Part 5 – The Security Failures Of Star Wars: A New Hope
We have reach the halfway point of the current Star Wars movie anthology. Next up is A New Hope, the ‘first’ Star Wars movie but now it’s actually number five in chronological order. The prequels shows us the creation of the business that is the Empire and how focusing on growth sacrifices proper security controls and operations. In Rogue One we see those failures be organically integrated into the Empire’s operations and allowed a state sponsored activist group steal sensitive data. Going forward we will continue to see those security decisions fail the Empire but also see that the mistakes made don’t really translate to vast improvements.
A New Hope begins a few hours after the conclusion of Rogue One. The Death Star plans were transmitted to the rebels and now we pick up from there. In the opening minutes we see Princess Leia loading the stolen plans and record a message into a mobile IoT device, R2D2. Her ship is intercepted and stormtroopers shoot their way on board. R2D2 along with his partner C-3PO get on an escape pod and flee the ship.
Two gunners on the Star Destroyer detect and have a clear shot to destroy the escaping pod but choose not to shoot. Perhaps they were in a cost-saving mode and blaster shots were expensive. It’s also possible that SVP Vader did not communicate the mission to the employees properly and they were unaware of the criticality of why they captured that ship. Without the proper transparency the Empire suffered another data leak as the plans on the IoT device were sent outside the network.
R2D2 and C-3PO eventually find who they are looking for and the message from Leia is played asking for help to transport the data to the Rebels. They meet up with a freighter pilot names Han Solo that agrees to take them to the Rebels but not before Obi-Wan socially engineers a couple Stormtroopers.
After leaving Tatooine the Millennium Falcon heads toward Alderaan. The Death Star reaches Alderaan first after using it as an interrogation threat to get information from Leia. Regardless, the empire destroys the planet.
The Falcon arrives to where Alderaan used to be to find it destroyed. They encounter a small Tie Fighter and decide to pursue it as it runs toward a ‘small moon’. We all know that it was no moon, but a space station. They try to flee but are captured in the Death Star’s tractor beam and the Falcon is brought on board.
Now, it makes sense that the crew of the Falcon had no idea what that the big ball was. The Empire through it’s design and operational flaws they did a good job keeping word of the project within the Empire. Up to that point the Death Star was not widely known so Han and Obi-Wan would not have heard of it yet.
Once the Falcon was on the Death Star we can take an inside look at how the Empire’s choices in building the corporation can snowball into serious security and operational gaps.
Improper scanning tools
A Star Destroyer of the Empire can scan an escaping pod to determine there are no life forms but the Death Star cannot detect if life forms are aboard the Falcon. They had to send a scanning crew inside the Falcon. When that happened the scanning team was compromised.
Insufficient Data Corroboration
When the Empire received the report that the Falcon matched the description of a ship that blasted its way out of a space port on the same planet where a search for droids that contain plans for the Death Star they should have made the connection. Their data management systems are disconnected, no centralized consolidation point and it appears that do not have analyst skills on staff. The Falcon should have been tagged as a high risk package, isolated, sandboxed and ripped apart.
No Internal Sandbox
The Falcon was allowed to be in the Death Star in full executable form. It was not restricted or disabled in anyway to prevent its functionality. When you capture or bring in a possible or known malicious package you take all precautions to not allow it to run and function inside the environment. The Falcon’s engines were not disabled, the power was not cut, the ‘keys’ weren’t taken. (Apparently all ships in the Star Wars universe have no required physical key ignition)
Insufficient Internal Security Monitoring
The Falcon was left relatively unsecured, only monitored by two Stormtroopers that were stationed at the open door. After being lured inside they were physically compromised and their identities stolen, allowing them to navigate the internal environment unchallenged.
No Internal Layered Security Controls
Once the Falcon’s contents were released, Han and crew walk off the ship, they were able to walk through the Death Star unchallenged. Han and Luke were in Stormtrooper uniforms but Obi-Wan, Chewie and the droids were not. Between the ship and the control room they reached there were no additional locks or control points and no one stopped to challenge them in transit. Had their been, they could not have left the hangar area or the ship itself. Later we see Obi-Wan run around the Death Star unchallenged and undetected, no video cameras apparently, and was able to access highly sensitive areas.
No Authentication or Authorization Checks
The Death Star’s systems are wide open. R2D2 was able to plug in, access and interpret the entire Empire network. Either all astro droids have this capability or R2D2 was able to because he had the technical plans loaded on to him that gave him the ability. Either way the Empire’s systems are wide open and there is zero data classification, isolation, DLP or authentication challenges. This goes for physical doors, control systems, garbage compactors as well.
Single Points Of Failure
When R2D2 shows how the tractor beam works C-3PO explains that there are multiple power points running the system but turn one off and the whole thing shuts off. Poor design. When Obi-Wan reaches one of the control points the controls are unsecured, wide open and require no authentication to manipulate them.
No Infrastructure Monitoring
When Obi-Wan shuts off a power control point that disables a system there are no alerts. No warnings, no alerts, no communication to a technical team that a system was going down and disabled. If there were alerts, no one responded to them.
Ignoring Small Threats
As we can see the Death Star’s construction was built out of arrogance and overconfidence that the sheer size and external defense would prevent any internal compromise. In the beginning of the film we see the management meet and several boast about the low threat they placed on any vulnerability found, if any, could be exploited. This explains why the internal operations of the Death Star was so weak. The management assumed no one would ever penetrate and get inside and/or be able to access anything to do damage.
Once the management knew they were compromised the decision was made to allow them to continue to infiltrate and escape in an attempt to track them back to a command and control area. Their logic was seriously flawed because the plans of the Death Star were on the Falcon, they could have wiped out the ship and the rest. By placing a tracking beacon on the Falcon the Empire allowed the plans to leave and get in the hands of the Rebels. The Empire’s arrogance continued to plague them as the Rebels did in fact receive the plans and find a major vulnerability to exploit. Using small craft the Rebels avoided the Death Star defenses as they were designed for big ship threats.
One after another the Empire’s poor design decisions based on arrogance of power and ignoring smaller threats led to the destruction of a major asset.
Up next we will see if the Empire learned from their mistakes or if their decisions continue to unravel them.
End of line.