{"id":19022,"date":"2021-10-29T15:49:33","date_gmt":"2021-10-29T11:49:33","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/bond-cybersecurity-in-craig-era\/19022\/"},"modified":"2021-10-29T15:49:33","modified_gmt":"2021-10-29T11:49:33","slug":"bond-cybersecurity-in-craig-era","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/bond-cybersecurity-in-craig-era\/19022\/","title":{"rendered":"Cybersecurity in 007&#8217;s world"},"content":{"rendered":"<p>The recently released <em>No Time to Die<\/em> lowers the curtain on the Daniel Craig era. With that in mind, let\u2019s run through all five of his Bond outings from a cybersecurity perspective \u2014 you\u2019ll be shaken, but hopefully not stirred, by our findings. What unites the movies, aside from Craig himself, is a complete lack of understanding of cybersecurity basics by the movie\u2019s MI6 employees.<\/p>\n<p>Whether the oversight is deliberate (highlighting the outdatedness of Bond and the whole 00 section concept) or due to the incompetence of the scriptwriters and lack of cyberconsultants is not clear. Whatever the case, here\u2019s a look at some of the absurdities we spotted in the films, in order of appearance. Spoiler alert!<\/p>\n<h2>Casino Royale<\/h2>\n<p>In Craig\u2019s first Bond movie, we see the following scene: Bond breaks into the house of his immediate superior, M, and uses her laptop to connect to some kind of spy system to find out the source of a text message sent to a villain\u2019s phone. In reality, Bond could only do that if:<\/p>\n<ul>\n<li>MI6 does not enforce an automatic screen lock and logout policy, and M leaves her laptop permanently on and logged in;<\/li>\n<li>MI6 does not enforce the use of strong passwords, and M\u2019s passwords are easily guessable;<\/li>\n<li>M does not know how to keep her passwords secret from her colleagues, or she uses passwords that were compromised.<\/li>\n<\/ul>\n<p>Any one of these scenarios spells trouble, but the third is the most likely one; a little later in the story, Bond again logs in remotely to a \u201csecure website\u201d using M\u2019s credentials.<\/p>\n<p>Bond\u2019s password attitude is no better. When he needs to create a password (of at least six characters) for the secret account that will hold his poker winnings, he uses the name of colleague (and love interest) Vesper. What\u2019s more, the password is actually a mnemonic corresponding to a number (like the outdated phonewords for remembering and dialing numbers on alphanumeric keypads). It is effectively a 6-digit password, and based on a dictionary word at that.<\/p>\n<h2>Quantum of Solace<\/h2>\n<p>The least computerized of the last five Bond movies, <em>Quantum of Solace <\/em>nonetheless \u00a0includes a moment worthy of attention here. Early in the film, we learn that Craig Mitchell, an MI6 employee of eight years \u2014 five as M\u2019s personal bodyguard \u2014 is actually a double agent.<\/p>\n<p>Of course, that\u2019s an old-school security issue rather than the cyber kind. However, M\u2019s carelessness with passwords, as seen in the previous film, suggests MI6\u2019s secrets may well be in the hands of cat-stroking supervillains the world over.<\/p>\n<h2>Skyfall<\/h2>\n<p>At the other end of the cyberspectrum lies <em>Skyfall<\/em>, the most computerized of the five. Here, information security lies at the very heart of the plot. The cybermadness is evident from scene one. For convenience, we\u2019ll break down our analysis chronologically.<\/p>\n<h3>Data leak in Istanbul<\/h3>\n<p>An unknown criminal steals a laptop hard drive containing \u201cthe identity of every NATO agent embedded in terrorist organizations across the globe.\u201d Even MI6\u2019s partners do not know about the list (which moreover does not officially exist).<\/p>\n<p>The very idea of such a drive is already a massive vulnerability. Let\u2019s assume that the database is vital to MI6 (it is). What, then, was it doing in a safe house in Istanbul, protected by just three agents? Even if the drive is, as we\u2019re told, encrypted and alerts MI6 of any decryption attempt?<\/p>\n<h3>Cyberterrorist attack on SIS<\/h3>\n<p>The first real cyberincident crops up a bit later: a cyberterrorist attack on the headquarters of the British Secret Intelligence Service. The attacker tries to decrypt the stolen drive \u2014 seemingly, according to the security system, from M\u2019s personal computer. The defenders desperately try to shut down the computer, but the evildoers blow up the SIS building on the bank of the Thames.<\/p>\n<p>The ensuing investigation reveals that the assailant hacked into the environmental control system, locked out the safety protocols, and turned on the gas; but before doing so, they hacked M\u2019s files, including her calendar, and extracted codes that make decrypting the stolen drive a question of when, not if.<\/p>\n<p>Let\u2019s assume the alert from the stolen drive on M\u2019s computer represented an attempt at disinformation or trolling (after all, the drive could not have been in the building). And let\u2019s ignore questions about the building\u2019s gas supply \u2014 who knows, maybe MI6 corridors were lit with Jack-the-Ripper-era gas lanterns; Britain is a land of traditions, after all.<\/p>\n<p>In any case, hacking the engineering control systems is perfectly doable. But how did the engineering control systems and M\u2019s computer \u2014 supposedly \u201cthe most secure computer system in Britain\u201d \u2014 end up on the same network? This is clearly a segmentation issue. Not to mention, storing the drive decryption codes on M\u2019s computer is another example of pure negligence. They might at least have used a <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">password manager<\/a>.