What do Tolkien\u2019s works say? Some read them as entertainment, others as profound Christian philosophy, still others as propaganda. As for me, I see cybersecurity parables. And just because these past few years I\u2019ve been seeing them all over the place doesn\u2019t mean they\u2019re not also in Tolkien.<\/p>\n
After all, did you know that shortly before the outbreak of WW2, Tolkien was trained at the British Government Code and Cypher School as a cryptanalyst? That\u2019s the organization that went on to crack the German Enigma codes. Later it was rebranded as GCHQ\u00a0\u2014 the service responsible for providing signals intelligence and information assurance to the British government and armed forces. Clearly, Tolkien\u2019s combined skills as a linguist and a cryptanalyst were needed to decrypt enemy cyphers. That\u2019s definitely information security we\u2019re talking about. Therefore, in a way, Tolkien is an esteemed colleague of ours. So, let\u2019s look at his works from a cybersecurity point of view.<\/p>\n
The plot of The Lord of the Rings<\/em> largely revolves around the One Ring, created by Sauron to rule the world. It controls 19 other rings, three of which are worn by Elves, seven by Dwarves, and nine by Men. The book\u2019s protagonists fear that if the One Ring returns to its creator, he will acquire frightful power and impose his will on everything.\u00a0 Sounds like fantasy, but dig a bit deeper and it becomes clear that it\u2019s actually proper sci-fi.<\/p>\n When I read Tolkien\u2019s books back in childhood, it was the story of the Elven Rings that seemed the most incomprehensible. Supposedly forged by Elven smiths, they were untouched by the Dark Lord. However, they were created using the dark arts of Sauron and thus were still bound to the One Ring. Therefore, the Elves kept their rings securely hidden as long as the One remained with Sauron. What does it matter, or so it seemed, how the rings were made if they were created for good?<\/p>\n It matters a lot, as is now plain to see. Examining the situation from a modern perspective and in terms of information security, you get this:<\/p>\n In other words, it\u2019s a classic supply chain<\/a> attack. Only in this case, the Elves were able to identify the threat in time to take the vulnerable devices out of operation as a precaution.<\/p>\n The Seven Rings were given to the Dwarf-lords by Sauron himself. The Dwarves were said to have used them to accumulate wealth. According to the book, the wearers did not succumb directly to Sauron\u2019s control, but the rings significantly increased their avarice. Therefore, by influencing their greed and anger, Sauron managed to bring about the downfall of the seven Dwarf-lords.<\/p>\n Unfortunately, the Seven Rings were lost long before the events described in The Lord of the Rings<\/em>, so a forensics analysis of these devices is not possible. But exploiting greed is a typical phishing technique. Cybercriminals manipulate the way device owners perceive information, which ultimately leads to their downfall. If that isn\u2019t a phishing attack, what is?<\/p>\n Here there is not much to explain. Sauron gave the Nine Rings to Mortal Men: kings, sorcerers, and warriors of old. The wearers became virtually immortal, invisible, and obedient to the will of Sauron. In other words, a botnet.<\/p>\n Interestingly, the Nazg\u00fbl botnet seems to have had a backup control protocol; even after losing the C&C server, Sauron was able to command his Ringwraiths.<\/p>\n Our encyclopedia describes a C&C server<\/a> as a server through which cybercriminals control botnets, send malicious commands, manage spyware, etc. Is the One Ring any different?<\/p>\nThree Rings for the Elven-kings under the sky<\/h3>\n
\n
Seven for the Dwarf-lords in their halls of stone<\/h3>\n
Nine for Mortal Men doomed to die<\/h3>\n
One for the Dark Lord on his dark throne<\/h3>\n