Wednesday, July 2, 2008

Information Security Jedi: Has Black Fist gone to the Dark Side?

As I've mentioned before, in the world of Information Security I consider myself to be a Padawan: a learner who has not yet reached Jedi status. One of the things that is necessary for a young Padawan is constant guidance from the Jedi Masters to ensure that he or she does not start down the dark path. After all, you might think that what you're doing is right, but in fact you may be wrong. Consider the words of Master Yoda: "Difficult to see, the Dark Side is."

I'm spending the day beating myself up because I used my Jedi powers in a way that I'm not sure was right. The situation involves a Dark Jedi, meaning someone that has knowledge of computer systems and security that has turned to the Dark Side. Luckily for me, this Dark Jedi was not an Information Security professional or I might have had an even more difficult time defeating him in combat. The thing is, the whole time I was trying to zero in on him and gather the evidence required by my employer, he was able to stop me at every turn. Pretty good considering that he didn't even know I was trying to get into his computer. And so when my other options had failed, I turned to something I call the Jedi Mind Trick, Social Engineering. I'll write a more detailed post about the Jedi Mind Trick another time, suffice to say that it is a powerful force and can be easily misused. And that's where I find myself today, wondering if I misused the Jedi Mind Trick.

I wish that I could explain the situation in more detail, but of course I cannot because of the confidential nature of my work. To boil it down, I was asked to install software on a computer without being detected. I want to make it clear that I was authorized by my employer to install monitoring software purchased by my employer on a computer that is owned by my employer. I guess I just feel bad because I shook the guys hand and smiled in his face while I stabbed him in the back. I prefer to do these things without looking at the target or getting to know the target. That way I can keep it all business in my head. When I figured out that this was going to take more of a personal touch, I even devised a plan to get someone else to do the face to face part. However, that isn't how it worked out and in the end I lied to this dude so that I could start gathering information that may affect his employment. So I guess the question I'm wrestling with is whether or not I did something that was of the Dark Side?

My first inclination is to say no. After all, I was just doing my job. And if he hadn't done the things that he did I wouldn't have had to do any of this. I guess you could say that he made me lie to him. There are a couple of problems with this line of thinking. For one thing, whenever I say that someone made me do something that I feel bad about, I'm usually trying to rationalize some behavior that I know is wrong. The other concern I have with my approach is that I might have taken the quick and easy path, in other words the dark path, when there was a better solution available. Did I take enough time to search for a solution before I resorted to using the Jedi Mind Trick to blind him? I do believe that I had to get my hands on the computer to install the software. There were too many roadblocks to do this remotely. I also believe that it was imperative that he not know that the monitoring software was put in place. Most importantly, I don't believe that I had patience as an option. I could have waited for him to get sloppy and leave his computer at work, but I didn't have that kind of time.

I guess in the end I'm going to judge that what I did was right. I didn't go vigilante and install this monitoring software, and I only resorted to the Jedi Mind Trick after exhausting my other options. Sometimes even a Jedi has to kill people. What makes it acceptable is that the Jedi neither enjoys it, nor seeks out opportunities to do it. I didn't go looking for this guy, but when he crossed my path I did what I had to do. Now I am meditating on the days events to ensure that I haven't taken any steps toward the Dark Side. I guess I just wish that I had someone else to validate my decision and tell me that what I did was right. I know that there are some Jedi powers that are used by both Light Side and Dark Side beings, and the Jedi Mind Trick is one of them. So I think the lesson to be learned here is that one should always take a long look in the mirror after using a power that could have a Dark Side use and make sure that you haven't started down the path of corruption.

No comments: