The Realistic TOR Hack of Mr. Robot | ALC Training News
- No comments
The breakout television show of 2015, Mr. Robot, follows Elliot Alderson, a young and anti-social computer engineer secretly taking part in a vigilante hacking group. The show has received praise for its original and socially relevant subject matter, alongside the realism represented in its hacking scenes.
With the fourth and final season of Mr. Robot recently available through TV on demand, let’s take a look at one of the technological marvels showcased in the first season. Below, we’ll discuss a prominent hacking technique performed by Elliot, the real world comparisons and how this may affect your online activity.
Don’t rely on exit nodes for anonymity
TOR is a system for anonymous communication developed originally for the US Navy.
In the opening scene of the first episode, we are introduced to Elliot and his extraordinary computer abilities. During a conversation with the owner of the cafe he sits inside, we learn that for a number of weeks, Elliot has been monitoring network activity within the business. Our computer hacker explains that he breached the network by taking control of TOR exit nodes and decrypting the anonymous traffic.
TOR, as many of us know, is an evolution of a system for anonymous communication developed originally for the US Navy and further advanced by DARPA in the late 1990s. While TOR is touted as a completely anonymous network – famously known for credit card fraud, money laundering, black market drug trades and the rise of Bitcoin – there are a few areas of weakness that can lead those with limited IT security training into very dangerous territory.
A thin veil of anonymity
There’s some confusion around what the term anonymous actually means. It would be a grave mistake for anyone with only a basic knowledge of network security, proxies, exit nodes and anonymous browsing to download TOR and believe everything they are doing is hidden from others. Despite being touted as the go-to anonymous browser, the level of privacy offered by the software quickly dissolves in inexperienced hands.
Exit nodes within the TOR network work similar to a proxy server – where indirect connections are made between various network services – allowing anyone monitoring the traffic in these nodes to capture and potentially decrypt information being transferred. Of course, it’s incredibly easy to find an entire active list of TOR exit nodes online in seconds, meaning you’re able to choose which node you use as an exit relay.
Online crime doesn’t pay
Whenever you take the risk of doing something illegal online, there’s a very high chance that someone may be watching.
There are other access points within the TOR network, such as groups of middle relays for information to pass through that allow the data to bypass censorship concerns with little risk to the owner of the relay. Bridges – not officially listed as part of TOR – are crucial for navigation around blocked IP addresses in countries with strict policies on freedom of internet use.
The moral of the story on Mr. Robot is simple – whenever you take the risk of doing something illegal online, even downloading a TV show, there’s a very high chance that someone may be watching.
Anonymous browsing is never truly anonymous, and those who believe they are safe will no doubt find themselves in a similar situation to the nefarious owner of the television coffee shop – visited by a swarm of police officers following an anonymous tip and a horde of collected evidence.
Stay ahead of the curve with ALC Training
The expert team at ALC Training value the importance of knowledge and expertise in the IT industry and offer a range of courses across framework and risk assessment techniques, right through to information security training and higher-level training for executives and decision makers.
To learn more about what our expert training can do for you and your business, reach out today.
- ALC’s Cyber Scholarship Program – A Community Support Initiative
- ASD scraps Cloud Security Certification Program – Now What?
- Cybersecurity in your pocket: The essentials of mobile malware
- Where to Start with Digital Transformation?
- InfoSec Skilled Workforce Shortfall – Reality?
- What is the Office 365 Security & Compliance Centre?