A belated May the 4th to all of you Star Wars
Fans out there! If you’ve never seen Star Wars: a New
Hope, then beware: Spoilers ahead (also, you should go watch
that. Seriously, go now. We can talk after). Obviously, one of our favorite topics here at
HackerAttacker is security in all its shapes and forms. We’ve talked about various
hackers, how to hack
the government, and even how hacking
is like picking a lock. One thing
that I never really take into consideration, however, is how much security is
thrown in our faces throughout pop culture.
I’m not just talking about advanced techniques seen in movies like
Mission Impossible or James Bond; I’m talking about popular culture both old
and new. Specifically, how Star Wars
taught me more about information security than most any actual course or class
ever could.
Information Security – Planning to Knockout the Death Star
The Death Star is a magnanimous symbol in Star Wars
history. Both version of the
planet-sized apocalypse machine served as key plot devices and story cruxes for
the entirety of the original trilogy.
While some people might prefer to grab a plush R2D2 or Ewok, most fans
will opt to build their own Death Star (Lego, we love you!).
There is a good reason for that: the Death Star is a huge
(literally) Star Wars symbol. Not only
did it illustrate the importance of perseverance and the triumph of good over
evil, but it also cemented Luke’s ability to use the Force, and his place
amongst the ranks of the Jedi. Now,
despite this rather intriguing observation, the attack on the Death Star also
teaches us a lot about how to secure our private information and ourselves
online.
The attack itself surrounds one specific scene, the Trench Run. It is the events surrounding this turning
point for the rebellion that illustrate how information security works and why
it is such an important consideration for all of us.
Rebels Phishing for Information
I have to preface this section by insisting that I always
root for the Rebellion. However, after
re-watching the films and doing some research on it, I’ve
realized one thing: the Rebels acted like phishing experts! Of course,
guerrilla warfare was a necessity when fighting the oppressive Empire, but
their tactics are reminiscent of how
phishing attacks usurp information security protocols.
Like many phishing attacks, the rebels used multiple small
attacks to gain partial sets of information to compile a set of codes and
technical specs that could be used to track down the entirety of the death star
technical readout. While some of these
attempts failed, others succeeded and granted the rebels enough information to
track down the readout that they used to find the one Weakness in the Death
Star. This process follows
a phishing scam to a T: various attempts to gain bits of information (be it
customer credentials, employee logins, etc.) and use those to climb your way to
the information at the top of the chain.
It’s a proven tactic, and the reason why phishing is still a major
concern in information security. To
prevent your network weaknesses from being exploited like the Empire, you may
require an authentication
solution that allows you to monitor and edit user rights and privileges
based on user need: at any given point in time! If the Empire would have been
much more strict on which individuals had access to Death Star Data, they may
yet rule the galaxy.
Information Security Commandment – Avoid Hubris
Hubris is a huge issue in information security. Every security company believes theirs to be
the best, and when you shell out for the best, you expect to be invulnerable to
outside threats. Even General Motti held
this belief, and we all know how that worked out for him. Motti was the general that Darth Vader choked
out in A New Hope in response
to his perfidious
attitude towards the Force. Motti is
also known for his foreshadowing of the Death Star’s downfall by saying:
"Any attack made by the Rebels against this station would be a useless
gesture, no matter what technical data they've obtained."
Many things can overcome information security, but the
easiest way to allow an attacker through is to operate under the misconception
that your defense is perfect. What every
Star Wars fan will tell you is how General Motti illustrates the empire’s key
downfall: underestimating their enemies.
Vader understood the strength that the Rebels could draw upon and always
worked towards undermining that power.
The Empire fell because they gave the Rebels a chance to defeat them,
one the Rebellion gladly leapt upon. In
information security, planning for the worst, and even expecting it, can serve
to better prepare your defenses in the event of an unforeseen attack. Star Wars illustrates how hubris can bring
about the destruction of any defensive capabilities, no matter how strong.
The Trench Run – One in a Million
The Death Star is a moon-sized superweapon. Moon-Sized Superweapon. I really cannot stress this part
enough. The Death Star is huge, and it
only took three runs to successfully disable this massive threat and save
millions. At the very least, they saved
one planet for sure, and potentially many more throughout the galaxy. The point? The Death Star in this instance is
the information security system in place.
It can have all the proposed security protocols and measures in place,
and still be overcome by the right attack.
The rebels executed the right attack.
Han says, “that was one in a million kid” and he was right,
but that’s all it takes to bring a strong security system crumbling to the
ground. No matter how strong the wall,
proper preparations need to be taken to secure it even at its weakest
link. The Death Star had Darth Vader and
gunner towers to defend, yet a Wiley attack still managed to sneak through. In this case, the Rebels are the good guys,
but if the Death Star is seen as an example of information security, you want
to do everything you can to prevent any attackers from breaking through your
weak points. Sure, the Empire had no
chance to adjust construction of the Death Star after the breach had been
discovered, but with the proper information
security solution, you can adjust for potential user compromise quickly and
without hassle.
If you’ve learned anything beneficial from the Empire (aside
from how to rule a republic from the inside – Thanks Palpatine…) it should be
what to do to optimize security. Information security is one of the newest
battlegrounds for modern warfare, and we can always look to our past, or our
pop culture, for examples of how best to secure it against human nature. The Empire may have lost to the rebels, but
you can optimize your information security to route the rebels every time.
Want to talk Star Wars or just have a thought? Give me a Shout in the comments below!
No comments:
Post a Comment