anatomy of a hack

How Mr. Robot’s Most Complicated Hack Yet Came Together

Mr. Robot - Season 2
Portia Doubleday as Angela Moss. Photo: Michael Parmelee/USA Network

Midway through Wednesday night’s episode of Mr. Robot, the normally emotionless Mobley begins to vent to Darlene: “You can’t teach someone to hack in one day. I don’t know if we’ll be ready by tomorrow.†The “someone†is Angela, who has been assigned (or blackmailed, depending on your point of view) the task of launching fSociety’s latest hack that, according to the show’s lead technical consultant Kor Adana, is the most complicated hack orchestrated on Mr. Robot so far. “Nothing we have done before has been this intricate and intensive,†he says, “but this is one of my favorite hacks.â€

The overall hack is as follows: The exploit code that Elliot wrote at the beginning of last week’s episode is loaded onto a device that mimics cell towers and given to Angela to plant in the E Corp building. Darlene breaks into an adjacent hotel room, aims a cantenna (which extends the range of Wi-Fi networks) at that building, connects to a hidden Wi-Fi network, and begins to download the data the device is collecting from the phones of every FBI agent within a 100-foot radius. Angela then plugs the device into the E Corp network, which allows Darlene unfettered access to all things related to the corporate behemoth.

Like Darlene explained to Angela — simple.

But the planning for such a plotline, fictional or otherwise, isn’t necessarily straightforward. The exploit and retrieval of hundreds of thousands of text messages, emails, notes, calendar entries, and pictures from the Android phones of FBI agents stationed on E Corp’s 23rd floor took several episodes for fSociety to plan, but for Adana, his team of technical consultants, and the show’s writers, the true story that inspired this episode’s hack stretches to 2013, well before Sam Esmail’s series was green-lit by USA executives.

At that year’s Black Hat conference, a premiere hacking and computer-security event held annually in Las Vegas, a pair of researchers demonstrated how a femtocell, which is essentially a small cell-phone tower that enhances wireless signals in areas with weak coverage, can be hacked. Several vendors offer femtocells (the Black Hat example was demonstrated on a Verizon femtocell), and when activated, it will connect with all phones that share the carrier. After gaining access to a femtocell’s operating system, the researchers could intercept texts, phone calls, and even clone cell phones.

Of course, Verizon immediately patched this vulnerability, but once Adana read about this startling presentation and knew it was conceptually possible, he says it was the hack he most wanted to showcase on Mr. Robot. “I knew I wanted to do something with a femtocell delivery hack,†he says, “but I couldn’t find a good place to do it that first season.†He continues, “It is really scary. Carriers don’t allow you to control which tower you want to connect to, and when your phone haphazardly connects to rogue femtocells, you become extremely vulnerable.â€

It is likely, though, that even if a possible plotline existed for a femtocell attack last season, Adana wouldn’t have been able to pull it off. Adana was just one of two tech consultants who worked with the writing staff and the show’s animators, and he just didn’t have the bandwidth to construct the story line. “It is impossible for one person to handle all of these details,†he says. By now, Mr. Robot’s commitment to technical accuracy and authenticity is near legendary. “The show is always open to evolving,†says Ryan Kazanciyan, a chief security architect who works at the cybersecurity firm Tanium. “Even if the change is an incidental one, or something needs to be rewritten during preproduction, Sam wants to make sure that if you were to freeze frame and tweet a screen shot, the tech will hold up to any security expert who might scrutinize it.â€

Kazanciyan was one of the consultants brought on for the second season, along with security experts Marc Rogers, James Plouffe, and Andre McGregor (Michael Bazzell, the other consultant who worked with Adana last year, also remained on staff). To orchestrate a hack of the FBI, one that included several steps that needed to be streamlined for audiences unfamiliar with cantennas (which Darlene installs after she breaks into the hotel room) or Kali Linux — a toolkit that combines everything a hacker might need, including Wi-Fi analyzers, password crackers, and vulnerability scanners — this expansion of the team was crucial.  “For all of our hacks, I assign them different elements of the hack to research, and then I’ll compile those details together and work with an animator to recreate them in a realistic way that fits our show,†says Adana.

