It’s not every day that one learns about cybersecurity in the context of pop culture, but on Tuesday evening, Star Wars became an analogy to hacking situations in a presentation by Chris Lord. Lord turned hacking into a story told by Star Wars characters as he spoke to UT students about data breaches.
Lord has worked in the cybersecurity field for over twenty years, and he is the CTO and co-founder of Armored Things, a spatial intelligence company. He works to ensure physical security by implementing cybersecurity principles, and he shared these principles with students in his talk.
In his presentation, Lord explained that there are four main strategies hackers use to gather data: social engineering, compromised access, supply chain attacks and side channel attacks. He also covered tips on how to protect against these hacking techniques. As he discussed each example, he used a video clip from Star Wars to illustrate the different attacks in a different context.
Social engineering is how adversaries hack us by using subtle psychological manipulation to convince victims to give them data, including using fishing techniques.
Lord suggests that we keep personal and work life separate, trust in knowing others and don’t click but instead go to the source.
“If it doesn’t look right, trust that it’s not,” Lord said.
Compromised access and side channel are both hacking techniques that require hackers to directly infiltrate our data, because they are focused on passwords and leaked information, rather than communication with the victim or relying on faults within a corporation.
These techniques target weak passwords as well as information that we have on the internet which can be easily accessed for hacking purposes even though we don’t realize it. Whenever we put information on the internet, we need to be aware of who may find it and how easy it is to find
“We leak information all the time whether we know it, or we don’t,” Lord said.
Lord explained that the best ways to protect against these two types of hacking are by creating long passwords that are new each time and enabling multi-factor authentication. He also said that limiting the unintentional exposure of data and reviewing privacy terms are successful in preventing side channel hacking.
The fourth type of hacking is supply chain, which involves hackers targeting the chain of communication within a site or company. When one part of the chain is disrupted, exploitation becomes possible. Lord talked about supply chain hacking more in the context of coding, but the principles can still be applied to everyday computer use.
Jacob Sides, a senior majoring in computer science, attended the talk and discussed his takeaway from the tips Lord suggested.
“The supply chain attack was something that really stood out to me. The things that he was bringing up really do affect all fields of software development, so I’ll definitely have to keep an eye out for certain things,” Sides said.
The major impressions that Lord left with students were to be cautious of the information they have on the internet, put thought into the passwords they use and think like an adversary in order to be proactive against hackers.