{"id":9779,"date":"2021-06-29T13:37:14","date_gmt":"2021-06-29T10:37:14","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9779"},"modified":"2021-06-29T13:37:14","modified_gmt":"2021-06-29T10:37:14","slug":"middle-earth-cybersecurity-dwarves","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/middle-earth-cybersecurity-dwarves\/9779\/","title":{"rendered":"Tolkien’in c\u00fcceleri ve siber g\u00fcvenlik teknolojileri"},"content":{"rendered":"

Birka\u00e7 y\u0131l \u00f6nce, \u00fcnl\u00fc siber su\u00e7lu Sauron (Annatar, Mairon ve Necromancer olarak da bilinir) taraf\u0131ndan yarat\u0131lan \u201cRing of Power\u201d botnetini incelemi\u015ftik<\/a>. Ancak, \u00fcnl\u00fc siber g\u00fcvenlik uzman\u0131 J.R.R. Tolkien\u2019in verdi\u011fi bilgilerin aras\u0131nda botnetin mod\u00fcllerinin tan\u0131m\u0131ndan \u00e7ok daha fazlas\u0131 var. \u00d6rne\u011fin Tolkien, Orta D\u00fcnya\u2019da ya\u015fayan \u00e7e\u015fitli \u0131rklardan bahsederken s\u0131kl\u0131kla bili\u015fim teknolojilerine ve g\u00fcvenlik sistemlerine de\u011finmi\u015ftir. \u00d6zellikle c\u00fccelerin yaratt\u0131\u011f\u0131 birka\u00e7 tane sistemi detayl\u0131 bir \u015fekilde tarif etmi\u015ftir.<\/p>\n

\u201cDurin\u2019in Kap\u0131lar\u0131\u201d arka kap\u0131s\u0131<\/h2>\n

Y\u00fcz\u00fcklerin Efendisi<\/em> zaman\u0131nda, c\u00fccelerin kadim kalesi Moria tamamen K\u00f6t\u00fc g\u00fc\u00e7lerin kontrol\u00fc alt\u0131ndayd\u0131. Bir zaman sonra, c\u00fcceler Mithril madenini (yerel bir kripto para birimi) \u00e7\u0131kartmay\u0131 tak\u0131nt\u0131 haline getirdiler. Gardlar\u0131n\u0131 d\u00fc\u015f\u00fcrd\u00fcler ve yanl\u0131\u015fl\u0131kla Balrog ad\u0131nda kadim bir k\u00f6k kullan\u0131c\u0131 tak\u0131m\u0131 y\u00fcklediler.<\/p>\n

Bir Geli\u015fmi\u015f S\u00fcrekli Tehdit plan\u0131n\u0131n par\u00e7as\u0131 olan k\u00f6k kullan\u0131c\u0131 tak\u0131m\u0131, Melkor\u2019un zaman\u0131ndan beri da\u011f\u0131n derinliklerinde uyuyordu. Melkor ise, \u00fcnl\u00fc bir hacker ve yukar\u0131da bahsetti\u011fimiz Sauron\u2019un su\u00e7 kariyerine ba\u015flad\u0131\u011f\u0131 grubun eski lideriydi. Bu grup da Mithril\u2019le ilgilenmi\u015f olabilir (sonu\u00e7ta Balrog k\u00f6k kullan\u0131c\u0131 tak\u0131m\u0131n\u0131n ve c\u00fccelerin maden operasyonunun ayn\u0131 yere denk gelmesi tesad\u00fcf olamaz) ama bu teori kesin olarak belirtilmemi\u015ftir.<\/p>\n

Konuya d\u00f6necek olursak, c\u00fcceler Moria\u2019n\u0131n her bir k\u00f6\u015fesini kendileri in\u015fa etmi\u015fti ve buna Durin\u2019in Kap\u0131lar\u0131 ya da Elf Ge\u00e7idi olarak bilinen bat\u0131daki arka kap\u0131 da dahildi. Ama terk edilmesinin \u00fczerinden y\u0131llar ge\u00e7tikten sonra, kimse kap\u0131lardan ge\u00e7ebilmek i\u00e7in gereken parolay\u0131 hat\u0131rlam\u0131yordu.<\/p>\n

