Podcasts
Hacking Humans Goes to the Movies
Ep 22
Hacking Humans Goes to the Movies 9.24.23
Ep 22 | 9.24.23

Rooting vs routing.

Show Notes
Transcript

Nicholas Cage as Roy Waller from "Matchstick Men": John Goodhue, Regional Vice President. Congratulations, which prize are you hoping for?

Dave Bittner: Hello everyone and welcome to a special edition of the "Hacking Humans" podcast. This is an occasional series we call "Hacking Humans Goes to the Movies." I'm Dave Bittner and joining me is my CyberWire colleague Rick Howard. Hey, Rick.

Rick Howard: Hey, Dave. I like that gravitas you brought to that announcement, it sounded really good.

Dave Bittner: Yeah, I'll have to start an Oscar campaign for myself or something. On this show Rick and I look at some of our favorite clips from cinema and television, clips which demonstrate some of the scams and schemes that Joe Carrigan and I talk about on the "Hacking Humans" podcast. We've got some fun clips to share, so stay tuned, we'll be right back after this message from our show sponsor. All right Rick, we have got some good clips to share this week, you want to kick things off for us?

Rick Howard: Absolutely, I'm very excited about this one, Dave. My clip this week comes from the pilot episode of the most realistic movie or TV show ever made that has hacking at its center, right? That's a big, big claim, I know.

Dave Bittner: Wow. That is quite a claim.

Rick Howard: The show is called Mr. Robot and Dave, I know you're a big fan.

Dave Bittner: Yeah. Sure.

Rick Howard: It ran for four seasons between 2015 and 2019 on the USA Cable Network. I don't even think that network exists anymore, but that's where --

Dave Bittner: It's hard to know these days. Because I don't know about you, I cut the cord recently, so everything is a streaming service now.

Rick Howard: Yeah, I did too. I don't know where anything is, so that's true. And whether or not you embrace the crazy storyline across all four seasons, and let me tell you, the storyline was absolutely bonkers. But whenever the creator, Sam Ishmael, depicted hackers doing hacking stuff, it was realistic. You won't see a lot of hackers frantically typing on keyboards and then finally saying, we're in. Like in Mission Impossible movies.

Dave Bittner: Right. My favorite was, there was an episode of one of the police procedurals, and I don't remember which one it was, but they had two people typing on the same keyboard at the same time.

Rick Howard: Oh, yeah.

Dave Bittner: Yeah, like that would work.

Rick Howard: That's the all-time favorite.

Dave Bittner: Right.

Rick Howard: All right, so that didn't happen in Mr. Robot, all right? So what you do see is the way that real hackers would attack victims in the real world, and in this clip, the pilot episode, the writer-director, like I said, his name was Sam Ishmael. He's trying to do a lot of things here. He's got to introduce the main character, Elliot, played by Rami Malek, best known for this role probably, but you know, Dave, he played Freddie Mercury in the Bohemian Rhapsody movie.

Dave Bittner: Yeah. I enjoyed that very much.

Rick Howard: Yeah, I know. I love that, right? And he was the villain in the latest James Bond movie, No Time to Die.

Dave Bittner: Right.

Rick Howard: And you know, he had a small role in the most recent Oppenheimer movie. So Ishmael wants to show that Elliot might be on the artistic spectrum, thus the Mr. Robot of the title, and that he might have some daddy issues, okay? But more importantly, he wants to show that Elliot is a world-class hacker, elite hacker. I got that in air quotes, you know? And he wants to show that the hacking on this show is not Harry Potter-ish, meaning it's not magical. Instead, it's the real deal. So in this five-minute cold open, before we even see the title screen, we hear about Elliot's man-in-the-middle attack targeting the owner of a chain of coffee shops in New York City by monitoring the exit nodes of the TOR network, the dark web, and compromising the Onion routing protocol. We're going to touch on the old-school hacker debate about the pronunciation. Is it rooting or is it routing? I know, right? And we're going to see the difference between cyber-hacktivism in doxing and cyber-crime ransomware.