Adam Penn, a writer for the show who penned this episode’s script, was also itching to include a hack of this magnitude. “We knew where we needed this story line to end up,†he says, “and the arc narratively has been building to this hack.†When Penn and the other writers sketch out the show’s more complicated hacks, they’ve found it is easier, and more realistic, to reverse engineer the hack. “We like to start at the finish line and work backwards,†says Penn.

Adana first pitched using a femtocell to hack the FBI while he sat in writing sessions this past winter: “Kor got really excited and thought using the femtocell would be a good device that isn’t used a lot in film and television,†says Penn. “If I know it is possible, even if I don’t have the details to back it up, I’ll pitch it,†Adana explains. “The writers will ask questions. Sam kept asking whether this is really possible, and if it only targeted specific phones, but otherwise, I don’t get very technical with the writers. We want to make it easy for everyone, from the studio to the cast and crew, to understand, but honestly, this idea scared the shit out of them.â€

The team got to work: Rogers was responsible for the Android remote-execution exploit code as well as the WRT interface script that runs when logged onto the femtocell; McGregor’s responsibility included the hack’s physical logistics — whether or not Angela needed to carry a UPS battery backup, and how she would find an open port; while Kazanciyan acted as the episode’s fact checker, freeze framing and reviewing every command prompt and onscreen detail.

As the consultants researched how to streamline a complex hack into less than ten minutes of air time, Adana continuously met with Penn as he revised the script, updating the dialogue and adding more technical complexities. The scene involving Angela’s prep with Mobley in the smart house was rewritten several times before Penn and Adana felt comfortable with it enough to submit it to the rest of the writers for notes. “We have to get across information that is highly technical that a lot of people won’t naturally understand, and present it in a way that is understandable,†says Penn. “A few times, Adana mentioned, ‘No, he would never say it like this, he would say this instead.’â€

Though the femtocell was unique to audiences, the hack’s highlight was Darlene’s use of a Wi-Fi network, which gives her remote access to the data dump and total control of the E Corp system (which is why, when the Wi-Fi goes down, she is unable destroy the video footage of Angela planting the femtocell).

Because of the nature of the filming schedule, there’s also the issue of timeliness — the vulnerability that Elliot exploited had been patched earlier this year and is no longer an issue for Android users — but Adana mitigated any concerns by using some of the most advanced tech in the information-security community. From the Magspoof (which Darlene uses to clone the hotel employee’s key card) to the Signal messaging system (the “marble cake†code Angela receives) to Kali Linux, this hack was a primer for the latest and greatest tools currently in use.

To convey the enormity of something this complex, it would take pages of dialogue, but Penn and Esmail realized an audience might best understand the intricacies by filming it in a single take. It is a technique the two had originally intended to use during season one’s Steel Mountain hack, but they realized that since that hack was contained to just one floor, it would be much more manageable and wouldn’t necessarily need a single take to simplify it. Esmail, who is directing every episode this season, drew inspiration from Paul Thomas Anderson’s famous one-take pool scene in Boogie Nights. “The energy, the music, and the camera work reminded me of that scene, and when I asked Sam, he said he had it in mind,†says Penn.

While this hack wasn’t code-heavy — a treat for Reddit boards and forums to analyze and discuss — it effectively demonstrated how easy it is to compromise both a network and a government agency with a few tools. Like all tech on Mr. Robot, the femtocell attack was rooted in reality, and as the show has introduced several attacks — Ashley Madison, hacking a Jeep — to a worldwide audience during this first season, Adana hints a similar instance could occur with femtocells. “I was at this year’s Def Con [a hacking conference], and I had to turn my phone on airplane mode because there were rogue femtocells all over the place,†he cautions. “This is how prevalent an attack is out there.â€

How Mr. Robot’s Biggest Hack Yet Came Together