Image for post
Image for post
Image by Alexei Vella

The #Skyfall Hoax — Has The Infosec Space Lost Its Sense Of Humor?

Guise Bule
Jan 23, 2018 · 6 min read

The cybersecurity space has always been able to laugh at itself, in the early days of the space, trolling was pretty much part of the culture and still is. This is the part of the infosec space that people love to hate, but its also where the hacking talent in our space lives and plays.

Take your work and sec seriously, but not yourself.

Hacker culture never did take itself seriously, still doesn’t and it delights in poking fun at those people who do. The community also likes to mock those who rush out a tweet thread and a blog post every time there is any cybersecurity trend or story worth giving a take on.

Part of our community loves poking fun at almost anything and so when cybersecurity space began to fall in love with the idea of custom logos, websites and brand names for vulnerability alerts, the trends was naturally mocked as ‘marketing’, a dirty word in some parts.

The custom logo and website trend for vulnerability disclosures was started by the Graz University of Technology and their meltdown attack website. But I love Graz as a place and the people there are awesome, so I am not about to mock them for their clearly valuable contributions.

Image for post
Image for post
The First Infosec Hoax of 2018

The Skyfall & Solace hoax began when somebody launched a website disclosing new vulnerabilities, a website that had very clearly taken inspiration from the meltdown attack website and its approach.

It wasn't really much of a hoax, level headed commentators pointed out that a random website was the only source, the more connected ones pointed out that the chipmakers they know (who were allegedly embargoing the vulnerabilities) knew nothing about these new vulnerabilities.

But that doesn’t mean nobody was fooled, or that the infosec space did not immediately whip itself into a froth about the new vulnerabilities.

Infosec Twitter burst into action and furiously began tweeting #Skyfall and #Solace commentary, spreading the website link far and wide.

Image for post
Image for post
https://twitter.com/GossiTheDog/status/955439359494410240

Clearly a fair sized chunk of the infosec space was taken in by this hoax, some enough to begin drafting up blog posts covering the new vulnerabilities and others by tweeting and sharing the link to it on social media.

For a while it looked and felt like a real vulnerability disclosure, long enough to fool some, before others started questioning it. Almost as quickly as it had started, twitter commentators started deleting their #Skyfall hashtag tweets as it became more and more apparent that the whole thing was a hoax.

Image for post
Image for post
https://twitter.com/11rcombs/status/954069852062396416

As more and more commentators tweeted about how they were not fooled by the hoax, many more of them silently deleted their #skyfall tweets and kicked themselves for being so easily taken in by such an obvious troll.

I think it was just a good old fashioned troll. It was somebody with a cynical sense of humor out there having a laugh at the expense of those who take themselves seriously. It was a mocking attempt to fool those who really should know better into spreading around disinformation from one source.

The creator of the site later claimed that the hoax was a social experiment to highlight the point that infosec commentators would whip themselves up into a froth about any vulnerability if it had a cool name, domain and logo.

Image for post
Image for post
https://twitter.com/Requiem_fr/status/955420802098302978

I don’t believe it, I still think it was a troll doing what a troll does best. He was just a little more motivated than your everyday twitter troll, enough to register a domain, SSL it and create a mini site around the hoax.

Image for post
Image for post
https://twitter.com/kjonas65/status/955443190533894145

For sure brand names and logos give the media and social commentators something to write and tweet furiously about, a name that the public can engage with (as opposed to say CVE-2017–5753). But those brand names aren't really for the people who actually deal with these vulnerabilities in the real world, people used to dealing with things like CVE-2017–5715.

The brand names, websites and the logos are there to feed the cybersecurity hype train, to give the media something to write about and to give everyone who loves tweeting about such things a proper hashtag to tweet it with.

The whole hoax was poking fun at the sort of people who take vulnerability brand names seriously, whilst ignoring the fact that those who actually do know about these vulnerabilities do not care one bit what they are called.

Most people chuckled to themselves and went on with their day, no blue team actually spent any time dealing with these new vulnerabilities, because there was nothing to deal with and no real information to go on to begin with.

Image for post
Image for post
https://twitter.com/0xMatt/status/955545616632827904

But that didn’t stop some well known internet commentators from responding with attacks on the hoax, dismissing it as childish attention seeking. I personally thought Rob’s article was a bit whiny, the person behind the hoax clearly gets it enough to be satirical about it.

Image for post
Image for post
https://twitter.com/ErrataRob/status/955605042807148544

Others dismissed it as ‘lies and more lies’ which is amusing because that is the whole point of the hoax, it was supposed to be a lie that would eventually be exposed for what it was. Can’t help but think that Rob and Richard in his blog post were at least a little bit taken in by it at first.

Image for post
Image for post
https://twitter.com/ErrataRob/status/955605042807148544

Ultimately I think Gossi had the most insightful comment, he made the point that a hoax getting hundreds of thousands of hits, press coverage and analyst briefings indicated a severe lack of calm analysis. He is right too, most infosec pundits fall over themselves to rush out tweets and blog posts on new vulnerabilities and only a handful are usually worth reading.

Image for post
Image for post
https://twitter.com/GossiTheDog/status/955475030414188544

The hoax hit a nerve for sure, it generated a lot of coverage and chatter in the process, not bad for ten minutes worth of work setting it up.

But the whole affair begs the question.

Has the infosec space lost its sense of humor?

Sponsor | Looking for a remote browser isolation solution? Check out WEBGAP, home of WEBGAP browser isolation and the WEBGAP remote browsing service.

secjuice™

secjuice™ is your daily shot of opinion, analysis & insight…

Guise Bule

Written by

I consume creative design and sometimes I write things.

secjuice™

secjuice™ is your daily shot of opinion, analysis & insight from some of the sharpest wits in cybersecurity, information security, network security and OSINT.

Guise Bule

Written by

I consume creative design and sometimes I write things.

secjuice™

secjuice™ is your daily shot of opinion, analysis & insight from some of the sharpest wits in cybersecurity, information security, network security and OSINT.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store