A couple of years ago, we reviewed the “Ring of Power” botnet created by famous cybercriminal Sauron (aka Annatar, aka Mairon, aka Necromancer). However, reports by famous cybersecurity expert J. R. R. Tolkien contain much more than just descriptions of the botnet’s modules. For example, Tolkien frequently returns to information technology and security systems in discussions of the various races of Middle-earth. In particular, he describes several dwarven systems in detail.
The “Doors of Durin” backdoor
In the time of The Lord of the Rings, the ancient dwarven stronghold of Moria is deeply under the control of Evil. At some point, the dwarves became obsessed with mining Mithril (obviously a local cryptocurrency), let their guard down, and accidently unzipped and launched an ancient rootkit named Balrog.
The rootkit, a part of an APT campaign, had remained in the depths under the mountains since the time of Melkor, a famous hacker and former leader of the group in which the abovementioned Sauron started his criminal career. The group may also have had some interest in Mithril (the Balrog rootkit and the dwarven mining operation didn’t end up in the same place by coincidence), but that’s not explicitly mentioned.
Anyway, dwarves built every bit of Moria’s infrastructure, including the western backdoor called Durin’s Door, also known as the Elven Gate. But after years of abandonment, no one remembered the password that granted access through the gate.
Tolkien presented the process of Durin’s Door opening humorously: Gandalf, having arrived at the gates with the Fellowship of the Ring, reads the inscription, “Speak, friend, and enter.” Naturally, the password is friend. In other words, the dwarves made the same mistake as many modern office workers do, and left a sticky note with the password right on the computer. The password strength is barely worth a sneer; imagine how well that would stand up to a simple brute-force attack.
It is especially funny that the inscription tells us exactly who screwed up: “I, Narvi, made them. Celebrimbor of Hollin drew these signs.” In other words, the inscription contains not only the password but also a couple of logins that clearly belong to privileged users. Many people use the same passwords for accounts in different systems, and one can assume the practice is not alien to other races. It’s likely someone could use these logins and password for deeper penetration into Moria’s systems.
It is not clear who made the mistake — dwarf developers or the Celebrimbor, a user — after all, the “doors” were made for trade and cooperation between dwarves and elves. I lean toward the second version; dwarves tend to have much better security practices.
Steganography in a Thrór’s Map
Tolkien describes one interesting example of dwarven defense technology implementation in The Hobbit: When advanced persistent threat Smaug infected and overtook Erebor (Lonely Mountain), he forced the dwarves to flee their homes (again). Thror, king of the Durin Folk, left his descendants a map with instructions for accessing Erebor’s systems through the backdoor (literally called the Back Door). He hoped that one day a team of security experts could eradicate the dragon infestation. The map’s implementation is very interesting from a cybersecurity point of view.
Thror wrote the instructions to gain access to the backdoor on the map, but to keep it secret he not only used Angerthas Erebor (and the dwarves were very reluctant to share their language even with allies), but also used the extremely complex moon-letters method for the inscription. This dwarven technology allows writers to inscribe secret text visible only in the light of the moon — and not only the moon in general, but the moon either in the same phase as on the day of writing, or at the same time of the year.
In other words, Thror used some form of steganography, placing secret information on a picture so as to make it not only unreadable but also undetectable to outsiders.
The Lonely Mountain backdoor
The Back Door’s protection mechanism is no less interesting. To open it, you need a “curious silver key with a long barrel and intricate wards.” However, according to instructions from Thror’s map, the timing is also key: “Stand by the grey stone when the thrush knocks, and the setting sun with the last light of Durin’s Day will shine upon the key-hole.”
How the dwarves implemented the thrush part of the technology is unknown — Tolkien didn’t go into the details of the biotech — but what we have here is multifactor authentication, and cleverly implemented at that. Indeed, on Durin’s Day, in the evening, the thrush knocked, the last ray of sunset touched the door, and a fragment of stone broke off, revealing the keyhole. In this case, the calendar was an additional security factor; on the wrong day, even having the key wouldn’t have helped .
Alas, Tolkien did not describe the mechanism for returning the breakaway piece to the door. Maybe the thrush took care of that part.
Of course, Tolkien allegorically depicted many more cybersecurity and information technologies in his books. As readers rightly pointed out after the first part, analyzing the telecommunication protocol of the infamous palantirs would also be interesting. Unfortunately, the professor did not leave detailed instructions, and scraps of information from his published drafts leave us with more questions than answers. Nevertheless, we will try to talk about them in an upcoming post on elvish IT.