ALGORITHM FAQ

A lot of people ask questions about ALGORITHM. It’s usually about the technical side of things. To keep from having to answer the same questions all the time, I posted the most common questions here. As more questions come in, I’ll add to this page.

 

Why does Will use an iPhone? No real hackers use Apple products.

    I was at the Newport Beach Film Festival and I watched a movie called Code: 2600 in which a hacker, using a jailbroken iPhone, walks around a coffee shop and hacks most the computers around him. So, I had Will do pretty much the same thing when he meets Dempsey for coffee.

 

Why does Will use a Macbook? No real hackers use Apple products.

    Most of the hackers I know use Macbooks, because they are Unix-based computers, which means they’ve got good, solid hardware while at the same time having a flexible and powerful operating system, if you run Terminal.

    I also saw a picture and read a story about a malicious hacker collective called LulzSec (which is a fringe group that was loosely associated with Anonymous, but has since been rejected). The leader of LulzSec was busted and in the article they mentioned he’d been using a Macbook. However, the computer he was using had nothing to do with his getting caught.

    Quite a few hackers I spoke with were recommending another company called Lenovo laptops. However, shortly after ALGORITHM was released, Lenovo got in a lot of trouble for installing spyware on their laptops. I actually thought it was a one-time thing, but when I Googled it for reference to this question, I found out they haven’t stopped.

 

Wouldn’t Will build his own machine, in order to not have his purchases tracked?

    Will only deals in cash. His payment he gets from Dempsey is cash. He pays Bitchan in cash. All his purchases are in cash, and cash purchases are untraceable (other forms of surveillance notwithstanding).

 

Why did Will build the aluminum foil room instead of just disabling the wi-fi?

    Shepherd would only function if it had access to a valid network port. In order for Will to grab the code he wanted, he ran Shepherd, with the wi-fi enabled, but in a Faraday cage, so the signals normally broadcast by the wi-fi wouldn’t leave the room. As the Shepherd ran, Will saw it attempting to access a specific IP address. That IP ended up not leading anywhere, because it was part of series known as port knocking.

 

What's your relationship w/ Noisebridge?

    I found Noisebridge and thought it would be a perfect location since it’s actually the space Bitchan would use. I called to get permission and was told that there was no one in charge and as long as I didn’t bother anyone, we could use the space.

 

Who did you have consult on technical aspects of the shoot?

    My primary source of research was a podcast called “Security Now” hosted by Steve Gibson. In the credits I list several people as technical consultants. They are primarily paid full-time System Administrators and have to get this stuff right for a living. If they fail, they’ll lose their jobs, and in some instances, would face jail time. One of them worked, consulting on Top Secret projects, mostly in system implementation.

    I researched extensively and every single instance can be backed up with either a real action taken by a hacker/SysAdmin or seemed like the next logical step. However, I didn’t describe everything because the consultants and I chose not to make a manual on how to do things. If things are missing, that’s the reason.

 

Connecting to a login screen but not knowing its IP?

    The reason the login screen showed up but masked its IP is explained later in the movie, Shepherd, internally, did a series of port-knocking in order to get to the final IP where the login screen was then downloaded. However, when reviewing the code, the first IP wouldn’t be the final IP because it was just the first in a series of knocks. Will didn’t think to look further into the code to find this out, as it would probably have taken months.

 

Having a GUI login screen at all, without a remote desktop, x tunneling, website, or something similar?

    Most of the security professionals I talk to, including government officials, say that the GUI is normal because not everyone has the technical level of expertise necessary to work in Terminal. And, if that’s changed, I was making a statement in that direction, that the government is radically under-qualified to be doing what it’s trying to do.

 

A super paranoid hacker (especially one w/ a botnet) probing a high-value / high security target with one-hop borrowed wifi, from own device, rather than bouncing through multiple VPNs?

    He never actually does that. He does use his own machine, but it’s always filtered through many jumps via his botnet.

 

Ditto, running any executable on own device, rather than (at minimum) an isolated VM, or (at slightly more cost) an isolated VM on a fully airgapped and disposable mini-laptop?

