Today is May 4th, the traditional day for celebrating one of the greatest franchises in movie history. As such, and having a geek streak a parsec wide, we thought (at work) that it’d be fun to set ourselves a challenge. I'm an avid and weekly Star Wars RP player (Savage Worlds system - Pew Pew), so how could we plan and execute an attack against The Death Star, the galaxies’ premier evil planetoid and residential superlaser? Not wanting to get in hassle for publishing this on a company website - cease-and-desist from Disney is never a good way to start the month - I'm publishing it here.
To begin with, we’ve got to exercise our geek muscles and actually look at the Star Wars universe for clues. Hacking is known as ‘slicing’ in the Star Wars universe. Yes, I'm going to do this properly and take this way too seriously.
If there’s one thing that the films Rogue One, New Hope, and RotJ taught us, it’s that Imperial files are woefully unencrypted. No 2FA, no 32-bit encryption, just sitting there on a data stick waiting to get left on a seat in a cantina or on the number 13 transport. The files themselves aren’t going to be a problem.
There’s no wi-fi in the Star Wars universe – a concept unimaginable to Mr. Lucas in 1977. Secure messages are run around the Death Star corridors by toaster-looking robots (MSE-series ‘mouse’ droids) and held on ‘code cylinders’ peeking from the top pockets of classically-trained English actors.
Datacards store and transfer data to and from datapads in the same way floppy disks and USB flash drives are/were used with computers – R2-D2 carried a Datacard with the first Death Star plans on it, given to him by Leia Solo (née: Organa, actually née Leia Amidala Skywalker) at the Battle of Tatooine.
DataCore’s are repositories of bulk information, but there appears to be little connection to them from the outside world – and as such may be air-gapped and therefore the most ‘secure’ element of the Imperial data security policy (though criminally inaccessible to off-site teams). The only cloud in which the Empire work is probably Bespin.
Data can be transmitted, however, to a ship in orbit or to another secure location – though this seems to require aligning transmission dishes, further family appropriate drama, and considerable personal sacrifice that’s best avoided.
There is also the HoloNet, as mentioned in Clone Wars and featured in SW Rebels, which appears to be an Imperial controlled broadcast network that also lets citizens look up information akin to Wikipedia and with websites, etc.
Apart from ‘radio’ communications and transmissions, it appears that everything requires physically plugging into a wall socket. It’s all quite primitive, actually, and does seem to leave the Empire prone to any Datacard or grubby R2-unit with a virus on it.
Now that we’ve set the scene we can lay out a plan, hopefully without the untimely demise of too many Bothans, using the knowledge of cybersecurity (edge, application and data) that I've crammed into my brain as ongoing writer and content creator for one of the world's largest cybersecurity providers.
Approaches:
Most Imperial staff aren’t the sharpest tools in the woodshed. Stormtroopers, the foot soldiers of the Galactic Empire, even less so. Transmitting a ‘secure’ message containing malicious code, waiting for an unsuspecting Imperial trooper to click on the latest specs in an advert for the BT-16 perimeter droid - they say it's quite a thing to see - seems a solid approach to introduce malicious code into the network: “Send us 20,000 Galactic Credits to unlock your files and data!” If only The Empire had anti-phishing training as part of their HR policy.
Imperial offices seem to have a substantially higher IQ, though the path to career progression seems somewhat unforgiving. We can, however, assume that the most intelligent, shrewd, and (possibly) security-conscious make it to Moff without being shot by the plucky proletariat or choked to death by their line manager.
Imperial offices seem to have a substantially higher IQ, though the path to career progression seems somewhat unforgiving. We can, however, assume that the most intelligent, shrewd, and (possibly) security-conscious make it to Moff without being shot by the plucky proletariat or choked to death by their line manager.
In any large organization, it’s likely that developers will use 3rd-party code, especially when on a tight deadline like the building of the second Death Star. Sometimes this leaves security teams out-of-the-loop and leaves a blind spot, making it hard for Imperial Security Officers to monitor all dependencies.
It’s likely that Imperial dev teams will utilize reusable software components, developed to be either freely distributed or sold by an entity other than the original (Genosian) vendor, to design the likes of landing bay forcefield controls or even planetoid propulsion systems. This means there may be code making calls outside of the secure network – which is a nightmare for regulatory compliance and for possible interference from malicious Rebellion clients. If only The Empire had runtime self-protection.
Malicious code can do anything any other program can do, like writing a warning message on a screen, stopping a trash compactor program from running, setting off a claxon, or making millions of voices suddenly cry out in terror as their planet is evaporated… Without database security, it may be possible to piggyback malicious code on, for example, supply chain code or outdated security cyphers from a Lambda Shuttle requiring permission to enter the atmosphere of the forest moon of Endor. It may be introduced by an inquisitive Astromech droid, recently arrived from some back-water hive of scum and villainy, careless about where they put their malicious dongle.
Malicious code could go undetected on infected Imperial systems, quietly monitoring applications and any outbound connections. Once critical information is stolen, such as personnel information, plans, or passwords, the information could then be transmitted to any attacking ground force (for example).
Big thanks to Imperva for letting me write this in work time.