00:00:00.200-->00:00:05.205 >>I want to introduce Kim Zetter who's going to do the Mr. Robot panel, thank you! >>Okay uh it's 00:00:13.347-->00:00:16.817 good that we're at the end of the session, or at the end of the day here in case we run off 00:00:16.817-->00:00:22.222 a little longer um unfortunately we don't have any clips for you uh we wanted to put some of 00:00:22.222-->00:00:25.959 those together and maybe show you some of the hacks and products as they were developed 00:00:25.959-->00:00:31.064 but this kind of came together on short notice last minute so we don't have that but we do 00:00:31.064-->00:00:35.402 have a great panel of experts here who are going to answer all of your technical questions 00:00:35.402-->00:00:40.741 except anything that involves a spoiler um I'm going to just uh I'm going to introduce the panel 00:00:40.741-->00:00:44.645 uh I'll go through some questions but we definitely want this to be interactive we want 00:00:44.645-->00:00:50.951 all of you guys to feel free um I can give you sort of a signal when we're going to be getting 00:00:50.951-->00:00:55.889 ready to take audience questions and we definitely want your questions so um you all know 00:00:55.889-->00:01:00.360 that we're in here for the Mr. Robot panel right? [cheering] okay I just wanted to make sure 00:01:00.360-->00:01:05.766 you're in the right place um okay so I was talking with Kor I don't know if I need to give you 00:01:05.766-->00:01:12.105 like a summary of the show, right? You all know the show right? Okay, great alright so 00:01:12.105-->00:01:15.742 I'm just going to introduce the panelists then and you guys aren't in the order that I 00:01:15.742-->00:01:21.114 thought you were going to be in so well Kor's in the center so why don't we start with Kor, so 00:01:21.114-->00:01:25.953 we've got Kor Adana in the blue checked shirt there Kor is a writer and tech producer of Mr. 00:01:25.953-->00:01:30.724 Robot um but he actually comes from our community he worked as a network security analyst and 00:01:30.724-->00:01:35.429 forensic manager for Toyota motor sales where he did pen testing, designed security 00:01:35.429-->00:01:40.634 policies, did forensics for the legal and HR departments, that is until he got his big break in 00:01:40.634-->00:01:46.707 Hollywood in 2013 um as a production intern initially and then two years later he got his 00:01:46.707-->00:01:50.944 he scored his job with the Mr. Robot team and I'm going to ask him a little bit about how he 00:01:50.944-->00:01:55.482 got there um in addition to writing scripts he oversees all technical aspects of the show so 00:01:55.482-->00:02:00.020 that's not just about putting the hacks together but he makes sure that the a the hardware 00:02:00.020-->00:02:04.224 that's being used is correct that the set directoration is accurate and all of that as 00:02:04.224-->00:02:09.229 well. Uh Tor uh sorry Kor put together a core team of uh consultants security experts to 00:02:12.466-->00:02:18.472 assist him with that and that's who we've got here um so let I'll guess I'll start on the far 00:02:18.472-->00:02:23.176 right there and come forward to me uh no I've got to switch gears here so we've got at the 00:02:23.176-->00:02:28.648 far right there is Andre McGregor uh he's director of security for Tanium um managing 00:02:28.648-->00:02:34.721 their internal security but he's a former FBI agent and so he assists in uh all of the FBI 00:02:34.721-->00:02:41.561 forensic stuff uh on the show um and unlike many feds he actually has a computer engineering 00:02:41.561-->00:02:46.566 background and knows some of this stuff so. Prior to joining prior to joining the bureau he 00:02:48.969-->00:02:55.108 worked as an engineer at Goldman Sachs and was IT director uh for cardinal health advocates uh in 00:02:55.108-->00:02:59.446 his work with the bureau he helped establish the first cyber national security squad for 00:02:59.446-->00:03:03.683 FBI's New York field office and led numerous large scale cyber investigations involving 00:03:03.683-->00:03:09.322 everything from financial crime to critical infrastructure intrusions uh next do I need to 00:03:09.322-->00:03:14.327 intro- Jeff? [laugh] Jeff Moss everyone! Everyone knows him um Dark Tangent of course, founder 00:03:16.663-->00:03:22.469 and director of BlackHat more importantly of Defcon which began 1993 uh former Phreaker uh 00:03:22.469-->00:03:27.908 is now widely recognized computer security expert who in 2009 was appointed to the 00:03:27.908-->00:03:31.912 homeland security advisory council to provide advice and recommendations to the secretary 00:03:31.912-->00:03:37.317 on matters related to homeland security. And from 2011 to 2013 he served as iCann's chief 00:03:37.317-->00:03:42.322 security officer, you all know Jeff. Uh next to Kor is uh Ryan uh Um I just Kazanciyan did I 00:03:45.926-->00:03:50.630 get it right? Okay, uh chief security architect for Tanium and has thirteen years of 00:03:50.630-->00:03:55.669 experience in incident response and forensics, pen testing, and security architecture, prior to 00:03:55.669-->00:04:00.874 joining uh Taniam, is that taniam or tamian? Tanium sorry. Uh he was a technical director 00:04:00.874-->00:04:05.412 and lead investigator for uh Mandiant where he worked with dozens of fortune five hundred 00:04:05.412-->00:04:10.317 organi- organizations involved in targeted attacks although I assume that Ecore wasn't one of 00:04:10.317-->00:04:15.322 them um he also helped train FBI agents. And finally you guys all know C.J. this is Marc Rogers uh 00:04:18.792-->00:04:24.564 who all of you know as C.J. C. Junky uh is an old school hacker who heads information security 00:04:24.564-->00:04:30.737 at Cloudflare and is a long time goon here at defcon uh Marc's uh obviously well known for 00:04:30.737-->00:04:36.042 pioneering pioneering some hacks in the 90s and last year he gave that fantastic presentation on 00:04:36.042-->00:04:41.715 hacking a Tesla. So um I'm going to start with some overview questions uh primarily initially 00:04:41.715-->00:04:48.421 directed at Kor I want everyone to jump in uh with any questions that you feel are relevant to 00:04:48.421-->00:04:55.195 you but just to get us started on sort of the overview I want a uh Kor just give us an idea of 00:04:55.195-->00:05:01.568 how exactly this show came together. >>Um really quickly before I get into that >>Yeah 00:05:01.568-->00:05:08.041 >>Can you guys hear me now? Alright really quickly before I get into that I just wanna say 00:05:08.041-->00:05:11.912 that there are two members of the consulting team who couldn't be here with us today uh Michael 00:05:11.912-->00:05:17.184 Bazzell and James Plock, and Michael if you're here put your hand up because I think he's 00:05:17.184-->00:05:23.490 supposed to be here. If not. Alright um inspiration for the show, our creator and showrunner 00:05:23.490-->00:05:28.495 Sam Esmail uh he is Egyptian and he has relatives who are living in Egypt who had to who 00:05:32.532-->00:05:39.272 experienced the Arabs reign and just dealing with that and knowing how a younger generation 00:05:39.272-->00:05:44.945 was able to use technology in a way to thwart internet censorship and get the access 00:05:44.945-->00:05:50.116 that they needed using technology or social media was a huge inspiration for Mr. Robot. 00:05:50.116-->00:05:55.121 That coupled with the fact that uh Sam and I believe many people in this room share a this 00:05:57.857-->00:06:04.397 disdain for how Hollywood has portrayed technology and hacking in film and television up to 00:06:04.397-->00:06:09.970 this point and upon my first meeting with him that's like the first thing that we bonded over 00:06:09.970-->00:06:14.741 was how much we hated that and how we would cringe every time we'd see a show about hacking or 00:06:14.741-->00:06:19.746 a movie about hacking [applause] so. We wanted to do it right and we thought that doing it in a 00:06:24.484-->00:06:31.191 realistic way would be dramatic and would be enticing and compelling and that really 00:06:31.191-->00:06:35.695 empowered me to just and I had gotten into a lot of fights and altercations since that moment 00:06:35.695-->00:06:41.801 and I still continue to do so um even with these guys uh but it's all in the name of making it 00:06:41.801-->00:06:46.206 authentic and making it realistic and hopefully we're doing a good job of that and 00:06:46.206-->00:06:50.877 will continue to do a good job of that um so those are the two main inspirations for the show. 00:06:50.877-->00:06:57.250 >>So how did Sam get the characterization of Elliot Alderson so spot on? Because 00:06:57.250-->00:07:00.854 that's it's not just the hacks that Hollywood gets wrong it gets wrong the hackers and the 00:07:00.854-->00:07:07.027 and the culture and the community. >>So Sa- Sam dabbled a bit in hacking as a teenager 00:07:07.027-->00:07:12.565 but by no means does he refer to himself as a as a hacker these days but it's interesting, 00:07:12.565-->00:07:17.570 having been exposed to both worlds um writing and just the tech community and the hacking 00:07:20.573-->00:07:25.578 community I see that just the isolation the stressed the anxiety, the social awkwardness, 00:07:28.248-->00:07:32.986 uh the amount of time spent alone in front of a computer, problem solving, how frustrated 00:07:32.986-->00:07:37.324 I used to get when I tried to code, and I'd try to solve problems and I couldn't figure 00:07:37.324-->00:07:42.829 it out is very similar to the stresses that I experience breaking story or or trying to 00:07:42.829-->00:07:48.234 nail a scene or or writing one of these scripts. So I think just the comparison between a 00:07:48.234-->00:07:53.239 hacker and a writer from a anxiety perspective is very very similar um and the the drug 00:07:56.176-->00:08:01.448 usage, the, the social awkwardness all all of this I I think Sam just infused his 00:08:01.448-->00:08:07.053 experience as a writer and put it into this hacker character and it works because of those 00:08:07.053-->00:08:11.324 worlds are very similar and I've been able to make those connections of how similar those 00:08:11.324-->00:08:15.895 worlds are and of course you're using different parts of your brain um but still I think a lot 00:08:15.895-->00:08:21.701 of that isolation and loneliness is uh is rampant in both worlds so I think that's why it works 00:08:21.701-->00:08:25.405 and I think that's why so many people in this community can relate to Elliot because it's 00:08:25.405-->00:08:30.043 it's hard dealing with people I mean I think that's one of the great things about Defcon you 00:08:30.043-->00:08:35.048 know you guys all get together and actually you know connect with each other in real life so 00:08:37.083-->00:08:41.588 >>But he also gets I mean the other hackers that we see in the shows are sort of like let's say 00:08:41.588-->00:08:46.626 Black Hat let's just call it out um where they're all powerful and they're um they're not human 00:08:46.626-->00:08:52.665 essentially um and Elliott is very human and vulnerable and uh basically psychologically messed 00:08:52.665-->00:08:58.872 up and a lot of things mentally unstable um and those elements all exist in this community we 00:08:58.872-->00:09:02.842 have you know suicides in the community and a lot of stuff like that, and he gets that. And 00:09:02.842-->00:09:08.148 that was unusual I thought like so. >>And again I think that it's it's prevalent even in the 00:09:08.148-->00:09:13.286 writing community as well. It's a It's another similarity that just it it it's the engine that 00:09:13.286-->00:09:18.591 makes the show work and I think the character vulnerability and him dealing with his demons in 00:09:18.591-->00:09:24.964 that way is what draws you to him and makes him relatable. He's not a superhero he's uh 00:09:24.964-->00:09:30.770 he's terribly flawed but he has good intentions and he wants to change the world for the better 00:09:30.770-->00:09:37.577 even if by doing so he ends up destroying the world um it's just it's compelling that way. 00:09:37.577-->00:09:40.980 >>Yeah you can face them and I think that's the problem is when you turn to me and they can't 00:09:40.980-->00:09:46.386 hear you. Um I wanted to ask about uh sort of um forming this group of consultants because the 00:09:46.386-->00:09:52.725 first season um the first show, the pilot, Sam had done uh without you. >>Without me yep. 00:09:52.725-->00:09:57.864 >>Um and then after the first, the pilot, after it got picked up uh you came on board um but 00:09:57.864-->00:10:01.634 you only had one consultant at that time for the first year, correct? >>Yeah it was me and 00:10:01.634-->00:10:06.639 Michael Bazzell working on that first season uh and uh it the the role didn't really exist, I 00:10:08.708-->00:10:13.713 kind of just fell into it I was working for Sam I was in the room I was pitching ideas and he 00:10:13.713-->00:10:18.084 knew that I had a cyber security background so he knew that I could help in that way so I 00:10:18.084-->00:10:24.958 remember looking at the original bible for season one and the evil corp hack that he had 00:10:24.958-->00:10:31.865 planned out was very fantastical