<\/p>\n<h3>Cyberbullying M<\/h3>\n<p>The perpetrators tease M by periodically posting the names of agents in the public domain. In doing so, they are somehow able to flash their messages on her laptop. (There seems to be some kind of <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/backdoor\/\" target=\"_blank\" rel=\"noopener\">backdoor<\/a>; otherwise how could they possibly get in?) But MI6\u2019s experts are not interested in checking the laptop, only in tracing the source of the messages.<\/p>\n<p>They conclude it was sent by an asymmetrical security algorithm that bounced the signal all over the globe, through more than a thousand servers. Such tactic may exist, but what they mean by \u201casymmetrical security algorithm\u201d in this context is about as clear as mud. In the real world, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/asymmetric-algorithm-cryptography\/\" target=\"_blank\" rel=\"noopener\">asymmetric <em>encryption<\/em> algorithm<\/a> is a term from cryptography; it has nothing to do with hiding a message source.<\/p>\n<h3>Insider attack on MI6<\/h3>\n<p>Bond locates and apprehends the hacker (a former MI6 agent by the name of Silva), and takes him and his laptop to MI6\u2019s new headquarters, unaware that Silva is playing him. Enter Q: nominally a quartermaster, functionally MI6\u2019s hacker-in-chief, actually a clown.<\/p>\n<p>Here, too, the reasoning is not entirely clear. Is he a clown because that\u2019s funny? Or was the decision another consequence of the scriptwriters\u2019 cybersecurity illiteracy? The first thing Q does is connect Silva\u2019s laptop to MI6\u2019s internal network and start talking gobbledygook, which we will try to decipher:<\/p>\n<ul>\n<li><em>\u201c[Silva]\u2019s established failsafe protocols to wipe the memory if there\u2019s any attempt to access certain files.\u201d<\/em> But if Q knows that, then why does he continue to analyze Silva\u2019s data on a computer with such protocols installed? What if the memory gets erased?<\/li>\n<li><em>\u201cIt\u2019s his omega site. The most encrypted level he has. Looks like obfuscated code to conceal its true purpose. Security through obscurity.\u201d <\/em>This is basically a stream of random terms with no unifying logic. Some code is <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/obfuscation\/\" target=\"_blank\" rel=\"noopener\">obfuscated<\/a> (altered to hinder analysis) using encryption \u2014 and why not? But to run the code, something has to decipher it first, and now would be a good time to figure out what that something is. <em><a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/security-by-obscurity-security-through-obscurity\/\" target=\"_blank\" rel=\"noopener\">Security through obscurity<\/a><\/em> is indeed a real-life approach to securing a computer system for which, instead of robust security mechanisms, security relies on making data hard for would-be attackers to puzzle out. It\u2019s not the best practice. What exactly Q is trying to convey to viewers is less than clear.<\/li>\n<li><em>\u201cHe\u2019s using a polymorphic engine to mutate the code.<\/em><em> Whenever I try to gain access, it changes.\u201d <\/em>This is more nonsense. Where the code is, and how Q is trying to access it, is anyone\u2019s guess. If he\u2019s talking about files, there\u2019s the risk of memory erasure (see the first point). And it\u2019s not clear why they can\u2019t stop this mythical engine and get rid of the \u201ccode mutation\u201d before trying to figure it out. As for <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/polymorphism\/\" target=\"_blank\" rel=\"noopener\">polymorphism<\/a>, it\u2019s an obsolete method of modifying malicious code when creating new copies of viruses in the <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/virus\/\" target=\"_blank\" rel=\"noopener\">strictest sense of the word<\/a>. It has no place here.<\/li>\n<\/ul>\n<p>Visually, everything that happens on Silva\u2019s computer is represented as a sort of spaghetti diagram of fiendish complexity sprinkled with what looks like hexadecimal code. The eagle-eyed Bond spots a familiar name swimming in the alphanumeric soup: Granborough, a disused subway station in London. He suggests using it as a key.<\/p>\n<p>Surely a couple of experienced intelligence officers should realize that a vital piece of information left in plain sight \u2014 right in the interface \u2014 is almost certainly a trap. Why else would an enemy leave it there? But the clueless Q enters the key without a murmur. As a result, doors open, \u201csystem security breach\u201d messages flash, and all Q can do is turn around and ask, \u201cCan someone tell me how the hell he got into our system?!\u201d A few seconds later, the \u201cexpert\u201d finally decides it might make sense to disconnect Silva\u2019s laptop from the network.<\/p>\n<p>All in all, our main question is: Did the writers depict Q as a bumbling amateur on purpose, or did they just pepper the screenplay with random cybersecurity terms hoping Q would come across as a genius geek?<\/p>\n<h2>Spectre<\/h2>\n<p>In theory, <em>Spectre<\/em> was intended to raise the issue of the legality, ethics, and safety of the Nine Eyes global surveillance and intelligence program as an antiterrorism tool. In practice, the only downside of creating a system such as the one shown in the film is if the head of the Joint Secret Service (following the merger of MI5 and MI6) is corrupted \u2014 that is, if as before, access to the British government\u2019s information systems is obtained by an insider villain working for Bond\u2019s sworn enemy, Blofeld. Other potential disadvantages of such a system are not considered at all.