Ex-Anonymous hacker Sabu reviews ‘CSI: Cyber’

sabu reviews CSI: cyber

The infamous former member of Anonymous didn’t find Bow Wow’s hacking that believable.

From Murder She Wrote to Matlock, Law & Order to CSI, Cops and Cops: Reloaded, the American appetite for police procedural programming is insatiable. What makes criminals tick, and how are the detectives able to track them down?

Amid the recent high-profile hacks of Uber, Anthem health insurance, and the fascinating Sony Pictures data dump by a mysterious-possibly-maybe North Korean connection, CSI: Cyber couldn’t have come along at a better time. It aims to portray the ins and outs of the hunt for the modern-day criminal who’s been blanketing our daily news reports with more brazen and extravagant attacks than ever before: the hacker.

As a former black-hat hacker who has seen his story manipulated by foolish reporters, judgmental activists, and stooges of the justice system, I decided to give Cyber a run for its money and watched the first episode, called Kidnapping 2.0.

The show stars a robotic Special Agent Avery Ryan (played by Patricia Arquette), who has a personal stake in solving cyber-related crimes. She’s on a quest to track down the hacker who got away with destroying a clinic she owned prior to joining up with the bureau.

She’s obsessed with turning hackers into enslaved FBI assets who are then used to look for other hackers. Such is the case with Brody “Baby face” Nelson (play by Shad “Bow Wow” Moss), who has the misfortune of signing a plea deal to work with Agent Ryan to help solve cybercrimes.

The series sets out by depicting cloud vulnerabilities and exploits. The first episode bases itself around the idea that cloud services are especially vulnerable to external attacks, and the more you allow the cloud into your home, the more vulnerable you truly are.

It’s a great place to start—looking critically at the security of cloud services or the repackaged way in which companies have spent the past five years talking about their consumer-facing data centers.

In the beginning of the first episode, an infant is kidnapped, and wealthy foreigners are seen in the background bidding for the child. What allowed the injustice? Apparently, the cloud.

The natal monitoring camera used by the child’s unsuspecting parents had a remote access vulnerability in its multiview functionality that could give control of the camera to hackers.

Hacking can be extremely tedious and boring to outsiders looking in.

With iCloud being cracked open a few months ago—and celebrities still reeling from the seemingly unlimited number of nudes leaked from the attack—it’s a wonder people still allow personal and sensitive information to be hosted abroad, and outside of their reach. The premise of reckoning with the reality of cloud vulnerabilities is an awesome one. Unfortunately, Kidnapping’s story disintegrates sooner than you can change the channel.

The show’s central ideology is based on the efforts of Mary Aiken, a real-world “cyberpsychologist” who’s spent the past few years working with law enforcement agencies to combat cybercrimes. Part of a growing field of psychology dedicated to cyberbullying, hacking and Internet-related organized crime, Aiken has published articles like “The Cyberpsychology of Internet Facilitated Organised Crime,” and taken a unique position in this field. CSI: Cyber comes off as an infomercial for her vein of studies, focusing on the use of pseudoscience tactics, like behavioral analytics, social engineering, and impromptu therapy sessions. (For social engineers watching the show, expect some uncomfortable, nervous fits of laughter.)

Hacking can be extremely tedious and boring to outsiders looking in, which has understandably, yet unfortunately, led to its onscreen depiction being filled with overblown graphics and oversimplified hacking scenarios. The producers of Cyber apparently have not learned the lessons of previous failures from previous shows and movies.

As it happens, detective work is also extremely tedious and boring, but producers behind shows like Law & Order have been able to make it work for so long. It would seem their tactic was to focus on the criminal instincts (Criminal Intent), the emotional connection to victims (Special Victims Unit), or simply explored what the job actually entails (Law & Order, um, 1.0.).

So it starts with a very decent, realistic story about professional hackers infiltrating baby cams for the purpose of stalking newborns to be sold on the black market. So far so good.

Then it portrays Linux, the operating system, as a virus.

Daniel Grumitz (played by Charlie Koontz) and Brody Nelson (played by Bow Wow) start their investigation off by doing forensic work on the devices confiscated from the parents of the kidnapped newborn.

Apparently the laptops, which appear to be running Windows, contain decades-old IBM bash shell-scripting examples and appear to be infected—with Linux. To be precise, the forensic anti-malware software used at their lab initially picks up on remnants of the infamous Flame malware.

Flame was a Stuxnet-like malware used to commit espionage on Middle Eastern countries, particularly Iran. Its authors used it to intercept network traffic, keystrokes, and record conversations via microphones and webcams, using Skype and other software. It’s a sophisticated piece of malware, but according to the world’s apparently top white-hat hacker, Daniel Grumitz, it can apparently be bought online for $40 by jealous husbands.

When Cyber’s hacker duo gives a presentation of their findings to a stone-faced Arquette, they start scrolling through the Linux source file, groups.c, which is used to define and set group privileges for processes and users.

Although many may agree that Linux is the ultimate backdoor, to see it visualized on TV will either make Linux developer Linus Torvalds rage, or give critic Theo de Raadt the ultimate ASCII erection.

Unfortunately, the inaccuracies of Cyber start to pile on instantly, without hesitation for corrections along the way. It’s kind of like, “Hey, we came up with a decent enough story, let’s just wing the rest of the episode and see how it goes.”

I would love to continue in breaking down every single fail in the episode, including Bow Wow cracking a more than 20-character password with one guess, but unfortunately this review would become a book. I’ll be simple: expect many cringes.

Hopefully the writers behind CSI: Cyber put more thought into future stories, ease up on the drama, and realize that sensationalizing hacking is a failed art that ought to be buried. It would make for better television if it focused on the harsh realities of our security infrastructure. Colorful displays of source code scrolling doesn’t actually tell viewers what they’re looking at.

And please, someone, rescue Bow Wow. Can someone at L0pht Industries please take him to a secret Department of Homeland Security basement? Thanks!

Illustration by Max Fleishman

Hector "Sabu" Monsegur

Hector "Sabu" Monsegur

Hector Xavier Monsegur, better known online as Sabu, was the co-founder of LulzSec, a hacking group behind some of the most high-profile hacks of the 21st century. Notorious in hacker circles, Sabu served as in FBI informant after his arrest on June 7, 2011, and his efforts were credited with both the prevention of 300 cyberattacks and the arrest of several other notable contemporaries. He was released in May 2014 and currently works in the private sector.