and kind of crazy and I I said well if we want to ground this 00:10:31.865-->00:10:36.603 in reality this is how I would do it and this is where you know your data, your data targets 00:10:36.603-->00:10:40.573 would be, and these would be the different methods of taking them down and from that we kind of 00:10:40.573-->00:10:47.514 explored the you know attacking the offsite take back ups and uh a a redundant data center in 00:10:47.514-->00:10:53.086 China for you know disaster recovery or redundancy um so just we kind of formed the 00:10:53.086-->00:10:58.758 network infrastructure for evil corp early on and that kind of dictated our trajectory for the 00:10:58.758-->00:11:03.363 season one, the big hack of season one. And it was me and Michael Bazzell coming up with a 00:11:03.363-->00:11:07.800 lot of those ideas and incorporating them into the show and uh I was lucky enough to 00:11:07.800-->00:11:12.805 form the even bigger team um for for season two which is which is awesome. >>So uh why don't you 00:11:15.208-->00:11:20.213 walk us through uh uh I just want to get to the hacking um obviously um so a lot of the 00:11:22.916-->00:11:29.088 hackings appears to be grabbed straight from the headlines uh this is um you know straight 00:11:29.088-->00:11:32.091 from the headlines and also from Blackhat and Defcon, let's just sa- let's just admit you're 00:11:32.091-->00:11:38.765 cribbing from us right? >>I totally am >>So the the prison hack was a Defcon 2011 talk? 00:11:38.765-->00:11:43.803 >>Defcon 19 I believe uh Tiffany Rad, Tieg Newman, Yep >>Tieg Newman, Tiffany rad, yep >>There 00:11:43.803-->00:11:49.142 is a white paper and there's a great demo I found on Youtube that I studied and that was the 00:11:49.142-->00:11:54.314 inspiration for that last hack in that show um so definitely ripping you guys off one hundred 00:11:54.314-->00:11:59.485 percent [laughter] And now I've got one of you guys on my team which is great. >>Uh so you've 00:11:59.485-->00:12:04.724 had the ransom, no car hacking yet though, ransomware, the IOT hacking obviously uh latest 00:12:04.724-->00:12:09.362 episode we've got the hacking android phones with the rogue fem to sell um and also the 00:12:09.362-->00:12:13.733 affiliate link hack that Darlene does to get free food um so explain to us what is the 00:12:13.733-->00:12:18.805 process for coming up with the hacks um do you have a hack idea first and then it gets written 00:12:18.805-->00:12:22.075 into the plot, is the plot written first and then you come up with a hack that suits the 00:12:22.075-->00:12:27.080 plot and then how do you guys work together? >>Um so the story ideas come first and the story 00:12:29.782-->00:12:33.920 will always come first uh we will always act in the best interest of the story so I'm in 00:12:33.920-->00:12:39.392 the room every day with a group of other very talented writers pitching story ideas trying to 00:12:39.392-->00:12:45.765 nail down the structure and the arcs for the season and in those there are breaks in those 00:12:45.765-->00:12:49.769 discussions where Sam will say alright here we need to have a hack we don't know what it's 00:12:49.769-->00:12:54.574 going to be but Elliot's gonna hack and he's gonna be at this point in the story after we're 00:12:54.574-->00:13:00.380 done um so after that I'll reach out to my team these guys and we'll have a brainstorming 00:13:00.380-->00:13:05.351 session and I'll say we need to work within the confines of this story point and we need to get 00:13:05.351-->00:13:11.090 Elliot from point A to point B and what is available to us? And what's realistic, and what makes 00:13:11.090-->00:13:16.229 sense? Um and what's efficient, what's smart? What would be cool to see visually on screen? So 00:13:16.229-->00:13:20.099 it's weird that we kind of have two different writer's rooms working in tandem, I have we 00:13:20.099-->00:13:25.238 have the story writer's room and then we have our technical writer's room where we throw out 00:13:25.238-->00:13:30.043 ideas, argue with each other, try and find the best option and then once we finalize an idea 00:13:30.043-->00:13:34.714 together I bring it back to the room and it gets incorporated into the script and at that 00:13:34.714-->00:13:38.618 point it's like really short general description, maybe a couplet in one of the scripts 00:13:38.618-->00:13:44.257 that just describes the hack big picture. Once we get to production um that's where the 00:13:44.257-->00:13:49.262 nitty gritty detailed work starts because we actually have to pull off the hack so I need 00:13:49.262-->00:13:52.832 to work with the props department to make sure the hardware looks completely 00:13:52.832-->00:13:57.270 accurate and they've never heard of a raspberry pi before so I have to tell them exactly like 00:13:57.270-->00:14:02.141 here here's where you can buy one, here's here's the model we need um I have to work with set 00:14:02.141-->00:14:07.180 dressing to make sure that you know we don't have a ridiculous amount of you know cat5 cable 00:14:07.180-->00:14:12.485 all over the arcade when there are only like five work stations there, Um I have to work really 00:14:12.485-->00:14:19.025 closely with an animator and these guys to nail exactly what the screen content looks like so 00:14:19.025-->00:14:23.663 often times one of these guys will do the hack for real and will send me screenshots or 00:14:23.663-->00:14:29.035 video of it and then I have to take it to a flash animator and we build out an interactive 00:14:29.035-->00:14:35.608 animation based on what these guys did and it's something that we can put in front of Romy or 00:14:35.608-->00:14:38.911 Christian and they don't even have to think about it they can hit the wrong key strokes and 00:14:38.911-->00:14:42.815 the right characters will show up on screen and the screen will behave the right way we need it 00:14:42.815-->00:14:48.054 to and we shoot all of these sequences practically um Sam hates using green screen, I hate 00:14:48.054-->00:14:53.559 using green screen so we don't burn it in after after the fact and uh even that process like 00:14:53.559-->00:14:57.730 these guys will tell you how many times I've called them up at four in the morning saying we 00:14:57.730-->00:15:03.035 need to fix this and it needs to be ready by 9am and then I have to work with an animator and go 00:15:03.035-->00:15:07.840 through like fifteen, twenty revisions to make sure that there are no typos and make sure 00:15:07.840-->00:15:12.612 that everything's working properly for him to rebuild this terminal sequence or or or 00:15:12.612-->00:15:17.683 whatever screens we're seeing and then I have to work with the actors try and get it right and 00:15:17.683-->00:15:22.622 then I work with uh a completely separate uh insert unit a small splinter crew to shoot all of 00:15:22.622-->00:15:27.794 the closeups and the inserts that we cut to in building out these sequences so we're filming 00:15:27.794-->00:15:32.732 great shots of hands on a keyboard and I have to make sure that you know they're hitting 00:15:32.732-->00:15:36.803 alt tab when they need to toggle windows at the right time like little little things that you 00:15:36.803-->00:15:41.474 don't think about and that no one in production and no one in Hollywood really cares about but 00:15:41.474-->00:15:47.613 on this show it's a big deal to us and want to nail those details and luckily you guys are 00:15:47.613-->00:15:52.518 picking up on those details which I'm really happy about >>I want to say that I've worked 00:15:52.518-->00:15:58.691 some of the the largest breaches in the in the US history and working for Kor is worse than 00:15:58.691-->00:16:03.629 all of those [laughter] be because at least when I would go home from the FBI, I was at 00:16:05.631-->00:16:11.103 home, Kor would still call me at three o'clock in the morning and say I need an output I need I 00:16:11.103-->00:16:15.908 need you to take a video of a of exactly what the output you know Elliot would be doing and then 00:16:15.908-->00:16:19.879 send it to me in the next hour because we're doing the animation but what was cool is 00:16:19.879-->00:16:25.184 if you notice that there's some Easter eggs that are are there so you get to add that um when 00:16:25.184-->00:16:29.989 it doesn't work we have to work through it for several hours or change the hack I mean there's 00:16:29.989-->00:16:35.394 multiple times which we unfortunately will not go through all of them but we had a 00:16:35.394-->00:16:38.998 hack in place and it was in the script and everyone everything was ready to go and then all of 00:16:38.998-->00:16:44.237 a sudden it was uh I that's not gonna work you know actually when we tried to do the hack it 00:16:44.237-->00:16:47.907 did not work >>Can you, can you elaborate on that, can you tell us what the hack was and what 00:16:47.907-->00:16:52.912 didn't work? >>Ah no because we may actually use it again but [laughter] uh but but I'll 00:16:56.148-->00:17:00.820 allude to the fact that the first episode was not the hack that you saw was not the 00:17:00.820-->00:17:05.691 original hack >>Yeah he's referring to the ransomware attack on Bank of E in the first 00:17:05.691-->00:17:10.596 episode of season two. >>Can you guys hear everyone? >>But but even then you have to think 00:17:10.596-->00:17:15.201 >>Pick up the mics and hold them in your hand yeah >>Ah but even then it it it goes beyond just 00:17:15.201-->00:17:20.172 the hack specifically with that particular episode it was the set design and what we would 00:17:20.172-->00:17:25.244 need to be able to you know have a bank and and the systems that we would need and the type of 00:17:25.244-->00:17:28.948 personnel that would have access to the systems that we would want and how we would portray 00:17:28.948-->00:17:33.986 that on the show to make it realistic for people to say yes someone with that skill set or 00:17:33.986-->00:17:39.759 someone with that job role would have access to that system and if I plugged in a device or if I 00:17:39.759-->00:17:46.365 uh you know access uh you know a specific system it could pivot to the next system and then it'd 00:17:46.365-->00:17:50.436 have a cascading affect um that's the level of detail that we're going in because I know 00:17:50.436-->00:17:55.308 that you guys are looking at the same thing and we don't want to make CSI Cyber where green code 00:17:55.308-->00:18:00.246 is good and red code is malware [applause] you guys all saw that? yeah >>It's also really 00:18:05.051-->00:18:09.555 surprising how disproportionate the amount of work goes into some of these things. If you 00:18:09.555-->00:18:13.659 look at some of the if you even look at some of the really smallest things like the 00:18:13.659-->00:18:17.797 affiliate links hack is what only a couple of seconds of screen time >>Yeah it's just 00:18:17.797-->00:18:22.802 dialogue >>Yeah that was days of discussion because the original script the the hack that was 00:18:25.104-->00:18:30.676 laid out we hated it, we wanted to shape it into something that would really work and so it went 00:18:30.676-->00:18:36.115 round and round and we reshaped it into something which ultimately people are dissecting 00:18:36.115-->00:18:41.921 it and writing entire articles on those few seconds that's when we know we've got it right 00:18:41.921-->00:18:47.526 >>What was it originally? That you rejected? >>We you can go into it >>Are you guys familiar 00:18:47.526-->00:18:51.597 with what he's talking about? The affiliate hack? Why don't you describe it? >>So the the 00:18:51.597-->00:18:57.770 affiliate link hack was basically, Dar- Darlene's getting free food by using 00:18:57.770-->00:19:04.176 affiliate links that belong to her boyfriend so that she gets credited for whatever clicks 00:19:04.176-->00:19:10.750 that he should've been credited for. The original hack involved DNS cache poisoning and this 00:19:10.750-->00:19:17.723 massively elaborate just a um I I looked at it and went that's not realistic there's now way 00:19:17.723-->00:19:21.794 you would expend that level of effort for something as simple as that when there are so many 00:19:21.794-->00:19:26.332 other elegant and simple ways in which you can do it. And we bounced around the team and came 00:19:26.332-->00:19:31.303 up with multiple different options and one we went with in the end was actually we would 00:19:31.303-->00:19:36.308 target a specific piece of infrastructure in Telco, the Proxy APN and by compromising 00:19:38.411-->00:19:43.282 that anything that goes through that APN gets rewritten into whatever we want and the net 00:19:43.282-->00:19:48.387 result is a realistic hack that could be pulled off in the real world and could have real world 00:19:48.387-->00:19:53.259 implications and that's the kind of hack that I want to put myself behind. >>So this was a, 00:19:53.259-->00:19:57.129 this was a hack involving the postmates website? >>This is the postmates APN yeah >>Postmates 00:19:57.129-->00:20:02.101 dot com where anytime anyone would order food um Darlene would get a free ten dollar 00:20:02.101-->00:20:06.605 coupon for food, anytime anyone would order food delivery she would suddenly get uh a