Tolkien, Durin\u2019in Kap\u0131lar\u0131\u2019n\u0131n a\u00e7\u0131lma sahnesini olduk\u00e7a komik bir \u015fekilde anlatm\u0131\u015ft\u0131r: Gandalf, Y\u00fcz\u00fck Karde\u015fli\u011fi\u2019yle kap\u0131lar\u0131n \u00f6n\u00fcnde durur ve \u00fczerlerindeki yaz\u0131lar\u0131 okur, \u201cDeyiver, dost, \u00f6yle gir.\u201d Do\u011fal olarak da buradaki parola: \u201cdost\u201d<\/em>. Ba\u015fka bir deyi\u015fle, c\u00fcceler \u015fimdiki ofis \u00e7al\u0131\u015fanlar\u0131yla ayn\u0131 hatay\u0131 yapm\u0131\u015ft\u0131. Bilgisayar\u0131n \u00fcst\u00fcne, parolan\u0131n yaz\u0131l\u0131 oldu\u011fu bir ka\u011f\u0131t yap\u0131\u015ft\u0131rm\u0131\u015flard\u0131. Bu parolan\u0131n kuvveti de olduk\u00e7a g\u00fcl\u00fcn\u00e7; basit bir kaba kuvvet sald\u0131r\u0131s\u0131 kar\u015f\u0131s\u0131nda ne kadar dayanabilece\u011fini d\u00fc\u015f\u00fcnsenize.<\/p>\n

Daha da komik olan ise, yaz\u0131lar\u0131n bize tam olarak bu hatay\u0131 kimin yapt\u0131\u011f\u0131n\u0131 s\u00f6ylemesi: \u201cBen, Narvi, yapt\u0131m bunlar\u0131. Hollin\u2019li Celebrimbor bu i\u015faretleri \u00e7izdi.\u201d Yani kap\u0131lar\u0131n \u00fczerinde hem parola, hem de imtiyazl\u0131 kullan\u0131c\u0131lara ait oldu\u011fu bariz olan giri\u015f bilgileri yaz\u0131l\u0131yd\u0131. \u00c7o\u011fu insan farkl\u0131 sistemlerdeki hesaplar\u0131 i\u00e7in ayn\u0131 parolay\u0131 kullan\u0131r. Di\u011fer \u0131rklar\u0131n da bunun gibi bir y\u00f6ntem izledi\u011fini d\u00fc\u015f\u00fcnebiliriz. Birileri kolayl\u0131kla bu giri\u015f bilgilerini ve parolay\u0131 kullanarak Moria\u2019n\u0131n sistemlerine ula\u015fabilir.<\/p>\n

Bu hatay\u0131 kimin yapt\u0131\u011f\u0131 \u00e7ok belirgin de\u011fil. C\u00fcce geli\u015ftiriciler ya da kullan\u0131c\u0131 Celebrimbor\u2019un hatas\u0131 olabilir. Sonu\u00e7ta, \u201ckap\u0131lar\u201d\u00ad c\u00fcceler ve elfler aras\u0131ndaki ticaret ve i\u015f birli\u011fi i\u00e7in yap\u0131lm\u0131\u015ft\u0131. Ben, kullan\u0131c\u0131n\u0131n hatas\u0131 oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyorum; \u00e7\u00fcnk\u00fc genel olarak c\u00fccelerin koruma uygulamalar\u0131 \u00e7ok daha ba\u015far\u0131l\u0131d\u0131r.<\/p>\n\n

Thr\u00f3r\u2019un Haritas\u0131\u2019ndaki Steganografi<\/h2>\n

Tolkien Hobbit eserinde c\u00fccelerin savunma teknolojileri uygulamalar\u0131n\u0131n ilgin\u00e7 bir \u00f6rne\u011fini vermi\u015ftir: Geli\u015fmi\u015f s\u00fcrekli tehdit Smaug, Erebor\u2019u (Yaln\u0131z Da\u011f) ele ge\u00e7irdi\u011finde c\u00fccelerin evlerini (yine) terk etmek zorunda kalmalar\u0131na sebep oldu. Durin\u2019in Halk\u0131\u2019n\u0131n Kral\u0131 Thror, kendisinden sonra gelenlere bir harita b\u0131rakt\u0131. Bu haritada, Erebor\u2019un sistemlerine arka kap\u0131dan (ad\u0131 ger\u00e7ekten de Arka Kap\u0131\u2019yd\u0131) eri\u015febilmek i\u00e7in talimatlar yaz\u0131l\u0131yd\u0131. G\u00fcn gelir de g\u00fcvenlik uzmanlar\u0131ndan olu\u015fan bir ekip ejderha istilas\u0131n\u0131 sona erdirebilir diye umuyordu. Siber g\u00fcvenlik a\u00e7\u0131s\u0131ndan bakacak olursak bu haritan\u0131n i\u015fleyi\u015fi olduk\u00e7a ilgin\u00e7.<\/p>\n

