If you were fortunate enough to have seen the film 'The Imitation Game', chronicling British mathematician Alan Turing's work to break the encryption of Nazi's Enigma machine, you witnessed many important lessons which can be applied today to cybersecurity.
Turing, an early pioneer of modern computing, was one of the first hackers. He applied the same principles attackers use today to exploit software and compromise computer networks in order to break the Enigma cryptography scheme employed by Nazi forces
The Nazi's used Enigma to encrypt military communication with an unprecedented cipher complexity of 150 trillion total possibilities.
What important cybersecurity lessons can we learn from the movie? Turing's epic hack, depicted in this film, resulted in decreasing World War II by an estimated 2-4 years. Many military historians call this act the tipping point that helped aid the Allied forces in their quest to win the war.
Computer passwords, like Enigma's encryption, are vulnerable to commonly used words and phrases.
By studying the probability of phrase occurrences, Turing's team at Bletchley Park were able to apply a 'dictionary attack' by replaying commonly used phrases like 'Heil Hitler' against Enigma's cryptographic messages, thus successfully decreasing the cipher complexity by significant orders of magnitude.
Studying the tools, techniques, and tactics (TTPs) of your adversary can often be the determining factor to unlocking the patterns required to detect an attack.
This was not only relevant to Turing's team finding patterns in Nazi military communications, but also applies to cyber attackers and is the basis of 'cyber threat intelligence', which is quickly becoming a key defensive strategy to combat targeted cyber-attacks.
The study of Enigma operators and decrypted messages showed consistent patterns and high probability of repeated phrases. 'Ein', which is German for 'one' was included in 90% of messages. The discovery of the word 'Ein' helped multiply the effectiveness of the 'dictionary attack'.
Use your advantage against your adversary
Turing's team took painstaking efforts to hide the fact the Allies broke Enigma's encryption. It was broken to allow unfettered spying on the enemy and to eliminate their ability to change their tactics or revise the encryption to a new cipher.
The same technique happens to be one of the most effective methods to establish attribution behind an advanced cyber-attack. Sometimes understanding an attacker's intent is the best indicator of attribution you can achieve.
Advanced cyber intelligence programs rely on containment with persistence ? meaning, allowing the adversary to continue their hacking in a spoofed or controlled environment without knowledge of detection. Warning: This requires a high level of capability maturity and can pose significant risks.
There is no such thing as a fool-proof security control
Enigma, although the pinnacle of security technology during its time, was ultimately defeated by determined attackers from the Allied forces. Cybersecurity controls can continually raise the bar, but cannot completely halt a determined cyber attacker.
In fact, today's attackers have it much easier. In Turing's time there was no mechanism to connect billions of people in a matter of seconds, enabling the ability to collaborate for good or nefarious purposes.
Today, with the internet, it's much easier to apply knowledge, computing power, and basic hacker techniques, to defeat the next generation of cybersecurity controls.
Keep this in mind when developing your own organisation's security strategy: there is no silver bullet product or vendor that can ensure 100% security.
You need to build layered security into your organisation at every stage possible. With some hard work and luck you can keep the bar high enough to avoid most attacks.
So while you're enjoying our movie recommendation with a hand-full of popcorn, remember what lessons Turing taught us, and how you can apply them in your own cybersecurity program.
Adopting a hacker mentality, thinking like an attacker, studying their techniques, and experimenting with new ideas, is not only critical for breaking security, but can also be the key to defending security as well.
Sourced from Greg Martin, Founder, ThreatStream