ten 00:20:06.605-->00:20:12.411 dollar coupon for fo- free food. >>And something else that I should just note, the script, if 00:20:12.411-->00:20:18.417 if we have an issue with the hack, the script changes, I come up, I I go to Sam or I go to the 00:20:18.417-->00:20:24.690 other writers and I say we need to find another way around this and it's it's interesting 00:20:24.690-->00:20:29.128 because I always I think the most common argument that I had in the room especially in season 00:20:29.128-->00:20:35.067 two was uh Sam would want you know a big hack it's that's intricate and complicated and 00:20:35.067-->00:20:40.039 it'll fill this page for you know to to turn the scene to get Elliot to this next point in the 00:20:40.039-->00:20:44.510 story and then when we talked about it we'd be like alright it's pretty simple and it's 00:20:44.510-->00:20:48.481 actually smarter and more efficient if we have him do this, but it's not as sexy as on 00:20:48.481-->00:20:53.719 screen so if I throw that idea out Sam's like well that sucks, I don't want to do that that's 00:20:53.719-->00:21:00.025 not that's that's boring so we have to strike that balance of what is visually compelling, 00:21:00.025-->00:21:05.431 what will move the story forward and still meet the expectations of the tech crowd that's 00:21:05.431-->00:21:10.402 analyzing you know the technology being used and the motivations for the hack and and 00:21:10.402-->00:21:14.140 the tactics that are being used. >>Yeah and for me it's it's almost like being in a virtual 00:21:14.140-->00:21:18.277 penetration test where you know if you've ever done pen testing or red teaming work you always 00:21:18.277-->00:21:22.581 end up in this situation where you're a couple days in and nothing you've tried has worked 00:21:22.581-->00:21:25.918 and you're kind of stuck and you have you know a set of things you do have access to and a set 00:21:25.918-->00:21:30.422 of goals and you've gotta figure out how to cross that chasm and get from point A to B and a lot 00:21:30.422-->00:21:34.360 of times the story is exactly that you know Kor will come to us and say so here's the 00:21:34.360-->00:21:39.298 context, here's what needs to come out of it and um it's awesome that if that requires 00:21:39.298-->00:21:44.470 adjustment in dialogue or tweaks for the scene to make it real they're totally willing to do 00:21:44.470-->00:21:48.407 that. The second part of it that's fun is you know my initial reaction to a lot of 00:21:48.407-->00:21:54.146 these that I worked uh with Kor on was wow how are we going to make this technically accurate? 00:21:54.146-->00:21:57.950 And it's that same sort of conundrum and so you you sit and brainstorm the way you do when 00:21:57.950-->00:22:02.321 you're actually in in a real word pen test and you're like well if I did this and then this 00:22:02.321-->00:22:06.859 and then this that actually could kind of get the characters there. And then it's all about 00:22:06.859-->00:22:11.263 let's do it on screen, let's try to use some re- real tools, let's use Kali, Linux, let's 00:22:11.263-->00:22:15.467 simulate as much of it as possible and then streamline it down to what can maybe fit in 00:22:15.467-->00:22:19.004 couple seconds of screen time here or there >>I want to come back to the Oh do you wanna? 00:22:19.004-->00:22:23.175 >>Oh I was just going to say what is on the other side of that what's very hard is if in 00:22:23.175-->00:22:27.880 if you haven't caught up you're gonna you know that the FBI is about to be hacked, having to 00:22:27.880-->00:22:33.185 walk through the technical accuracy of hacking the FBI without disclosing any secrets, 00:22:33.185-->00:22:38.257 and and having national security >>I was going to get to that yes >>implications and being able to 00:22:38.257-->00:22:42.861 do it in such a way where yo'ure able to gain access to the information that will obviously 00:22:42.861-->00:22:48.467 advance uh fsociety but not reveal anything that I don't want anyone in this room to be 00:22:48.467-->00:22:53.105 able to also uh leverage so >>The recipe to hack the FBI >>Yeah we must have had, I don't 00:22:53.105-->00:22:57.977 know how many hours we've discussed the FBI infrastructure and how to hack the FBI >>Yes 00:22:57.977-->00:23:02.948 >>But if a lot of a lot work went into it >>I know so much about hacking the FBI now 00:23:02.948-->00:23:09.321 [laughter] >>And the FBI knows that you know that >>Hey I I wanted to I wanted to come back 00:23:09.321-->00:23:13.826 to the hacking but I wanted to jump to Opsec for a second here uh Jeff wrote a great article 00:23:13.826-->00:23:20.666 for Playboy in which he uh you pointed out some of the the Opsec issues with the hacking 00:23:20.666-->00:23:25.604 group um the mobile phones and all that yeah >>So it's tough because I love the show, and so 00:23:25.604-->00:23:29.074 I don't want to be that guy on the side of the road pick you know picking off of oh well they 00:23:29.074-->00:23:34.580 forgot a comma oh and they didn't yeah well but you tell a story about how Sam sits there 00:23:34.580-->00:23:38.117 and like at the moment something somebody online says something negative about the show it's 00:23:38.117-->00:23:43.722 like Sam calls you is like did we get that right? Um 'because he's so obsessed and so it's 00:23:43.722-->00:23:49.295 tough because I want to provide criticism but I uh and insight but I don't obviously wanna tell 00:23:49.295-->00:23:55.668 you your job and so that's why my last article I was talking about surveillance um operations 00:23:55.668-->00:24:00.739 and I I was trying to guess well is she being followed are you trying to show that Darlene is 00:24:00.739-->00:24:05.477 um freaking out, is she seeing ghosts you know where there aren't any, so I just had to 00:24:05.477-->00:24:09.682 assume no she's probably really being followed because there's some dark army action going on, 00:24:09.682-->00:24:13.152 there's some FBI action, so let's just pretend she's being followed, what did she just do 00:24:13.152-->00:24:16.755 wrong? And what did the followers do wrong? Like you would never reveal yourself as a 00:24:16.755-->00:24:21.493 follower unless you were trying to send a message to the person you were following and you'd 00:24:21.493-->00:24:25.831 only do that if you want them to change a behavior or spook them and then see what their reaction 00:24:25.831-->00:24:29.301 is, see how they behave like you reveal that they're being, that you're following them and you 00:24:29.301-->00:24:33.706 see, can you force an error and then what does that error reveal right? You see this in TV all of 00:24:33.706-->00:24:38.544 the time um and so I've been having a lot of fun with it because I'm tying it back to 00:24:38.544-->00:24:42.881 other books I'm trying to think of other movies so I'm trying to you know broad broader picture 00:24:42.881-->00:24:47.753 but so far you've been getting almost everything right which is pretty cool um surveillance is 00:24:47.753-->00:24:52.391 really really hard to do and at some point you know you're gonna have to start criticising by 00:24:52.391-->00:24:56.929 saying well how do these people who have never done this before professionally, they don't have 00:24:56.929-->00:25:00.666 professional training, you don't learn how to do like tag team surveillance, counter 00:25:00.666-->00:25:05.170 surveillance unless you actually do it so at some point I'm waiting for them to put on VR 00:25:05.170-->00:25:09.074 goggles and say no wait I'm practicing my counter surveillance runs and so we're 00:25:09.074-->00:25:15.147 just assuming that they have all the skill and all this knowledge um and so at some point I'm 00:25:15.147-->00:25:20.052 waiting for the backstory of like how do they learn all of this stuff >>If we ever do that 00:25:20.052-->00:25:25.591 or if we ever drop a cat5 cable out of an airplane [laughter] into a car underneath it, I want 00:25:25.591-->00:25:30.596 you to all kill me. >>Um there is something else that I do want to touch on what Equin what Ryan 00:25:33.866-->00:25:38.537 was was saying about using real tools >>Yes I >>can I bring this up, can I talk about this? >>Uh 00:25:38.537-->00:25:41.573 Let me just let me just let's just introdu- introduce this for a second here because one of the 00:25:41.573-->00:25:46.745 things that uh we've seen we've all seen in Mr. Robot is that they're actually using the too- 00:25:46.745-->00:25:51.984 tools, we've seen uh Dave Kennedy set tool, um and everything else, and Kor is very 00:25:51.984-->00:25:56.522 adamant about making sure not just that the hacks are correct but that the tools are correct 00:25:56.522-->00:26:01.860 but he gets a lot of grief for it so why don't you talk about it >>So it is an ongoing 00:26:01.860-->00:26:06.865 struggle between me and uh the legal department at NBC Universal um in an effort to 00:26:09.802-->00:26:15.607 clear real tools on a hacking show and especially using the tools in a way where maybe 00:26:15.607-->00:26:20.179 they're they're helping a hack or they're associated with a hack connected to a hack in some 00:26:20.179-->00:26:25.217 way or something there's some negative connection and unfortunately uh our roles are 00:26:25.217-->00:26:28.087 just that's the nature of the best, we're pitted against each other because they want to 00:26:28.087-->00:26:34.193 minimize legal risk and I want to make the most authentic show that I can so it's very 00:26:34.193-->00:26:40.699 difficult for me to convince our clearance department to reach out to companies and in and to 00:26:40.699-->00:26:46.004 ask permission to use the tool um it's very very hard I've had so many conversations, very 00:26:46.004-->00:26:51.577 contentious conversations around that very topic so it is easier and and actually we've taken 00:26:51.577-->00:26:55.047 risks and I've had Mark reach out to to members of the community, I've reached out to 00:26:55.047-->00:26:58.684 members of the community and we've got some great feedback and luckily these people were 00:26:58.684-->00:27:02.721 fans of the show so we were able to incorporate those that you now that software or that piece 00:27:02.721-->00:27:09.394 of hardware in the show but it's much easier for me if you guys come you guys reach out to me 00:27:09.394-->00:27:14.233 directly you guys reach out and say hey I want to showcase my tool or this piece of software 00:27:14.233-->00:27:18.437 in the show, I want to hear about it and I know I've read some articles recently about 00:27:18.437-->00:27:22.941 product placement and integration and that's all that's all bullshit like this 00:27:22.941-->00:27:29.281 show a a theme of this show is cons- consumerism and consumer culture and from day one Sam and 00:27:29.281-->00:27:33.752 I have even we've always talked about wanting to use as many brands as possible, wanting to 00:27:33.752-->00:27:39.791 showcase as many brands as possible and just really explore the world of of of evil corp and 00:27:39.791-->00:27:45.130 businesses and and how they operate so it it helps us it makes it helps us ground the 00:27:45.130-->00:27:49.735 show in reality if we can use real software so if you guys want if you guys want your tools 00:27:49.735-->00:27:54.173 showcased in the show, let me know because it's much easier if you express interest first 00:27:54.173-->00:27:59.811 instead of me having to convince um a conglomerate to [laugh] to reach out to you >>You actually 00:27:59.811-->00:28:05.317 you actually used a real company uh with a DDOS it was Prolexic um in the first season >> Yep 00:28:05.317-->00:28:10.322 definitely. Um we use a lot of we use a lot of real companies in in the first season and it's 00:28:10.322-->00:28:15.327 just there are these there are these instances where we do kind of a knock off where it looks 00:28:15.327-->00:28:19.765 like a specific tool but we can't make it look exactly like it and I just kinda I just want 00:28:19.765-->00:28:24.770 to stay away from that I would much rather use uh real tools real solutions so >>Uh Marc you 00:28:26.772-->00:28:31.443 had said that uh when you're doing the real simulations of the hacks um and you're going 00:28:31.443-->00:28:37.783 through the steps um you talked about actually consulting with outside experts in some cases uh 00:28:37.783-->00:28:42.788 with different expertise uh to figure out reactions, kinetic reactions and things like that, 00:28:42.788-->00:28:47.359 you want to talk about that a second? >>Yeah and it's not just me I think everyone in the team 00:28:47.359-->00:28:51.063 has reached out and there are a couple of could I go into detail and uh uh on the thing with the 00:28:51.063-->00:28:57.603 >>No >>Can I go into details about the thing at the place at the time? >>So it the so the uh 00:28:57.603-->00:29:02.541 it uh the problem is that I would love to talk about all of this stuff but we can't because 00:29:05.844-->00:29:10.549 we don't want to give away spoilers that will damage the story or spoil any of the 00:29:10.549-->00:29:15.287 illusions coming up but let's just say there are a number of things that happen in different 00:29:15.287-->00:29:21.593 parts of the show and if we have any doubts