use his social engineering skills and sent a suicide notice fax to the NYPD claiming that he received a call from Tyrell’s phone number telling him that a guy is planning to commit suicide.
Elliot followed this with a call to the NYPD impersonating the identity of a detective asking the operator to send him the GPS coordinates of Tyrell’s cell phone number in order to stop the suicide.
Elliot then used spokeo.com to lookup the physical location of the coordinates which led him straight to Tyrell’s location.