I’ve always found that education and learning can be so much more engaging, and successful, when you tie topics to a wider culture phenomenon. As a cybersecurity professional, this is why I enjoy highlighting useful cybersecurity tips through the lens of pop culture; even when said pop culture is completely unrelated to information security (infosec). Today’s educational strawman is the latest Star Wars movie — “The Last Jedi.”
Before diving into my tips, let me share my own personal mini-review. I loved “The Last Jedi!” Go see it. Sure, there are a few scenes that’ll require some imagination, and force you to suspend a bit of disbelief, but it’s a fantasy space opera for kids after all. Viewers should never expect serious reality going in. Also, if you haven’t seen it, ignore some of the strange audience reviews you might find online (many of which could be bot-generated). Check out the movie to see for yourself.
That said, let’s get down to extracting cybersecurity takeaways from “The Last Jedi.” Of course, in order to discuss the movie’s key learnings, I need to cover some important plot points. Consider this a HEAVY spoiler warning. If you haven’t watched it yet, turn back and return later for your cyber Jedi training.
If you missed my previous Star Wars-related infosec tips, you may want to read the first three articles as well. In fact, I’ve even explored the security learnings that can be found in the spinoff film “Rogue One.” Since all the Star Wars properties share many commonalities, some of my previous tips could still apply to this movie. However, in this article I want to provide some new ones, and will concentrate on the themes of trust, social engineering, and misdirection.
OK,Padawan, let’s make you into a security Jedi.
Don’t fall victim to an X-wing ‘head fake’
The movie opens with Poe Dameron, the New Republic Commander and X-wing flyboy, jumping to intercept the First Order Dreadnought that’s hunting down the rebellion. Poe arrives seemingly alone and requests to parlay with General Hux, at which point he comically trolls his enemy. As we quickly learn, Poe is actually trying to distract the general and the First Order armada, to make a diversion for Rebel bombers that jump in shortly after. While the First Order’s overwhelming TIE fighter defenses make short work of most of the bombers, one does succeed in blowing up the Dreadnought.
This sort of “head fake” is not abnormal in real world battles. Your adversary makes a big production of attacking you head on, only to set up some sort of flanking maneuver while you’re distracted. Unfortunately, this strategy also exists in the “cyber” world as well.
In 2015, a number of security companies reported that certain advanced attackers had started using small distributed denial of service (DDoS) attacks as a distraction when launching more significant assaults. While their IT departments or incident response teams were reacting to the thousands of packets generated by these network floods, attackers were carrying out smaller, ulterior attacks against vulnerable servers, or to load malware. Researchers even wrote papers around this concept, like Whispering Through DDoS Attacks.
As a cybersecurity Jedi, remember, “it’s a trap!” When you see a DDoS attack, don’t concentrate on that alone. Batten down all the hatches, and guard all your network services while you investigate. Although DDoS attacks really can be just a DDoS attack, you never know when rebel forces might use one to sneak real network bombs into your systems.
Never trust a criminal master cracker
One of the side quests in “The Last Jedi” involved Finn and Rose having to break into Snoke’s Supremacy Mega-class Star Destroyer in an attempt to disable the tracking device that is preventing Rebel ships from jumping undetected to a mystery location. In order to infiltrate the Supremacy, they needed to recruit the help of a “master cracker,” who could crack the right codes to get their ship past the Supremacy’s significant defenses. They do end up finding a charismatic, stuttering criminal called DJ, who sneaks them past The First Order’s defenses, and gets them to the tracking device. However, that’s where they also learn that DJ sold them out to the highest bidder, turning them over to General Hux and leaking the Rebels’ ultimate escape plan.
This reminds me that you can never trust criminals. Lately, Ransomware has become one of the most successful malware campaigns for cyber criminals. According to some reports, at least one third of victims end up paying the ransom. This has led many victims to become comfortable with ransomware that seems to “work.” Since it seems to give you your files back when you pay, ransomware attacks may appear to be predictable encounters, with a reliable outcome every time. In fact, many insurance companies have become so comfortable with ransomware that they have started offering extortion insurance, and keep a significant amount of Bitcoin on hand just to pay these ransoms for their customers. When asked if they think paying the ransom will result in more ransomware, I’ve heard some mention there is “honor among thieves,” suggesting that once criminals successfully ransom you, they’ll never bother you again.
That idea is karking druk! There is no honor among thieves. In the same way DJ turned against the Rebels immediately when offered a better deal, a ransomware author, or any cybercriminal, will happily hack you as many times as they can, as long as they know there’s likely to be a return.
If you consider yourself a Jedi of the light, never work with the Dark Side of the Force, no matter how alluring. If someone is a proven criminal, do not share sensitive information with them, or work with them at all. More importantly, don’t pay cyber ransoms. This just encourages these criminal nerf herders that crime indeed pays.
Deploy cyber decoys to lure the Dark Side
Before DJ leaked it, Vice Admiral Amilyn Holdo’s plan to escape the First Order armada was quite inspired. Holdo knew that with enough distance between the Rebel ships and the First Order armada, Hux’s systems could only track and see the main rebel ship, not the smaller, cloaked transports. As the main ship continued to appear to try and escape, Holdo planned to covertly dispatch a bunch of smaller transports carrying the Rebel crew to an old base on a nearby planet called Crait. In other words, the main rebel ship would act as a decoy while the real Rebel forces disappeared.
Believe it or not, decoys, otherwise known as “Deception Technologies,” have become an emerging trend in cybersecurity. Deception technologies vary, but in general they put “fake” systems on your internal network that appear to be your real servers. The goal of these systems is to dupe cyber attackers into concentrating on them, thus missing or ignoring your real valuable systems. Not only do these decoys prevent criminals from breaking into your real systems, they also act as a warning that hackers have compromised your other defenses. In Jedi terms, deception technologies offer the capability to tell attackers, “these are not the servers you are looking for.”
If you want to be a master Jedi, perhaps consider how you can trick Sith hackers with these sorts of technical decoys. I will admit the latest deception technologies are complex and expensive, and probably not for every business. However, you can also use free, open source honeypots to deceive some attackers as well.
As you can see, Star Wars movies aren’t just for fun and entertainment. The lessons they teach can help you go from an infosec Padawan to master. But remember, “A Jedi uses the force for knowledge and defense, never for attack.”
That’s it for this Star Wars security breakdown, but I look forward seeing you for the next installment. In the meantime, share your Star Wars security insights below, and may the cyber Force always be with you.