Dave Bittner: Okay.

Rick Howard: And you watch in real time how fast a business leader will flip-flop from refusing to pay the ransomware demand on principle to falling all over himself to pay the ransomware once he understands exactly the nature of the material data that Elliot would expose. So this scene opens with Elliot, you know, Rami Malek. He's wearing a black hoodie and jeans. Of course, he's wearing the hoodie.

Dave Bittner: Of course.

Rick Howard: He walks in, walks into Ron's coffee shop and sitting across from the owner, a Middle Eastern looking man, Ron, played by Samrat Chakrabarty. Elliot talks first. So let's roll the clip.

Dave Bittner: All right.

Elliot: You're Ron.

Rick Howard: He points to a sign that says Ron's Cafe.

Elliot: Your real name's Rohit Mehta. You changed it to Ron when you bought your first Ron's Coffee Shop six years ago. Now you got 17 of them with eight more coming next quarter.

Rick Howard: Ron's looking dubious.

Rohit: Can I help you with something?

Elliot: I like coming here because your Wi-Fi was fast. I mean, you're one of the few spots that has a fiber connection with gigabit speed. It's good. It's so good. It scratched that part of my mind, the part that doesn't allow good to exist without condition. So I started intercepting all the traffic on your network. That's when I noticed something strange. That's when I decided to hack you. I know you run a website called Plato's Boys. You're using TOR networking to keep the servers anonymous. You made it really hard for anyone to see it, but I saw it. The onion rooting protocol, it's not as anonymous as you think it is. Whoever's in control of the exit nodes is also in control of the traffic, which makes me the one in control.

Rohit: I must ask you to kindly leave.

Elliot: I own everything. All your emails, all your files.

Rick Howard: He has him a folder of all these things.

Rohit: Get out of here right now or I'll call the --

Elliot: Police? You want them to find out about the hundred terabytes of child pornography you serve to your 400,000 users? Personally, man, I was hoping it was just going to be some BDSM stuff. You realize how much simpler that would have been?

Rick Howard: Ron's just realizing that he's in trouble.

Rohit: I did not hurt anyone. I never did. That's my personal life.

Elliot: I understand what it's like to be different. I'm very different too. I mean, I don't jerk off to little kids, but I don't know how to talk to people. My dad was the only one I could talk to. But he died.

Rohit: I'm sorry to hear that. How did he pass, may I ask?

Elliot: Leukemia. Yeah, he definitely got it from radiation at the company he worked at, though I couldn't prove it. Now he's dead. Company's fine, though. Oh, hey. It's okay, Rohit. You don't have to worry anymore.

Rohit: I don't understand. Are you blackmailing me? So that's what this is about?

Rick Howard: Now he's starting to get mad.

Rohit: That's all you care about?

Elliot: No.

Rohit: If I pay you now, you'll want more and more. No matter how much I give. You will inform the police anyway. I won't pay you, sir. Remember, you also broke the law.

Elliot: Actually, you're right. Partly. See, I usually do this kind of thing from my computer, but this time I wanted to do it AFK. In person.

Rick Howard: Away from keyboard.

Elliot: Trying to work on my social anxiety. But there's always the threat of you fleeing after I call you out. You know, you tell your sysadmin to take your servers down, wipe all the data. So I made sure to include the current time and location on my anonymous tip.

Rohit: Wait, hold on.

Rick Howard: He stands up. He's getting ready to walk out.

Rohit: How much do you want? I'll pay you.

Elliot: That's the part you were wrong about, Rohit.

Rick Howard: As the police arrive.

Elliot: I don't give a shit about money.

Dave Bittner: Not ransomware, okay. Man, that's brutal.

Rick Howard: It is brutal. What an excellent clip that is. It covers so much ground.

Dave Bittner: Yeah.

Rick Howard: I've been a big fan of the show. To have a writer-director set it all up like that is amazing. He covered so many things.

