Cyber on TV: Fact or Fiction?

By Tyler Cohen Wood

As many of us know, we have become a world where cyber is no longer just a tool, but something that we are completely reliant on in our everyday lives. Cyber has entered the mainstream and television has likewise jumped onboard, especially in the crime drama genre. Shows like CSI, Mr. Robot, and NCIS feature cyber as a key component of their plots, often portraying cyber tactics and technology as visually appealing, slick, and powerful. Obviously these are fictional programs, but just how accurately are these shows presenting cyber to the viewer? Could people be getting the wrong idea about how technology works?

CSI (and its many spin-offs) was one of the first shows to incorporate cyber tactics into their episodes. In the beginning of the long-running series, not all the tactics portrayed on screen were realistic and were more for exciting plot points or to help move the story along. To have shown real cyber forensics tactics on a prime time show 10 years ago would have been boring because technology wasn’t advanced enough to deliver instantaneous results with all the facts or the glitz and glamour used in the show.

Today, things are different. Almost all major prime time scripted TV shows incorporate cyber into their shows to mimic viewers’ everyday lives. Are they more factual than the tactics on TV 10 years ago? And if they are real, are there countermeasures we can take to protect ourselves?

A popular Emmy-nominated show on USA Network, Mr. Robot uses many hacking techniques in episode plots. CBS’s Emmy winning NCIS also uses hacks and many law enforcement tactics. Let’s take a look at some specific details from each show and see how they hold up in the real world.

FACT or FICTION—Mr. Robot

Intercepting Traffic

In the first episode of Mr. Robot, the protagonist Elliot claims that by sitting in a coffee shop and using an unsecured wireless network, he can use a tool to intercept all traffic on the network. He confronts a man who he suspects is running an illegal child porn website based on the collected traffic.

FACT

If you are using an unsecured wireless network, your traffic can be pieced together easily by anyone using freely available tools to “sniff” and piece together your traffic.

Never send anything over an unsecured network without using a VPN or ensuring that you are only connecting to encrypted websites before entering a password, user names, or any sensitive data.

For another similar potential attack, read one of our earlier blogs on location services and IMSI Catchers

The Mighty Tor

In that same episode, a character named Ron used a service called Tor to anonymize and hide his traffic so that it couldn’t be linked back to him. Elliot tells him that even though he used Tor, he was able to piece together the traffic and link it back to Ron.

FACT

The Tor network uses what are called exit nodes that act as gateways or doorways to where Tor traffic hits the Internet. So if a hacker owns the exit node being used, once the traffic leaves the Tor network it’s possible to piece together the information if the traffic is not encrypted or has identifying information. If you own the exit node, you can potentially own the traffic.

Do not assume that you are completely 100% anonymous when using an onion routing system like Tor. Always use encryption when transmitting any sensitive information.

Malware-Laced USB Drives

To get into a police station network, one of the hackers on Mr. Robot drops a bunch of malware-containing USB drives in the station parking lot in hopes that if any of them are put into a machine on the police network, the hackers would gain control of the network.

FACT

This is actually a well-known hacker tactic. If you find a random USB drive near your office or home, do not plug it into your system. Depending on your company’s cybersecurity policy, you may want to give the device to your IT Department.

FACT or FICTION—NCIS

DDOS Attack

In an episode of NCIS right before Christmas, a major Distributed Denial of Service (DDoS) attack was launched against the entire Washington, DC area, bringing down the Internet throughout the District of Columbia.

FACT (MAYBE)

In a simplified explanation, a DDoS attack uses multiple computers to flood systems with so much information at once coming from so many sources that essentially a website or server is unable to be reached by legit users, thus “bringing it down”.

In order to pull off the kind of catastrophic Internet disruption portrayed in the episode, the hacker would need to have many computers hitting many targets and know all the server addresses to hit. The hacker would also have to be able to fill up all Internet pipes. This is not impossible, but it is extremely difficult. If the attacker had a huge number of computers in his/her control with a lot of assistance, it could be done.  If the hackers targeted major infrastructure resources (power grids, hospitals, financial institutions, etc.), a protocol called Domain Name Service (DNS) (which translates numerical IP addresses into domain names), flooded all known major servers and pipes and brought down all backup systems and generators, it may be possible.

Rental Car Hack

In a different episode, tech guru character Abby is trying to locate a target whom she suspects has rented a car. Within seconds she is able to access all rental car records through all rental car databases and locate the exact car the target rented. It also turns out that the rented car had a tracker on it that she is able to also hack into and get the target’s exact location within a few minutes.

FICTION (Maybe)

In reality, Abby would need a warrant or consent from all rental car companies to attempt to locate the car. She could not just hack into every rental car database, realistically or legally. However, if she did go through the proper legal channels, was able to locate the target’s rental car and there was a logging mileage tracker on the vehicle, she could get the information from the rental car agency.

Physical Malware Attack

An NCIS agent physically puts malware on a smartphone that gives access to silently record and send the agent files of all activity on the phone, including video.

FACT

This is very much a fact. Never give your phone to someone you don’t know and make sure you keep it in your possession at all times. Also, make sure you have a security code on your phone and take all precautions to keep your phone out of the wrong hands. Also, do not click on any unknown links sent to you as an SMS message and keep your phone up to date.

Looking Up a Dictionary Attack

Later, an agent uses social media to piece together a whole profile of a target. The agent is able to see the target’s politics, hobbies, family, and where they live. With this info, the agent is able to put together a “pattern of life”. And, the agent is able to use a dictionary attack and easily determine the target’s password. The target happens to use the same password for all accounts including their employer’s network.

FACT

It is easy to peruse social media and put together a thorough pattern of life on a target. Also, many people tend to use the same password for all accounts. Make sure you use all privacy settings for your social media and think about your post before you post it. How could that post be used with all your other social media content to make you an easy target? Also, do not use the same password for all accounts and make sure your password is at least 12 characters; a combination of upper and lower case letters, characters, numbers; and is not an easily cracked or guessed password that could be found in a dictionary.

 As we can see from the above examples, TV has come a long way in getting cyber right or at least more correct, and there is much that viewers can learn from these shows about hacking and law enforcement techniques in order to ensure that we take the proper countermeasures to keep ourselves, families, and companies safe. Please review our course catalog for more information on security awareness.