If you\u2019re wondering why someone who\u2019d fry his computer\u2019s memory chip in the microwave would be careless enough to store evidence of people he\u2019s hacked on CD-ROMs disguised as CDs, then Elliot\u2019s one step ahead of you. He usedDeepSound<\/span><\/a>, an audio converter tool, to hide all of the files on everyone he\u2019s hacked\u2014as well as his own old family photos\u2014within WAV and FLAC audio files. And yes, the real files are encrypted and password protected, as we saw in episode 9. DeepSound is a modern example of steganography, the art of concealing information within plain sight.<\/p>\n If you assumed Elliot would run his own server or be an early adopter of Pond<\/a> , episode 8\u2019s revelation that he has aProtonMail<\/span><\/a> account may have come as a surprise. ProtonMail is a browser-based email service incorporated in Switzerland created by researchers who met at a CERN research facility. (Yes, that<\/i> CERN: the one where the World Wide Web was born.)<\/p>\n \u201cOne of the benefits of ProtonMail is that it\u2019s end-to-end encryption, and it\u2019s in a way that even the owners of ProtonMail can\u2019t see your content, and there\u2019s no IP logging,\u201d says Michael Bazzell, one of the technical advisers on the show. It even lets you set expiration dates for your emails, after which they\u2019ll self-destruct (provided the recipient hasn\u2019t made a copy of them, that is).<\/p>\n ProtonMail is free, though there\u2019s a wait list for invitations to create an account. \u00a0Beta versions of iOS and Android mobile apps were just announced, and it\u2019s possible to jump the queue with a $29 donation. The next batch will be released Thursday.<\/p>\n A Raspberry Pi<\/a> is that tiny and delightfully inexpensive computer that helps you learn programming and build your own digital toys. Turns out, it can also be used to gain remote access to HVAC systems. On the show, Elliot\u2019s plot was to gain access using the Pi and then raise the temperature in Evil Corp\u2019s storage room where tape backups are stored, thus <\/span>destroying the records of much of the consumer debt in the world.<\/p>\n Fsociety wouldn\u2019t even think of trying to penetrate the most secure facility in the country without a plan for stealing badge information from employees. Luckily, when visiting Steel Mountain, fSociety member Mobley was armed with Bishop Fox\u2019s Tastic RFID Thief<\/a>, a long-range radio frequency identification (RFID) reader that saves your score on a microSD card as a text file so you can clone the badge later. It\u2019s completely portable and fits neatly into a messenger bag or a briefcase.<\/p>\n Two-factor authentication can definitely foil your average fraudster\u2019s plans. Like 25,000 actual organizations worldwide, Allsafe, the cybersecurity firm where Elliot works, uses RSA SecurID<\/span><\/a>. RSA SecurID\u2019s two-factor authentication adds a layer of security to a company\u2019s protected resources by requiring users to not only enter their RSA SecurID pin, but a one-time password generated within the app\u2014which lasts only 60 seconds.\u00a0This is why Elliot needed a multi-faceted plan to get ahold of Gideon\u2019s phone in episode 8. First he texted him large MMS files to try to drain some of his boss\u2019 battery, then he snagged the phone to enter that temporary authentication code at the end of the password with nary a second to spare. He certainly raised suspicion from Gideon with the clever ruse, but at least he got the job done.<\/p>\n Kali Linux<\/a>, BackTrack\u2019s Linux\u2019s successor, is a Debian-based version of Linux that\u2019s specifically built for penetration testing and security auditing and is used in multiple episodes of Mr. Robot<\/em>. It\u2019s free, open source, and pre-installed with hundreds of pen testing programs, so it\u2019s perfect for cracking Wi-Fi passwords, bypassing anti-virus software, and testing security vulnerabilities on your network. Many of the tools used in Mr. Robot<\/i> are utilized within Kali. \u201cThat\u2019s the benefit of Kali is that all the tools are built in,\u201d says Bazzell. \u201cIt\u2019s got a distribution system with everything you \u00a0need.\u201d<\/p>\n John the Ripper<\/a>is a tool that Elliot used in the second episode of the show to crack Tyrell\u2019s password. Its primary purpose is to detect weak Unix passwords, but it can crack weak passwords with several thousand (or even several million) attempts per second. John the Ripper is available within the Kali Linux platform.<\/p>\n Episode 6 features Rapid7\u2019s Metasploit Framework<\/a>. Metasploit is an exploit development and delivery system that allows users to create and execute exploits, typically for penetration testing. It saves hackers time because they don\u2019t have to learn a new tool each time they want to run an exploit. Meterpreter<\/span> <\/a>is just one of several hundred payloads that can be used within Metasploit. It resides entirely in memory and writes nothing to disk, but can give an attacker control of their target\u2019s system and parts of the network. It\u2019s often used within Kali Linux on a virtual machine in Windows, or on Windows itself.<\/p>\n TrustedSec\u2019s Social-Engineer Toolkit<\/a> is an open-source pen testing framework designed specifically for simulating social engineering attacks, such as phishing, spear phishing, credential harvesting, and more. Elliot used SMS spoofing from within SET, a module that\u2019s unavailable on the newer versions, but Mr. Robot tech adviser Michael Bazzell said that it\u2019s possible for users to add that package back in within the new version.<\/p>\n This list would be remiss without the inclusion of a tool used by one of the show\u2019s less sympathetic characters. In the third episode of Mr. Robot<\/em>, Tyrell Wellick secretly installs mobile monitoring software on a lover\u2019s Android phone. After gaining root privilege by using SuperSU, he installsFlexiSPY<\/a>, a tool that lets you monitor other people\u2019s device activities with an online portal. FlexiSPY doesn\u2019t recover past data, but can show you anything still stored on their phone\u2019s memory or SIM card, as well as any future. It also hides SuperSU<\/a> as part of its installation. Sneaky sneaky.<\/p>\n <\/p>\n![\"NUP_168822_0856.jpg\"](\"https:\/\/hcsblogdotorg.files.wordpress.com\/2015\/08\/robot_mediagallery_exploits_ecorp-582x327.jpg\")
<\/a><\/p>\n<\/h3>\n
DeepSound<\/h3>\n
ProtonMail<\/h3>\n
Raspberry Pi<\/h3>\n
Tastic RFID Thief<\/h3>\n
RSA SecurID<\/h3>\n
Kali Linux<\/h3>\n
John the Ripper<\/h3>\n
Metasploit and Meterpreter<\/h3>\n
Social-Engineer Toolkit<\/h3>\n
FlexiSPY<\/h3>\n