It’s been a couple of months since we left our heroes on CSI: Cyber, and boy, have they been busy. They have apparently solved many crimes using cyber-sleuthing, acquired some decidedly non-cyber firearms skills, and, in the case of our man Krumitz, taken up running. We wanted to check in and see how our merry band of crime solvers is getting along, so the Threatpost staff, Mike Mimoso, Dennis Fisher, Chris Brook and Brian Donohue, decided to sit down for a running chat during the first part of the two-episode season finale. Because some of us are old and can’t stay up that late, and honestly, who can sit through two straight hours of this?
The cast of characters is still the same. Avery Ryan, the head of the FBI’s Cyber Crime Division, leads her crew of mismatched misfits into the deep web to tackle a cyber theft of some weird imaginary currency called “Bitcoins”. These coins, which apparently are made up of red electricity, were stolen from a laptop at a family owned jewelry store. The laptop was locked in a vault, because of course it was. Our heroes are called in to recover the valuable electrons and save the shop owners’ retirement plans. (This is a little-known service the FBI provides.)
The episode opens with Daniel Krumitz, the bearded hacker genius, running toward a house for no apparent reason. Then things got real.
chrisbrook [9:01 PM]
Wow, look at this guy run.
dfish [9:01 PM]
oh man, heart attack coming
brian [9:01 PM]
I have no idea what is going on.
https://twitter.com/charley_koontz/status/598664823795122177
chrisbrook [9:01 PM]
Flashforward!
After Krumitz runs into the house, he is jacked up by some thugs, who hold him at gunpoint with his boss, Agent Ryan, and a young boy we don’t know. The show then jumps back 36 hours to a cyber attack that took out all of the cybers in Detroit. And the lights.
dfish [9:02 PM]
uh oh, Detroit was haxored!
mmimoso [9:02 PM]
China. Power Grid.
brian [9:02 PM]
apparently the heavy set hero is to become a bad guy sometime in the next 36 hours
dfish [9:02 PM]
“We’re FBI cyber, this is exactly our kind of case.”
brian [9:02 PM]
We’ve got a power grid hack, which is apparent because the lights are out
We zoom in on a laptop that is connected by a bunch of cables and hydraulics to the dial on a large safe. The laptop is running a program that is trying to brute force the combination on the safe. This would’ve come in handy in high school. Our man from Dawson’s Creek, Agent Elijah Mundo, explains that a hacker has hacked Detroit’s power grid so he can break into this safe.
chrisbrook [9:02 PM]
That’s one Samy Kamkar-looking rig right there.
mmimoso [9:03 PM]
SCADA!
dfish [9:03 PM]
“SCADA systems like this should be impenetrable.” Sweet fancy moses.
mmimoso [9:03 PM]
Counter hack the target
brian [9:03 PM]
Raven hacked the entire New Hampshire power grid?! (Cyber hero Raven informs us that she once took down New Hampshire’s entire power grid. We can only assume a squirrel was involved.)
dfish [9:04 PM]
Wait: a hacker’s objective is to affect as many people as possible?
chrisbrook [9:04 PM]
I know we missed a few episodes but I trust red code is still bad code.
mmimoso [9:04 PM]
Impressive, you remember her name is Raven, Brian
brian [9:04 PM]
Of course her name is Raven!
mmimoso [9:04 PM]
Yep, I saw red code and green code on that screen (To simplify cyber-sleuthing for non-cyber audiences, malicious code is red on this show. Guess what color non-malicious code is.)
dfish [9:04 PM]
Some serious tension between Raven and Bow wow
mmimoso [9:04 PM]
Holds true for SCADA too apparently
Our team is trying to determine why the hacker only took out part of the city’s power grid. Agent Dawson has some theories. And Raven, who seems to be the smartest of this group, is asked to write a patch that will fix the power grid. This is probably a skill the real FBI would like to have.
