The Imitation Game: The Computer Was Born to Hack

501537325Benedict Cumberbatch didn’t win the Academy Award for Best Actor for his role as Alan Turing in The Imitation Game; however, this movie did win an Oscar for Best Writing Adapted Screenplay. For that reason, I thought I’d “adapt” the story of Alan Turing, as told onscreen, to highlight the fundamentals of many security hacks used today and what to do about them.

The Imitation Game was fascinating and highlighted four key things about security:

  1. The computer was born to hack— the first computational computer was created to perform one of the biggest hacks of all time – breaking the code of the German Enigma machine.
  2. “It takes a machine to break another machine,” but it helps to have hints from humans — The “Turing machines,” like any computer, only needed a hint to be able to quickly hack.
  3. The hack was undetected for years, even decades—the trick to a good hack is that it’s not easily detected.
  4. You don’t have to outrun the bear, just someone else running from the bear.

1) The computer was born to hack—The challenge Alan Turing and his associates faced in the movie was breaking the German Enigma code that was used to encrypt wartime messages used to coordinate German attacks in WWII. What made it seemingly impossible were the 159,000,000 variations the Enigma machine could create for each message, which was reset every day. While other colleagues were trying to apply their mathematical minds, Alan Turing decided to build a computational machine. He was so determined that when his superiors wanted to pull the plug on his idea, he decided to go to the top in order to get the funding and authority to complete his project. He wrote Winston Churchill a letter and was subsequently instated as the leader of the top-secret project at Hut 8 in Bletchley Park.

Action To Take: There are plenty of recent security issues making their way up to the CEO level. If your company isn’t focused on security, get to the C-level and make your case. Most likely they’re already worrying about it because of all the security breaches in the news.

2) It takes a machine—In the movie, Benedict Cumberbatch says, “Maybe it takes a machine to break another machine.” However, it wasn’t until Turing and his colleagues could give the machine hints that his Turing machine could crack the Enigma code. They found a few statements from regular telegraphs that were the same from day-to-day, which was against the German security procedures, such as the statement, “Heil Hitler!” These simple linguistic patterns were all they needed in order to crack the code before the next day’s reset. Hackers and Social Engineers are very crafty at finding common behaviors and patterns in your systems or processes and it doesn’t take much to help them hack you.
Action to Take: Security education for everyone who accesses your data is extremely important because significant data loss commonly occurs through the misguided actions of people inside your organization. More than 36% of all breaches occur from inside organizations.

3) The best hacks are well hidden—When the Turing machine broke the code in the movie, the team at Hut 8 celebrated and immediately communicated one of the impending attacks to their military superiors. The initial gut reaction was to communicate all of the planned attacks, but in order to keep the hack undetected, the Allied armies only acted on a small portion of the information. However, the intelligence they gathered played a key role in many military victories, such as the D-Day invasion on Normandy, which eventually led to the Third Reich’s downfall. The Germans never knew they’d been breached until decades after the war.
Action to Take: Many sophisticated hacks take months to detect. According to one report it takes 243 days to discover a sophisticated breach, down from 416 days in 2011. If you aren’t regularly scanning your software for anomalies with Application Control solutions, you most likely have nefarious apps already inside your system right now!

4) You can’t outrun the bear—Cumberbatch, in an effort to connect with his colleagues, told the analogy of two men hiking in the woods that hear an angry bear crashing through the trees coming toward them. One man stopped to put on his running shoes while the other said, “What are you doing? You can’t outrun the bear!” To which the man with the running shoes replied, “I don’t have to outrun the bear, I only have to outrun you!”
Action to Take: In the world of business, your security doesn’t have to be perfect, it just has to be better than most organizations in your market. Hackers will almost always go after easier targets to get the data because there will always be someone who’ll pay for the breached data. So put on your security “running shoes”, find solutions that help you continually monitor and secure your data, and outrun other organizations, so your company’s name doesn’t end up in the news and on every social site.

Final Thought: My favorite quote from the movie was delivered by Keira Knightley, who played Joan Clarke, Turing’s closest friend and associate in Hut 8 —“Sometimes it is the people who no one imagines anything of who do the things that no one can imagine.” Alan Turing was different. He thought differently, and because of his brilliance and audacity, he made a difference in history. It’s estimated that the Turing machine helped shorten WWII by two years, saving millions of lives. However, the most enduring difference Alan Turing made was giving us the foundation for our modern computers.