Dave Bittner: Let's go through it together. What are some of the things in particular that caught your eye?

Rick Howard: I like the idea that he immediately starts talking about the TOR network. That most people have heard and have never used. That this guy, Ron, has set it up to hide his child pornography website. And he thinks he's bulletproof. But he runs into Elliot, who has no problem being able to monitor the TOR network's exit nodes to find out what this guy is doing. And I just explained that like that was easy. That is not an easy thing for a hacker to do. Totally possible. And I'm sure that most nation states do it. But it just kind of elevates Elliot and his hacker elite status. So that's the part I like.

Dave Bittner: Right.

Rick Howard: Was there a favorite part for you?

Dave Bittner: I think the performance here is remarkable. When he says -- I don't remember exactly how he phrased it. But how he says he's different as well. And you see this kind of wild look in his eyes. As you say, I think throughout the series, if not overtly, it's alluded to that he is somehow on the spectrum.

Rick Howard: Yeah.

Dave Bittner: And that's evident from the get-go. The way he approaches this is so cold and calculating. It's disturbing.

Rick Howard: No eye contact. And you find that out in the show. He has no social skills at all. But to introduce this character in that way, I didn't notice it the first time. But it totally hits home the second time you run through it.

Dave Bittner: What do you suppose he was actually after here? Do you think he's just trying to take down a pedophile?

Rick Howard: Yeah, it was very keen. When he said, it's that little thing that I know the world can't be good. He came into the coffee shop at gigabit speeds for his wireless. Actually, he thought that was good. And he goes, you know what? That's too good to be true. I wonder what's really going on here. Driving the hacker to do something, to keep digging until he finds something. And remember, he said, I was hoping it would be benign. Just kind of mild porn.

Dave Bittner: Right.

Rick Howard: But when he found out that it was child porn, then he decided to do something about it. He didn't have a hacktivist motivation going in. But the further he got and the more he found, he realized he needed to do something about it.

Dave Bittner: Yeah. It sets the character up to have a certain amount of moral ambiguity as well.

Rick Howard: Yeah.

Dave Bittner: He's doing this to this person which he didn't have to do. He could have left things alone, but he felt obligated, I suppose, to take down this pedophilia ring, whatever it may be.

Rick Howard: It kind of drives the whole series, right, because he belongs to an activist group who's trying to make the world better. They are against capitalism in general and against one specific company they refer to as Evil Corp, a stand-in for Microsoft, I think. And so the whole show is how they try to take power away from them. So if I was a Dungeons and Dragons guy, I would say that Elliot is chaotic neutral, generally good, but has his own set of rules, okay, and will try to make it happen in his favor.

Dave Bittner: Right. Yeah. No, it's fascinating. And as you say, so many things get packed into this little five-minute clip.

Rick Howard: I know.

Dave Bittner: It's impressive how many -- well, I mean, they get it all right, right?

Rick Howard: I know.

Dave Bittner: I mean, the tech side.

Rick Howard: The whole show is that.

Dave Bittner: They had consultants.

Rick Howard: The whole show is that, okay?

Dave Bittner: Right.

Rick Howard: But the real question I want to answer, Dave, okay, is where do you fall on the age-old question of pronunciation, of rooting versus routing? Where are we at on this with you?

Dave Bittner: Oh, routing, routing.

Rick Howard: Me too.

Dave Bittner: Routing, yeah. Yeah, now, I mean, I certainly grew up hearing both of them, and as a child, we were referring to actual physical maps, you know? We're going to set, and I certainly had relatives, and in fact, I think both of my parents would have said root. You know, what root are we going to take to our vacation this year, or, you know, that sort of thing? But no, I think the device is a router, so let's call it routing.

Rick Howard: Or a rooter. I mean, in the early days, in the '90s, you know, there were people around me that called them rooters. I remember I was very confused, because they said rooter, but, you know, I didn't understand what that meant.