brian [9:05 PM]
“Power outages are a great way to disable security systems,” says the guy from Dawson’s Creek
brian [9:05 PM]
WHOA
dfish [9:05 PM]
Can you inject malicious code into Raven’s patch?
brian [9:05 PM]
They’re hacking back!
chrisbrook [9:05 PM]
PATCH: ENABLED
dfish [9:05 PM]
what kind of double entendre is THAT
dfish [9:06 PM]
This episode brought to you by the word hackback
brian [9:06 PM]
Speaking of Samy Kamkar, I think they just hacked the lock on a safe
mmimoso [9:06 PM]
Obligatory hoodie
A shadowy figure in a hoodie comes in as the lock is being haxored and then shoots someone who has surprised him in the middle of his electron thieving.
brian [9:06 PM]
WOW
brian [9:06 PM]
He just murdered a security guard
dfish [9:07 PM]
Man, these cybercriminals are not very cyber
dfish [9:07 PM]
Benjamin Christos…come on
brian [9:07 PM]
Okay, so he wasn’t a security guard
brian [9:07 PM]
He was the jewlery store owner’s son
mmimoso [9:07 PM]
Dawson is just so…smug
mmimoso [9:07 PM]
So cyber smart
dfish [9:07 PM]
That jewelry looks like the stuff you’d see on a aidewalk in NYC
mmimoso [9:08 PM]
7 minutes in, and 0 cybers?
dfish [9:08 PM]
or at Spencer’s
The FBI cyber team interviews the jewelry store owners and discover that one of their sons has invested their retirement fund in Bitcoins. Oddly, the owners say they don’t really understand what Bitcoins are. What they do know, though, is that they want those things back and Dawson is just the man for the job. And luckily, Krumitz is here to explain to us that Bitcoins are the currency of the future and actually aren’t imaginary at all!
dfish [9:08 PM]
Bitcoin!
chrisbrook [9:08 PM]
BlockChainBit.com
chrisbrook [9:08 PM]
“I really don’t understand it”
dfish [9:08 PM]
Bitcoin isn’t the currency of the future. Emojis are.
brian [9:08 PM]
Their hip son was getting the family business in on Bitcoin
brian [9:08 PM]
shocker, the Bitcoin attracted hoards of criminals
dfish [9:09 PM]
“My son was killed over this imaginary currency.” Stay in school, kids.
brian [9:09 PM]
I love the idea of keeping your Bitcoining machine locked up in the vault
https://youtu.be/E14zaBtzMAs?t=23s
brian [9:10 PM]
“Sounds like we have to have a little chat with Stephen Christos,” says Patricia Arquette.
mmimoso [9:10 PM]
I want a holographic screen
mmimoso [9:10 PM]
So I can be like Tony Stark
chrisbrook [9:10 PM]
Check that Blockchain, son.
brian [9:11 PM]
They’re about to break it down on the BlockChain
https://www.youtube.com/watch?v=fwuR3MvZ6xM
mmimoso [9:11 PM]
Sadly, that’s the best Bitcoin explanation I’ve EVER heard
dfish [9:11 PM]
it really is
brian [9:11 PM]
It still doesn’t make any sense
chrisbrook [9:11 PM]
Krumblitz or whatever his name is makes some valid points.
We now see the Bitcoins zooming out of one account and into another, which is represented by some sort of 3D golden box. There’s a whole lot of cyber effects and Tron-type holograms going on. We then discover that this special Bitcoin address is protected by not one, but TWO passkeys. Our crew needs to get those passkeys back so they can recover the Bitcoins. They somehow cyber-find one of the passkeys and call in a SWAT team to help get it back.
dfish [9:12 PM]
Oh snap, was that the ark of the covenant?
brian [9:12 PM]
Two passwords is better than one
mmimoso [9:12 PM]
Ohhh two keys, just like a front door
chrisbrook [9:12 PM]
I forgot his name is Elijah Mundo.
