Modern field guide to security and privacy

The hacker who makes sure 'Mr. Robot' gets it right

Cybersecurity researcher Marc Rogers is the principal hacking consultant on the hit TV show "Mr. Robot," which debuts its second season on the USA Network Wednesday.

Mario Anzuoni/Reuters
The hit show "Mr. Robot" has been praised for portraying hackers realistically. Here, lead actor Rami Malek accepts the award for Best Actor in a Drama Series during the 21st Annual Critics' Choice Awards.

For years, Marc Rogers worked as a lone hacker, writing software exploits capable of breaking into vulnerable systems. Decades later, Mr. Rogers is doing the same thing, only this time it's for Hollywood. 

To ensure that TV versions of hackers are more accurate reflections of the shadowy world he once occupied, Rogers serves as principal hacking consultant on the hit USA Network show "Mr. Robot," which debuts its second season Wednesday night.

"When I would see people portraying things that I have done and known intimately, I would cringe," says Rogers, who agreed to work on the show (he was only briefly involved with season one) after years of frustration watching fake hacks on TV.

The problem is that spending hours in front of computers trying to root out vulnerabilities in software can be, well, "really boring," he readily admits. 

"Some of the greatest hacks I have ever pulled off involved multiple days of sitting in front of a screen often with no sleep, quite often living off old, cold pizza and tapping away at the keyboard, until I found what I was looking for," says Rogers, who went by the nickname "Cjunky" during his hacker days. "This would takes days of hunting for weaknesses, days of turning those weaknesses into potential weapons and then the culmination would often be just a few seconds."

Despite all the tediousness of the computer work, which is central to the "Mr. Robot" storyline, the first season was a hit with hackers of all stripes. Last season, the show followed a group of anarchist hackers known as "fsociety," who were trying to cancel all the world's debt by taking down a large corporation called E Corp.

Not only did last season borrow from real world computer breaches and cyberattacks, many well-known hackers and security researchers praised actor Rami Malek, who plays the show's main character Elliot Alderson, for his realistic portrayal of a community that's often misunderstood and mischaracterized on television and film.

When it comes to crafting the more technical aspects of the film, however, "Mr. Robot" creator Sam Esmail intentionally avoids dwelling on those details when writing the scripts, Rogers said, and instead leaves it to technical advisors to make sure each hack on the show is actually plausible.

And that means actually testing the hack themselves. The process involves searching for exploits, writing code, building the hack, and testing it on a vulnerable system. It might take up to 60 hours to write a single attack, just like in real life. Rogers and the other consultants operate with their own simple mantra: Come up with the most realistic scenario.

"A real hack is often a week’s worth of work looking for vulnerabilities in something and then coding it, and then exploiting it, the same goes for the hacks we do on the show. They are the real thing," Rogers says.

Rogers declined to share details about his time as an independent hacker. However, that stint didn't seem to last long. He quickly moved on to work as a so-called "white hat" – or ethical – hacker to protect corporate security. He now works as a security researcher for the cybersecurity firm CloudFlare, and is head of security at DEF CON, which organizes one of the world’s largest annual hacker conventions in Las Vegas.

Rogers' notoriety in the security research community has led to other gigs advising TV shows such as the award-winning BBC series "The Real Hustle" and, in recent years, he was a member of the team that successfully demonstrated security vulnerabilities in a Tesla Model S and Google Glass.

While Rogers refused to delve into any second season plot details, initial reviews indicate the show will address the fallout from the events at the end of season one. Mr. Esmail previously said the plot will address the debate between many in Washington and Silicon Valley over the increasing use of encryption on consumer devices. 

"I think it's a really important issue that we’re going to really get into in the next 10 years, and it’s not something that I think people really understand the nuances of," Esmail said during a panel discussion at South by Southwest, the annual tech conference in Austin. "It really brings up that idea of the rights to privacy, and do we have that or do we not?"

The fact that "Mr. Robot" is trying to ensure technical accuracy and hit many of the hot button issues within the information security community sets it apart from hacker dramas that have come before it. 

From the 1992 film "Sneakers," starring Robert Redford and Sydney Poitier, to 1995’s widely derided "Hackers," many of Hollywood's previous attempts to portray this community were widely mocked by experts and film critics alike for their goofy portrayals of hackers. 

On TV, it's even worse,  Rogers said, pointing to "CSI:Cyber" as a prime example. "Whenever they broach the concept of hacking, it is always awful."

But as audiences are becoming more tech savvy, they will expect more authenticity and realism from the shows they watch, he says. "People are very critical of what they seen on TV, so if they are armed with knowledge and can criticize it, they will."

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.