    According to the sources I used, air-gapping has been blown because some malware uses audio transmissions to hack, so even air-gapped machines aren’t safe. But, that aside, or if Will were to use an air-gapped machine in an audio isolation room, as referenced by Mikko Hypponnen in his Triangulation interview, I assumed he was using a VM, but VM’s aren’t completely secure, which is why people use isolated VMs.     

    The laptop Will used is expensive, but if he thought it compromised, he would have considered that to be disposable, which would satisfy the requirements you mentioned. It just so happens that the situation of his apartment burning down limits his resources and forces him to use the same machine.

 

Running Tor … and then using Safari rather than TorBrowser or another hardened browser?

    I didn’t intend Safari to be the browser he was using, but a Firefox or some other Linux flavored browser with a skin that mimics Safari.

 

Getting a Windows .exe over SSH, and then running it on OS X?

    There are quite a few programs that would allow Will to run Windows applications on OSX. That said, I intended will to be using Apple hardware and a flavor of Linux. The .exe of each Emergent See program was really a commentary on the foolishness of NSA and it’s collaborators in even creating programs like it has.

 

Analyzing a known-malicious executable via manual hex dump inspection rather than a reverse compiler or debugger from within a VM?

    Will explains that in the movie, that the program was written in a proprietary language, so a reverse compiler, or debugger would have spit out a long series of unintelligible code, not unlike the code written by AIs.

 

Remote sessions (both desktop & shell) being visible on the remote screen (I can sorta forgive this as "we have to have something to show viewers", but it's not how a remote session works unless you don't care if the other side can see it)?

    I assume you’re referring to the library scene. If that’s the case, the explanation is that he’s controlling it via a CNC, which then installs a remote desktop on the target computer, which he then activates in the library. Of course, the whole process would be relayed through a series of bots and servers to never lead back to Will at the library.

 

Forwarding a target's email from the target's own account - would leave a trail accessible to target?

    Assuming the program didn’t wipe its trail after Will logs out, which it would.

 

Super paranoid hacker not realizing that swapping SIM cards immediately makes them trivial to link (by chaining deregistration/registration locations and call records)?

    That’s why he installs his own worm in the Cell tower base station controller. By compromising the Telco computers at the source, he circumvents that, and any number of other problems.

 

Can-of-worm requiring physical pickup (vs having remote access)?

    The Can-Of-Worm was designed to be dropped off and never picked up again. It drops its package off in the target machine and would later be discovered, but with no reference to where it came from or what it does. The last script it would run would be to wipe itself clean.

 

Having to place one near the target (vs using a high-gain directional wifi antenna)?

    The problem with that, and other war-driving techniques is that it would require Will to be in that neighborhood for a dangerously long time. The omni-sploits in the Can solves that.

 

DHS killing two people in interrogations — they're much more careful than that?

    That is true, which is why Agent Paulson gets so upset when one of them dies. However, there are plenty of times where people are killed on purpose and it’s later called an accident.

 

DHS recruiting high-value/high-skill people through physical interrogation etc (would make for an asset you can never trust)?

    And yet they do it all the time. See Gitmo or watch Dirty Wars. My primary reference for this was how the FBI took down LoLSec by physically intimidating their former leader and getting him to turn and work as a confidential informant. Of course, there are plenty of other examples. The CIA is currently under investigation for doing exactly that. Some countries that have collaborated with CIA have been sued by the UN for war crimes. Right now, it’s not politically possible to do the same with the U.S., but it’s clear that the U.N. would do exactly that if it thought it could.

 

Why is there no actual hacking shown in the movie about computer hackers?   

I debated about this for a while. My InfoSec consultants and I came to the conclusion that we didn't want to make a manual showing people how to hack. Too many people with too little knowledge would try to do this things we would have shown and gotten themselves in a lot of trouble. That would have been socially irresponsible.  Instead, I chose to show the ethos of the hacker and the current social and societal challenges facing hackers and governments.