clock menu more-arrow no yes

Filed under:

The Mr. Robot Hack Report: Follow the Private Key

Where do you hide the most sensitive data in the world?

Mr. Robot is back, and the C Y B E R is back, too. The show takes a special interest in showing off the details that usually get glossed over, often drawing on real hacks and real cybersecurity problems. So after every episode, I’ll be breaking down who got hacked, how, and with what. It turns out, there’s a lot more to each one than you can see on-screen.

Mr. Robot set a high bar for season finales the first time out, tearing down the fragile carapace of American finance with the weapons of the new electronic order. This year, we got even more, restoring the records destroyed in 5/9 while delivering life-changing twists to nearly every major character, mostly at the same time. Angela’s dad! Elliot’s window! Dom’s increasingly bleak future! Irving at least gets to go to the Bahamas.

We go into the twists more in the show itself, but the big subject for the Hack Report is exactly what happens with that private key. In some ways, it’s the shibboleth of the entire show, the single string of data that could undo all the chaos F Society has set loose on the world. We’ve heard hints about it since last season, but in this episode we found out exactly where it’s been all along.

FOLLOW THE KEY

For weeks, Elliot, Darlene, and even Dom have been obsessed with getting into Sentinel and recovering the data that was lost with 5/9. But once they finally get in, it’s not quite what they thought. Romero was running a keylogger, and the keylogger does show someone exporting the private key — but it wasn’t a local export, so the key isn’t actually in Sentinel at all. The main thing to realize here is that, throughout 5/9, everyone was typing commands directly into the terminal. At the same time, the keylogger was recording every keystroke, and thus every command entered into terminal. So when Elliot finally gets the keylogger data out of Sentinel, the export command is plain to see.

Of course, there’s a twist. It was Robot who exported the keys, not Romero. He’s had the power to undo the hack the whole time, which could have saved Darlene a lot of trouble. Still, Robot and Elliot haven’t exactly been on speaking terms this season, so it makes sense that Elliot would only find out now. And more importantly, we remember from the first season that Robot was in control the whole time 5/9 was being executed, so he would have had plenty of opportunity to make it happen. The more interesting part is what he did once he got it.

INSIDE A PHOTO, INSIDE A SONG

Imagine: you’ve just destroyed the records for most of America’s debt. You have the single string of bits that undo that hack. You want to keep it, but soon every law enforcement official in the world will be looking for it, so you have to keep it very, very safe. It’s likely that sometime soon, they’ll search your apartment looking for it. Even your own alternate persona might look. How can you make sure no one else can find it?

The first answer is to disguise it as something else. This is what Elliot does each time he burns a CD, although it’s worth walking through exactly how he does it. As Elliot loads in the blank CD with the private key, you can see him loading up DeepSound, an open-source tool that lets you plant and extract hidden files in playable audio.

Of course, even that only gets you to the Alderson family photo album — itself a somewhat sensitive document, as we learned in season 1. From there, Elliot moves to an even more obscure tool called Steptic, which lets you pull the same trick with image files. Fittingly enough, it’s hidden in the Back to the Future Halloween pic. The sentimental favorite!

This process — hiding sensitive data inside openable files — is called steganography, and it’s one of the best tools we have for this kind of situation. As elaborate as Robot’s setup might seem, think about what it looks like to an investigator. Even if you toss the apartment and find the CD, all you’ll see is a bunch of music files. Even if you get clever and check the music files, all you’ll find is a bunch of pictures. You could break through to the embedded data if you look close enough, sure, but you can’t look that closely at everything. Why focus on the CDs? Once you find the pictures, why focus on the Back to the Future one? In cases like this, being inconspicuous is the best security there is.

Once Elliot has the key, he emails it to a public E-Corp recovery address from a suitably anonymous email service. E-Corp almost certainly has the encrypted version of the data, although with e-coin on the rise, it’s an open question whether they will actually want to recover the data. Even if they do, it may not help the general state of the world too much, as Darlene’s sex worker friend points out in the post-credits sequence. But presumably all of these questions will be answered in the season to come!


So that’s the whole season! Normally I’d tell you to send along questions through Reddit or our Twitter hashtag, but we’re closing up shop. It’s been a lot of fun, but like Irving, the Hack Report is taking an overdue sabbatical. See you next season!