Wednesday, June 25, 2008

Information Security Jedi: Dark Side Beings

I've been running a series of blog entries comparing the practice of information security in our world to the Jedi order of the Star Wars Universe. In my previous post I talked about the light side beings of the Star Wars Universe, namely the various ranks of the Jedi order. This time I'd like to talk more about the dark side of the Force and the beings that make use of it.

The dark side of the Force is basically the evil side. It is the side of the force that is associated with anger, aggression, fear, and suffering. The powers of the dark side are typically attack oriented. For example, a Jedi might master battle techniques that focus on rallying the troops, healing people, or enhancing their own physical abilities. A dark side being might master battle techniques such as choking an opponent, shooting lightning at an opponent, or literally draining the life from an opponent.

So who were the dark side beings in the Star Wars Universe? Well there were several. The dark side equivalent of the Jedi order would be Sith, which has many parallels with the Jedi. But if you thought the Jedi were few in number, then you'll be shocked at the small number of Sith. Most of the time there were only two of them because of the Rule of Two. It turns out that when Sith really enjoy killing the hell out of each other, so when you get Sith in sufficient numbers they start killing each other and they can't focus on killing Jedi. So a bad dude named Darth Bane made up a rule that there would only be two Sith at a time. The Master and the Apprentice. That way they could focus on killing Jedi and they wouldn't spend as much time killing each other.

There were other dark side users that a Jedi had to fear besides just the Sith. The dark side of the Force tempts everyone that is sensitive to the Force, and the stronger you are with the Force, the stronger the call of the dark side will become. So one thing the Jedi had to deal with were other Jedi that fell to the dark side. They didn't formally join the Sith, but they did become corrupted and became a threat to the galaxy.

You see, the thing you have to know about the dark side is that if you give in to the temptation to use the dark side, then the call of the dark side becomes even stronger. Since you gave in to the dark side at the previous level of temptation, you now face an even greater probability of falling to the temptation a second time. And a third, and a fourth and so on. Eventually, a person can become addicted to the power of the dark side. Then some Jedi has to say "hey man, that's not cool! You need to quit with all the dark side stuff." The the corrupted Jedi says "hey screw you man, you don't know me!" Then they fight, and one of them dies.

Then there were people that were sensitive to the Force but had never been formally trained in the ways of the Force. So they usually developed a few powers that made them a threat to other beings in the galaxy and the Jedi would have to come in and deal with them.

Now that we've talked about the dark side users in the Star Wars Universe, let's talk about the dark side users in the information security field. I think it's best to work from the bottom up on this one, so lets look at the force sensitive dark side users that have not been formally trained. I think it's not a stretch to compare these to the script kiddies that we have to deal with today. Script kiddies discovered that they have some interest in information security, but without guidance they have turned to the dark side of the Force to learn more about information security. Another untrained dark side user is the curious user on your network. They go snooping around and might damage systems in the process. For the most part, a well trained Jedi or Padawan should be able handle a script kiddie, but it would be foolish and arrogant to stop seeing them as a threat. A script kiddie can and will hurt you. They will develop more skills and because they are addicted to the dark side, they will destroy your networks just to prove to themselves that they can.

What about the dark Jedi; the ones that were once followers of the light and became corrupted? I think this is the information security professional that starts using the dark side to police the networks that he was assigned to protect. Have you ever been tempted to search a users private folders for contraband without following proper procedure? Maybe that worked for you, so now you start gathering tcpdumps of people's computers without permission (which is an illegal wiretap). Soon you've become a security threat that needs to be dealt with. Sometimes a dark Jedi can be redeemed, other times they have to be fired.

Now we start talking about the really serious threats, the Sith. In the Star Wars Universe there were only two of them at a time, but in our world there is an army of them. I like to think of the Sith Apprentices as the professional hackers that create malware, run botnets, and steal identities. They are only interested in gaining more power and money, just like a Sith lord, and they are very powerful. They will use elements of the Force not used by the dark Jedi and they will use every avenue of attack available to them. They will destroy your network if they believe that they can make more money doing so. Also, don't let yourself be fooled into thinking that a Sith Apprentice is less of a threat than a Sith Master. A well trained Sith Apprentice can be nearly as powerful as his Master, and should be dealt with as carefully as the master.

Sith Masters are rare in our world, but not as rare as they are in the Star Wars Universe. A Sith Master is probably the most dangerous black hat hacker you will ever come across in your information security career. So what makes a Master? Well, much like being a Master Jedi, I think a Sith Master is basically a Sith Apprentice that has amassed so much power that he is recognized by Jedi and Sith alike as a Master of his trade. These are truly evil people that will steal the identities of millions of people and sell them for his own personal profit. He builds giant botnets that spew spam across the Internet, threatening to eliminate the utility of this network, just to put more money in his pockets. Just like a Sith Apprentice, these Masters will use any technique available to them to increase their power. The only difference is that they already have incredible power that they can bring to bear. I would like to also point out a particular kind of Sith Master that you should be particularly fearful of. I have mentioned that Sith Masters are the pinnacle of evil in the information security world. As a Jedi you would do well to remember that evil is a point of view, and sometimes you will be viewed as the evil one. Some Sith Masters are government-sponsored hackers that are not necessarily evil people. These hackers have incredible power because they are immune from prosecution and they have the resources of a government to help them identify vulnerable targets and new avenues of attack. I say that these people are not necessarily evil people because they are attacking your network in service to their government. Most of them would probably not drain the savings accounts of retired people just to put it in their own pocket.

Hopefully this information will help you to know your enemy. You should think carefully about the information that you protect and ask yourself what kind of dark side beings you're likely to encounter. Of course, you can never be sure that the person scanning your network isn't a Sith Master, but maybe you don't need to strip search the exterminator if you're only protecting the church mailing list. Remember the lessons of the Jedi Masters that have come before you, and always heed the warning that once you give in to the dark side of the Force, you have started down a dangerous path.

No comments: