We recently had a chance to talk with Kevin Haley, Director of Security Response at Norton, about hacking culture and USA Network’s new series Mr. Robot. Norton recently came back from making a hacking documentary in Romania, Most Dangerous Town, and shared with us some comparisons to the documentary and its hackers with Mr. Robot. Râmnicu Vâlcea, aka Hackerville, where the documentary was filmed, featured interviews with the hacker Icemen, known for hacking NASA; Guccifer (currently imprisoned), best known for hacking the Bush family and the Clintons; and Tinkode, who hacked NASA and the Pentagon.

The documentary, like Mr. Robot at times, is mostly a somber, serious affair filmed in grey hues, detailing the many reasons hackers hack: curiosity, truth, power, money, and as Iceman amusingly puts it, relating to his NASA hack, because, “I thought NASA would give me a job or something…but they gave me a fine.” The methods of hacking, as described in the documentary, gives credit to how realistic Mr. Robot portrays cyber-crime and its employees. Guccifer wouldn’t look out of place if he appeared in next week’s episode playing himself.

The players

Haley told SiliconANGLE that he thinks Mr. Robot is much more realistic than any other series or film that has attempted to portray hacking. “They get the technology right. They also get the mentality right,” says Haley, although he explains that, “There is a large number of hackers in the world, and they are not all the same. But the characters in the show are representative of all types of people in this industry.”

White Hats, Black Hats and Grey Hats (ethically intermediate), he says, constitute the division of hackers, explaining that he believes most hackers fall into the Grey Hat category. “For most consumers, hackers are a dark and mysterious force behind the data breaches and cybercrimes they see on the news. Norton wanted to pull back the hood from people’s perception of hackers and expose them as regular people,” he says, adding that the Most Dangerous Town documentary wanted to put real faces on the problem of cybercrime and uncover the realities of the human element behind the threat landscape. Of these real faces he says, “The physiological reasons for hacking and the attitudes about it expressed by the hackers in Most Dangerous Town align with those in Mr. Robot – it does capture that culture.”

What drives hackers to do what they do in Râmnicu Vâlcea Haley says is largely due to, “A highly educated community without an outlet to focus their intelligence in a productive way.” He also mentions political oppression and an, “Opportunity to feel powerful on the internet.” The hackers, like those in Mr. Robot, Haley says, are self-taught and have a wide-range of skillsets. “Some of the hackers are incredibly technical and hack high-profile websites simply because they can.” Other hackers, he says, commit common online crimes without any sophisticated computer skills at all. One of the reasons this can happen is because of user sloppiness.

Guccifer

Avoiding being hacked

As is depicted in the series social engineering plays a big part in how companies are hacked these days. “Today’s security solutions are very effective,” Haley says, “But it only takes one successful attack to breach a company.” And fooling humans is the easiest way a hacker can get around defense.

“Attackers are moving faster, being more creative and applying greater resources than ever before. Because of this evolving threat landscape, anti-virus alone is no longer enough. You need security software that provides comprehensive, multi-layered protection and proactively protects against threats,” Haley says, adding that, “anti-phishing technology is incredibly important since many hackers use phishing emails – legitimate-looking communications designed to cull personal information or deploy malicious code – as a means to compromise a victim’s identity.” On top of that we must be vigilant about how much information we make publically available on social media and networking sites as that can be used to enable an identity theft. Human error he says is the result of much hacking, our own carelessness, and there’s nothing much we can do about that except employ a little more awareness. This might include being savvy of common attacks, “so you’re not caught off-guard.” Strong security offerings, he says, are also imperative because they flag malicious websites, files and communications that could compromise a device.

As Guccifer says in the documentary, and as Mr. Robot amply demonstrates, using passwords such as 12345 or qwerty leaves you highly susceptible to hacking. But people still do this. “Guccifer is a social engineering expert – he was skilled at guessing people’s passwords and security questions,” says Haley, “When he started hacking, ‘12345’ was the most popular password and not much has changed since then.”

In one episode Mr. Robot shows how password crackers are used, such as Rainbow Tables. To avoid falling victim to a password cracker Haley simply states that the key to overcoming password crackers is to improve password quality. “Hackers often use social engineering to gather legitimate personal information to make educated guesses about a user’s password, and this personal information greatly improves the hacker’s chance of obtaining the password.” He advises using obscure words, phrases and symbols and changing your passwords on a regular basis. A password generator can also help protect your information, he says.

Iceman

Is anything safe?

“Nothing is completely safe,” says Haley, “We’ve repeatedly seen that as a technology grows more popular, so do attacks against that technology.” He explains that cloud security is improving but it’s not perfect, explaining that many consumers don’t fully understand cloud technology, making it difficult for them to manage the data they store in the cloud.

Biometrics, such as iris scanning, we are told will enhance security to a much greater extent. “Forget passwords,” are the words on some tech company’s lips, including Microsoft with its move to biometric sign-ins with Windows 10.

“Biometrics have a long way to go before they are widely-adopted and work seamlessly,” Haley says, “This is part of a wider trend we’re seeing in the industry to move beyond the password, since remembering long, complex passwords and constantly updating them is challenging.”

He does say however that it’s critical that the vendors implementing biometrics follow best practices, or biometrics he believes will make the situation worse. The overhanging worry for most people is that, “Passwords can be easily changed. Your fingerprint, face or iris is not so easy to change. Once a hacker has that information, you could be at risk forever.”

We should continue to practice good password hygiene and consider two-factor authentication, he explains, or use password managers to securely store different passwords for online services. “Nobody leaves their house without locking their doors, yet people don’t protect their information online,” he says, “You’re much more likely to be a victim of cybercrime than an actual crime.”

Photo credit: (main) Tinkode and business partner, (2) Guccifer, (3) Iceman via Norton by Symantec