Dr Enigma at Turing Fest 2018

Dr Enigma was back at Turing Fest in Edinburgh this year to deliver a talk, as well as host a stand displaying two original, war-time Enigma machines.

It was great to be back at the festival, speaking with so many interesting people, and once again to be bringing a piece of history which is still relevant to the IT world today (see: War Hackers: Why Breaking Enigma is still relevant to cybersecurity today).

As Scotland’s premiere IT event, the Enigma machine story, the hands-on demos of the original Enigma machines, and their links to Alan Turing, provide an interesting contrast to the high-tech world of blockchain, growth hacking and bootstrapping, as well as something you can actually touch and feel; something of a rarity in this digital age.

A big thanks to Brian Corcoran and the rest of the Turing Fest organisers for the invite and to everybody who came to the talk and to play with an Enigma machine.

If you’d like to book an Enigma machine talk or demo for your own event, see our Enigma machine events page or email: events@drenigma.org.

Here are a few pictures of Turing Fest 2018:

War Hackers: Why Breaking Enigma is still relevant to cybersecurity today

This year marks 100 years since the precursor of the Enigma machine was first patented by Arthur Scherbius.

Although known best as the enciphering machine used by the Nazis during World War Two, the Enigma machine in fact pre-dates the war and was available commercially until the late 1920s, after which the German government swallowed up the company, removed the machines from the open market and upgraded the hardware.

Enigma-Machine-Patent
Cover of the original manual for an Enigma machine

So how could the cracking of coding technology that is a century old still have any relevance to today’s cybersecurity world, where ciphers, and the hacking of them, are infinitely more complex?

Well, the story of breaking the Enigma code is a fascinating tale of cat and mouse, which anyone in the cybersecurity space today will appreciate. Essentially, the Poles, Brits and Americans, who each broke Enigma ciphers at different points during the war, were hackers, constantly probing for weaknesses in the Enigma system.

It was a combination of mathematical genius along with exploiting said weaknesses in the hardware, prescribed protocol and just plain user error, that helped Allied forces break Enigma ciphers and allowed them to read many of the messages (though not all by a very long way) and gain advantages which eventually led to Allied victory and the shortening of the war.

DSC_2591
Dropbox, San Francisco, Feb 2018

As part of our recent Silicon Valley Tech Tour, Dr Enigma presented at the Dropbox HQ in San Francisco, and during this visit I spoke to Scott Joaquim of Dropbox’s Security Team. He perfectly sums up why the Enigma story is still so relevant to IT security and what they are trying to achieve at Dropbox today:

“At Dropbox, one of our core company values is being worthy of trust. With over half a billion users and 300,000 companies using our platform, security and privacy are our top priority.

So for us, one of the most riveting elements of the history of the Enigma machine is that, in spite of the machine’s technical sophistication, it was human error, procedural flaws, and leaks of key information that helped enable the Bletchley Park team and others to crack the codes.

It’s a dramatic testament to the fact that a system or organization can only be as secure as the people who are operating or taking care of it. At Dropbox this is why we cultivate a culture of security where every employee, regardless of their role, takes personal responsibility for keeping Dropbox and our users secure.”

DSC_2576
Speaking at Dropbox HQ, San Francisco, Feb 2018

Indeed, with more ways to set up an Enigma machine than there are atoms in the observable universe, the Nazis were convinced that Enigma ciphers were unbreakable. And indeed they were correct in believing that they were safe from a brute force attack; it would have taken a lifetime to run through each setting, and even with today’s modern computing power, you can’t break Enigma this way.

However, clever people approached the problem differently, discovering and exploiting weaknesses with both the machine’s hardware, the user protocols set from above, as well as just every day user laziness, to attack and break the ciphers.

As Scott from Dropbox noted, it’s a stark reminder that systems are only as secure as their weakest link. It’s not just holes in the code which need to be patched; social engineering attacks are nothing new, and the lessons that Alan Turing and the Enigma hackers learned back then, still have much to teach us today.

To learn more about the fascinating Enigma story and its relevance today, book Dr Enigma for an Enigma Machine presentation and hands-on demo with his original Enigma machine.