I have not gone off the deep end. Ozymandias, perhaps Shelley’s most famous work and the name of the main antagonist in Watchmen bear thematic similarities to the recent Coinbase hack. Keep reading and you will see why.
Ozymandias (as the antagonist of Watchmen- if we can use a word in such a philosophically and spiritually loaded comic) near the climax of the story delivers the following line towards Rorschach and Nite Owl II “I am not a Republican serial villain. Do you seriously think I’d explain my masterstroke if there remained the slightest chance of you affecting its outcome? I did it thirty-five minutes ago”. Perfect and chilling. A well known cliche of action narratives is that the antagonist recites his plan before being foiled at the very last minute by the hero, roll credits. The author here not only challenges this but semi-breaks the fourth wall, challenging our assumptions. This serves as a stark reminder: adversarial actors never, ever play by the rules, especially in the realm of cyber security. In this particular case, the threat actors bribed staff to get information that was then used in a variety of ways towards both the company and its customers. Bad guys do not have scope, do not have time limitations and, if you are worth it as a target either directly or indirectly (i.e. a stepping stone towards a different entity) they probably have the budget to acquire skills needed to make you have a really, really bad day – the incident alone caused a 4.1% drop of the share price and US DOJ is launching a probe (and slightly more underground press reports massive security failings). So, if you expect your attackers to go after your well-protected assets and then give up, you are in for a ride.
Ozymandias, as the actual poem, contains multiple thematic elements, including transience of power and the power of an ecosystem over its constituent elements. Let’s see how bad guys not adhering to the rules reinforces these two thematic elements.
The moment you have something of value, someone, somewhere is planning to take it away from you. Given that modern computer networking makes all places equidistant, this effect is magnified, way way more than it would ever be in the physical world. The very moment you put something online you are under attack 24/7 – until now ranging from harmless bots (let’s see how harmless bots will continue to be with the adoption of LLMs into offensive computing) to APTs – and all the points in between. Scripted attacks are easy to detect and prevent, it is the unscripted ones that you have to worry about. Given that unauthorized incursions into a third party computer system is already illegal, you can bet that playing nice and civil is not going to be their major worry. Bring into the equation the shared responsibility model of today (the cloud and the operating system and the orchestrator you run there do have a number of security measures and countermeasures – it is up to you to use them effectively and efficiently), suddenly targets like humans are all the more enticing
Attackers aren’t limited by internal politics, reporting lines, or comfort zones. They go where the cracks are — in trust, in oversight, in assumptions. In the case of Coinbase, that meant bribing third-party staff to bypass controls entirely – and this is not 100% novel. Is this a pure security failure? I would frame it more as a governance one – policies can be documented, t’s crossed and i’s dotted but overall, this is about trust – controls, like the once fabulous status of Ozymandias mean little once trust is dead and gone.
PS. It would be a crime NOT to paste the text of the poem here as a send off present to you, kind reader.
I met a traveller from an antique land
Who said: Two vast and trunkless legs of stone
Stand in the desart.[d] Near them, on the sand,
Half sunk, a shattered visage lies, whose frown,
And wrinkled lip, and sneer of cold command,
Tell that its sculptor well those passions read
Which yet survive, stamped on these lifeless things,
The hand that mocked them and the heart that fed:
And on the pedestal these words appear:
“My name is Ozymandias, King of Kings:
Look on my works, ye Mighty, and despair!”
No thing beside remains. Round the decay
Of that colossal wreck, boundless and bare
The lone and level sands stretch far away.
Athanasios Kostopoulos 