about the realism or if we have any concerns about 00:29:21.593-->00:29:28.367 the physics involved or the science behind it we will reach out to experts professors in 00:29:28.367-->00:29:33.972 some cases and talk to them and say look in this hypothetical situation which I can't tell you 00:29:33.972-->00:29:40.245 about and I can't tell you why, would this work? Is this realistic? How would you expect 00:29:40.245-->00:29:44.916 this to happen, is there any advice you can give us about what to expect? And we take that 00:29:44.916-->00:29:51.757 onboard and we use that to shape what we do and ultimately the the production team uses that to 00:29:51.757-->00:29:55.894 shape everything that goes on from that point. >>And we we do that with everything by the way. 00:29:55.894-->00:30:00.699 It's not just from an IT perspective or a a scientific perspective, even from an 00:30:00.699-->00:30:05.704 economics perspective or a psychology perspective we seek out experts in those fields to 00:30:08.106-->00:30:14.112 make sure that we are nailing the accuracy of what would a post 59 world look like uh what 00:30:14.112-->00:30:19.284 would Elliot how would Elliot react to certain situations having you know dealing with 00:30:19.284-->00:30:23.789 these delusions and and these inner demons so it's it's something that we we we always 00:30:23.789-->00:30:28.226 want to reach out to experts in those fields. >>So what are your favorite hacks so far in the 00:30:28.226-->00:30:33.398 show? Each of you? It doesn't have to be one that you've worked on or it could be or? Or 00:30:33.398-->00:30:37.235 Jeff, do you have a favorite that you've seen? >>Well the one that kind of hooked me finally I 00:30:37.235-->00:30:43.408 was all in on the show was when I started seeing hacks fail, because normally the hack always 00:30:43.408-->00:30:47.679 works and just at the right time and I think it was towards the end of season one when they're 00:30:47.679-->00:30:51.750 dropping USB keys and the keys didn't work and then the the fire I mean the police 00:30:51.750-->00:30:56.021 department anti virus or something caught something and all of that stuff made me think 00:30:56.021-->00:30:59.825 okay great you know now are they going to problem solve? How are they gonna get around that? And 00:30:59.825-->00:31:05.063 I th- the failure of the hack was actually more uh impressive to me than the success of the 00:31:05.063-->00:31:10.969 hack >>Uh the first thing that hooked me was actually really simple it was when Elliot's in 00:31:10.969-->00:31:15.574 season one guessing people's passwords uh the fact that it wasn't like in you know 00:31:15.574-->00:31:20.312 conventional TV depictions where it's just guessing something super obvious like password one 00:31:20.312-->00:31:25.817 it was combinations of patter- password patterns that people often use like uh last two 00:31:25.817-->00:31:29.755 digits of the year they're born with a really common password phrase and if you've ever done 00:31:29.755-->00:31:34.059 password cracking or looked at the statistical analysis of most common password patterns and 00:31:34.059-->00:31:39.965 dumps you see exactly that so his whole mindset about figuring out passwords for his different 00:31:39.965-->00:31:43.835 targets and and how realistically that was portrayed really made me realize like wow 00:31:43.835-->00:31:48.840 they're actually thinking about this in a realistic manner. >>Uh for me season two episode one 00:31:51.109-->00:31:54.980 where you had the booby trapped computer that lit on that got that lit on fire >>The thermite 00:31:54.980-->00:31:59.985 >>Uh I've been in so many situations where I've watched my peers uh not really do the the 00:32:02.687-->00:32:07.626 proper chain of custody and evidence collection for an instant response and you know it 00:32:07.626-->00:32:13.064 it's very accurate when you're you know the local state police department that are still trying 00:32:13.064-->00:32:17.369 to figure out how to deal with computers and how to deal with digital evidence and uh it was 00:32:17.369-->00:32:22.507 just very accurate and I I I think that you'll see that as the season grows that there's 00:32:22.507-->00:32:27.445 more of an FBI presence and and how the FBI would deal with instant response and the data 00:32:27.445-->00:32:31.750 breach but that was a pretty cool hack >>This is always a hard question for me because I'm 00:32:31.750-->00:32:36.421 really torn because you know I love a lot of the hacks that we did in season one and that we're 00:32:36.421-->00:32:42.427 doing in season two um but if I had to choose one it would probably be episode five uh when 00:32:42.427-->00:32:47.432 Mobley uses set to spoof uh a text message to one of the workers um to create a diversion 00:32:49.868-->00:32:55.240 I just >>This was in the data center where they had to get Elliot was trying to deposit the 00:32:55.240-->00:32:59.811 raspberry pi >>Correct, correct >>Needed to get a worker and he spoofs >>Actually my favorite 00:32:59.811-->00:33:04.316 might be the raspberry pi I take it back >>I love it in that same episode when they edit the 00:33:04.316-->00:33:09.754 Wikipedia to uh give Elliott's cover identity some background yeah and the amazing part of 00:33:09.754-->00:33:13.058 that is I'm seeing that scene for the first time and I'm thinking well that's not 00:33:13.058-->00:33:17.062 realistic because like if that's a high profile person, his wikipedia page isn't going to 00:33:17.062-->00:33:22.000 just be editable by everyone but no then the dialogue in the show like on scene letter sets 00:33:22.000-->00:33:26.805 credibility for him having spent all those years building up reputations that he could edit 00:33:26.805-->00:33:32.210 those wikipedia pages >>Yeah and then I remember watching that scene I was thinking Uh oh! 00:33:32.210-->00:33:37.215 Elliot didn't put on any gloves, his fingerprints are all over that raspberry pi. [laughter] 00:33:39.417-->00:33:44.422 >>Marc did you have a favorite? >>I I have to say I I loved all of them and for me the biggest 00:33:47.158-->00:33:51.663 thing was I watched the whole of season one and I didn't throw anything at the TV [laughter] 00:33:51.663-->00:33:57.802 >>You had said, you had said uh when we talked that eh your goal in going into season two is 00:33:57.802-->00:34:03.241 actually to make the hacks more elaborate than season one um and so and you were also concerned 00:34:03.241-->00:34:07.812 that hacking can become very repetitive um because hackers tend to when they find something 00:34:07.812-->00:34:12.784 successful they tend to repeat it over and over and over again so how are you going to I mean 00:34:12.784-->00:34:17.589 this show could go on for five years like how are you going to um get over that issue of re- 00:34:17.589-->00:34:23.028 repetition? >>I think the way they're doing it is by widening the team and bringing on new 00:34:23.028-->00:34:28.833 minds with new ideas and the it it is tough because like in the real world as a hacker you'll 00:34:28.833-->00:34:32.804 have certain things that you'll do really well and you'll keep using them because if they're 00:34:32.804-->00:34:38.710 successful why change them? But that doesn't make for great TV because you know okay so he's 00:34:38.710-->00:34:44.416 gonna throw the USB sticks down again, yay! Um much better if we can come up with some more 00:34:44.416-->00:34:49.321 interesting things and by bringing in new characters and by bringing in new experts it 00:34:49.321-->00:34:53.925 widens the palate. >>Yeah I've been fortunate to work with a lot of people in different 00:34:53.925-->00:34:58.596 disciplines in in Infosec and one of the things that was fun for me was in working in a few 00:34:58.596-->00:35:03.268 of the really elaborate ah hacks that are to come after this season was trying to draw in a 00:35:03.268-->00:35:08.506 few different disciplines that haven't previously been shown uh in the proceeding hacks and so 00:35:08.506-->00:35:12.043 you know you think about all the different fields, reverse engineering, application layer 00:35:12.043-->00:35:16.281 exploits, and you know we're just starting to scratch the surface of the types of hacks 00:35:16.281-->00:35:20.352 that you can see, the types of devices that are targeted, the techniques that people are using 00:35:20.352-->00:35:25.190 so yeah hacking can get repetitive but I think there's there's still just this whole 00:35:25.190-->00:35:29.794 world of different interesting things we can show that are both realistic to the situation and 00:35:29.794-->00:35:34.532 also for people who are pausing the screen and tweeting screenshots uh have some good 00:35:34.532-->00:35:38.136 stuff to dig into. >>Just wanna let you know if you guys have questions you can start lining 00:35:38.136-->00:35:43.308 up >>And just so you guys know that's a prob that's like a primary problem that we discuss 00:35:43.308-->00:35:49.080 internally, this group up here, we're constantly talking about these ideas about how what would 00:35:49.080-->00:35:53.385 be the most efficient hack to use for this situation and then someone will throw out an idea 00:35:53.385-->00:35:58.289 and I'll have to say no we did that in episode three of season one so we can't do that again we 00:35:58.289-->00:36:02.627 have to think of something else that still makes sense so we have to justify why we're not 00:36:02.627-->00:36:07.432 doing that again and why we're doing this new tactic and why that makes sense for this 00:36:07.432-->00:36:11.736 episode >>So what mistakes have you made? Oh sorry go ahead Jeff >>Just wanted to say if you do 00:36:11.736-->00:36:14.639 want to line up for questions the microphone is just right here in the middle >>What 00:36:14.639-->00:36:17.842 mistakes have you made? Because Kor you know Jeff brought it up that the uh the fact that you 00:36:17.842-->00:36:22.080 know Sam is basically and you are on Reddit and Twitter you're not watching the shows when they 00:36:22.080-->00:36:26.384 air but you're actually watching reactions to the show and when people do point out mistakes he 00:36:26.384-->00:36:32.624 makes sure that you know about them, so yeah >>There were um in season one there were some 00:36:32.624-->00:36:37.996 screens that had typos and there were things that just slipped through the cracks of just you 00:36:37.996-->00:36:43.334 know some point you could do a screencapture on one of the PDFs uh and you see it in episode 00:36:43.334-->00:36:47.705 four I think uh there was a lot of just gibberish and that was because the animator who was 00:36:47.705-->00:36:53.078 working on it just just ran he didn't fall asleep but just kind of ran the the text that I gave 00:36:53.078-->00:36:58.950 him through like this randomizer and just just put that into it because uh there was a clearance 00:36:58.950-->00:37:04.489 issue and I it just slipped through so I fixed it for the second time we saw it in episode 00:37:04.489-->00:37:09.494 six or seven I believe but then I think on Elliot's drug report in episode three marijuana is 00:37:11.596-->00:37:16.434 spelled incorrectly like things like that. I got an email from Sam saying why did this happen 00:37:16.434-->00:37:20.004 why are we do why are we making stupid mistakes like this? >>you also had a phone in airplane 00:37:20.004-->00:37:24.042 mode or something? >>We did have a phone in airplane mode, we had Gideon's phone in airplane mode 00:37:24.042-->00:37:29.047 so it's it's uh it's interesting because now I know who we're dealing with [laughter] and um 00:37:31.950-->00:37:36.955 we haven't had we haven't had many instances of that in season two because I'm kind of a nazi 00:37:39.290-->00:37:45.096 when it comes to these screens and if there is a mistake or a typo uh I work with post 00:37:45.096-->00:37:50.535 production to fix it before it airs so hopefully this kind of thing doesn't happen but again 00:37:50.535-->00:37:55.373 it's I'm sure something's gonna slip through the cracks again because we have people devoted 00:37:55.373-->00:38:01.713 to screenshotting this and then posting it on social media um and then making my job and my 00:38:01.713-->00:38:06.718 life much harder, thank you. >>You have a question? Go ahead, You >>Um Andre? >>Yes >>Okay uh 00:38:15.894-->00:38:20.899 I'm wondering um if you were involved in season one uh you're you worked at Goldman Sachs and 00:38:24.869-->00:38:29.874 given like the culture of the show and the messages behind it uh why and when you left Goldman 00:38:34.345-->00:38:39.350 Sachs and uh if that had any like your bearings on like how realistic it is to have someone 00:38:43.955-->00:38:49.727 on the inside in a bank, a big bank? >>So So I didn't I didn't work season one but it's 00:38:49.727-->00:38:54.732 interesting question because ah Goldman Sachs is uh has a very sharp culture is what I will say 00:38:57.168-->00:39:01.839 when it comes to technology and when it comes to security and being an engineer in that space 00:39:01.839-->00:39:08.079 in in the financial sector in New York and then being an agent investigating intrusions for the 00:39:08.079-->00:39:13.084 financial sector in New York really had a lot of barriers