Dave Bittner: Yeah. Right.

Rick Howard: And there was rooting your credentials, and, you know, getting root access.

Dave Bittner: Right, right. A different kind of rooting. Yeah, yeah. Right.

Rick Howard: It just confused me, right? So I prefer routing.

Dave Bittner: There's nothing worse than being on the outside of an inside joke, right?

Rick Howard: Yeah, yeah.

Dave Bittner: And that's kind of what that's like. And certainly, you know, back in those early days, people weren't always forthcoming with all the information. You know, I don't know, there was something elite about leaving people out of the conversation.

Rick Howard: Oh, yeah. Yeah. If I know more than you, for sure.

Dave Bittner: To our detriment. Yeah, yeah. Absolutely.

Rick Howard: Well, I will say, I highly recommend the show. There is a number of blog sites that, when it was out, that outlined all the technical details that they use in the show, right? Most of the hacking tools were real tools or modified versions of real tools, right? And so if you're into all that kind of stuff, you should definitely check it out. It's well worth the listen to.

Dave Bittner: All right. Well, my clip this week comes from the 2003 film Matchstick Men, which is directed by the great Ridley Scott.

Rick Howard: Yeah.

Dave Bittner: We have highlighted this film before. In fact, Joe shared a clip from this that showed a lottery ticket scam. That was one of our early episodes of "Hacking Humans Goes to the Movies." The film stars Nicolas Cage, Sam Rockwell, and Alison Lohman. Cage plays a character named Roy Waller, who's a con artist from Los Angeles, and he has a partner and protege named Frank Mercer, who's played by Sam Rockwell. And Roy, basically, he's a low-level con man. He does short cons, and as this movie starts out, he and Sam Rockwell, they're selling overpriced water filtration systems to unsuspecting folks over the phone. And that's what this scene is all about that we're going to share here. We start out with Rockwell's character. He's on the phone. He's in the midst of scamming some of his marks with this water filtration scam, promising fabulous prizes. So let me play the clip.

Frank Mercer: Well, congratulations. You're a guaranteed winner of one of three fabulous prizes. Have you ever won anything major before?

Customer: No, never.

Frank Mercer: Well, you have now. Yeah.

Customer: Oh my God, are you kidding?

Frank Mercer: No, it's confirmed.

Customer: Are you sure?

Frank Mercer: Uh-huh.

Customer: Okay, what did I win?

Frank Mercer: Either the Chevy Blazer, the -- Do you have a water filtration system in your house?

Customer: A water filter? No sir. Uh-huh. I sure don't.

Frank Mercer: Do you read the papers or watch TV?

Customer: Oh, sometimes, yeah.

Frank Mercer: Well, then you've probably seen our advertisements. Now as I said, Irene, the government is going to make you pay a tax on the prize.

Customer: Oh.

Frank Mercer: But if you buy the Waterson 2000 water filtration system, the prize gets recorded as a sales expense and you don't pay any tax. Good deal, huh?

Customer: Yeah.

Dave Bittner: So we see Nicolas Cage's characters pulling up outside of their office here, and Waterson sees him and sort of bangs on the window.

Frank Mercer: He's going to come to me, and then we'll decide which one of those prizes you get.

Dave Bittner: Have him come in quickly, because he's got a hot one on the line.

Frank Mercer: $398 even.

Customer: Oh, oh my.

Frank Mercer: You'd pay twice that in stores.

Dave Bittner: We see that the water filter actually only costs $49.99.

Frank Mercer: He just stepped into my office and he would love to talk to you. Can you hold just a sec? Thanks, Irene. Good morning.

Roy Waller: Who says so?

Frank Mercer: Irene Fisk. She want's Dr. Osmond first.

Roy Waller: Mrs. Fisk.

Customer: Yes, hello.

Roy Waller: John Goodhue, regional vice president. Congratulations.

Rick Howard: I love the way he just turns it on. Yeah.

Roy Waller: Which prize are you hoping for?