dfish [9:12 PM]
Bitcoin thieves about to get SWATTED
brian [9:13 PM]
The guy from Dawson’s creek said that working on this show has made him a cyber expert
The team busts into a room to find a very dead bad guy strapped to a chair. He looks like one of the Boltons may have gotten hold of him.
dfish [9:13 PM]
Homeboy got gutted over some imaginary currency
brian [9:14 PM]
Side note: why is Patricia Arquette, the only non cyber-expert, leading our beloved CSI: Cyber team?
dfish [9:14 PM]
For a bunch of nerds, these guys are pretty cool with dead bodies with their guts spilling out
mmimoso [9:15 PM]
Be afraid:
CSI Cyper continues to astound me! Very wary of hackers now!#CSICyber
— Helen (@Samhainchic) May 14, 2015
dfish [9:15 PM]
I forgot how much I love/hate this show
dfish [9:15 PM]
They’ve packed more cliches and horsebleep into 14 minutes than a CNN story
brian [9:16 PM]
The CSI Cyber hash could be a good time
chrisbrook [9:16 PM]
CBS didn’t buy BlockchainBit.com.
brian [9:16 PM]
https://twitter.com/UrbanNoize/status/598657735970828288
brian [9:17 PM]
I still am astounded that they named him Krumitz
brian [9:17 PM]
Nice Botnet definition (Our man Krumitz explains to us that the hacker has created a botnet to take down the power grid and then has to explain to his team–WHO ARE SUPPOSEDLY CYBER EXPERTS–what a botnet is.)
brian [9:17 PM]
I wish someone had gotten a shot of that
brian [9:18 PM]
Guy from Dawson’s creek is so streetwise
mmimoso [9:18 PM]
BowWow freezing the RAM?
Our resident blackhat-turned-FBI-guy, Bow Wow, tells the team that he can get the Bitcoin passkey from the RAM module in the bad guys’ laptop. All they have to do is freeze the RAM. Mind you, it’s been an unknown number of hours since the laptop was turned off.
mmimoso [9:18 PM]
So old school
dfish [9:19 PM]
Sweet! Bow wow getting his cyber on!
dfish [9:19 PM]
Bitcoins are too risky. Apparently you get all kinds of murdered over them
mmimoso [9:19 PM]
Dropping Bitcoin knowledge all over this thing
chrisbrook [9:19 PM]
“I knew those damn Bitcoins were a bad idea”
mmimoso [9:20 PM]
And all of America is like: What’s Big Coins?
brian [9:20 PM]
I wish I knew how many times they’ve said Bitcoins in this episode
mmimoso [9:20 PM]
Far exceeding the “cybers”
dfish [9:20 PM]
So the bad guy in this episode is Satoshi Nakamoto?
chrisbrook [9:20 PM]
I was hoping it’d be Ted Danson
We discover that our hacker has cleverly stored his two pilfered Bitcoin passkeys on separate machines and he is now “lurking on the deep web”, where our heroes must find him. We are told that there are now Bitcoin bounty hunters trying to get the stolen red electricity, too. Hilarity ensues.
dfish [9:21 PM]
So the deep web is a place I can actually lurk? sounds great!
dfish [9:21 PM]
“Our bitcoin thief was no bozo either.”
chrisbrook [9:21 PM]
This episode needs more Dawson on a motorbike shooting dudes.
mmimoso [9:21 PM]
Bitcoin Botnet in 3, 2, 1 …
brian [9:21 PM]
Krumitz is schooling us on some computering right now
mmimoso [9:22 PM]
Why wouldn’t the CSI Cyber Division know this!!
dfish [9:22 PM]
So Boba Fett is out there somewhere murdering botnet victims
chrisbrook [9:23 PM]
Did that guy just throw a beer at that other guy’s face?
mmimoso [9:23 PM]
And missed
brian [9:23 PM]
“One more passkey and we’re a half mil richer.”