for sort of uh innovation and 00:39:15.553-->00:39:21.726 imagination that you might get in Silicon Valley where I am now and so I think you that that 00:39:21.726-->00:39:28.366 culture that you see in season one is ve- and uh at ECorp is almost identical to my 00:39:28.366-->00:39:32.637 experiences when I was at Goldman Sachs when I had just graduated college and I I could 00:39:32.637-->00:39:37.642 see that exact world today and um you know I I I've seen it in other in other situations but I 00:39:39.877-->00:39:45.583 think you're right, Goldman Sachs is probably the the sharpest of the ones that are 00:39:45.583-->00:39:51.789 there. >>You have another question? Thank you >>How did the decision come through in the 00:39:51.789-->00:39:56.861 writing group >>Can't hear you >>How did the decision in the uh writing group come to have 00:39:56.861-->00:40:02.533 Elliot break the fourth wall so often and so frequently to turn to face the audience, to us, and 00:40:02.533-->00:40:07.105 have that active dialogue, I thought that was brilliant >>Yeah, did everyone hear the 00:40:07.105-->00:40:12.010 question? >>So the question was how did we come up with the idea to have Elliot break the fourth 00:40:12.010-->00:40:17.015 wall and actually address us as his friend um and I can't I I can't I have to give all of the 00:40:19.317-->00:40:24.155 credit to Sam on that because he wrote that into the pilot before we ever formed a writer's room 00:40:24.155-->00:40:29.594 and if you read even the early drafts of that pilot when it was a feature it opened with Hello 00:40:29.594-->00:40:36.034 Friend and him speaking to us and it's it's weird because it it really draws you in and when 00:40:36.034-->00:40:41.739 I read it and when I saw the the pilot it it really I I bought into this connection that I had 00:40:41.739-->00:40:45.743 with this character who was addressing me in this way that you know I've never seen a show 00:40:45.743-->00:40:52.417 do it before in that way and what he, in the way the ways in which he's vulnerable with us, 00:40:52.417-->00:40:57.422 in the ways in which he blames us for certain things, and now he's upset with us, uh doesn't 00:40:59.424-->00:41:03.895 really trust us, I it's it's fascinating and we talk about that in the room and it's it's 00:41:03.895-->00:41:09.567 weird we treat viewer, we treat friend as a character in the room when we're breaking the 00:41:09.567-->00:41:13.604 story and when we're talking about it and it's uh it's something we really take in take 00:41:13.604-->00:41:20.244 into account with everything so um I have to admit that's all Sam. No it's true, I I haven't 00:41:20.244-->00:41:25.249 seen many movies or shows that do that in that way >>Um hi I think this is an incredibly 00:41:27.485-->00:41:32.623 ground breaking show, it's amazing and I work in consumer education >>Come a little closer 00:41:32.623-->00:41:37.328 to the mic >>Sorry I work in consumer education so and I understand the importance of how 00:41:37.328-->00:41:43.000 it is for us to see that this hacking is right but what is your team hoping for the normal 00:41:43.000-->00:41:47.705 person to get out of this show? Are you trying to educate people more on threats that are out 00:41:47.705-->00:41:52.710 there or is it just entertainment? >>Well anyone feel free to jump in when I go 00:41:54.812-->00:42:00.985 through this but uh [laughter] uh we live in a uh age where we are more and more dependent on 00:42:00.985-->00:42:05.823 our devices and our technology and there are a lot of people even in in the younger 00:42:05.823-->00:42:10.762 generation who know how to use these apps who know how to use their smartphones but they don't 00:42:10.762-->00:42:17.268 know the ways in which they're vulnerable and if the show can shine the light on that and make 00:42:17.268-->00:42:23.040 them think about like oh shit if I leave my phone you know unlocked this is how long it 00:42:23.040-->00:42:28.913 takes for someone to root it and install a uh piece of malware. I think that that's great if it if 00:42:28.913-->00:42:33.851 it increases that level of paranoia and awareness I think that's a very good thing. >>Yeah 00:42:33.851-->00:42:40.091 I think, for me, it's unavoidable now to no matter what walk of life you're from to 00:42:40.091-->00:42:44.562 stay isolated from the hacks that make the news every week um that's great from an awareness 00:42:44.562-->00:42:49.567 perspective but it also has a numbing effect and what I love is for that and for the show to 00:42:51.602-->00:42:55.840 really have consumers expect more of the companies that are building the software they use 00:42:55.840-->00:43:01.479 and depend upon that they trust to keep their data private because the reality is if 00:43:01.479-->00:43:05.483 they're not putting that pressure, and organizations are always going to take short cuts 00:43:05.483-->00:43:07.852 and we're going to keep dealing with poorly des- developed services, poorly designed 00:43:07.852-->00:43:12.857 software, corners cut, and uh we all have seen the effects of that so I love getting that 00:43:15.493-->00:43:19.797 awareness up I love getting people thinking and caring and changing their behaviors based 00:43:19.797-->00:43:25.002 on that >>you know what It it it's just refreshing for my mother to know what I've been 00:43:25.002-->00:43:31.109 working on for so many years in life [laughter] and I I say it I say it honestly because 00:43:31.109-->00:43:36.113 [applause] yeah we spend so many years trying to educate the public uh and it's not working 00:43:38.683-->00:43:43.955 right I mean finally I I opened up CNN this morning and I noticed that seven of the 00:43:43.955-->00:43:49.427 various um uh conversations and presentations at Blackhat were on the cover of CNN, I mean, two 00:43:49.427-->00:43:51.429 three years ago that was not the case I mean we're getting to a point where people are starting 00:43:51.429-->00:43:56.434 to understand technology and we're getting to a point now where you know hopefully we get 00:44:00.671-->00:44:05.676 the education in before people have the personal pain that I think we experience with hacks 00:44:05.676-->00:44:10.615 like Sony and hacks like uh what we're seeing with the campaigns and the iCloud photo hacks we 00:44:10.615-->00:44:15.386 we're we're waiting for that that big cyber 911 moment which hopefully never happens but I 00:44:15.386-->00:44:19.156 think we're all expecting it to happen and if we can get to a point where the public 00:44:19.156-->00:44:24.695 understands that password 123 is not good in uh the the point where uh we should you know have 00:44:24.695-->00:44:28.799 a little bit more understanding of our security and we do it through a show that that's fun 00:44:28.799-->00:44:35.640 uh you know that's a win on my part >>For me I've been doing defcon for eighteen years and 00:44:35.640-->00:44:41.846 for eighteen years I've watched TV shows portraying my community like a bunch of weirdos like a 00:44:41.846-->00:44:46.951 bunch of idiots who don't know anything about computers, who have portrayed hacks as these 00:44:46.951-->00:44:53.024 mystical things that happen when you connect magical devices to to cars and suddenly remote 00:44:53.024-->00:44:58.596 control them and I'm sick of it I want to see real stuff on the TV that doesn't make me rage and 00:44:58.596-->00:45:02.967 I want to see accurate portrayals of people in my community, people I can relate 00:45:02.967-->00:45:08.539 to and so being able to do this and be part of this, to me it was a gift. >>Well funny you 00:45:08.539-->00:45:12.276 mention that Marc because uh I always remember the story, uh you ever everybody seen DieHard 00:45:12.276-->00:45:17.782 4? Live Free or Die Hard where the FBI cyber division is kind of bogus? Well I always remember 00:45:17.782-->00:45:22.086 the the producer and director came to the FBI headquarters and wanted to see what cyber 00:45:22.086-->00:45:27.225 division was like and then as they got a tour they were very disappointed because it looks 00:45:27.225-->00:45:32.830 like a 1960s middle school and you know as agents we would watch the movie and we were like 00:45:32.830-->00:45:36.667 man I wish we had all this technology [laughter] like so >>It's like enemy of the state? 00:45:36.667-->00:45:43.274 >>Right? I I you wish you had and so you know we show something that that's you know 00:45:43.274-->00:45:48.846 fabulous on television like the Bourne Identity type of movies when in fact none of that exists 00:45:48.846-->00:45:53.017 and so now we have a show that we're sort of able to slowly work through the technical 00:45:53.017-->00:45:58.556 advances that we have today and ideally like I say I said this in in an interview I want every 00:45:58.556-->00:46:04.695 member of congress to have watched Mr. Robot, to have said oh wow this is possible because 00:46:04.695-->00:46:10.201 we need to have everyone that is in the decision making ability in in government to know that 00:46:10.201-->00:46:15.206 everything that we have is vulnerable from a cybersecurity perspective [applause] >>Okay so 00:46:22.847-->00:46:29.320 you'd mentioned uh you ha you have to run things by NBC, Universal's legal team uh, I 00:46:29.320-->00:46:35.026 just want to know how it went uh when you decided it was okay for Elliot to go pirate a movie with 00:46:35.026-->00:46:40.031 Utorrent and have all the scene release groups tagged on it, can you elaborate on that at all? 00:46:43.000-->00:46:48.005 >>There are a lot of fun easter eggs that are hidden in this show and that's one of them and 00:46:50.274-->00:46:55.279 luckily that wasn't a discussion [laughter] so but now it will be >>Now it will be >>Thank you for 00:46:59.216-->00:47:04.588 bringing attention to it [laughter] >>You seriously, you never cleared that? [laughter] 00:47:04.588-->00:47:10.294 >>I mean we cleared Utorrent I I looked into some other tools and I didn't actually uh you know 00:47:10.294-->00:47:16.000 Utorrent was the only the only tool that cleared and I will always go with a tool that 00:47:16.000-->00:47:21.005 clears as opposed to ripping off another one or or rematching a design so I can speak to that um 00:47:23.107-->00:47:28.179 for the the pirate groups I I don't know what you're talking about [laughter] >>I noticed on 00:47:28.179-->00:47:33.184 that screen too that Elliot is a pretty bad leacher he like lets up very he shares very little 00:47:38.756-->00:47:45.329 but he takes quite a lot [laughter] >>Touche >>I don't know where he got that tactic 00:47:45.329-->00:47:50.334 from either [laughter] just it's weird >>So um I heard you say that the screens are recredited 00:47:52.370-->00:47:56.640 with flash and that's kind of interesting because most of them are just text based screens and 00:47:56.640-->00:48:00.711 you could either just like for example there's a Python script in the last episode I watched, 00:48:00.711-->00:48:05.449 why don't you just write it in Python um to create a mockup of what it's doing or even rather 00:48:05.449-->00:48:12.256 than that just have a server that is literally being you know a a um your own test server that 00:48:12.256-->00:48:15.926 you're literally hacking um so we're actually seeing what's happening rather than doing it 00:48:15.926-->00:48:20.264 in flash, what's the idea behind you using flash? >>So we've explored a lot of these options 00:48:20.264-->00:48:25.603 and unfortunately since we're the first I believe we're the first show to even bring this 00:48:25.603-->00:48:30.608 much effort toward this ki- this level of authenticity it's only me on set, it's only me and uh a 00:48:32.877-->00:48:37.882 video animator, video engineer so the way to utilize uh the crew's time um you know the 00:48:40.217-->00:48:46.590 actor's time, the best way to do it and the most time efficient way of doing it at this point is 00:48:46.590-->00:48:52.296 creating a flash animation only because we have medium shots and wide shots where we have actors 00:48:52.296-->00:48:57.802 wal- sitting at the computer you know sitting in front of a work station and they need to walk 00:48:57.802-->00:49:03.374 through the animation and get the right you know get through the right detail on the screen 00:49:03.374-->00:49:08.379 and the added effort of actually trying to teach them the correct commands, and relying on that, 00:49:11.348-->00:49:16.287 or standing off to the side with a wireless keyboard and running it myself while they're kind of 00:49:16.287-->00:49:21.859 faking it, it's it doesn't make as much sense as putting putting them in front of an interactive 00:49:21.859-->00:49:26.063 animation where they can just freely type and the right content will show up on the 00:49:26.063-->00:49:31.902 screen and we can easily reset it and go for take two immediately after um my hope is 00:49:31.902-->00:49:36.907 in future seasons as I grow this team that we can delve into that more and show it show that in a 00:49:39.577-->00:49:45.282 more realistic light uh because mainly because recreating these things in flash there's so much 00:49:45.282-->00:49:50.287 room for error and typos and just just weird behavior that I spend so many hours uh with Adam 