How accurate are the hacks in Mr. Robot? WIRED uncovers the show's secrets
WIRED meets the show's team of security consultants and expertsForget the story, characters, or acting, the first season of Mr. Robot grabbed attention because of its incredibly accurate portrayal of hacking.
Like the rest of us, show creator Sam Esmail must have had enough of the kind of nonsense computer scenes littering the likes of CSI Cyber and Swordfish, so he hired help in the form of ex-hackers and former FBI investigators as consultants on the Anonymous-themed show.
The attacks Elliot Alderson uses? They all work (for the most part – and we’ll get to the one big misstep in season one). The screenshots you’re picking apart on Reddit? They were snapped by infosec experts, not set designers.
“One of the things people don’t realise about the hacks on the show is I actually do them,” said Marc Rogers, one of the show’s tech consultants ahead of the arrival of season two this week. “When you see a hack take place on the screen I will have built that hack at home.”
And he knows his stuff: Rogers’ day job is head of information security at CloudFlare and he dabbles on the side running protection for DefCon.
Rogers' boss on Mr. Robot is Kor Adana, who sports an unlikely CV as a hacker-turned-writer. Adana’s job starts in the writer’s room, where he pitches story ideas and researches hacks to make sure they’re plausible, with support from Rogers and the rest of the team of security consultants. “I’ll reach out to them and ask: ‘this is what we’re trying to do – do you have any better ideas’?” Adana said.
Once in production, the team moves beyond talk, testing hacks to see if they actually work, all while snapping screenshots and recording video. “Because we’re going to have to show it on screen,” Adana explained. “We’re going to have to show the code or the software or the formatting,” and that can take multiple weeks to get just right.
“If you screenshot that second [of the show]...it’s going to be completely accurate,” he said. “That’s a very intensive kind of job.”
This is necessary, given Mr. Robot fans will screenshot the show for careful examination. “You’ll see little groups of people forming on Reddit, taking a look and dissecting what we’re doing,” said Rogers. “So everything we do has to be real.” People of Reddit, they do it for you.
In a way, Adana and his team are the Reddit of Mr. Robot’s writing team – nit-picking to keep it authentic. “The other writers are very respectful of the fact we’re an authentic show and we want to keep it grounded in reality,” Adana said. “However, that doesn’t stop everyone from pitching out crazy ideas. Usually I need to be the bad guy that says, ‘No, that’s not possible. We have to do it this way’.”
Just because a hack is possible doesn’t mean it’s likely a hacker will try it, either. They’re “lazy”, said Rogers, and take the most straightforward route to their goal. The more dramatic hacks are more often the preserve of security researchers, like Rogers himself. That means Rogers’ own real-world hack of a Tesla Model S last year was questioned by the writing team – it’s technically possible, and good TV, but still a bit unlikely for .
However, sometimes the story does get in the way of absolute accuracy. Time is often compressed, as no-one wants to watch Elliot stare at a computer for seven days straight surrounded by cold pizza.Neither Adana or Rogers were keen to discuss the show’s more major missteps, but Rogers admitted there was one hack he “didn’t like” and chortled in agreement at the suggestion it may be episode six’s great escape sequence, which saw Elliot hop onto a prison network via a police car radio to open all the cell doors.
“At a stretch, I’d say it’s plausible,” Rogers said, noting that more odd cases have happened. “There are some fantastic prison escapes I’ve heard of – one guy faxed himself out of prison,” Rogers said, describing how the inmate spoofed release papers to the court, which in turn sent them back to the prison. “He walked out.”
Adana defends the prison break stunt, saying the Stuxnet-inspired hack is possible. “I can justify those steps, I can go through those steps,” he says. “However, we didn’t show every single step, so if you’re watching it...I can see how it could be perceived as something that may be fantastical.”
As silly as the prison break was, it stands out because it’s one of few mistakes on the show – and even then, it’s a far cry from NCSI’s two characters typing on the same keyboard at once. “In this day and age where the average viewer of these programmes is actually quite seriously computer literate, you just don’t get away with that kind of stuff,” said Rogers.
Hacks aside, how realistic are the hackers themselves? Rogers recognises himself in awkward Elliot. “When I grew up and started hacking, I was painfully shy – it was hacking that made me into more of an extrovert,” he said, describing the “big shot of confidence” the power of intrusion gave him and the conversational skills that social engineering taught him.
Elliot’s unlikely to emerge as a social butterfly thanks to his social engineering attempts, but that’d still make more sense than most hacking shows.