Thror arka kap\u0131ya eri\u015fim talimatlar\u0131n\u0131 haritaya yazd\u0131, ama bunun gizli kalmas\u0131 i\u00e7in hem Angerthas Erebor yaz\u0131s\u0131n\u0131 kulland\u0131 (ki c\u00fcceler dillerini m\u00fcttefikleriyle bile payla\u015fmak istemiyorlard\u0131) hem de yaz\u0131y\u0131 haritaya i\u015flemek i\u00e7in son derece karma\u015f\u0131k olan ay \u0131\u015f\u0131\u011f\u0131 y\u00f6ntemini kulland\u0131. C\u00fccelerin bu teknolojisi, yazar\u0131n gizli metni sadece ay \u0131\u015f\u0131nda g\u00f6r\u00fclebilecek \u015fekilde yazmas\u0131n\u0131 sa\u011fl\u0131yordu. \u00dcstelik bu yaz\u0131lar her ay \u0131\u015f\u0131\u011f\u0131nda de\u011fil, metnin yaz\u0131ld\u0131\u011f\u0131 g\u00fcnk\u00fc ay \u0131\u015f\u0131\u011f\u0131nda veya y\u0131l\u0131n ayn\u0131 zaman\u0131na denk gelen ay \u0131\u015f\u0131\u011f\u0131nda okunabiliyordu.<\/p>\n

Ba\u015fka bir deyi\u015fle Thror, bir \u00e7e\u015fit steganografi<\/a> kullanm\u0131\u015ft\u0131. Gizli bilgileri bir resmin i\u00e7ine yerle\u015ftirerek hem okunmalar\u0131n\u0131 hem de yabanc\u0131lar\u0131n bunlar\u0131 tespit edebilmelerini engellemi\u015fti.<\/p>\n

Yaln\u0131z Da\u011f arka kap\u0131s\u0131<\/h2>\n

Arka Kap\u0131\u2019n\u0131n koruma mekanizmas\u0131 da en az harita kadar ilgin\u00e7. Bu kap\u0131y\u0131 a\u00e7mak i\u00e7in \u201c\u00fczerinde karma\u015f\u0131k koruma b\u00fcy\u00fcleri olan uzun ve ender bulunan g\u00fcm\u00fc\u015f bir anahtar\u2019a\u201d ihtiyac\u0131n\u0131z var. Ancak Thror\u2019un Haritas\u0131\u2019ndaki talimatlara g\u00f6re, zamanlama da asl\u0131nda bir anahtar: \u201cArd\u0131\u00e7ku\u015fu kap\u0131y\u0131 \u00e7ald\u0131\u011f\u0131nda, gri ta\u015f\u0131n yan\u0131nda durun ve g\u00fcne\u015f batarken Durin G\u00fcn\u00fc\u2019n\u00fcn son \u0131\u015f\u0131\u011f\u0131 anahtar deli\u011finde parlayacak.\u201d<\/p>\n