00:49:53.123-->00:49:56.961 Brustein our amazing animator uh we go back and forth just just really finessing these 00:49:56.961-->00:50:02.533 animations I would love to do it for real but that takes you know I have to convince uh our 00:50:02.533-->00:50:07.037 producers and I have to convince the studio that it's it's worth it's worth it to them to bring 00:50:07.037-->00:50:11.609 on a bigger team to to really manage that because when you're on set and the crew is like 00:50:11.609-->00:50:16.780 trying to make their day and they're behind uh no one's thinking about the tech, no one. 00:50:16.780-->00:50:22.386 The only person on set thinking about the tech, is me. Uh which, which sucks. >>So the the short 00:50:22.386-->00:50:28.926 answer is as a society we will never get rid of flash [laughter] it will survive the 00:50:28.926-->00:50:33.430 apocalypse like Twinkies and cockroaches >>like cockroaches >>flash will never go away >>The 00:50:33.430-->00:50:39.003 the other thing to think about is in terms of the accuracy of what you see on screen you 00:50:39.003-->00:50:44.275 couldn't do that with a Python script because if you had a script that just spewed out the 00:50:44.275-->00:50:48.946 things that are supposed to come out on a hack, that's not really the hack, that's a very 00:50:48.946-->00:50:52.816 artificial simulation of what's supposed to come up. What they're doing is they're 00:50:52.816-->00:50:57.821 creating an animation based on the intelligence they get from technical experts in in cases 00:51:00.024-->00:51:06.063 where I I've put stuff together, we've done the hack, demod it, filmed it, sent it to them, 00:51:06.063-->00:51:11.068 they've looked at that and then they made their animation, so that animation is an accurate 00:51:11.068-->00:51:16.073 recreation of the hack with the right timings, the right output, so it's really as accurate as 00:51:18.542-->00:51:24.648 you can get without doing it. I would say their only two options are, do it, or do what they're 00:51:24.648-->00:51:28.919 doing now, and what they're doing now is pretty good although it seems it's pretty 00:51:28.919-->00:51:34.058 effort heavy for Kor and the others. I would love to see them doing it for real, but the 00:51:34.058-->00:51:39.063 reality is, I've been hacking for what twenty five twenty six years of my life I'm probably 00:51:42.232-->00:51:47.237 way better than any actor and I find it hard to do that, many of the hacks that I've filmed, and 00:51:49.306-->00:51:54.244 made, and sent over, I had to do four or five times to get it right, to work out bugs, to do 00:51:54.244-->00:52:00.451 it, that's a hell of an effort for a production crew to have to take on. >>And even after the 00:52:00.451-->00:52:05.723 fact when I'm like after they send me that material I'll go back and forth with them because 00:52:05.723-->00:52:10.260 maybe we're working in a different distro or maybe uh you know we're in a different I 00:52:10.260-->00:52:14.999 don't I don't know I want to nail what the prompt looks like under these circumstances so 00:52:14.999-->00:52:20.037 I'll I'll ask these follow up questions of you know if I'm if my goal is to replace IP 00:52:20.037-->00:52:24.708 addresses with easter eggs or you know host names stuff like that so it's just constant 00:52:24.708-->00:52:30.014 dialogue I have with this team about the the hacks that they're creating and how how to 00:52:30.014-->00:52:35.019 successfully recreate them for the show. >>Alright thank you >>I have one ahem I have one 00:52:37.087-->00:52:43.027 question though for Kor I guess the team and it's around the timeline and so my last article 00:52:43.027-->00:52:48.298 at Playboy I noticed that you had a character, they walked by and they had a rest in peace you 00:52:48.298-->00:52:53.637 know american economy with the the date um and so I'm trying to figure out well how many months 00:52:53.637-->00:52:57.741 has it been since the hack, so what version of the software were we at, you know like what 00:52:57.741-->00:53:02.446 android versions are we using or whatever so unless the show is progressing at a current day 00:53:02.446-->00:53:07.017 rate you're gonna be in a situation where you've got to use like older and older distros 00:53:07.017-->00:53:12.456 to be time period accurate so that is a whole nother level of nightmare >>Fortunately the 00:53:12.456-->00:53:17.694 government will never be using the most up to date anything so [laughter] >>Hey, we the 00:53:17.694-->00:53:22.699 government is off XP, hey! No more XP >>No but to, to Jeff's point, uh the season two starts 00:53:25.235-->00:53:30.240 thirty days after the end of season one, and the big evil corp hack took place on 5/9 2015 00:53:33.377-->00:53:40.350 so of all of the piece of software that I clear I need to find the version that was out in 00:53:40.350-->00:53:46.657 May of 2015 which is which is kind of tough uh and it's gonna make our jobs harder and harder 00:53:46.657-->00:53:50.694 as each season progresses because we're treating that timeline in real time and we're 00:53:50.694-->00:53:56.800 just picking up where we leave off each season so it's uh it's going to get more difficult 00:53:56.800-->00:54:03.173 >>Next question >>Hi so I was wondering about the season two trailer or where that idea came 00:54:03.173-->00:54:08.912 from and whether or not that's going to continue at all in the future? >>So what he's referring 00:54:08.912-->00:54:13.917 to is um the phone number >>yeah >>That was in the season two trailer that led to led you 00:54:17.121-->00:54:21.825 somewhere which led you somewhere else, which set you on uh this whole this whole code 00:54:21.825-->00:54:26.830 breaking uh, this code breaking game, and we have hidden a lot of that in season two, every 00:54:30.400-->00:54:35.239 single episode of season two, there are elements of uh code breaking and anyone that's 00:54:35.239-->00:54:40.811 familiar with the Defcon badge contest will get a huge kick out of just dealing with what we've 00:54:40.811-->00:54:45.716 hidden in season two, so my answer to you is yes, that will continue, I ca- I don't want to 00:54:45.716-->00:54:50.187 give you too much information on where to find those little hints and where where they are but I 00:54:50.187-->00:54:56.126 know just based on monitoring uh the Reddit uh the subreddit and Twitter that not all of them 00:54:56.126-->00:55:01.765 have been found and more are coming >>Could you actually give a little intro to how that idea 00:55:01.765-->00:55:07.604 came to make that arc happen? >>I wanted to do this in season one and I bugged Sam and I 00:55:07.604-->00:55:13.310 bugged uh people at the studio uh just using real IP, it started out for just, I wanted 00:55:13.310-->00:55:17.714 to use real IP addresses and real phone numbers, huge argument, can't use real phone 00:55:17.714-->00:55:21.718 numbers, finally convinced them to let me use real IP addresses, they gave me a pattern of IP 00:55:21.718-->00:55:28.058 addresses for season two that I'm using. And then once the digital marketing team at USA 00:55:28.058-->00:55:34.164 caught on that our fans were this into it and screenshotting uh screenshotting every screen 00:55:34.164-->00:55:38.502 and I gave them examples of people attempting to hit these servers that we show in season 00:55:38.502-->00:55:44.508 one or complaining about you know our fake IP addresses that we used in season one uh so the 00:55:44.508-->00:55:49.179 digital digital marketing team I think they kind of just between seasons one and two were 00:55:49.179-->00:55:53.383 convinced that this was worth their time and effort so now I'm working very closely with them 00:55:53.383-->00:55:59.022 to build out this kind of interaction and uh it's a goal of mine in in season two if you 00:55:59.022-->00:56:04.061 see an IP address or you see a URL it will it will lead somewhere I can tell, I can tell 00:56:04.061-->00:56:08.298 you that much >>When I first started working with Kor on the first sequence that I I helped 00:56:08.298-->00:56:14.605 out with um I had done an on screen mockup and then I did a copy paste of the terminal text 00:56:14.605-->00:56:20.077 to make it easier for the animators and I used uh because it was all on VMs I was using 00:56:20.077-->00:56:24.948 RC1918 addresses so that my simulation could at post talk to each other but the situation 00:56:24.948-->00:56:30.387 required routable addresses so I just in the copy paste like made up an IP off the top of my head 00:56:30.387-->00:56:35.525 and stuck that in there I send an email to Kor and then I was like, I wonder who owns that IP 00:56:35.525-->00:56:40.530 block? So I go into who is on it and it's DOD IP space [laughter] so I emailed him immediately 00:56:43.267-->00:56:48.338 after and was like hey you guys are probably going to change the addresses but just in case um 00:56:48.338-->00:56:52.776 don't use that address because I pulled it out of my ass but it turns out I don't want someone 00:56:52.776-->00:56:58.482 seeing the show and then trying to hit that address so >>Go ahead >>With that with that 00:56:58.482-->00:57:03.287 being said the gentleman to my left who made a comment about CSI Cyber and the digital 00:57:03.287-->00:57:08.292 marketing so on Monday I'm going to redirect CSI cyber dot com to Mr. Robot because I control CSI 00:57:11.628-->00:57:17.734 cyber dot com and they took my idea in 2008 and I'm pissed at that, CBS and Paramount now are 00:57:17.734-->00:57:23.073 going to have to say tough shit because I'm going to forward that to push the show and when 00:57:23.073-->00:57:28.078 people go to CSI cyber dot com it's going to Mr. Robot on Monday, google it, check it out 00:57:33.050-->00:57:39.556 [applause] >>okay so you've already, you've already touched upon the dealing with the legal 00:57:39.556-->00:57:42.859 team a lot but I was just wondering like what kind of stuff have they rejected that 00:57:42.859-->00:57:46.296 you've wanted to do and like what what the negotiation process is kinda like? 00:57:48.565-->00:57:54.171 >>Unfortunately I can't go into detail about what they rejected without naming some of the the 00:57:54.171-->00:58:00.043 companies that were involved in those talks but I know that it starts off with me presenting my 00:58:00.043-->00:58:06.917 best case scenario, so here, here's my top three choices of tools to use for this specific 00:58:06.917-->00:58:12.356 hack and we're already working to do that and sometimes if it if something doesn't clear I'll 00:58:12.356-->00:58:16.026 go back to these guys and be like hey you know what other tools can we use that we can get 00:58:16.026-->00:58:21.031 away with and um so our clearance coordinator will talk to our legal department and 00:58:21.031-->00:58:26.303 they'll assess the risk and figure out is it worth it to approach this company or is it 00:58:26.303-->00:58:32.309 worth it to just kind of stay away and you know do our own thing with and make up a fake 00:58:32.309-->00:58:37.414 name or make up a fake design, which is one hundred percent of the time what they want me to do 00:58:37.414-->00:58:43.053 and so that's a huge point of contention and I'll go back and forth with our clearance 00:58:43.053-->00:58:46.289 department or our legal department about that and I understand it, I understand that 00:58:46.289-->00:58:53.096 that's their job and that's that's that's great uh so it speaks to you know it's hard for 00:58:53.096-->00:58:57.467 me to reach out and I did have these talks with these guys and I luckily Marc knows some of 00:58:57.467-->00:59:02.706 these guys so I I asked him I remember asking him when we uh I can't tell you what tool it is 00:59:02.706-->00:59:09.146 but there's a tool that shows up in episode nine of this season where I asked him I'm like are 00:59:09.146-->00:59:12.516 these guys fans of the show? Like are the these guys are hackers right? They're gonna 00:59:12.516-->00:59:17.087 they dig the show they won't be, they'd be cool if we reached out to them and asked them you know 00:59:17.087-->00:59:23.660 to get a to sign a clearance and he was like yeah of course so against you know what what the 00:59:23.660-->00:59:27.964 legal department wanted to do we we we took that route and luckily it made it into the 00:59:27.964-->00:59:33.470 show, I can't say what it is yet, but it's it's great, it's awesome, so it's um hopefully 00:59:33.470-->00:59:38.074 it's something that will get easier and like I said before, if you guys reach out to me it 00:59:38.074-->00:59:42.979 makes my job a lot easier and we can see I think we could see a lot more in the show if you guys 00:59:42.979-->00:59:47.984 just make first contact >>Hi guys, big fan of the show, thanks for making it happen. Um 00:59:52.055-->00:59:58.094 my question is I really like the scene with the faraday cage in and I'm wondering if you have 00:59:58.094-->01:00:03.467 any plans for other consumer products or anything that helps protect mobile privacy and 01:00:03.467-->01:00:07.604 security? >>Can you say the last part of that question one more time? >>Anything in the works to 01:00:07.604-->01:00:12.609 help protect mobile privacy and security from other like uh hardware or