In a  previous post, we went through how the Rogue One team was able to get the Death Star plans to the Rebel Alliance, saving countless planets from destruction. But the Empire could have prevented this if they had thought to tighten the security on Scarif, where the Imperial data vault was located.

Let’s walk through an incident report on the activities that lead up to the Rebels stealing the Death Star plans.

Insider Threats

The first place the empire needed better security was with the owners of the engineering plans. Sure, Galen Erso was the most obvious scientific expert to get to lead the project. He was the undeniable expert on using kyber crystals for power, and the Death Star needed to harness and control incredible power if it was going to be a planet killer.

The problem with Erso was that he was a human. And a pacifist, he didn’t want to help militaristic governments, he wanted to “find a way to provide clean, safe, and nearly unlimited power to developing worlds by unlocking the secrets of the kyber crystal” [Wookieepedia]. But the Empire “recruited” him by killing his wife, and his daughter was hidden and separated from him.

No wonder he carried a grudge and built a flaw into the Death Star! Erso engineered a fatal flaw into the Death Star and made a copy of the engineering plans that showed how to exploit the flaw. He named it something that didn’t arouse suspicion – Stardust. That was his nickname for his daughter. She came for the file and knew exactly the one to steal.


Talk about a rootkit!

In our times, about a third of breaches are caused internally. So, it makes good business sense to treat people right. But since that runs counter to Imperial dogma, this event was probably inevitable.

The Attack Team

When looking back at a security event, it’s always good to understand the attack team’s skill and motivation.

  • The team leader was Jyn Erso, Galen’s daughter. She saw her mother shot by storm troopers and grew up a criminal because her father was conscripted to build the Death Star.
  • The Rebel Alliance leader was Captain Cassian Andor
  • Rogue One’s pilot was Bohdi Rook, a former Galactic Empire cargo pilot. He defected after talking with Galen Erso.
    Erso entrusted his video message about the Death Star flaw (on what looked like a USB drive?) to Rook so he could deliver it to Saw Gerrera (friend of Erso who protected and raised Jyn).
  • The co-pilot was K-2 SO, a former Empire KX-series security droid that Captain Cassian Andor had reprogrammed. They flew the strike team to Scarif on a stolen Imperial cargo shuttle.
  • Chirrut Îmweand Baze Malbus were also part of the core team. They were members of the Guardians of the Kyber Temple, sworn to protect the kyber crystals.
  • Several other rebels dedicated to the cause of preventing the Death Star from becoming operational.


Security Basics: Rolling Credentials

Picture of the security Shield Gate for ScarifThe planet of Scarif was surrounded by an impenetrable deflector shield. The Shield Gate was a space station put in orbit around the planet that allowed passage through the deflector shield. Rogue One was able to get through because Rook knew the protocols from his previous experience. He told “gate officer that they had been rerouted and ordered K-2SO to transmit the clearance codes” [Wookieepedia]. And they were admitted.

Where did K-2SO get the codes? How often were they changed? Obviously the codes were not secure, and this was the first step to infiltrating the physical security of Scarif.



The Theft of the File

Once Rogue One landed on Scarif, they were boarded by an inspection crew (1 officer, 1 technician, 2 storm troopers). The team took the inspection team out and Cassian and Jyn donned their uniforms. They went to the data vault to get the plans while the rest of the team created a distraction.

Rook played a key role by giving false information to the shore troopers attempting to stop the distraction and communicating with the Rebel forces that came to assist and intercept the plans.

Image of Cassian Andor, Jyn Erso, and K-2SO disguised as Imperial personnel to breach physical security on ScarifCassian and Jyn gained access to the facility because of their uniforms. K-2SO came along and got in easily as well, since he was an Imperial droid. Once inside, K-2SO accessed the building plans by plugging into the lone security droid. Literally, he took off his head and plugged into it.

Once they had the map to the complex, they knew where to find the backups! K-2SO got rid of the backup technician (always the most thankless job in IT) and opened the door to the vault.

K-2SO was able to direct Jyn and Cassian to the correct tape and he was the one who suggested transmitting the file via the transmission tower on the top of the building. As the storm troopers zeroed in on the rebels, the power to the robot arms to retrieve the tapes was shot out and Jyn had to climb the tower to get the tapes.


Security Event at Scarif: What Went Wrong?

There is so much the Empire could have done to prevent this attack. Don’t treat people so harshly that they have reason to become an insider threat. Ok, maybe this couldn’t have been prevented.

But it seemed pretty easy to steal the credentials to the Shield Gate. They only had one guard in the building where the archive files were kept, and the backup technician wasn’t much help once the physical security was breached. And honestly, there’s really no sense air gapping a data library if there is a transmission tower on top of the building.

Much like the insider threat, I don’t think the Empire could have prevented the Rebels taking out their Shield Gate. I mean they crashed two Imperial destroyers into the Gate to bring it down. If an attacker is that determined they are probably getting in.

Real Talk

It is pretty funny that one of the best Star Wars movies in the franchise elicited so much thinking about work for me. I also think thinking about these things made it more real for me. What security items did I miss?

May the 4th be with y’all!




Enjoy this blog? Please spread the word :)