Customer: Oh, Perry.

Roy Waller: Well, that would be my choice too. My associate tells me you have five grandkids. Wow. Now I understand that you'd like to speak to your husband first about this, and I can understand why. But the thing is, Irene, my secretary's having a baby this afternoon and everyone here in the office is about to bug out and head over to the hospital.

Customer: Oh, that's wonderful.

Roy Waller: Now, let me confirm --

Rick Howard: Rockwell's in the back, giving him the head night, like, that's a good one, boss.

Dave Bittner: Right? Right?

Rick Howard: Yeah.

Dave Bittner: So have you ever been -- has anyone come at you with this particular scam? The thing of, you know, congratulations, you have won one of three fabulous prizes. 

Rick Howard: You know, probably, but I have to admit, you know, as I'm old and senile these days, I either can't remember that they have, or you get so accustomed to it now, you just shut them down before they get to the, you know, the water filter part and the tax evasion part.

Dave Bittner: Yeah.

Rick Howard: How about you? Have you been attacked by one of these things?

Dave Bittner: My recollection is getting postcards in the mail, and again, this is, you know, 25 years ago, when, you know, I was just getting out of college, just getting started with my own place. And, you know, a postcard coming in the mail that says, you know, congratulations, you have won one of three fabulous prizes, either a new Chevy truck, a fabulous boat, or a cash prize, you know, and all you need to do is call in today, and you're guaranteed to win. And so, you know, so the scammers, they don't even have to call you, they have you calling them.

Rick Howard: I know, right? I will admit, though, when I was younger, I did, I may have given money to the, you know, the Book of the Month Club or the Record of the Month, you know, where they, you give them a dollar and they send you the best album every week or something like that.

Dave Bittner: Oh, yeah, yeah, yeah, yeah. I remember that.

Rick Howard: And you realize that you need to pay $1,000 for each subsequent album or something like that.

Dave Bittner: Yeah.

Rick Howard: Yes, yes.

Dave Bittner: Columbia Record Club.

Rick Howard: Yeah. That's it. That's it exactly.

Dave Bittner: Yes. I believe my parents had to write a letter to them to explain that I was, in fact, a minor, and they would be returning all of the cassettes that I had ordered, and I'm sure they got that a lot. But what this outlines is kind of this bait and switch sort of scam here, you know, where they're saying, in order to get your prize, all you have to do is buy this one thing. And in this case, they're using these sort of phony water filtration systems as the thing that they're actually going to sell the people.

Rick Howard: I got to tell you, Dave, the thing that pops out of me watching this clip, all right, is how hard they work.

Dave Bittner: Yeah.

Rick Howard: Those two guys are working so hard on this scam. It isn't like it's Easy Street.

Dave Bittner: No.

Rick Howard: You know, they're putting in a full day to make, you know, a chump change, you know, scamming these victims. So, this seems to me, if they diverted their attention to something else, it would be less stressful. I don't know. So you know.

Dave Bittner: Ain't that the way, though, with crooks, you know? Like, just choose an easier life.

Rick Howard: Yeah.

Dave Bittner: This can't be an easy path for you, but, you know, I guess everyone's circumstances are different. And you think about, I mean, they said here that they were trying to sell these water filtration systems for a few hundred dollars.

Rick Howard: Yeah. That's what I'm saying.

Dave Bittner: And it only cost 50 bucks.

Rick Howard: Yeah.

Dave Bittner: But let's say you can make $1,000 a day pulling this scam off, you could live off of that.

Rick Howard: I guess. But, man, the pressure to make that work, and that's just, you know, not my cup of tea, I'm guessing.

Dave Bittner: No. No. Definitely takes a certain kind of person.