brian [9:23 PM]
says the bad guy
brian [9:24 PM]
*alleged bad guy
dfish [9:24 PM]
I feel like they just took three words from a news story and made a Mad Lib script
dfish [9:25 PM]
botnet, Bitcoin, blockchain. Go!
mmimoso [9:25 PM]
Frozen RAM is the highlight so far
mmimoso [9:25 PM]
And Botnet Bounty Hunting
mmimoso [9:26 PM]
Or was it Bitcoin Bounty Hunting?
dfish [9:26 PM]
I think both. A lot of alliteration.
dfish [9:26 PM]
You got Krumitz!
Krumitz, who is emerging as the breakout star of the cyber team, finds the C2 server for the bad guy’s botnet and decides to hack into it so he can monitor the bad guy’s actions. Agent Academy Award lets him know that he better not fail.
dfish [9:27 PM]
“I need a win off that server Krumitz!”
dfish [9:28 PM]
Man, being a cyber cop seems real easy. Just monitor every phone and email account and you’re set
What color suits should nelson bring out in season 2 #CSICyber pic.twitter.com/8Tu9FJeVOO
— Bow Wow (@smoss) May 14, 2015
chrisbrook [9:28 PM]
I like how Bow Wow basically wears nothing but vests. His choice came down to Juvie or vests and he chose the latter.
mmimoso [9:28 PM]
I love their need to define everything for us
brian [9:28 PM]
we need it
dfish [9:28 PM]
I’d take juvie.
mmimoso [9:29 PM]
Here’s the good news: Still 31 minutes to go
dfish [9:29 PM]
Yes, here we go with the Faraday bags again
brian [9:29 PM]
“We’re going to work this case from the inside,” says Patricia Arquette.
Cyber-cut back to the team’s lair in FBI headquarters, with its commanding views of every landmark in Washington, D.C. Agent Bow Wow has an evidence box that contains all of his devices that were seized by the feds when he was arrested during his wayward youth. He looks wistfully at photos of his family on his iPad while Agent Raven lurks nearby.
chrisbrook [9:30 PM]
Is there a romance here?
brian [9:30 PM]
Seems like CSI: Cyber has a pretty liberal BYOD policy
dfish [9:30 PM]
hahaha
brian [9:30 PM]
Chris, of course there is a romance
dfish [9:30 PM]
I think Raven is catching some feelz for Bow wow
chrisbrook [9:30 PM]
It’s either Bow Wow or Krumitz
brian [9:30 PM]
So many feels
mmimoso [9:30 PM]
Best bounty hunter movie of all time: Midnight Run
Krumitz then infects one of his own machines with the bad guy’s malware so he can join the botnet.
dfish [9:31 PM]
Now that he’s on the botnet, he can break in and send it commands. Because that’s how it works.
brian [9:31 PM]
Oh boy
brian [9:31 PM]
Patty Arquette just pulled a high-five too slow on Krumlord
chrisbrook [9:31 PM]
Dropping some dynamic and static IP address knowledge
dfish [9:31 PM]
Oh god, dynamic IP address definition
mmimoso [9:32 PM]
I still can’t wait to find out where Krumitz is running to–and from
brian [9:33 PM]
"Nelson, this is a win. This is when we celebrate and high-five our bosses" -Krumitz #CSICyber @charley_koontz pic.twitter.com/KXaZt9yx59
— CSI: Cyber (@CSICyber) May 14, 2015
dfish [9:34 PM]
to sum up so far, someone stole some Bitcoins from ambiguously foreign jewelry store owners. Someone got real murdered over the passkeys and now someone else is about to get dead.
