A simple demonstration of the classic man-in-the-middle attack somehow made its way into a B-movie quality fantasy TV series. Will wonders never cease?
2009 episodes of Criminal Minds are not the only places you might have seen information security handled in a way that is not completely unbelievable. While two instances of doing something surprisingly better than the norm on the show were identified in the article Never get complacent about security, even in fiction, another series -- this one based on a fantasy novel series -- has raised the bar for interesting use of real-world security concepts on TV. Ironically, the show handles information security, even by way of magic, with more realism than it handles a lot of the standard sword and sorcery tropes that are central to the show.
Legend of the Seeker is the name of a television series based on the Sword of Truth fantasy novel series by author Terry Goodkind. Like every fantasy TV series before it that I recall seeing, it carries a campy sense of the B-movie about it, with trite scripting, lackluster direction, and acting that usually comes across more like cardboard cutouts than richly realized characters. Still, it involves magic and swords and an ongoing struggle against a dark evil, so it has its charms.
In an April 2010 episode titled "Desecrated", a sorcerer trapped two of the series' major supporting characters in a tomb and provided a book each within the tomb and outside of it for them to communicate with Richard Cypher (no apparent relevance to cryptography aside from this episode), the main character. The idea was that what someone wrote in one of the books would also appear in the other, giving Richard proof they still lived so he would have to do the sorcerer's bidding. If he did not, they would remain trapped in the tomb until they ran out of air. The situation was complicated, of course, by the fact that Richard did not know which tomb among hundreds imprisoned his friends.
If you have this episode waiting for you on your TiVo or other DVR, and you do not want the episode's twists revealed to you, you should probably stop reading this article now. Come back when you have seen the episode.
It turns out that Richard was subtly led astray by the sorcerer, who kept two more books in his possession. One of them was the actual source of the messages received by the imprisoned characters, and the destination of the messages written by them in their book. The other was the actual source of the messages received by Richard, and the destination of the messages written by him in his book.
In short, the sorcerer executed a classic man-in-the-middle attack, intercepting messages and passing them on (in this case, slightly modified) to their intended recipient. In general, an MITM attack is intended to harvest information without altering the text in the messages. There are cases where altering the text could also be advantageous, particularly in a one-shot MITM attack where the security cracker (or sorcerer) in question will not need to continue the attack or use it again in the future.
The very moment they figured out the purpose of the book, long before the MITM attack was revealed, I found myself thinking about the possibilities for how the means of communication could be subverted. Considering the communication medium -- two books that are assumed to be directly linked -- was provided by the sorcerer as part of his nefarious plan to bend Richard's actions to his will, and the effectively closed-source delivery of the communication mechanism (because there was no way at the time to verify anything about the way the books were set up), the dangers of simply trusting the books to be what they appeared seemed quite obvious to me.
The very first problem was, of course, that there was no way to verify the identity of who was using the book at the other end, or even whether there was such a book, aside from trusting the text that appeared in one's own book. There was also no way to authenticate the messages as genuine other than a heuristic guess based on the way the other party wrote messages. There was no reason to believe the messages would be private, either, though that particular matter did not turn out to be very important to the episode's plot. Then again, most viewers probably are not as involved in security considerations on a day to day basis as your humble TechRepublic writer, so the fact I saw these possibilities was surely not the normal, or expected, response from the audience.
I was frankly surprised when the show's writers opted to actually employ a man-in-the-middle attack as a plot twist, despite the fact I saw the possibility. The manner in which the sorcerer took advantage of it to mislead Richard was even a central point in the episode's plot, and led him by a clever bit of social engineering to do some of the sorcerer's bidding without realizing it -- until it was too late, of course. Even if it is a simple concept to employ the way the sorcerer did, I am somewhat impressed with whatever writer came up with the idea.
Maybe someone can hire him for a TV series that actually deals with security crackers in a modern setting some day, to help inject a little more realism into the way computer security matters are handled in popular television series in the future. We can always hope.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.