C\u00fccelerin bu teknolojinin ard\u0131\u00e7ku\u015fu k\u0131sm\u0131n\u0131 nas\u0131l uygulad\u0131klar\u0131 bilinmez, \u00e7\u00fcnk\u00fc Tolkien bu biyoteknolojinin detaylar\u0131n\u0131 vermemi\u015ftir. Ama burada g\u00f6rd\u00fc\u011f\u00fcm\u00fcz \u015fey asl\u0131nda zekice i\u015flenmi\u015f bir \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulay\u0131c\u0131d\u0131r. Harita\u2019da yazd\u0131\u011f\u0131 gibi Durin G\u00fcn\u00fc\u2019n\u00fcn ak\u015fam\u0131 ard\u0131\u015fku\u015fu kap\u0131y\u0131 \u00e7ald\u0131, g\u00fcn\u00fcn son \u0131\u015f\u0131\u011f\u0131 kap\u0131ya vurarak ta\u015f\u0131n bir k\u0131sm\u0131n\u0131n k\u0131r\u0131l\u0131p d\u00fc\u015fmesine yol a\u00e7t\u0131 ve anahtar deli\u011fi ortaya \u00e7\u0131kt\u0131. Bu durumda, verilen tarih de asl\u0131nda fazladan bir g\u00fcvenlik fakt\u00f6r\u00fc. Kap\u0131dan ge\u00e7mek isteyenler yanl\u0131\u015f bir g\u00fcnde gelmi\u015f olsalard\u0131, ellerinde anahtar olsa bile bunu kullanamazlard\u0131.<\/p>\n

Ama bununla birlikte Tolkien, ta\u015f\u0131n k\u0131r\u0131lan par\u00e7as\u0131n\u0131 nas\u0131l geri koyabileceklerini anlatmam\u0131\u015ft\u0131r. Belki de i\u015fin o k\u0131sm\u0131n\u0131 ard\u0131\u00e7ku\u015fu hallediyordu.<\/p>\n

Tolkien, kitaplar\u0131nda mecazi olarak daha bir\u00e7ok siber g\u00fcvenlik ve bili\u015fim teknolojisi betimlemi\u015ftir. Okuyucular\u0131n ilk b\u00f6l\u00fcmden sonra belirtti\u011fi gibi, me\u015fhur palantirlerin telekom\u00fcnikasyon protokollerini inceleyebilmek de \u00e7ok ilgin\u00e7 olurdu. Ne yaz\u0131k ki profes\u00f6r\u00fcm\u00fcz bunlarla ilgili detayl\u0131 talimatlar b\u0131rakmam\u0131\u015ft\u0131r. Yay\u0131nlanm\u0131\u015f taslak eserlerindeki b\u00f6l\u00fck p\u00f6r\u00e7\u00fck bilgiler de, sorular\u0131m\u0131za cevap vermek yerine kafam\u0131zda daha \u00e7ok soru i\u015fareti olu\u015fturuyor. Yine de bu konudan, elflerin Bili\u015fim Teknolojileri ile ilgili bir sonraki yaz\u0131m\u0131zda bahsetmeye \u00e7al\u0131\u015faca\u011f\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"

Tolkien’in yaratt\u0131\u011f\u0131 Orta D\u00fcnya, Durin’in Halk\u0131’n\u0131n siber g\u00fcvenlik teknolojileri ve uygulamalar\u0131yla dolu.<\/p>\n","protected":false},"author":700,"featured_media":9780,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1352],"tags":[2027,1867,2435,1964,2434],"class_list":{"0":"post-9779","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-special-projects","8":"tag-cok-faktorlu-kimlik-dogrulama","9":"tag-gercek","10":"tag-mfa","11":"tag-steganografi","12":"tag-tolkien"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/middle-earth-cybersecurity-dwarves\/9779\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/middle-earth-cybersecurity-dwarves\/23007\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/middle-earth-cybersecurity-dwarves\/18490\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/middle-earth-cybersecurity-dwarves\/9227\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/middle-earth-cybersecurity-dwarves\/24954\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/middle-earth-cybersecurity-dwarves\/22966\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/middle-earth-cybersecurity-dwarves\/22187\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/middle-earth-cybersecurity-dwarves\/25552\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/middle-earth-cybersecurity-dwarves\/25013\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/middle-earth-cybersecurity-dwarves\/30961\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/middle-earth-cybersecurity-dwarves\/40382\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/middle-earth-cybersecurity-dwarves\/17241\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/middle-earth-cybersecurity-dwarves\/17707\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/middle-earth-cybersecurity-dwarves\/26988\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/middle-earth-cybersecurity-dwarves\/31135\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/middle-earth-cybersecurity-dwarves\/27228\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/middle-earth-cybersecurity-dwarves\/24038\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/middle-earth-cybersecurity-dwarves\/29383\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/middle-earth-cybersecurity-dwarves\/29176\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/gercek\/","name":"ger\u00e7ek"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9779"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9779\/revisions"}],"predecessor-version":[{"id":9781,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9779\/revisions\/9781"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9780"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}