It’s not every press event that starts with “The technique we’re teaching you today isn’t technically illegal, but using it definitely is.” There’s something thrilling about it, but it also seems pretty risky.
This is all promo for Mr Robot season three that is about to start on Amazon. If you haven’t watched seasons one or two, you are in for a real treat. It’s one of the shows we've marked as being among the best to watch on Amazon Prime.
In Mr Robot, Rami Malek plays a hacker called Elliot Alderson who is part of a group called F Society. There are other hackers who also hack things but we can’t really tell you much more without giving away massive spoilers. Just go watch it. Even if you’ve already watched it.
At the event we were treated to a potted history of hacking, followed by a workshop that taught us the basics of hacking a website. What was really staggering was how simple it was.
Hack for cash
Our hacking teacher for the afternoon was Chris Wallis, founder and CEO of cyber-security firm Intruder who has, over the course of his 10 year ethical hacking career, hacked into numerous FTSE 100 and sensitive UK Government systems.
He talked us through the different reasons that hacks happen, including hacktivism (think Anonymous), espionage (think STUXnet), and crime for financial gain (think WannaCry). According to Wallis, this last category is the largest growing section of the hacking community, given its anonymity and ease.
When you first look at a screen filled with code, easy isn’t the first thing that springs to mind. But when shown the right tools, it’s surprising how exposed some of the web’s vulnerabilities are.
We learnt a technique called an SQL injection, which basically allows you to call up information stored in a database by putting commands directly into entry fields on a website. If, for example, you wanted to log onto a website but didn’t have a password and username, you could potentially use an SQL injection to trick the database into exposing the information needed and log you in.
*whispers* I'm in
This works because you can essentially manipulate the code behind the scenes by putting nefarious code into the window where you are supposed to be entering your password. We’re not going to describe the process in its entirety here because we’re genuinely not sure it’s a good idea for us to teach you how to hack.
We were shown how the technique works, then set a challenge of trying to hack into a website (don’t worry, it was one that Wallis setup for the workshop). It’s a really satisfying feeling when passwords and usernames start appearing on the screen, but we had a niggling feeling that it couldn’t really be this easy. Could it?
“This how TalkTalk got hacked,” Wallis explained, “[The TalkTalk website had] this exact problem. They made their website, they didn’t filter what the user was putting into it, and someone just turned up and said ‘give me all the stuff you’ve got’. They downloaded it all, put it on the DarkWeb for money.”
It seems pretty risky that the internet is so easy to manipulate, and the hacking community agrees. There’s an amazing video from 1998 of a hacker group called L0pht advising senate on safeguards that need to be implemented on the web. It’s worth watching, if only to hear a senator say the name Brian Oblivion:
Obviously, the safeguards weren’t implemented and now we’re in a place where hacking is commonplace enough that there is a major TV series about hacking. One thing that we were curious about is how accurate the hacking is in Mr Robot.
Wallis had this to say: “I actually was hugely impressed when I watched season one about how realistic the hacking is. The main difference I noticed was simply they sped things up, so where he can hack someone in thirty seconds, in real life it might take days, or weeks. But in principle, most of what he says and does is very close to how it's done in real life. I think they must have spent a lot of time and effort consulting with real hackers to make each episode, which is pretty cool!”
It was a great way to spend an afternoon, if a little terrifying. We probably won’t be donning the hacker hoodie again anytime soon. But we will definitely be watching Mr Robot season three for some vicarious hacking.
Mr. Robot Season three launches on Amazon Prime Video October 12 with new episodes every Thursday.