As this week’s wasn’t as security-heavy as previous episodes, there’s not quite as much to discuss. But nevertheless, let’s dive in to it, shall we?
WARNING:SPOILERS AHEAD – SCROLL DOWN TO READ ON
In these less tech-centric episodes, it can feel a bit nit-picky to dig too deep into concepts that are briefly shown on screen. So I admit upfront to some of these being mere mentions, and I’m digging in to them for the sake of discussion here. (And what would internet reviews be without a bit of pedantry, eh?)
Angela as the ultimate insider threat
We’ve mentioned it a few times in past reviews, but this week’s episode really started to drive it home: Angela is a perfect example of E-Corp’s insider-threat worst nightmare. With her new level of internal access and her nascent (but growing!) knowledge of social engineering and basic hacking, she’s graduated from a potential pain-in-the-neck for security teams to a major threat.
In this episode, we see Angela doing even more digging around in E-Corp’s files. That’s not dissimilar from what we saw a few episodes ago, except now that she’s part of the risk management team, she has unprecedented access.
Smart move on her part. She logs in with her boss’ credentials on his own computer and dives into confidential data from there.
That’s a good call, because she’s doing everything possible to avoid tripping any alarms that would be looking for aberrant behavior. Many companies do monitor employee behavior to get a baseline of what’s normal activity for them, and when a number of things look off, it can set off alerts for security teams.
Poking around in confidential files is certainly one of those potential triggers, and poking around in confidential files while logged in on someone else’s machine is even more suspicious.
By using her boss’ credentials on his own machine, she may not completely avoid all suspicion (especially if those confidential files are considered generally off-limits) but she’s certainly mitigating her own risk.
Both sides of the social engineering coin
It’s interesting that most of the actual hacking we’re seeing lately comes from Angela, arguably one of the least tech-savvy members of the Mr. Robot character cast. Depending on who you ask, social engineering is either a field all on its own or an extension of hacking (“human hacking,” as some call it).
It seems to be the kind of hacking that Angela excels at, in any case. We’ve previously seen her talking her way into restricted areas and out of FBI scrutiny – some of it, anyway – and in this week’s episode, we also see how she reacts when she’s on the receiving end.
Perhaps the Angela of a few episodes past might not have recognized what was happening, but when the rather suspicious agent from the Nuclear Regulatory Agency tries to shuffle her in to a distant conference room, you can see her alarm bells go off.
Most importantly: she listens to her gut feeling.
The “agent” tried a number of coercion tactics, adding a sense of urgency and social pressure of not wanting to let other people down: “But my colleagues in the other room are eager to meet you!”
Combined with her growing suspicion that something already wasn’t quite right (how did the agent know she worked at E-Corp?), her paranoia kicked in and she got out of there as fast as she could.
There’s hope for her yet.
Other notes
- I did find it curious that the head of E-Corp’s risk management, as well as (it seems) the whole risk management team, allowed USB access on their machines. I would hope, especially after they’ve been so massively and publicly hacked, that at least high-risk departments would have some kind of device access policy in place. Or maybe that’s unrealistic?
- Real-life hacker tool cameo! This episode had an appearance by the Pwn Phone from Pwnie Express, which Elliot used so he and Darlene could keep tabs on Dark Army phone conversations. The Pwn Phone is usually used more as a penetration testing tool for security professionals to test defense flaws for mobile and bluetooth-enabled devices, but that doesn’t mean someone couldn’t use it for more nefarious purposes, of course.
Image courtesy of USA Network
from Naked Security http://ift.tt/2bXulMC
0 comments:
Post a Comment