dfish [9:34 PM]
@CSICyber I so love this show n the cyber knowledge it gives … Glad it got another season #CSICyber ❤️❤️
— Pamela R Paciocco (@pammiebaby10) May 14, 2015
brian [9:35 PM]
These tweets are killing me
dfish [9:35 PM]
Big boy better work on that high five faster! Lol @charley_koontz #CSICyber
— Tanya (@tlselle72) May 14, 2015
brian [9:36 PM]
The CSI: Cyber hashtag has me losing faith in humanity
chrisbrook [9:36 PM]
CSI: Cyber social media intern is fast with the .gifs
Good one, Avery #CSICyber @PattyArquette @charley_koontz pic.twitter.com/YsOGhTH8iu
— CSI: Cyber (@CSICyber) May 14, 2015
Through the wonderful technology that is pervasive surveillance and monitoring, we get screen captures of our two Bitcoin bounty hunters, a couple brothers, who are on their way to New Mexico to get that other Bitcoin passkey.
brian [9:37 PM]
Jeremy and Henry Spitz… any relation to Mark Spitz??
dfish [9:37 PM]
People: mass surveillance works.
mmimoso [9:37 PM]
They’re our bounty hunters, or just two dudes on a road trip
brian [9:37 PM]
This show needs way more cameos
dfish [9:38 PM]
Dear God. Bow wow is getting hyped
dfish [9:38 PM]
So now the FBI can cyber evacuate people from their homes?
mmimoso [9:38 PM]
Raven better have a warrant
mmimoso [9:39 PM]
BowWow missed his iPad
https://youtu.be/F8WDZrkRMfU
brian [9:39 PM]
“it’s complicated,” says Bow Wow
brian [9:39 PM]
So true
The team finds that the passkey they’re after is a red herring. And it’s full of malware! They hide out in a food truck outside a house where Krumitz has tracked the bounty hunters, through magic cyber pixie dust. And then he has to run.
mmimoso [9:39 PM]
Oh good, a decoy passkey
chrisbrook [9:39 PM]
Another A+ vest from Bow Wow. I’d call it a charcoal.
dfish [9:39 PM]
Oh sweet. A decoy passcode that’s full of cyber magic
mmimoso [9:39 PM]
A Word doc with this: ;lkadjfd;liaiofuad;lkfjas;lkdfjaslidfjalsdfjlaks
dfish [9:40 PM]
running and running
brian [9:40 PM]
Patty Arquette is very knowledgeable about the way the human mind works
mmimoso [9:40 PM]
Oh man, that run was a lot longer than they led on
brian [9:40 PM]
She must read many academic journals
chrisbrook [9:40 PM]
Still 20 minutes left.
dfish [9:40 PM]
What if they hacked into the baby monitor in the house?
chrisbrook [9:40 PM]
They should’ve used the cyberball.
brian [9:40 PM]
#Cyberball
mmimoso [9:41 PM]
Boba and Jango in the house
dfish [9:41 PM]
Again: she has an OSCAR
dfish [9:41 PM]
Can they rescind those things?
dfish [9:42 PM]
Krumitz may be my favorite character on the TV
brian [9:42 PM]
You know who deserves an Oscar?
brian [9:42 PM]
whoever is running the CSI: Cyber twitter handle
brian [9:42 PM]
Someone give that woman an Oscar… #CSICyber @PattyArquette pic.twitter.com/lCRQ57RiWr
— CSI: Cyber (@CSICyber) May 14, 2015
dfish [9:42 PM]
https://twitter.com/artdeal/status/598664390552981504
chrisbrook [9:42 PM]
They upped their social media presence since episode 1
dfish [9:43 PM]
Yes!
https://twitter.com/Crooooow/status/598663581421285376
chrisbrook [9:43 PM]
Flights to OKC, Denver, SUVs
mmimoso [9:43 PM]
Krummy’s expense report
brian [9:45 PM]
The actor playing Krumitz is still complaining about having to run on set
dfish [9:45 PM]
That’s real sweat…
brian [9:45 PM]
Approximately no one is surprised that that was real sweat.
