The 'Mr. Robot' Guide to Not Getting Hacked

Illustration by: Rasmus Juul

Kor Adana, a writer and tech consultant on USA's critically adored series, offers steps to protect yourself online (hint: "flat out lie" on your security questions).

In November 2014, the Sony hack made Hollywood quake. The massive data compromise may have served to wake up the industry to some of the glaring blindspots in its security practices, but it's still as important as ever to understand how — whether it's through your work or personal devices — you might be vulnerable online. "I don't think much has changed from a production standpoint," says Kor Adana, a writer and tech consultant for USA Network's critically adored hacker drama Mr. Robot. "There's a machine in place for how to promote content — whether it be TV or films — and there's so much information that gets passed through without security in mind, and it's very slow to change." It's why Adana, a former hacker himself, suggests everyone take these five simple — and only slightly paranoid — steps to stay safe online.

1. Robust Passwords

Use a different password for each account you have and make sure they're all long and strong. That means a combination of uppercase, lowercase, numbers and special characters. Don't give an attacker out there the ability to compromise all of your accounts just because they compromised one. Even Mark Zuckerberg isn't immune to this. When his Twitter account was hacked recently, it was via a simple password ("Dadada"), which the hacker was able to try on every single other Zuckerberg account he could find — and he was successful with the Pinterest account.

Oh, and while we're talking about passwords, do not store them in a folder or document named "passwords." This is one of the reasons the Sony hack was so devastating: The hackers found a folder called "passwords" that consisted of spreadsheets, text documents and other files that were packed with user credentials for social media accounts. Nothing was encrypted or protected either!

2. Complex Phone Pins

This is a big one. Your smartphone is a gateway to your email, social media accounts and sometimes your bank account. The only thing stopping an attacker with physical access to your phone from getting into those accounts is your mobile device's PIN code. So be smart about what you use for this and make it as long as your phone allows you. Personally, I'm very paranoid about this. Every time I unlock my phone, I look around to see who is staring at my screen, and I often shield it with my hand in case there are any cameras pointing at it.

I also won't wear a smartwatch (or fitness tracker) because, believe it or not, it's possible that hackers can steal your credit card and ATM info using by using its accelerometers and gyroscopes if you're wearing it on the same hand you use to enter your PIN. Normally I don't trust new tech until it has been out for a while and the kinks have been worked out.

3. Two-Step Verification

Think of it this way: Three 1-foot walls are better than one 3-foot wall. Two-step verification is part of a security concept called "defense in depth," which simply means adding multiple layers of security that defend each other. Nowadays, most email and merchant services offer some form of two-step authentication that relies on the combination of your account password plus a new, one-time password that is usually sent to you via text each time you log in. Hacking actually used to be a lot easier, but now there are more safeguards like this.

4. Security Questions

Social media — Facebook and Twitter, especially — has made it easier to take advantage of people because they're willfully giving up details about their life, posting photos of family members and offering up other personal information. That's why I don't post that much on social media. If I can guess an answer to one of your security questions by looking at your Facebook timeline, you should beef up your security answers and/or stop sharing so much on social media. For example, one common security question is, "What's your mother's maiden name?" If I wanted to hack you, I'd scour everything you've ever posted on your social media accounts and try to find a picture of your mom for Mother's Day where you might have included her maiden name in the caption. Another thing that I do is flat out lie on my security answers. That way, even if someone guesses the right answer, it still won't give them the ability to reset my password. The risk with this is forgetting your lie.

5. Covered Webcams

Webcam hacking, like that in Mr. Robot last season, is a real threat. Hackers target webcams and baby monitors all the time. One of the more notable cases of this was when a hacker captured nude images of Miss Teen USA winner Cassidy Wolf through a webcam. That's why I keep tape over mine. But the reality is that if a hacker has access to your webcam, they've owned your whole machine at that point. They can arm your microphone and listen in to your conversations at any time, access files on your computer and even infect it with more malware. They've already hit the jackpot.

This story first appeared in the July 22 issue of The Hollywood Reporter magazine. To receive the magazine, click here to subscribe.

comments powered by Disqus