Rick Howard: Oh, yeah. And that character trait that comes across in this clip is personality. I mean, look at Sam Rockwell operate those phones. I mean, he establishes rapport. They're friends by the time they get off the phone, right? And it's just, man, he has dialed it up to 12, right? And I said that, too, when Nicolas Cage came in, you know, he comes into the middle of the scene. He kind of walks into the office like anybody, you know, any schlub coming to work. But as soon as he's on the phone, bam, he's up at 11, you know, selling it to the customer, right?

Dave Bittner: Right. Right. And just effortlessly pulls a story out of his hat.

Rick Howard: I know. Just makes it up on the fly.

Dave Bittner: Yeah. Right. You know, our secretary's going to have a baby today, so we're all going to the hospital.

Rick Howard: What a great story that is. Totally spins it, yeah.

Dave Bittner: And the lady, what better to work with a grandma than a baby that's coming? Right. And that's what they do.

Rick Howard: Can I just gush for a second about Sam Rockwell? I know Nicolas Cage. We all love Nicolas Cage.

Dave Bittner: Sure.

Rick Howard: Sam Rockwell is one of my favorites. You know, he's been nominated for an Oscar for Vice, a movie called Vice. He played President Bush. He won an Oscar for three billboards outside of Ebbing, Missouri. But he's been in so many of my favorite movies, like The Green Mile, Galaxy Quest, Charlie's Angels, Iron Man, and my favorite, Mr. Right. This little small movie that I just love. And by the way, he dances in almost every one of them. He's got so much skill, so I love Sam Rockwell.

Dave Bittner: To me, he's one of the -- like, at the danger of using a sportsball analogy, he's kind of like a utility player for me.

Rick Howard: Yeah. That's right.

Dave Bittner: Everything he shows up in, he's good in, he always delivers, but he's not a big movie star. Like, if you said, you know, list the top 10 movie stars, I doubt he'd be on many people's list.

Rick Howard: No, he wouldn't. Yeah, even mine he probably wouldn't make, right? But whenever he's on something, he makes the project better, okay? Even if he's playing a bad guy or a good guy or somewhere in the middle, like these guys, it's just fun to watch him operate. So I'm a huge fan.

Dave Bittner: Yeah. Well, if you haven't seen the film Matchstick Men, I do recommend it. It's a movie that did okay. You know, it didn't make a lot of money. It was one of those sort of quieter, sort of artsy, quirky sort of films when it came out in 2003. I do remember seeing it in the theater, but I think it's kind of a cult classic these days. But if this is your thing, if you're into these sort of scams, and I'm guessing by the virtue that you're listening to this show, you probably are.

Rick Howard: You probably are.

Dave Bittner: Matchstick Men is kind of a catalog of so many of the scams sort of idealized and played out. So it's worth a look.

Rick Howard: Good clip, man. Good clip.

Dave Bittner: Yeah. All right. Well, that is our show. I want to thank all of you for joining us. We would love to know what you think of this podcast. You can email us at hackinghumans@n2k.com. Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity. N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, your people. We make you smarter about your team while making your team smarter. Learn more at N2K.com. Our senior producer is Jennifer Eiben. This show is edited by Elliot Peltzman. Our executive editor is Peter Kilpe. I'm Dave Bittner.

Rick Howard: And I'm Rick Howard.

Dave Bittner: Thanks for listening.

Hacking Humans Goes to the Movies
Podcast Info
HOST(S):
Dave Bittner
Joe Carrigan
Rick Howard
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Joe Carrigan, is a Senior Security Engineer with the Johns Hopkins University Information Security Institute. He has been a Software Engineer for over twenty years and has been working in the security field for more than ten years focusing on usable security and security awareness. He has experience in a broad range of fields including authentication systems, embedded systems, data migration, and network communication.
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Occasionoal Fridays
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Kolide
Sponsored by Kolide

Kolide integrates with Okta to provide device posture at time of authentication; if a device isn't secure, it's not granted access to your apps. But instead of leaving the user blocked to contact IT, Kolide provides context and fix instructions so that they can resolve the issue themselves and stay productive. It's device trust for Okta, without the IT bottleneck. Learn more.