dfish [9:46 PM]
Chances I’m going to make a Krumitz t-shirt? 100%
mmimoso [9:46 PM]
There’s 186 Krumitzes at Black Hat every summer
chrisbrook [9:47 PM]
Krumlitzes, haha
dfish [9:47 PM]
All wearing that shirt
mmimoso [9:47 PM]
And sweating
We are now back to the opening scene, in which our man Krumitz is trapped in the house with Agent Oscar and the boy, who snuck back in somehow. The Bitcoin posse are holding them at gunpoint and demanding that Krumitz get them the passkey off the computer in the house. He pretends not to know how to computer and stalls while the bad guy hits him and yells. Agent Dawson et al are hiding in the bushes outside.
https://youtu.be/PBEIFrDlWEU?t=56s
brian [9:47 PM]
“How the hell did that kid get in there,” asks guy from Dawson’s Creek.
chrisbrook [9:48 PM]
I like how there’s a Systems folder on the desktop.
https://twitter.com/Crooooow/status/598666184926461952
brian [9:48 PM]
Krumitz just got hit with a gun on the head
dfish [9:48 PM]
Failure is not an option, says Dawson
mmimoso [9:48 PM]
Finally some remote pwnage. (Agent Bow Wow hacks into the computer in the house–from a food truck–to replace the real passkey with a fake one, just in the nick of time.)
dfish [9:48 PM]
hahahaha
dfish [9:48 PM]
passkey2.txt
mmimoso [9:48 PM]
Naturally, it’s called passkey2
brian [9:49 PM]
“Is that it?” Krumlord asks of the file named passkey2
dfish [9:49 PM]
PWNED!
chrisbrook [9:49 PM]
Whoa, red lights
brian [9:50 PM]
I love that guy from Dawson’s Creek is hiding in the bushes
The bounty hunters discover that Agent Bow Wow blew up their spot. And they are NOT happy. They try to run Crap Cleaner while the SWAT team prepares to storm the house.
mmimoso [9:50 PM]
reset the router dummy
chrisbrook [9:50 PM]
“WiFi doesn’t work, gimme a sec, I’m running a diagnostic.”
mmimoso [9:50 PM]
“We got an intrusion.”
dfish [9:50 PM]
ctl alt del
chrisbrook [9:50 PM]
Busted!
chrisbrook [9:51 PM]
Krumlitz just punched a guy in the chest.
brian [9:51 PM]
Krumlord just pulled some serious karate moves
dfish [9:51 PM]
Damn!!
mmimoso [9:51 PM]
Damn, punch to the throat and one shot to the chest
dfish [9:51 PM]
Big boy has skillz
brian [9:51 PM]
Looked like a throat punch to me, Chris
Just as the SWAT team comes through the door, our man Krumitz goes all Ralphie and takes down the bounty hunters with some sweet karate moves. He even shoots one of them. Agent Academy Award returns the magic electrons to the jewelry store owner, who are DONE with Bitcoins. We then cyber cut back to the team’s cyber cave, where Krumitz has to do paperwork for shooting a guy and Agent Bow Wow is caressing his iPad.
mmimoso [9:51 PM]
Good job Nelson, or it’s back on probation for you
dfish [9:52 PM]
We’re getting out of the bitcoin business
dfish [9:52 PM]
famous last words
brian [9:52 PM]
haha
dfish [9:52 PM]
I’m still confused about why cyber division is based in the Lincoln Memorial
dfish [9:53 PM]
“You are the real deal, bro,” says former child rapper
brian [9:53 PM]
Bitcoin isn’t doing so hot these days
brian [9:53 PM]
https://blockchain.info/charts/market-price
brian [9:53 PM]
If that were the DOW we’d be eating grass
brian [9:55 PM]
This show is terrible, but you’d never know from Twitter
dfish [9:55 PM]
And we fade out to some sweet Motown
mmimoso [9:56 PM]
So glad there’s another season of this