software? >>Yes? 01:00:18.315-->01:00:20.884 [laughter] >>I thought you were going to talk about the faraday cage that white rose was in 01:00:20.884-->01:00:26.022 >>It's one of those things that if you go into it then we sort of expose things, right? I mean 01:00:26.022-->01:00:30.327 it's not I I remember talking to Kor about this because one of the at one point we were in a 01:00:30.327-->01:00:35.532 conversation where he did say well we already reused the we used the faraday cage once we 01:00:35.532-->01:00:40.904 can't do it again so as we have more ideas because I have a couple in my head, I don't 01:00:40.904-->01:00:46.243 really want to tell you because I want you to sort of see it in season three >>Um as Kor already 01:00:46.243-->01:00:51.982 said there's stuff that's gonna come up the thing that drives it though is the story, we are kind 01:00:51.982-->01:00:57.754 of slaves to the story we're trying to find technology that fits into the story and the main 01:00:57.754-->01:01:02.626 thing I want to see with the tech that I I put into it is if you put the wrong tech in it can 01:01:02.626-->01:01:06.263 be really jarring you know, you're watching this great story, you're getting immersed 01:01:06.263-->01:01:10.233 into it, and then someone does something fundamentally stupid and you look at it and you're 01:01:10.233-->01:01:15.105 like uh and it's helping unravel the story and it's really not that interesting anymore so what 01:01:15.105-->01:01:21.444 we do has to fit in nicely any opportunity for something to come up we will will look at it 01:01:21.444-->01:01:26.249 and we'll try and use it because we want it to be realistic and at the same time we want to use 01:01:26.249-->01:01:30.921 it to send a message and the best way to do that is to use cool things >>Yeah and I think 01:01:30.921-->01:01:34.558 you're doing a great job I guess it was kind of a leading question because taking a 01:01:34.558-->01:01:40.030 repeated idea of a stand alone faraday cage and making it more mobile is what I'm holding in my 01:01:40.030-->01:01:46.403 hand right here so I want you guys to use it, it's called Silent Pocket >>Product 01:01:46.403-->01:01:51.408 placement [laughter] >>Good shirt! >>Thank you! >>Uh how you doin >>For those who can't see 01:01:57.047-->01:02:01.985 he's wearing an Evil Corp shirt [applause] >>Uh yeah uh first of all thank you for uh putting 01:02:07.624-->01:02:13.496 together a show about hackers that doesn't suck >>Um should I speak for everybody, that's 01:02:13.496-->01:02:19.803 about the best compliment you'll get from us right? >>Though Sneakers is a great movie so 01:02:19.803-->01:02:23.840 starting out fair >>Sneakers kicked ass >>And WarGames >>WarGames! >>WarGames was the 01:02:23.840-->01:02:29.179 same crew! >>But those but those are movies not a TV show >>That's true >>Um question 01:02:29.179-->01:02:34.784 about the easter eggs they're starting to get more complicated um what's the thought process of 01:02:34.784-->01:02:39.489 coming up with the easter eggs, is it you guys? Because they're sort of seem to be inspired by 01:02:39.489-->01:02:45.095 like Cicada, 3301 kinda puzzles and shit so is that you guys or is it like the media team or 01:02:45.095-->01:02:51.034 like >>So it's the media team and myself uh working on it primarily sometimes I'll check 01:02:51.034-->01:02:56.940 in with these guys about uh and and just just ask for advice about where it would lead um I 01:02:56.940-->01:03:01.678 know >>So you guys ship the hoodie that we got for solving the >>The the american giant 01:03:01.678-->01:03:06.750 hoodie? >>The fsociety hoodie >>Yep >>That things is badass >>That things awesome um it yeah 01:03:06.750-->01:03:10.787 it's I I don't want to say too much about it because I don't want to I don't want to ruin it 01:03:10.787-->01:03:16.292 and I don't want to spoil the fun out there for everyone who's involved in it but it is a back 01:03:16.292-->01:03:21.965 in addition to posting the show and and you know getting through these cuts and trying to trying 01:03:21.965-->01:03:26.736 to trying to finalize everything I'm still working with the digital marketing team nonstop 01:03:26.736-->01:03:33.643 on just the easter eggs alone which is a huge uh which is a taxing effort but it's um it's 01:03:33.643-->01:03:37.514 amazing how many people are into it and I'm so glad and it's really satisfying just the 01:03:37.514-->01:03:41.685 online response that we're getting from it is it's awesome it's more than I could have 01:03:41.685-->01:03:47.857 asked for which is great so I'm really excited about it >>Sick, thank you >>Thank you >>I I have 01:03:47.857-->01:03:52.629 a question you were talking a lot about American viewers but what what's your experience with 01:03:52.629-->01:03:57.634 international viewership? >>Um I have a fe- from what I can gather uh I know that it's not 01:04:01.237-->01:04:06.009 the show is not available streaming all over like completely internationally so 01:04:06.009-->01:04:11.648 people have to cut some corners to to watch it depending on where they live and last I 01:04:11.648-->01:04:16.653 checked we were the number one pirated show within the past month or so [applause] um which 01:04:21.658-->01:04:25.729 I'm fine with I know people at the network probably hate me saying this but I'm fine with 01:04:25.729-->01:04:30.734 that uh so and and and just the social media response we've been getting uh internationally from 01:04:32.836-->01:04:37.207 Latin America from Europe is it's been phenomenal and it's it's just it's just so it's 01:04:37.207-->01:04:42.979 really satisfying to see that the show is striking a cord um on a global scale like that it's 01:04:42.979-->01:04:47.984 phenomenal >>go ahead >>Salud! So uh I had a really good question but I kind of forgot 01:04:55.525-->01:05:02.298 what it was uh [laughter] I guess uh >>you can step aside and let the next person if you 01:05:02.298-->01:05:06.503 want to think about it >>I uh I uh I apologize for asking this one um but uh there's been a lot 01:05:06.503-->01:05:11.674 of speculation online about what astsu is as a command and uh >>What what can you say that 01:05:11.674-->01:05:16.379 again? >>astsu in the first season at the beginning uses a code called astsu kinda looks 01:05:16.379-->01:05:22.152 like Sudo or something like that but uh um is it is it an internal thing to Evil Corp? 01:05:22.152-->01:05:26.189 What's the what's the official response on that? >>So the official response, and I knew I 01:05:26.189-->01:05:30.293 was going to get this question one day um [laughter] none of us worked on the pilot, so the 01:05:30.293-->01:05:35.298 pilot had uh their own consultant who uh I don't know how present he was and and I 01:05:39.936-->01:05:44.808 don't know how what kind of interaction he had with the animator on on the pilot uh what 01:05:44.808-->01:05:51.414 what from what I have heard he just left him with a stack of code and left him to sift 01:05:51.414-->01:05:56.553 through it so you have an animator who's never even worked in a in a Linux distro before, 01:05:56.553-->01:06:00.356 staring at code and he doesn't know what it means and he has to figure out how to animate it and 01:06:00.356-->01:06:05.361 and recreate it for a pilot of a TV show so astsu is probably just a misstep it's just a and 01:06:10.400-->01:06:12.869 there are actually there are a lot of there are a lot there's a lot of things like that I could 01:06:12.869-->01:06:18.675 point out from the pilot that that even I have issues with um so luckily we were able to kind 01:06:18.675-->01:06:23.580 of remedy that once we got the series pick up and I was working on uh episodes two through ten 01:06:23.580-->01:06:29.185 to to make sure that that didn't happen >>Cool, thank you >>thank you >>I think one of the other 01:06:29.185-->01:06:34.123 things you have to remember is these these kinds of shows evolve they they're not static 01:06:34.123-->01:06:40.196 they and as they move on there are additional dimensions that get added, things get better 01:06:40.196-->01:06:46.970 processes change, so I mean you can say reliably this show is going to go from strength to 01:06:46.970-->01:06:50.740 strength >>That that sort of raises the question, Kor you and I had talked previously when I'd 01:06:50.740-->01:06:55.945 asked you like where, where do you envision the show going, the show's operating on many many 01:06:55.945-->01:07:00.550 layers and you've got the basic plot of the hacking, you've got Elliot's sort of mental 01:07:00.550-->01:07:04.354 deterioration and his old issues with his father and things like that, you've got the control 01:07:04.354-->01:07:07.590 issues and all of its permutations of hacking and things like that, now you've 01:07:07.590-->01:07:11.094 introduced this whole thing with White Rose there are a lot of sort of tangents coming and 01:07:11.094-->01:07:16.132 we've seen other stor- other shows fail spectacularly when they're trying to juggle too 01:07:16.132-->01:07:22.939 much, Lost for instance, uh how are you guys insuring that you guys don't get Lost essentially? 01:07:22.939-->01:07:29.112 >>Great question uh Sam and the other writers, and I have a road map for where we want this 01:07:29.112-->01:07:32.982 season to go uh unlike some of the other shows that were mentioned, I have a feeling they 01:07:32.982-->01:07:37.320 were writing themselves into a corner because they didn't really know what the end- what 01:07:37.320-->01:07:42.292 the end beat was. What the conclusion of of the story was. We know where we're headed and 01:07:42.292-->01:07:47.764 we have certain milestones that we're trying to reach on the way, so I don't feel like we're 01:07:47.764-->01:07:53.937 ever going to get into that situation as long as we stay true to organically, where our 01:07:53.937-->01:07:58.207 characters are emotionally and where the journey would take them, so as long as we're 01:07:58.207-->01:08:03.446 tracking Elliot and and the other members of fsociety emotionally and organically 01:08:03.446-->01:08:08.451 doing serving the story uh justice I think that's I don't think that's going to happen um 01:08:08.451-->01:08:12.355 and I know some people have had some issues with the pacing of season two and the first couple 01:08:12.355-->01:08:17.961 of episodes being a little slow I've read a lot of reviews and blogs about that and really all 01:08:17.961-->01:08:23.733 I can say is like we dropped a huge bomb at the end of season one uh we destroyed the economy, 01:08:23.733-->01:08:30.607 Elliot had the the realization that you know uh he he has delusions um and he's suffering 01:08:30.607-->01:08:37.447 uh from you know he's that he's that he's basically insane and he needs to re- he needs to re- 01:08:37.447-->01:08:43.653 he needs to work that out, he needs to reconcile that, and I think the him working out those 01:08:43.653-->01:08:48.658 issues and those inner demons and connecting it metaphorically to you know you know things that 01:08:50.994-->01:08:57.300 are are common to the tech crowd whether they be infinite loops of insanity or or kernel panics 01:08:57.300-->01:09:01.204 um I think that I think that's organically where the story needs to go and I still find it 01:09:01.204-->01:09:06.309 I think I think it's compelling and intriguing so hang in there that's all I'll say >>I'll sort 01:09:06.309-->01:09:11.781 of add that I I I think you'll start to get a bit more explanation as to the history of 01:09:11.781-->01:09:17.020 things as you go through you know there was a lot of illusions to certain things just 01:09:17.020-->01:09:21.257 happening, now let's try to figure out and help you understand why that happened and 01:09:21.257-->01:09:26.029 how the characters grew and you know that that does take time but I will tell you this without 01:09:26.029-->01:09:31.367 revealing any spoilers it gets fantastic in a few episodes, and then you'll get to the end, 01:09:31.367-->01:09:35.505 you're gonna be like wow! right, it's there so just kind of like make it through some of the 01:09:35.505-->01:09:39.075 character development and you're just gonna you're gonna get to that point and you're gonna say 01:09:39.075-->01:09:45.114 I did not know that. I can't tell you which episode but it it's coming soon >>Go ahead >>Uh 01:09:45.114-->01:09:49.752 thanks Jay my question, I love the show, the raspberry pi gag where Elliot got called out for 01:09:49.752-->01:09:53.923 holding one up like the timing in that was like that's a raspberry pi! that's a raspberry 01:09:53.923-->01:09:58.761 pi that was awesome, thank you. Um my question is um with the inclusion of the scene from 01:09:58.761-->01:10:02.732 Hackers, who was involved in that conversation like it just this panel shows that there's a 01:10:02.732-->01:10:07.837 lot of care and effort that goes into making this not give information about hacking, but 01:10:07.837-->01:10:13.009 that specific piece of of of script just calls it out uh were you part of that? Was there a 01:10:13.009-->01:10:17.113 discussion? I'm like if I have a really calm question here, how'd that go? >>I was a part of that 01:10:17.113-->01:10:22.118 and that was just our uh meta moment of kind