The popular TV show Mr. Robot not only gives insight into the mind of a schizophrenic, but offers would-be hackers a guide to attacking computer systems and exploiting network vulnerabilities. The exploits and techniques used on the program should serve as a warning to CIOs and network security professionals as they plan their data security strategy, especially when it comes to securing their computer endpoints.
The show’s main character, Eliot, is a security engineer at Allsafe Cybersecurity and the leader of fSociety, an Anonymous-like group of hackers bent on causing economic turmoil by destroying the financial data of E Corp, a worldwide conglomerate and Allsafe client.
There are a number of hacking techniques used in the series, such as phishing scams and even blackmail to get access to a computer system and information. But it’s the endpoint exploits that are the most interesting and the ones that organizations are most able to address using the data leak protection (DLP) solutions offered by DeviceLock.
Three Endpoint Exploits in Mr. Robot and How They Can Be Thwarted
- Pretending to be an up and coming hip hop star, a nefarious hacker convinces an Allsafe employee to accept a CD of music in return for a positive review on social media. “Dude, you’ve been outside my building for two weeks. Ok, I’ll listen to your disk, but I’ll only tweet if I like it.” The disk not only includes audio files but a malware program that loads onto the Allsafe network when the disk is inserted in the employee’s computer.
- To get access to a prison’s internal computer network, a fSociety operative drops a number of USB thumb drives in the prison parking lot. An employee picks up one of the USB devices and when he gets to his office, plugs it into his computer. But before the malware can be installed, the local anti-virus software kicks in to stop it. On the failure of the plan, the operative simply states “if you gave me more than an hour, I could have written the malware in a way that the antivirus wouldn’t have caught it.”
- A “man in the middle” attack against a Bluetooth keyboard, with the target being a police officer’s in-car computer. With keyboard interface access, and some additional software operating over Bluetooth, the operative uses the officer’s “secure” computer to load the malware onto the prison’s network in order to electronically open all the cell doors at a specified time.
In each of these three endpoint scenarios, DeviceLock’s DLP solutions would have thwarted the assailant’s attack on the computer systems. In addition to preventing data from leaving an organization based on its content and context, DeviceLock’s solutions can block opportunities for peripheral port and device-based malware introduction by limiting port/device access to only authorized devices that can only then be used by authorized or even specifically assigned users.
Further, DeviceLock can prevent executables from being accessed or loaded onto a computer via its various connections, whether they are physical ports such as USB/Removable or CD/Optical drives, Bluetooth enabled devices, or various network connections. By managing the types of devices that can be used on a computer, and the types of files that can be accessed or downloaded via peripheral devices or networks, DeviceLock helps ensure that endpoints are guarded against malicious or accidental malware introduction as well as unauthorized data egress breaches.
I know if all the organizations in the series were using DeviceLock, it wouldn’t make for good television, but as a CIO or security specialist, it might let you sleep better at night. However, one of the most chilling security truths is revealed by Eliot when he states: “People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like neon signs over their heads.” Eliot’s statement is a reminder that sometimes you need to protect even your most trustworthy people from themselves, and DeviceLock certainly can help.
To get some additional insight into insider threats and inadvertent data breaches, please read our blog post: Your Worst Security Threat Might Be Your Most Trusted Employee
If you'd like to learn more about DeviceLock, please call us at 925-231-4400 or email us.sales (at) devicelock.com and talk to one of our endpoint security specialists. You can also trial the DeviceLock DLP suite for 30 days by visiting our website at: http://www.devicelock.com/download
See why over 70,000 organizations, deployed on over 7 million devices, trust their endpoint data security to DeviceLock.