<\/p>\n<p>As an addition to the insider theme, Q and Moneypenny pass classified information to the officially suspended Bond throughout the movie. Oh, and they misinform the authorities about his whereabouts. Their actions may be for the greater good, but in terms of intelligence work, they leak secret data and are guilty of professional misconduct at the very least.<\/p>\n<h2>No Time To Die<\/h2>\n<p>In the final Craig-era movie, MI6 secretly develops a top-secret weapon called Project Heracles, a bioweapon consisting of a swarm of nanobots that are coded to victims\u2019 individual DNA. Using Heracles, it is possible to eliminate targets by spraying nanobots in the same room, or by introducing them into the blood of someone who is sure to come into contact with the target. The weapon is the brainchild of MI6 scientist and double agent (or triple, who\u2019s counting?) Valdo Obruchev.<\/p>\n<p>Obruchev copies secret files onto a flash drive and swallows it, after which operatives (the handful who weren\u2019t finished off in the last movie) of the now not-so-secret organization Spectre break into the lab, steal some nanobot samples and kidnap the treacherous scientist. We already know about the problems of background checks on personnel, but why is there no <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/data-loss-prevention-dlp\/\" target=\"_blank\" rel=\"noopener\">data loss prevention (DLP)<\/a> system in a lab that develops secret weapons \u2014 especially on the computer of someone with a Russian surname, Obruchev? (Russian = villain, as everyone knows.)<\/p>\n<p>The movie also mentions briefly that, as a result of multiple leaks of large amounts of DNA data, the weapon can effectively be turned against anyone. Incidentally, that bit <a href=\"https:\/\/www.buzzfeednews.com\/article\/peteraldhous\/hackers-gedmatch-dna-privacy\" target=\"_blank\" rel=\"noopener nofollow\">isn\u2019t completely implausible<\/a>. But then we learn that those leaks also contained data on MI6 agents, and that strains credulity. To match the leaked DNA data with that of MI6 employees, lists of those agents would have to be made publicly available. That\u2019s a bit far-fetched.<\/p>\n<p>The cherry on top, meanwhile, is Blofeld\u2019s artificial eye, which, while its owner was in a supermax prison for years, maintained an around-the-clock video link with a similar eye in one of his henchmen. Let\u2019s be generous and assume it\u2019s possible to miss a bioimplant in an inmate. But the eye would have to be charged regularly, which would be difficult to do discreetly in a supermax prison. What have the guards been doing? What\u2019s more, at the finale, Blofeld is detained without the eye device, so someone must have given it to him after his arrest. Another insider?<\/p>\n<h2>Instead of an epilogue<\/h2>\n<p>One would like to believe all those absurdities are the result of lazy writing, not a genuine reflection of cybersecurity practice at MI6. At least, we hope the real service doesn\u2019t leak top-secret weapons or store top-secret codes in cleartext on devices that don\u2019t even lock automatically. In conclusion, we can only recommend the scriptwriters raise their cybersecurity awareness, for example <a href=\"https:\/\/k-asap.com\/en\/?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">by taking a cybersecurity course<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kasap\">\n","protected":false},"excerpt":{"rendered":"<p>What do James Bond and his Secret Intelligence Service colleagues know about cybersecurity?<\/p>\n","protected":false},"author":700,"featured_media":19023,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917],"tags":[2007,1183,2368,187,2047],"class_list":{"0":"post-19022","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-insiders","11":"tag-leaks","12":"tag-movies","13":"tag-passwords","14":"tag-truth"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/bond-cybersecurity-in-craig-era\/19022\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/bond-cybersecurity-in-craig-era\/23575\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/bond-cybersecurity-in-craig-era\/25635\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/bond-cybersecurity-in-craig-era\/23696\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/bond-cybersecurity-in-craig-era\/23224\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/bond-cybersecurity-in-craig-era\/26361\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/bond-cybersecurity-in-craig-era\/25916\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/bond-cybersecurity-in-craig-era\/10217\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/bond-cybersecurity-in-craig-era\/42733\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/bond-cybersecurity-in-craig-era\/18002\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/bond-cybersecurity-in-craig-era\/18393\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/bond-cybersecurity-in-craig-era\/15498\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/bond-cybersecurity-in-craig-era\/27678\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/bond-cybersecurity-in-craig-era\/31923\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/bond-cybersecurity-in-craig-era\/27786\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/bond-cybersecurity-in-craig-era\/29890\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/bond-cybersecurity-in-craig-era\/29693\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/truth\/","name":"truth"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19022"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19022\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19023"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}