Harry Potter and the Sorcerer’s Stone from a Cyber Security Perspective (Part 1)
If you know me, you know that I love security and Harry Potter. In this post, I will reflect on Harry Potter and the Sorcerer’s stone from a cyber security perspective. I will analyze the movie, share security analogies and explain some ethical hacker concepts.
Denial of Service/Distributed Denial of Service Attacks
A Denial of Service (DoS) attack is an attack that makes a resource unavailable for its intended users. An advanced DoS attack is the Distributed Denial of Service (DDoS) attack. In a DDOS a large number of systems conduct a synchronized DoS on a single target.
In the movie, an owl delivers a letter to Harry in the mail. Harry is denied access to the letter, so multiple owls send a large number of letters. In this analogy, each owl represents a system, each letter represents a request/packet and the target is the Dursleys’ mailbox. It is an ethical DDoS since the Dursleys were preventing Harry from reading his mail.
Brute Forcing
Brute Forcing is a resource intensive attack where an attacker uses trial and error to crack a target password or combination. It is called “Brute Force” because it usually requires excessive force.
The analogy here is when Hagrid broke the door of the cabin where Harry and the Dursleys were staying.
Physical Pentesting
A physical penetration test is when a pentester assesses physical security controls and attempts to bypass them to gain access to restricted areas.
The unlocking spell Alohomora, is used to unlock doors and windows. Once I saw it, I automatically thought of physical pentesting and lock picking.
Insider Threat
An insider threat is one that arises from an individual who is a member of an organization or close to it.
The insider here is professor Quirrell. He let a troll in the dungeons, jinxed Harry’s broom and had Voldemort attached to his head under the turban.
White Hat, Grey Hat and Black Hat
Hackers like wizards, can be either good or bad. An ethical hacker is a white hat hacker, an unethical hacker is a black hat hacker, a grey hat hacker is one that sometimes could violate ethical standards.
If the wizards were hackers, Voldemort would be a black hat, Snape would be a grey hat and the trio (Harry, Ron and Hermione) would be white hat hackers.
Social Engineering
Social engineering is the process of psychologically manipulating people into sharing confidential information or doing actions against their best interest.
Here, Voldemort presents Hagrid with a dragon’s egg and starts a conversation with him about beasts. The conversation leads to Fluffy (the three headed dog) and Hagrid shares that music puts Fluffy to sleep. This piece of information is later used by Voldemort to bypass Fluffy.
Diversion, Hoaxes and Honeypots
A hoax is a fake warning about a breach or a virus. It consumes resources just as an actual virus since it is important to verify whether the threat is true. A diversion is a distraction or a deviation from course and a honey pot is a system that appears to be legitimate to lure attackers in order to analyze their behavior and protect real systems.
In this scene, towards the end of the movie the key to a door is surrounded by fake keys that serve as a distraction and an additional layer of security.
Thank you for reading. If you like the article, please clap and follow. You can read part 2 here.
References
- https://en.wikipedia.org/wiki/Denial-of-service_attack
- tinyurl.com/7dbx6jpw
- https://www.fortinet.com/resources/cyberglossary/brute-force-attack
- https://www.redteamsecure.com/penetration-testing/physical-penetration-testing
- https://harrypotter.fandom.com/wiki/Unlocking_Charm
- tinyurl.com/bdekbn4n
- https://en.wikipedia.org/wiki/Grey_hat
- https://en.wikipedia.org/wiki/Social_engineering_(security)
- https://www.proofpoint.com/us/threat-reference/insider-threat