of poking fun at ourselves basically and um even 01:10:25.621-->01:10:29.659 though it's ridiculous, I love that movie, I grew up watching that movie, I'm sure a lot of 01:10:29.659-->01:10:34.464 people in here are fans of that film and um you know other writers in the room are fans of 01:10:34.464-->01:10:40.269 it as well and it was a fun way of kind of calling out that you know some there's going to be a 01:10:40.269-->01:10:45.041 TV show that's going to fuck it up you know and you know maybe we we might be we might be that 01:10:45.041-->01:10:50.346 show, hopefully that, hopefully we're not but at the time of writing that script it was a it 01:10:50.346-->01:10:54.717 was a cool little joke that we wanted to incorporate and I think the community loved it and 01:10:54.717-->01:10:58.387 embraced it because I I have a feeling that everyone in this room has probably bashed hackers 01:10:58.387-->01:11:03.926 at one point or another and um you know it was a it was a fun scene. >> I for one would love 01:11:03.926-->01:11:08.931 to see fsociety on roller blades [laughter] >>Thank you. >>That's why I wear rollerblades um I uh 01:11:18.107-->01:11:22.245 so I love your show um had to write it down [laughter] >>Closer to the mic >>Sorry oh, 01:11:22.245-->01:11:27.683 I love your show and um uh and thank you again for teaching our parents uh what we do um so as a 01:11:27.683-->01:11:34.390 woman who codes um you mentioned that there was a favorite hack uh that that was failed um so I 01:11:34.390-->01:11:39.395 was just uh any thought to maybe giving an unsuspecting female [laugh] that uh the role that's 01:11:41.430-->01:11:46.435 kind of on the same, same level as Elliot? >>Well I think uh season two we made an effort to 01:11:50.339-->01:11:56.179 really flesh out the rest of our cast and I know that season one is more of uh Elliot's journey 01:11:56.179-->01:11:59.715 in figuring out what is happening, season two is more about dealing with the 01:11:59.715-->01:12:04.654 consequences and repercussions of what happened and it gives us an opportunity for them to deal 01:12:04.654-->01:12:10.059 with it and I think if uh you've seen enough of season two at this point to know that we're 01:12:10.059-->01:12:14.130 spending a lot more time with our female hacker characters and our femare- our female 01:12:14.130-->01:12:20.102 cybercrime character and it's it's a hope of mine that you know we continue to do that and 01:12:20.102-->01:12:25.842 you know just just keep watching for season two it's it's something that we are definitely 01:12:25.842-->01:12:31.347 uh moving forward so thank you >>I I I will say this though um it it I I look in the room and 01:12:31.347-->01:12:37.987 it's it's refreshing as well to see the diversity because it's not there at all the time in the 01:12:37.987-->01:12:43.459 C suite of the conversations that we have about this and so as the community is growing and 01:12:43.459-->01:12:48.431 learning to find people that look like me or look like her that are in the room it is just 01:12:48.431-->01:12:53.436 you know very awesome [applause]. >>Kor, Kor we had actually talked about this, the 01:12:55.905-->01:13:00.009 diversity on the show and how it was very tin- intentional in terms of >>It was intentional by 01:13:00.009-->01:13:05.581 it was by design, we wanted to make sure we had badass female hackers a part of fsociety we 01:13:05.581-->01:13:11.120 wanted to have an Iranian hacker, we wanted Romero to be you know the old school uh 01:13:11.120-->01:13:16.192 phreaker that joined the group and and Mobley is of Indian descent, so we're we're 01:13:16.192-->01:13:18.561 definitely it was definitely by design and we definitely wa- our hope is that it does inspire 01:13:18.561-->01:13:21.430 that kind of diversity that Andre is talking about, definitely. >>The thing is when 01:13:21.430-->01:13:23.432 you you look out at the Defcon audience you realize that the hacker community is that diverse 01:13:23.432-->01:13:26.502 which is why it's really great to see a show that actually represents what we look like. 01:13:26.502-->01:13:30.606 >>So we've got just five minutes more, take a few more questions. >>So I I always have a lot of 01:13:30.606-->01:13:35.611 empathy for the the thief the perpetrator or the the victim >>We can't hear you, talk close 01:13:42.585-->01:13:47.590 >>I always- I always have a lot of empathy for the the victim and the perpetrator but um have 01:13:58.834-->01:14:04.774 you ever thought about having a back story for Philip Price? I realize the target story is the 01:14:04.774-->01:14:09.779 99 percent but more important question is have you thought about the kid's workshops that 01:14:12.014-->01:14:17.019 we have here that uh only through our children we will conquer >>Actually, Marc and I 01:14:21.324-->01:14:26.595 were just talking about uh the kid's workshops and uh I think we're, a couple of us are 01:14:26.595-->01:14:32.702 probably going to do a talk at one of those, uh either tomorrow or you know tomorrow afternoon, 01:14:32.702-->01:14:37.707 to answer your your Philip Price question, yes [laughter] we thought about the backstory and 01:14:40.142-->01:14:45.047 uh if you keep watching you'll you'll you'll get it you'll get some more of that >>Go ahead, 01:14:45.047-->01:14:50.219 next question. >>I just wanted a decent photo, no I'm just kidding, um my question has to 01:14:50.219-->01:14:56.192 do with uh personal security so obviously uh season one Elliot's hacking social media sites, 01:14:56.192-->01:15:02.031 emails for you know his uh coworkers or whatever um I understand people with simple 01:15:02.031-->01:15:04.533 passwords aren't going to be doing two fact drop authentication or anything of 01:15:04.533-->01:15:09.004 that nature, however, most servers, not most services, there are services, uh Gmail, 01:15:09.004-->01:15:12.742 Facebook, if you log in from another system, it's going to send you an email that notifies 01:15:12.742-->01:15:17.413 you, granted if he has access to those other emails it's null and void but he'd have to be doing a 01:15:17.413-->01:15:21.984 lot at one point in time, he's just one guy, was there ever conversation about that uh in 01:15:21.984-->01:15:25.721 the tech world and if so what was the reasoning behind not including uh log in 01:15:25.721-->01:15:30.426 notifications? >>It's a question of it's always a matter of time and how much real estate we have 01:15:30.426-->01:15:36.432 on the page and how much time we have in the cut to devote to a hack and even the steps that we 01:15:36.432-->01:15:41.203 want to show we can't always show them all, they always get cut down in the editing process 01:15:41.203-->01:15:45.641 so it is a conversation we've had and it's just us making the decision of like what are the 01:15:45.641-->01:15:50.312 important beats we need to see to to convey this story about this hack and how he's 01:15:50.312-->01:15:57.219 compromising this account um but to your point if I can get that level of detail into the show, 01:15:57.219-->01:16:01.557 that's my goal, I think that's all of our goals, to get as much detail as possible into those 01:16:01.557-->01:16:06.562 into those sequences. >>Thank you >>I, we have time for both of these questions though, go 01:16:08.998-->01:16:14.370 ahead >>Um so first of all I am a really big fan of the show, my friends and I just love it um my 01:16:14.370-->01:16:17.907 question is so you mentioned that like you get feedback from Sam like when you get something 01:16:17.907-->01:16:22.077 wrong like there's a typo or or somebody points out that like a screen is wrong or a command 01:16:22.077-->01:16:27.483 doesn't work right um but have you gotten any feedback about sort of the show being used to 01:16:27.483-->01:16:32.755 teach? Um I had an opportunity at my job to introduce some colleagues of mine who are not 01:16:32.755-->01:16:37.793 part of this field to my field which is forensics and I said if you wanna know what hacking is, 01:16:37.793-->01:16:44.333 who hackers are, please go watch this show, um so and I had people nodding and and people 01:16:44.333-->01:16:47.069 come back to me, one or two come back and said oh my god this I watched this show and it's 01:16:47.069-->01:16:52.107 amazing and I'm frightened but [laughter] so my question is have you heard, have you heard 01:16:52.107-->01:16:57.179 about whether it's somebody in the C Suite or a teacher, or you know just a person saying I was 01:16:57.179-->01:17:01.050 inspired by your show, have you gotten the feedback about this show being used for good I 01:17:01.050-->01:17:06.889 guess? >>100% Um you have the story about this? >>Yeah I mean uh I I I was in meetings all 01:17:06.889-->01:17:12.561 week for work and I don't think a single person be they uh you know engineer, practitioner, or 01:17:12.561-->01:17:18.367 uh at the executive level hasn't gotten that out of the show and enjoys the increased awareness, 01:17:18.367-->01:17:21.837 enjoys the fact that they, it caused them to think about an attack technique or an attack 01:17:21.837-->01:17:27.877 factor that maybe wouldn't have come first to mind otherwise so um I definitely think that's one 01:17:27.877-->01:17:30.346 of the ways that it can be a force for good and a force for educating. >>And one of the best 01:17:30.346-->01:17:34.216 compliments I've ever received, and I've received it on numerous occasions is you know people 01:17:34.216-->01:17:38.387 will come to me and say I don't usually watch television, like I do I don't binge watch anything, 01:17:38.387-->01:17:44.260 I don't watch TV, but I watch Mr. Robot because of th- the hacks that you guys portray and 01:17:44.260-->01:17:49.265 how how scared it makes me about my you know using my devices so uh you know it's amazing >>so I 01:17:51.367-->01:17:56.805 I'll say you you actually have the leader of the free world as your fan [laughter] of Mr. Robo- 01:17:56.805-->01:18:02.511 it was actually very interesting because I was on set and Sam was super excited and he's like the 01:18:02.511-->01:18:09.251 president loves our show! And he's like and like got contacted by his personal aid and said 01:18:09.251-->01:18:13.322 actually I don't even know if I should be saying it but I think it's important because he said 01:18:13.322-->01:18:18.227 like I you know binge watched the show and loved Mr. Robot and wanted to see season two and 01:18:18.227-->01:18:23.132 it's like that is the levels that we're getting right? I mean that's exactly what we're 01:18:23.132-->01:18:28.337 looking for because then it's just a trickle down right? I mean if we can it there then 01:18:28.337-->01:18:31.941 we're getting others in government and we're getting others in the C Suite and and it 01:18:31.941-->01:18:36.712 that conversation that I'm I'm hoping that we get right? >>And my my hope is that's the reason 01:18:36.712-->01:18:42.318 he's interested in the show and it's not because we impersonated him in the first episode 01:18:42.318-->01:18:47.323 [laughter] of season two and he just wants to see what's up and what we're doing so definitely, 01:18:50.259-->01:18:54.396 I also don't know when he binged watched season Mr Robot I don't know where he has time, the 01:18:54.396-->01:18:59.401 president but >>Air Force one >>Ah touche it's a plane [laughter] >>Okay so my question 01:19:03.405-->01:19:08.410 is uh as far as getting this on to a network channel, like what's from from the network's 01:19:12.948-->01:19:19.655 perspective was it you know here's a hacking show and some they're saying something about 01:19:19.655-->01:19:24.493 maybe it's technically accurate or was the technically accurate part something that they 01:19:24.493-->01:19:28.464 actually cared about? >>The technically accurate part was something that Sam cared about, 01:19:28.464-->01:19:35.271 I'm not sure that the network was that in invested in it at that point, they just saw a 01:19:35.271-->01:19:41.410 great script, written by an auteur filmmaker like Sam, and they wanted to pursue that that 01:19:41.410-->01:19:46.582 project. I think once the pilot came out and Sam was able to deliver that level of 01:19:46.582-->01:19:51.854 authenticity it set the bar and the expectation and you have network executives reading you 01:19:51.854-->01:19:57.593 know these articles published by tech journalists talking about the technology on the show, so, 01:19:57.593-->01:20:01.797 I think it was something that was always on Sam's radar that he wanted to pull off and 01:20:01.797-->01:20:06.802 luckily when I met him we were completely in line about that and you know g- uh to his credit 01:20:09.271-->01:20:14.309 he just kind of empowered me and let me fight fight with whoever I had to fight with to get that 01:20:14.309-->01:20:19.014 level of detail into the show and obviously the fact that I was able to grow the team for 01:20:19.014-->01:20:24.353 season two speaks to the fact that the network and the studio are supportive of that effort, 01:20:24.353-->01:20:29.358 which is great. >>I think we're out of time uh so just join me in thanking the panelists, 01:20:33.729-->01:20:38.734 [applause] first of all for a great show and their participation today. [applause]